Download
| Alert*
|
oval:org.secpod.oval:def:89046979
SUSE Linux Enterprise Server 15 SP4 is installed oval:org.secpod.oval:def:89047814 This update of dpdk fixes the following issue: - Fix to read PCI device name as UTF strings - Allow configuring thread granularity of Kernel NIC Interface - Rebuild with new secure boot key due to grub2 boothole 3 issues oval:org.secpod.oval:def:89047752 This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues oval:org.secpod.oval:def:89047428 This update for stunnel fixes the following issues: Update to 5.62 including new features and bugfixes: * Security bugfixes - The 'redirect' option was fixed to properly handle unauthenticated requests . - Fixed a double free with OpenSSL older than 1.1.0. - Added hardening to systemd service . * Ne ... oval:org.secpod.oval:def:89048090 This update for polkit-default-privs fixes the following issues: Update to version 13.2+20221216.a0c29e6: - backport usbguard actions . oval:org.secpod.oval:def:89047642 This is a security test update for SUSE:SLE-15-SP4:Update oval:org.secpod.oval:def:89047660 This is a security test update for SUSE:SLE-15-SP2:Update oval:org.secpod.oval:def:89047722 This update for permissions fixes the following issues: * apptainer: fix starter-suid location * static permissions: remove deprecated bind / named chroot entries * postfix: add postlog setgid for maildrop binary oval:org.secpod.oval:def:89047728 This update of s390-tools fixes the following issues: - Fixed KMIP plugin failing to connection to KMIP server. When a zkey key repository is bound to the KMIP plugin, and the connection to the KMIP server is to be configired using command "zkey kms configure --kmip-server less thanservergreater tha ... oval:org.secpod.oval:def:89047680 This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. New options added : - mokutil --set-sbat-policy to set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. oval:org.secpod.oval:def:89047003 This update for clamav fixes the following issues: clamav was updated to 0.103.7 * Upgrade the vendored UnRAR library to version 6.1.7. * Fix logical signature Intermediates feature. * Relax constraints on slightly malformed zip archives that contain overlapping file entries. oval:org.secpod.oval:def:89048110 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOB ... oval:org.secpod.oval:def:89047578 This update of fwupdate fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues oval:org.secpod.oval:def:89047369 This update for perl-DBD-SQLite fixes the following issues: - updated to 1.66 - Use external sqlite3 library rather than internal code oval:org.secpod.oval:def:89048491 This update of grub2 fixes the following issues: * rebuild the package with the new secure boot key . oval:org.secpod.oval:def:89048588 This update for perl-Net-Server fixes the following issues: * CVE-2013-1841: Fixed insufficient hostname access checking . oval:org.secpod.oval:def:89047663 This update for cosign fixes the following issues: - Updated to 1.10.1 : - CVE-2022-35929: Fixed an issue where cosign verify-attestation --type could report false positives when there was at least one attestation with a valid signature and there were no attestations of the type being verified . oval:org.secpod.oval:def:89047433 This update for libyang fixes the following issues: - CVE-2021-28905: Fixed a reachable assertion which could be exploited by an attacker to cause a denial of service . oval:org.secpod.oval:def:89047500 This update for python-Flask-Security-Too fixes the following issues: - CVE-2021-21241: Fixed an issue where GET requests lacking CSRF protection to certain endpoints could return the user"s authentication token . oval:org.secpod.oval:def:89047365 This update for libyang fixes the following issues: - CVE-2021-28906: Fixed missing check in read_yin_leaf that can lead to DoS - CVE-2021-28904: Fixed missing check in ext_get_plugin that lead to DoS . - CVE-2021-28903: Fixed stack overflow in lyxml_parse_mem . - CVE-2021-28902: Fixed missing chec ... oval:org.secpod.oval:def:89047769 This update for libarchive fixes the following issues: - CVE-2021-23177: Fixed symlink ACL extraction that modifies ACLs of the target system . oval:org.secpod.oval:def:89047662 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths . oval:org.secpod.oval:def:89047772 This update for cosign fixes the following issues: Updated to version 1.12.0 : - CVE-2022-36056: Fixed verify-blob could successfully verify an artifact when verification should have failed . oval:org.secpod.oval:def:89047673 This update for jasper fixes the following issues: - CVE-2022-2963: Fixed memory leaks in function cmdopts_parse . oval:org.secpod.oval:def:89047792 This update for python-waitress fixes the following issues: - CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling oval:org.secpod.oval:def:89048024 This update for busybox fixes the following issues: - CVE-2022-30065: Fixed use-after-free in the AWK applet . - CVE-2014-9645: Fixed loading of unwanted module with / in module names . - Update to 1.35.0 also introduced: - awk: fix printf %%, fix read beyond end of buffer - chrt: silence analyzer w ... oval:org.secpod.oval:def:89047744 This update for virglrenderer fixes the following issues: - CVE-2022-0135: Fix OOB in read_transfer_data oval:org.secpod.oval:def:89047575 This update for virglrenderer fixes the following issues: - CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data . oval:org.secpod.oval:def:89047813 This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API . oval:org.secpod.oval:def:89047758 This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API . oval:org.secpod.oval:def:89048838 This update of skopeo fixes the following issues: * rebuild the package with the go 19.9 secure release . oval:org.secpod.oval:def:89048879 This update of geoipupdate fixes the following issues: * rebuild the package with the go 1.19 security release . oval:org.secpod.oval:def:89048762 This update for openssl-ibmca fixes the following issues: Upgraded openssl-ibmca to version 2.4.0 * Provider: Adjustments for OpenSSL versions 3.1 and 3.2 * Provider: Support RSA blinding * Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding * Provider: Support "implicit rejection" o ... oval:org.secpod.oval:def:89047731 This update for udisks2 fixes the following issues: - CVE-2021-3802: Fixed denial of service vulnerability caused by insecure defaults in user-accessible mount helpers . oval:org.secpod.oval:def:89047472 This update for apache2-mod_auth_mellon fixes the following issues: - CVE-2021-3639: Fixed open Redirect vulnerability in logout URLs oval:org.secpod.oval:def:89047698 This update for clone-master-clean-up fixes the following issues: - CVE-2021-32000: Fixed some potentially dangerous file system operations . Bugfixes: - Fixed clone-master-clean-up failing to remove btrfs snapshots . oval:org.secpod.oval:def:89047463 This update for pgadmin4 fixes the following issues: - CVE-2022-0959: Fixed an unrestricted file upload . oval:org.secpod.oval:def:89049572 This update for supportutils fixes the following issues: Security fixes: * CVE-2022-45154: Removed iSCSI passwords . Other Fixes: * Changes in version 3.1.26 * powerpc plugin to collect the slots and active memory * A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 * support ... oval:org.secpod.oval:def:89048977 This update for salt fixes the following issues: salt: * Update to Salt release version 3006.0 * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new dependency for s ... oval:org.secpod.oval:def:89049026 This update for salt fixes the following issues: salt: * Update to Salt release version 3006.0 * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new dependency for s ... oval:org.secpod.oval:def:89048079 This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixes an information leakage in EAP-PWD . - CVE-2022-41860: Fixes a crash on unknown option in EAP-SIM . - CVE-2022-41861: Fixes a crash on invalid abinary data . - rebuild against the new net-snmp . oval:org.secpod.oval:def:89048120 This update for net-snmp fixes the following issues: - CVE-2022-44793: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance . - CVE-2022-44792: Fixed a NULL pointer dereference issue that could allow a remote attacker with write acc ... oval:org.secpod.oval:def:89047692 This update for colord fixes the following issues: - CVE-2021-42523: Fixed a small memory leak in sqlite3_exec . oval:org.secpod.oval:def:89047683 This update for bluez fixes the following issues: - CVE-2022-0204: Fixed check if the prepare writes would append more than the allowed maximum attribute length . oval:org.secpod.oval:def:89047376 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free . oval:org.secpod.oval:def:89047761 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser . oval:org.secpod.oval:def:89048628 This update for tar fixes the following issues: * CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump . Bug fixes: * Fix hang when unpacking test tarball . oval:org.secpod.oval:def:89049020 This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20230512 release. * New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 0000 ... oval:org.secpod.oval:def:89048603 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20230214 release. Security issues fixed: * CVE-2022-38090: Security updates for INTEL-SA-00767 * CVE-2022-33196: Security updates for INTEL-SA-00738 * CVE-2022-21216: Security updates for INTEL-SA-00700 * New P ... oval:org.secpod.oval:def:89048866 This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20230512 release. * New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 0000 ... oval:org.secpod.oval:def:89047688 This update for 389-ds fixes the following issues: - CVE-2021-4091: Fixed double free in psearch . - CVE-2022-1949: Fixed full access control bypass with simple crafted query . oval:org.secpod.oval:def:89047504 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release : - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave . See also: https://www.intel.com/conte ... oval:org.secpod.oval:def:89047768 This update for kernel-firmware fixes the following issues: Update to version 20220411 : - CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26350, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349, CVE-2021-26364, C ... oval:org.secpod.oval:def:89047774 This update for 389-ds fixes the following issues: - CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie . Non-security fixes: - Update to version 2.0.16~git20.219f047ae: * Fix missing "not" in description * CI - makes replication/ ... oval:org.secpod.oval:def:89047629 This update for tiff fixes the following issues: - CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb . - CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image . - CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS ... oval:org.secpod.oval:def:89047364 This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser . oval:org.secpod.oval:def:89049090 This update of skopeo fixes the following issues: * rebuild the package with the go 1.20 security release . oval:org.secpod.oval:def:89049091 This update of geoipupdate fixes the following issues: * rebuild the package with the go 1.20 security release . oval:org.secpod.oval:def:89049282 This update for re2c fixes the following issues: * CVE-2018-21232: Fixed excess stack consumption due to uncontrolled recursion in find_fixed_tags . oval:org.secpod.oval:def:89049328 This update for ca-certificates-mozilla fixes the following issues: * Updated to 2.62 state of Mozilla SSL root CAs Added: * Atos TrustedRoot Root CA ECC G2 2020 * Atos TrustedRoot Root CA ECC TLS 2021 * Atos TrustedRoot Root CA RSA G2 2020 * Atos TrustedRoot Root CA RSA TLS 2021 * BJCA Global Root ... oval:org.secpod.oval:def:89047776 This update for fribidi fixes the following issues: - CVE-2022-25308: Fixed stack out of bounds read . - CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode . - CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks . oval:org.secpod.oval:def:89047958 This update for erlang fixes the following issues: - CVE-2022-37026: fixed a client authorization bypass vulnerability for SSL, TLS, and DTLS in Erlang/OTP. [bsc#1205318] oval:org.secpod.oval:def:89049302 This update for erlang fixes the following issues: * Replaced the CVE-2022-37026 patch with the one released by the upstream to fix a regression in the previous one oval:org.secpod.oval:def:89047648 This update for ldb, samba fixes the following issues: ldb was updated to version 2.4.2 to fix: + Fix for CVE-2021-3670, ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. samba was updated to fix: - Revert NIS suppor ... oval:org.secpod.oval:def:89049359 This update for busybox fixes the following issues: * CVE-2022-48174: Fixed stack overflow vulnerability oval:org.secpod.oval:def:89047595 This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash oval:org.secpod.oval:def:89047624 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql . oval:org.secpod.oval:def:89048045 This update for apache2-mod_wsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass oval:org.secpod.oval:def:89048550 This update for libX11 fixes the following issues: * Fixed a regression introduced with security update for CVE-2022-3555 oval:org.secpod.oval:def:89048176 This update for libXpm fixes the following issues: - CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed . - CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small crafted XPM ... oval:org.secpod.oval:def:89048192 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities . Non-security fixes: - Enabled the pstore service . - Fixed an issue accessing TPM when secure boot is enabled . - Fixed an issue where a pamd ... oval:org.secpod.oval:def:89048086 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting . Bug fixes: - Support by-path devlink for multipath nvme block devices . oval:org.secpod.oval:def:89048014 This update for virt-v2v fixes the following issues: - CVE-2022-2211: Fixed buffer overflow in get_keys . oval:org.secpod.oval:def:89047779 This update for libguestfs fixes the following issues: - CVE-2022-2211: Fixed a buffer overflow in get_keys . oval:org.secpod.oval:def:89047741 This update for squid fixes the following issues: Updated squid to version 5.7: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager . - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication . oval:org.secpod.oval:def:89047732 This update for squid fixes the following issues: - CVE-2021-46784: Fixed DoS when processing gopher server responses. - Update to 5.6: - Improve handling of Gopher responses - Changes in 5.5: - fixes regression Bug 5192: esi_parser default is incorrect - Bug 5177: clientca certificates sent to htt ... oval:org.secpod.oval:def:89047344 This update for mutt fixes the following issues: - CVE-2022-1328: Fixed an invalid memory access when reading untrusted uuencoded data. This could result in including private memory in replies . oval:org.secpod.oval:def:89048730 This update for pgadmin4 fixes the following issues: * CVE-2023-0241: Fixed a directory traversal vulnerability . oval:org.secpod.oval:def:89048675 This update for python-Werkzeug fixes the following issues: * CVE-2023-25577: Fixed high resource usage when parsing multipart form data with many fields . oval:org.secpod.oval:def:89049372 This update of geoipupdate fixes the following issues: * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:89049370 This update of skopeo fixes the following issues: * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:89048775 This update for shadow fixes the following issues: * CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn . oval:org.secpod.oval:def:89048849 This update for rekor fixes the following issues: Updated to version 1.1.1 : Functional Enhancements \- Refactor Trillian client with exported methods \- Switch to official redis-go client \- Remove replace in go.mod \- Add Rekor OID info. Quality Enhancements \- remove legacy encrypted cosign k ... oval:org.secpod.oval:def:89049006 This update for rekor fixes the following issues: * updated to rekor 1.2.1 : * CVE-2023-33199: Fixed that malformed proposed intoto v0.0.2 entries can cause a panic . oval:org.secpod.oval:def:89049178 This update for xmltooling fixes the following issues: * CVE-2023-36661: Fix server-side request forgery vulnerability oval:org.secpod.oval:def:89049292 This update for python-configobj fixes the following issues: * CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py . oval:org.secpod.oval:def:89048620 This update for pesign fixes the following issues: * CVE-2022-3560: Fixed pesign-authorize ExecStartPost script allowing privilege escalation from pesign to root . oval:org.secpod.oval:def:89048662 This update for pgadmin4 fixes the following issues: * CVE-2023-22298: Fixed an open redirect vulnerability . oval:org.secpod.oval:def:89048165 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document . oval:org.secpod.oval:def:89047936 This update for keylime fixes the following issues: - CVE-2022-3500: Fixed vulnerability where a node seems as attested when in reality it is not properly attested . oval:org.secpod.oval:def:89047956 This update for strongswan fixes the following issues: Security issues fixed: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service Feature changes: - Enable Marvell plugin oval:org.secpod.oval:def:89047799 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der oval:org.secpod.oval:def:89048203 This update for nginx fixes the following issues: - CVE-2022-41741: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. - CVE-2022-41742: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads oval:org.secpod.oval:def:89048172 This update for bluez fixes the following issues: - CVE-2022-3563: Fixed a potential crash in the mgmt-tester tool . oval:org.secpod.oval:def:89048906 This update for wayland fixes the following issues: * CVE-2021-3782: Fixed a reference-count overflow in libwayland-server SHM handling oval:org.secpod.oval:def:89047777 This update for samba fixes the following issues: - CVE-2022-1615: Fixed error handling in random number generation . - CVE-2022-32743: Implement validated dnsHostName write rights . Bugfixes: - Fixed use after free when iterating smbd_server_connection-greater than or connections after tree disconn ... oval:org.secpod.oval:def:89047756 This update for dpdk fixes the following issues: - CVE-2022-2132: Fixed DoS when a vhost header crosses more than two descriptors and exhausts all mbufs . - CVE-2022-28199: Fixed buffer overflow in the vhost code . oval:org.secpod.oval:def:89047452 This update for postgresql14 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes . oval:org.secpod.oval:def:89047630 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames oval:org.secpod.oval:def:89047618 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames oval:org.secpod.oval:def:89048685 This update for poppler fixes the following issues: * CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder . Bugfixes: * Fixed issue where some PDF generators generate PDF with some wrong numbers in entry table, but the content is still valid . oval:org.secpod.oval:def:89048677 This update for poppler fixes the following issues: * CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder . oval:org.secpod.oval:def:89047471 This update for open-vm-tools fixes the following issues: - Updated to version 12.1.0 : - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges . oval:org.secpod.oval:def:89047788 This update for postgresql-jdbc fixes the following issues: - CVE-2022-31197: Fixed SQL injection vulnerability . oval:org.secpod.oval:def:89047717 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification . Non-security fixes: - FIPS: Check minimum keylength for symmetric key generation [bsc#1190698] - FIPS: Only allows ECDSA signature with valid set of hashes [bsc#1190698] - FIPS: ... oval:org.secpod.oval:def:89047468 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections . oval:org.secpod.oval:def:89047340 This update for wavpack fixes the following issues: - CVE-2022-2476: Fixed a Null pointer dereference in wvunpack . oval:org.secpod.oval:def:89047524 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability . - Use AES as default cipher instead of 3DES when we are in FIPS mode oval:org.secpod.oval:def:89047598 This update for perl-HTTP-Daemon fixes the following issues: - CVE-2022-31081: Fixed request smuggling in HTTP::Daemon . oval:org.secpod.oval:def:89047755 This update for harfbuzz fixes the following issues: - CVE-2022-33068: Fixed a integer overflow in hb-ot-shape-fallback.cc . oval:org.secpod.oval:def:89047447 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability oval:org.secpod.oval:def:89047802 This update for logrotate fixes the following issues: Security issues fixed: - CVE-2022-1348: Fixed insecure permissions for state file creation . - Improved coredump handing for SUID binaries . Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separat ... oval:org.secpod.oval:def:89047391 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format . oval:org.secpod.oval:def:89048477 This update for python-PyJWT fixes the following issues: * CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats . * Update in SLE-15 * Update to 2.4.0 * Explicit check the key for ECAlgorithm * Don"t use implicit optionals * documentation fix: show correct scope * fix: Up ... oval:org.secpod.oval:def:89047704 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue oval:org.secpod.oval:def:89047521 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products . The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabli ... oval:org.secpod.oval:def:89047721 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions . oval:org.secpod.oval:def:89047389 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue oval:org.secpod.oval:def:89047734 This update for keylime fixes the following issues: Update to version 6.3.2, including fixes for: - CVE-2022-1053: Fixed Tenant and Verifier might not use the same registrar data . - CVE-2022-31250: Fixed %post scriplet allows for privilege escalation from keylime user to root . oval:org.secpod.oval:def:89047545 This update for clamav fixes the following issues: - CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser . - CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check . - CVE-2022-20771: Fixed a possible infinite loop vulnerabilit ... oval:org.secpod.oval:def:89047743 This update for redis fixes the following issues: - CVE-2022-24735: Fixed Lua code injection . - CVE-2022-24736: Fixed Lua NULL pointer dereference . oval:org.secpod.oval:def:89047643 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution oval:org.secpod.oval:def:89047787 This update for openvpn fixes the following issues: - CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in . - By default the --suppress-timestamps flag is not needed . oval:org.secpod.oval:def:89047520 This update for python-paramiko fixes the following issues: - CVE-2022-24302: Fixed a race condition between creation and chmod when writing private keys oval:org.secpod.oval:def:89047621 This update for libcaca fixes the following issues: - CVE-2022-0856: Fixed a divide by zero issue which could be exploited to cause an application crash . oval:org.secpod.oval:def:89047375 This update for wavpack fixes the following issues: - CVE-2021-44269: Fixed out of bounds read in processing .wav files . oval:org.secpod.oval:def:89047786 This update for python-Twisted fixes the following issues: - CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory . oval:org.secpod.oval:def:89048037 This update for libtpms fixes the following issues: - CVE-2021-3623: Fixed out-of-bounds access when trying to resume the state of the vTPM oval:org.secpod.oval:def:89047706 This update for golang-github-prometheus-node_exporter fixes the following issues: oval:org.secpod.oval:def:89047466 This security update for golang-github-prometheus-node_exporter provides: Update golang-github-prometheus-node_exporter from version 1.1.2 to version 1.3.0 - CVE-2022-21698: Denial of service using InstrumentHandlerCounter - Update vendor tarball with prometheus/client_golang 1.11.1 - Update to 1.3 ... oval:org.secpod.oval:def:89047439 This update for strongswan fixes the following issues: - CVE-2021-45079: Fixed authentication bypass in EAP authentication oval:org.secpod.oval:def:89047606 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol . oval:org.secpod.oval:def:89047517 This update for wpa_supplicant fixes the following issues: - CVE-2022-23303: Fixed side-channel attacks in SAE . - CVE-2022-23304: Fixed side-channel attacks in EAP-pwd . oval:org.secpod.oval:def:89047794 This update for gdk-pixbuf fixes the following issues: Update to version 2.42.9: - CVE-2021-44648: Fixed overflow vulnerability in lzw code size . Bugfixes: - Fixed loading of larger images . - Avoided bashism in baselibs postscript . oval:org.secpod.oval:def:89047495 This update for jasper fixes the following issues: - CVE-2021-3467: Fixed NULL pointer deref in jp2_decode . - CVE-2021-3443: Fixed NULL pointer deref in jp2_decode . - CVE-2021-26927: Fixed NULL pointer deref in jp2_decode . - CVE-2021-26926: Fixed an out of bounds read in jp2_decode . oval:org.secpod.oval:def:89047429 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforce ... oval:org.secpod.oval:def:89047959 This update for libdb-4_8 fixes the following issues: - CVE-2019-2708: Fixed partial DoS due to data store execution . oval:org.secpod.oval:def:89047719 This update for yast2-samba-provision fixes the following issues: Security issue fixed: - CVE-2018-17956: Fixed a credentials leak . Non-Security issues fixed: - Stop packaging docdir, it only contained the license which is now in licensedir. - Catch and show internal python exceptions. - Show a d ... oval:org.secpod.oval:def:89047552 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create Features added: - IBM Power 10 string operation improvements oval:org.secpod.oval:def:89047661 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck . - FIPS: mark al ... oval:org.secpod.oval:def:89047448 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck . - FIPS: mark al ... oval:org.secpod.oval:def:89047727 This update for tiff fixes the following issues: - CVE-2022-2519: Fixed a double free in rotateImage . - CVE-2022-2520: Fixed a assertion failure in rotateImage . - CVE-2022-2521: Fixed invalid free in TIFFClose . - CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c . - CVE-2022-2868: F ... oval:org.secpod.oval:def:89047950 This update for pixman fixes the following issues: - CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write . oval:org.secpod.oval:def:89047434 This update for tiff fixes the following issues: - CVE-2022-2056: Fixed a division by zero denial of service . - CVE-2022-2057: Fixed a division by zero denial of service . - CVE-2022-2058: Fixed a division by zero denial of service . oval:org.secpod.oval:def:89051051 This update for libsndfile fixes the following issues: * CVE-2022-33065: Fixed an integer overflow that could cause memory safety issues when reading a MAT4 file . oval:org.secpod.oval:def:89047366 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege - CVE-2021-0127: Intel Processor Breakpoint Control Flow - CVE-2021-0145: Fa ... oval:org.secpod.oval:def:89047381 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220510 release. Updated to Intel CPU Microcode 20220419 release. - CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel Processors may allow an authenticated ... oval:org.secpod.oval:def:89047749 This update for vsftpd fixes the following issues: - CVE-2021-3618: Enforced security checks against ALPACA attack . Bugfixes: - Fixed a seccomp failure in FIPS mode when SSL was enabled . - Allowed wait4 to be called so that the broker can wait for its child processes . - Allowed sendto syscall whe ... oval:org.secpod.oval:def:89047700 This update for multipath-tools fixes the following issues: - CVE-2022-41973: Fixed a symlink attack in multipathd. - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. - Avoid linking to libreadline to avoid licensing issue - libmultipath: fix find_multipaths_timeout for unknown ... oval:org.secpod.oval:def:89047713 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option . oval:org.secpod.oval:def:89047712 This update for cifs-utils fixes the following issues: - Fix changelog to include Bugzilla and CVE tracker id numbers missing from previous update oval:org.secpod.oval:def:89047519 This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions oval:org.secpod.oval:def:89049225 This update for cjose fixes the following issues: * CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag . oval:org.secpod.oval:def:89048178 This update for xrdp fixes the following issues: - CVE-2022-23477: Fixed a buffer overflow for oversized audio format from client . oval:org.secpod.oval:def:89047483 This update for wireshark fixes the following issues: Update to Wireshark 3.6.2: - CVE-2022-0586: RTMPT dissector infinite loop - CVE-2022-0585: Large loops in multiple dissectors - CVE-2022-0583: PVFS dissector crash - CVE-2022-0582: CSN.1 dissector crash - CVE-2022-0581: CMS dissector crash oval:org.secpod.oval:def:89047617 This update for wireshark fixes the following issues: Updated to Wireshark 3.6.8: - CVE-2022-3190: Fixed F5 Ethernet Trailer dissector infinite loop . - CVE-2021-4186: Fixed Gryphon dissector crash . oval:org.secpod.oval:def:89048038 This update for wireshark fixes the following issues: Update to version 3.6.10: - CVE-2022-3725: OPUS dissector crash . - Multiple dissector infinite loops . - Kafka dissector memory exhaustion . oval:org.secpod.oval:def:89047486 This update for dnsmasq fixes the following issues: - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet . oval:org.secpod.oval:def:89047339 This update for python-lxml fixes the following issues: - CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs . oval:org.secpod.oval:def:89048899 This update for openvswitch fixes the following issues: * CVE-2023-1668: Fixed remote traffic denial of service via crafted packets with IP proto 0 . oval:org.secpod.oval:def:89048870 This update for openvswitch fixes the following issues: * CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV . * CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV . oval:org.secpod.oval:def:89047733 This update for openvswitch fixes the following issues: - CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action . oval:org.secpod.oval:def:89047766 This update for u-boot fixes the following issues: - CVE-2022-33103: Fixed a flaw in the squashfs subsystem that could lead to arbitrary code execution . oval:org.secpod.oval:def:89047644 This update for u-boot fixes the following issues: - CVE-2022-33967: Fixed heap overflow in squashfs filesystem implementation . - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command . oval:org.secpod.oval:def:89047790 This update for u-boot fixes the following issues: - CVE-2022-30552: A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. - CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. - CVE-2022-30767: F ... oval:org.secpod.oval:def:89047653 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c and tree.c . Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes oval:org.secpod.oval:def:89047607 This update for unzip fixes the following issues: - CVE-2022-0530: Fixed SIGSEGV during the conversion of an utf-8 string to a local string . - CVE-2022-0529: Fixed heap out-of-bound writes and reads during conversion of wide string to local string oval:org.secpod.oval:def:89047373 This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion . - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEGED option . oval:org.secpod.oval:def:89047461 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate . oval:org.secpod.oval:def:89047705 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE . - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles . oval:org.secpod.oval:def:89047762 This update for xen fixes the following issues: - CVE-2022-26362: Fixed race condition in typeref acquisition - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:89048023 This update for rabbitmq-server fixes the following issues: - CVE-2022-31008: Fixed predictable secret seed in URI encryption . oval:org.secpod.oval:def:89047551 This update for frr fixes the following issues: - CVE-2022-37032: Fixed out-of-bounds read in the BGP daemon that may lead to information disclosure or denial of service . - CVE-2019-25074: Fixed a memory leak in the IS-IS daemon that may lead to server memory exhaustion . oval:org.secpod.oval:def:89049187 This update for poppler fixes the following issues: * CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service . oval:org.secpod.oval:def:89047540 This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension . - Upgrade to version 14.4 - Release notes: https://www.postgresql.org/docs/release/14.4/ - Release anno ... oval:org.secpod.oval:def:89048011 This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags . oval:org.secpod.oval:def:89049395 This update for cups fixes the following issues: * CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing . * CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation . oval:org.secpod.oval:def:89050969 This update for python-gevent fixes the following issues: * CVE-2023-41419: Fixed a http request smuggling . oval:org.secpod.oval:def:89048480 This update for zstd fixes the following issues: * CVE-2022-4899: Fixed buffer overrun in util.c . oval:org.secpod.oval:def:89048128 This update for python-wheel fixes the following issues: - CVE-2022-40898: Fixed an excessive use of CPU that could be triggered via a crafted regular expression . oval:org.secpod.oval:def:89048486 This update for xorg-x11-server fixes the following issues: * Fixed a regression introduced with security update for CVE-2022-46340 . oval:org.secpod.oval:def:89048112 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser . oval:org.secpod.oval:def:89047477 This update for patch fixes the following issues: Security issues fixed: - CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches . - CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was causing a double free leadin ... oval:org.secpod.oval:def:89047555 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition . oval:org.secpod.oval:def:89047770 This update for python-paramiko fixes the following issues: Updated to version 2.4.3: - CVE-2018-1000805: Fixed authentication bypass . Bugfixes: - Fixed Ed25519 key handling for certain key comment lengths . oval:org.secpod.oval:def:89047599 This update for giflib fixes the following issues: - CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero . - CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine func ... oval:org.secpod.oval:def:89049364 This update for icu73_2 fixes the following issues: * Update to release 73.2 * CLDR extends the support for "short" Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB ... oval:org.secpod.oval:def:89051037 This update for icu73_2 fixes the following issues: * Update to release 73.2 * CLDR extends the support for "short" Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB ... oval:org.secpod.oval:def:89047465 This update for libcaca fixes the following issues: - CVE-2021-3410: Fixed overflow when multiplying large ints . oval:org.secpod.oval:def:89051057 This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files . oval:org.secpod.oval:def:89048047 This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free - CVE-2022-46343: Server ScreenSaverSetAttribute ... oval:org.secpod.oval:def:89047418 This update for tiff fixes the following issues: - CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy within TIFFFetchStripThing in tif_dirread.c . - CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy within TIFFReadDirectory in tif_dirread.c . - CVE-2022- ... oval:org.secpod.oval:def:89049099 This update for ghostscript fixes the following issues: * CVE-2023-36664: Fixed permission validation mishandling for pipe devices with the %pipe% prefix or the | pipe character prefix . oval:org.secpod.oval:def:89048797 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems * CVE-2023-1264: Fixed NULL Pointer Dereference . * CVE-2023-1355: Fixed NULL Pointer Dereference . * CVE-2023-1127: Fixed divide by zero in scrolldown . oval:org.secpod.oval:def:89047789 This update for ceph fixes the following issues: - Update to 16.2.9-536-g41a9f9a5573: + rgw: check bucket shard init status in RGWRadosBILogTrimCR + ceph-volume: honour osd_dmcrypt_key_size option - Update to 16.2.9-158-gd93952c7eea: + cmake: check for python\. when building boost + make-dist: pa ... oval:org.secpod.oval:def:89048658 This update for ceph fixes the following issues: Security issues fixed: * CVE-2022-0670: Fixed user/tenant read/write access to an entire file system . * CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root . * CVE-2022-3854: Fixed possible DoS issue in ceph URL pro ... oval:org.secpod.oval:def:89047622 This update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core fixes the following issues: Security issues fixed: - CVE-2020-36518: Fixed a Java stack overflow exception and denial of service via a large depth of nested objects in jackson-databind. - CV ... oval:org.secpod.oval:def:89047725 This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass authentication when using PAM oval:org.secpod.oval:def:89047423 This update for log4j12 fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. - CVE-2022-23302: Fix remote code execution by removing src/m ... oval:org.secpod.oval:def:89048200 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2022-23527: Fixed open redirect in oidc_validate_redirect_url using tab character . - CVE-2021-39191: Fixed open redirect issue in target_link_uri parameter . oval:org.secpod.oval:def:89048531 This update for postgresql15 fixes the following issues: Update to 15.2: * CVE-2022-41862: Fixed memory leak in libpq . oval:org.secpod.oval:def:89048669 This update for postgresql14 fixes the following issues: Update to 14.7: * CVE-2022-41862: Fixed memory leak in libpq . oval:org.secpod.oval:def:89048822 This update for libfastjson fixes the following issues: * CVE-2020-12762: Fixed an integer overflow and out-of-bounds write via a large JSON file . oval:org.secpod.oval:def:89047562 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write oval:org.secpod.oval:def:89049247 This update for wireshark fixes the following issues: Update to Wireshark 3.6.15: \- Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.15.html Security fixes: \- CVE-2023-0667: Fixed failure to validate MS-MMS packet length . ... oval:org.secpod.oval:def:89049004 This update for wireshark fixes the following issues: Updated to version 3.6.14: * CVE-2023-2855: Fixed a crash in the Candump log file parser . * CVE-2023-2856: Fixed a crash in the VMS TCPIPtrace file parser . * CVE-2023-2857: Fixed a crash in the BLF file parser . * CVE-2023-2858: Fixed a crash i ... oval:org.secpod.oval:def:89048535 This update for wireshark fixes the following issues: * CVE-2023-1161: Fixed crash in ISO 15765 and ISO 10681 dissector . Update to 3.6.12: * https://www.wireshark.org/docs/relnotes/wireshark-3.6.12.html oval:org.secpod.oval:def:89049193 This update fixes the following issues: python-tornado: * Security fixes: * CVE-2023-28370: Fixed an open redirect issue in the static file handler prometheus-blackbox_exporter: * Use obscpio for go modules service * Set version number * Set build date from SOURCE_DATE_EPOCH * Update to 0.24.0 * R ... oval:org.secpod.oval:def:89049198 This update for salt fixes the following issues: Security fixes: * CVE-2023-28370: Fix an open redirect vulnerability in "StaticFileHandler" under certain configurations Bug fixes: * Prevent error loading "known_hosts" when "$HOME" is not set * Fix ModuleNotFoundError and other issues raised by sa ... oval:org.secpod.oval:def:89048626 This update for libmicrohttpd fixes the following issues: * CVE-2023-27371: Fixed a parser bug that could be used to crash servers using the MHD_PostProcessor . oval:org.secpod.oval:def:89049819 This update for libqb fixes the following issues: * CVE-2023-39976: Fixed potential bufferoverflow with long log messages . oval:org.secpod.oval:def:89048820 This update for protobuf-c fixes the following issues: * CVE-2022-48468: Fixed an unsigned integer overflow oval:org.secpod.oval:def:89049149 This update for libqt5-qtsvg fixes the following issues: * CVE-2021-45930: Fixed an out-of-bounds write that may have lead to a denial- of-service . * CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont m_unitsPerEm variable . oval:org.secpod.oval:def:89047798 This update for telnet fixes the following issues: - CVE-2022-39028: Fixed NULL pointer dereference in telnetd . oval:org.secpod.oval:def:89049245 This update for keylime fixes the following issues: * CVE-2023-38200: Fixed a DoS attack against it"s SSL connections oval:org.secpod.oval:def:89049121 This update for dbus-1 fixes the following issues: * CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users . oval:org.secpod.oval:def:89048144 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the "git archive" and "git log --format" commands . - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file . oval:org.secpod.oval:def:89047416 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree . oval:org.secpod.oval:def:89049032 This update for python-Flask fixes the following issues: * CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching . oval:org.secpod.oval:def:89048873 This update for python-Flask fixes the following issues: * CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching . oval:org.secpod.oval:def:89049120 This update for curl fixes the following issues: * CVE-2023-32001: Fixed TOCTOU race condition . oval:org.secpod.oval:def:89049046 This update for libcap fixes the following issues: * CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create . * CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup . oval:org.secpod.oval:def:89049203 This update for xtrans fixes the following issues: * CVE-2020-25697: Fixed local privilege escalation via TRANS_ABSTRACT on the client side . oval:org.secpod.oval:def:89049241 This update for bluez fixes the following issues: * CVE-2021-41229: Fix leaking buffers stored in cstates cache oval:org.secpod.oval:def:89049258 This update for qatengine fixes the following issues: * CVE-2022-43507: Fixed a buffer overflow issue with SHA3 oval:org.secpod.oval:def:89049260 This update for poppler fixes the following issues: * CVE-2019-16115: Fixed an uninitialized memory error in GfxUnivariateShading::setupCache oval:org.secpod.oval:def:89049269 This update for pcre2 fixes the following issues: * CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input . oval:org.secpod.oval:def:89049289 This update for krb5 fixes the following issues: * CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user oval:org.secpod.oval:def:89049330 This update for gawk fixes the following issues: * CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list oval:org.secpod.oval:def:89049326 This update for freetype2 fixes the following issues: * CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust . oval:org.secpod.oval:def:89049367 This update for libssh2_org fixes the following issues: * CVE-2020-22218: Fixed a bug in _libssh2_packet_add which allows to access out of bounds memory oval:org.secpod.oval:def:89049380 This update for flac fixes the following issues: * CVE-2020-22219: Fixed a buffer overflow in function bitwriter_grow_ which might allow a remote attacker to run arbitrary code via crafted input to the encoder oval:org.secpod.oval:def:89049818 This update for postfix fixes the following issues: Security fixes: * CVE-2023-32182: Fixed config_postfix SUSE specific script using potentially bad /tmp file . Other fixes: * postfix: config.postfix causes too tight permission on main.cf . oval:org.secpod.oval:def:89049575 This update for mutt fixes the following issues: * CVE-2023-4874: Fixed NULL pointer dereference when composing an email . * CVE-2023-4875: Fixed NULL pointer dereference when receiving an email . oval:org.secpod.oval:def:89049579 This update for xrdp fixes the following issues: * CVE-2023-40184: Fixed restriction bypass via improper session handling . oval:org.secpod.oval:def:89049743 This update for salt fixes the following issues: Security issues fixed: * CVE-2023-20897: Fixed DOS in minion return. * CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. Bugs fixed: * Create minion_id with reproducible mtim ... oval:org.secpod.oval:def:89050213 This update for poppler fixes the following issues: * CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops . * CVE-2020-36024: Fixed NULL Pointer Deference in `FoFiType1C:convertToType1` . * CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c . * CVE-2022-37051: Fixed a ... oval:org.secpod.oval:def:89049811 This update for poppler fixes the following issues: * CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c . * CVE-2022-37051: Fixed abort in main in pdfunite.cc . * CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service . oval:org.secpod.oval:def:89049805 This update for mdadm fixes the following issues: * CVE-2023-28736: Fixed a buffer overflow . * CVE-2023-28938: Fixed uncontrolled resource consumption . oval:org.secpod.oval:def:89049806 This update for libeconf fixes the following issues: Update to version 0.5.2. * CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in "econf_writeFile" function . * CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in "read_file" function oval:org.secpod.oval:def:89050214 This update for nghttp2 fixes the following issues: * CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent . oval:org.secpod.oval:def:89051027 This update for zchunk fixes the following issues: * CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files oval:org.secpod.oval:def:89048493 This update for emacs fixes the following issues: * CVE-2022-48337: Fixed etags local command injection vulnerability . * CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability . * CVE-2022-48338: Fixed ruby-mode.el local command injection vulnerability . oval:org.secpod.oval:def:89049341 This update for procps fixes the following issues: * CVE-2023-4016: Fixed ps buffer overflow . oval:org.secpod.oval:def:89048759 This update for avahi fixes the following issues: * CVE-2023-1981: Fixed crash in avahi-daemon . oval:org.secpod.oval:def:89048742 This update for wireshark fixes the following issues: * CVE-2023-1992: Fixed RPCoRDMA dissector crash . * CVE-2023-1993: Fixed LISP dissector large loop . * CVE-2023-1994: Fixed GQUIC dissector crash . Update to 3.6.13: * Further features, bug fixes and updated protocol support as listed in: https:/ ... oval:org.secpod.oval:def:89049036 This update for opensc fixes the following issues: * CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package . oval:org.secpod.oval:def:89048659 This update for xorg-x11-server fixes the following issues: * CVE-2023-1393: Fixed use-after-free overlay window . oval:org.secpod.oval:def:89048704 This update for apache2-mod_auth_openidc fixes the following issues: * CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied . oval:org.secpod.oval:def:89049034 This update for libX11 fixes the following issues: * CVE-2023-3138: Fixed buffer overflows in InitExt.c . oval:org.secpod.oval:def:89049217 This update for gstreamer-plugins-base fixes the following issues: * CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow . * CVE-2023-37328: Fixed Heap-based Buffer Overflow in GStreamer PGS . oval:org.secpod.oval:def:89049208 This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-37329: Fixed GStreamer SRT File Parsing Heap-based Buffer Overflow . oval:org.secpod.oval:def:89049206 This update for gstreamer-plugins-good fixes the following issues: * CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow . oval:org.secpod.oval:def:89051059 This update for poppler fixes the following issues: * CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file . * CVE-2023-34872: Fixed a remote denial-of-service in Outline.cc . oval:org.secpod.oval:def:89049382 This update for libwebp fixes the following issues: * CVE-2023-4863: Fixed heap buffer overflow . oval:org.secpod.oval:def:89049037 This update for texlive fixes the following issues: * CVE-2023-32700: Fixed arbitrary code execution in LuaTeX . oval:org.secpod.oval:def:89048891 This update for texlive fixes the following issues: * CVE-2023-32700: Fixed arbitrary code execution in LuaTeX . oval:org.secpod.oval:def:89048521 This update for c-ares fixes the following issues: Updated to version 1.19.0: * CVE-2022-4904: Fixed missing string length check in config_sortlist . oval:org.secpod.oval:def:89049027 This update for cups-filters fixes the following issues: * CVE-2023-24805: Fixed a remote code execution in the beh backend . oval:org.secpod.oval:def:89048860 This update for cups-filters fixes the following issues: * CVE-2023-24805: Fixed a remote code execution in the beh backend . oval:org.secpod.oval:def:89049267 This update for libyajl fixes the following issues: * CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server . oval:org.secpod.oval:def:89047612 This update for libyajl fixes the following issues: - CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs . oval:org.secpod.oval:def:89050956 This update for xen fixes the following issues: * CVE-2023-34323: A transaction conflict can crash C Xenstored * CVE-2023-34326: Missing IOMMU TLB flushing * CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling * CVE-2023-34327: Debug Mask handling * CVE-2023-34328: Debug Mask ha ... oval:org.secpod.oval:def:89049571 This update for open-vm-tools fixes the following issues: Update to 12.3.0 * There are no new features in the open-vm-tools 12.3.0 release. This is primarily a maintenance release that addresses a few critical problems, including: * This release integrates CVE-2023-20900 without the need for a pat ... oval:org.secpod.oval:def:89049005 This update for open-vm-tools fixes the following issues: * CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module . Bug fixes: * Fixed build problem with grpc 1.54 . oval:org.secpod.oval:def:89049363 This update for keylime fixes the following issues: * CVE-2023-38201: Fixed a bug to avoid leaks of the authorization tag oval:org.secpod.oval:def:89049353 This update for open-vm-tools fixes the following issues: * CVE-2023-20900: Fixed SAML token signature bypass vulnerability . This update also ships a open-vm-tools-containerinfo plugin oval:org.secpod.oval:def:89047401 This update for dovecot23 fixes the following issues: - CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used . oval:org.secpod.oval:def:89047421 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree . oval:org.secpod.oval:def:89051198 This update of dpdk fixes the following issues: * rebuild the package with the new secure boot key . oval:org.secpod.oval:def:89051199 This update of oracleasm fixes the following issues: * rebuild the package with the new secure boot key . oval:org.secpod.oval:def:89051200 This update of cosign fixes the following issues: * rebuild the package with the go 1.20 security release . oval:org.secpod.oval:def:89051196 This update of rekor fixes the following issues: * rebuild the package with the go 1.20 security release . oval:org.secpod.oval:def:89051201 This update of rekor fixes the following issues: * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:89051085 This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails * Use salt-call from salt bundle with transac ... oval:org.secpod.oval:def:89051103 This update for xterm fixes the following issues: * CVE-2023-40359: Fixed reporting characterset names in ReGiS graphics mode oval:org.secpod.oval:def:89051106 This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 pre-release . * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation oval:org.secpod.oval:def:89051110 This update for exfatprogs fixes the following issues: * CVE-2023-45897: Fixed out-of-bound memory issues in fsck . oval:org.secpod.oval:def:89051115 This update for python-urllib3 fixes the following issues: * CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response . oval:org.secpod.oval:def:89051148 This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 release. * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation oval:org.secpod.oval:def:89051150 This update for python3-setuptools fixes the following issues: * CVE-2022-40897: Fixed Regular Expression Denial of Service in package_index.py . oval:org.secpod.oval:def:89051166 This update for poppler fixes the following issues: * CVE-2019-9545: Fixed an uncontrolled recursion issue that could cause a crash . * CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file . * CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph . oval:org.secpod.oval:def:89051181 This update for xrdp fixes the following issues: * CVE-2023-42822: Fixed unchecked access to font glyph info . oval:org.secpod.oval:def:89051175 This update for squashfs fixes the following issues: * CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs- tools * CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination * CVE-2021-41072: Fixed an issue where an attacker m ... oval:org.secpod.oval:def:89051195 This update for sqlite3 fixes the following issues: * CVE-2023-2137: Fixed heap buffer overflow . oval:org.secpod.oval:def:89051232 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service . \- suse-build-key- import.service \- suse-build-key-import.timer It imports the future SUSE L ... oval:org.secpod.oval:def:89051259 This update for cosign fixes the following issues: Updated to 2.2.1 * Enhancements: * CVE-2023-46737: Possible endless data attack from attacker-controlled registry * feat: Support basic auth and bearer auth login to registry * add support for ignoring certificates with pkcs11 * Support ReplaceO ... oval:org.secpod.oval:def:89051275 This update for ghostscript fixes the following issues: * CVE-2023-46751: Fixed dangling pointer in gdev_prn_open_printer_seekable . oval:org.secpod.oval:def:89051273 This update for rabbitmq-server fixes the following issues: * CVE-2023-46118: Introduce HTTP request body limit for definition uploads . oval:org.secpod.oval:def:89051325 This update for polkit fixes the following issues: * Change permissions for rules folders oval:org.secpod.oval:def:89051357 This update for tar fixes the following issues: * CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling . oval:org.secpod.oval:def:89051088 This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails * Use salt-call from salt bundle with transac ... oval:org.secpod.oval:def:89051131 This update for avahi fixes the following issues: * CVE-2023-38470: Ensure each label is at least one byte long . * CVE-2023-38473: Fixed a reachable assertion when parsing a host name . oval:org.secpod.oval:def:89051179 This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video . * CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 . oval:org.secpod.oval:def:89051205 This update of installation-images fixes the following issues: * rebuild the package with the new secure boot key . oval:org.secpod.oval:def:89051263 This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-44429: Fixed GStreamer AV1 Codec Parsing Heap-based Buffer Overflow . oval:org.secpod.oval:def:89051271 This update for avahi fixes the following issues: * CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse . oval:org.secpod.oval:def:89051327 This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-44446: Fixed GStreamer MXF File Parsing Use-After-Free . * CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow . oval:org.secpod.oval:def:89051361 This update for gstreamer-plugins-bad fixes the following issues: * ZDI-CAN-22300: Fixed a buffer overflow in the AV1 video plugin . oval:org.secpod.oval:def:89051364 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Security issues fixed: * CVE-2023-31022: Fixed NULL ptr deref in kernel module layer Changes in kernel-firmware-nvidia-gspx-G06: * update firmware to version 535.129.03 Changes in nvidia-open-d ... oval:org.secpod.oval:def:89049317 This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 : * CVE-2023-38133: Fixed information disclosure. * CVE-2023-38572: Fixed Same-Origin-Policy bypass. * CVE-2023-38592: Fixed arbitrary code execution. * CVE-2023-38594: Fixed arbitrary code execution. * CVE-2023-38595: ... oval:org.secpod.oval:def:89049133 This update for redis fixes the following issues: * CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries . oval:org.secpod.oval:def:89051045 This update for redis fixes the following issues: * CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation . oval:org.secpod.oval:def:89048035 This update for tiff fixes the following issues: - CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c . - CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642] oval:org.secpod.oval:def:89048816 This update for shim fixes the following issues: * CVE-2022-28737 was missing as reference previously. * Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is "SUSE Linux Enterprise Secure Boot CA1", not "ope ... oval:org.secpod.oval:def:89048672 This update for shim fixes the following issues: * Updated shim signature after shim 15.7 be signed back: signature- sles.x86_64.asc, signature-sles.aarch64.asc * Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because g ... oval:org.secpod.oval:def:89048007 This update for bcel fixes the following issues: - CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing . oval:org.secpod.oval:def:89047739 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c . oval:org.secpod.oval:def:89047632 This update for bind fixes the following issues: - CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance . - CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders . - CVE-2022-0396: Fixed a incorrect handling of TCP connection slots ti ... oval:org.secpod.oval:def:89047546 This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules . oval:org.secpod.oval:def:89047784 This update for bind fixes the following issues: Update to release 9.16.33: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations . - CVE-2022-3080: Fixed assertion failure when there was a stale CNAME in the cache for the in ... oval:org.secpod.oval:def:89047710 This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations . - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA a ... oval:org.secpod.oval:def:89047596 This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL . - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped . - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs . - CVE-2020-2778 ... oval:org.secpod.oval:def:89048122 This update for python-future fixes the following issues: - CVE-2022-40899: Fixed an issue that could allow attackers to cause an excessive CPU usage via a crafted Set-Cookie header . oval:org.secpod.oval:def:89049119 This update for python-requests fixes the following issues: * CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header . oval:org.secpod.oval:def:89051133 This update for apache2-mod_jk fixes the following issues: Update to version 1.2.49: Apache * Retrieve default request id from mod_unique_id. It can also be taken from an arbitrary environment variable by configuring "JkRequestIdIndicator". * Don"t delegate the generatation of the response body to h ... oval:org.secpod.oval:def:89047791 This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match - CVE-2022-29404: Fixed denial of service in mod_lua r:par ... oval:org.secpod.oval:def:89049083 This update for grpc, protobuf, python-Deprecated, python-PyGithub, python- aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, ... oval:org.secpod.oval:def:89048856 This update for ovmf fixes the following issues: * CVE-2021-38578: Fixed potential underflow in SmmEntryPointwhen computing BufferSize . * CVE-2019-14560: Fixed potential secure boot bypass caused by improper check of GetEfiGlobalVariable2 return value . * revert a patch to fix xen boot problems oval:org.secpod.oval:def:89051193 This update for traceroute fixes the following issues: * CVE-2023-46316: wrapper scripts do not properly parse command lines . oval:org.secpod.oval:def:89051010 This update for zlib fixes the following issues: * CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent . oval:org.secpod.oval:def:89050978 This update for glibc fixes the following issues: Security issue fixed: * CVE-2023-4813: Fixed a potential use-after-free in gaih_inet Also a regression from a previous update was fixed: * elf: Align argument of __munmap to page size oval:org.secpod.oval:def:89049167 This update for librsvg fixes the following issues: librsvg was updated to version 2.52.10: * CVE-2023-38633: Fixed directory traversal in URI decoder . oval:org.secpod.oval:def:89050999 This update for ruby2.5 fixes the following issues: * CVE-2023-28755: Fixed a ReDoS vulnerability in URI. * CVE-2023-28756: Fixed an expensive regexp in the RFC2822 time parser. * CVE-2021-41817: Fixed a Regular Expression Denial of Service Vulnerability of Date Parsing Methods. * CVE-2021-33621: ... oval:org.secpod.oval:def:89048542 This update for vim fixes the following issues: * CVE-2023-0512: Fixed a divide By Zero . * CVE-2023-1175: vim: an incorrect calculation of buffer size . * CVE-2023-1170: Fixed a heap-based Buffer Overflow . * CVE-2023-1127: Fixed divide by zero in scrolldown . Updated to version 9.0 with patch leve ... oval:org.secpod.oval:def:89047609 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure . - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure . - CVE-2021-3595: Fixed invalid pointer initialization may lead ... oval:org.secpod.oval:def:89047610 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure . - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure . - CVE-2021-3595: Fixed invalid pointer initialization may lead ... oval:org.secpod.oval:def:89047469 This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure . Non-security fixes: - Fix the version header oval:org.secpod.oval:def:89047353 This update for ruby2.5 fixes the following issues: - CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse . oval:org.secpod.oval:def:89048773 This update for glib2 fixes the following issues: * CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant . * CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant . The following non-security bug was fixed: * Fixed regression on s390x ... oval:org.secpod.oval:def:89048595 This update for clamav fixes the following issues: * CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser . * CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser . oval:org.secpod.oval:def:89048138 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions . oval:org.secpod.oval:def:89051268 This update for ncurses fixes the following issues: * CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry * Modify reset command to avoid altering clocal if the terminal uses a modem oval:org.secpod.oval:def:89048687 This update for gnutls fixes the following issues: * CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange . * FIPS: Make the jitterentropy calls thread-safe . * FIPS: GnuTLS DH/ECDH PCT public key regeneration . oval:org.secpod.oval:def:89050979 This update for python-urllib3 fixes the following issues: * CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header . oval:org.secpod.oval:def:89049244 This update for openssl-3 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value oval:org.secpod.oval:def:89049297 This update for openssl-1_1 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. * Don"t pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size oval:org.secpod.oval:def:89048743 This update for dmidecode fixes the following issues: * CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite . oval:org.secpod.oval:def:89046995 This update for qpdf fixes the following issues: - CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write . oval:org.secpod.oval:def:89051279 This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 115.6.0 ESR changelog-entry . * CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver . * CVE-2023-6857: Symlinks may resolve to smaller than expected buffers ... oval:org.secpod.oval:def:89051033 This update for open-vm-tools fixes the following issues: * CVE-2023-34058: Fixed a SAML token signature bypass issue . * CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid- wrapper . oval:org.secpod.oval:def:89049152 This update for libqt5-qtbase fixes the following issues: * CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS . * CVE-2023-32762: Fixed Qt Network incorrectly parses the strict-transport- security header . * CVE-2023-32763: Fixed buffer overflow when rendering an SVG file with an image inside it ... oval:org.secpod.oval:def:89048508 This update for xen fixes the following issues: * CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode . * CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis- handling . * CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 . ## Specia ... oval:org.secpod.oval:def:89048995 This update for openssl-1_1 fixes the following issues: * CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case . * Update further expiring certificates t ... oval:org.secpod.oval:def:89048184 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues . Non-security fixes: - Updated to version 4.16.3 . Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:89047778 This update for xen fixes the following issues: Updated to version 4.16.2 : - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing . - CVE-2022-33748: Fixed DoS due to race in locking . Bugfixes: - Fixed Xen DomU unable to emulate audio device . - Fixed logic error in built-in default ... oval:org.secpod.oval:def:89047703 This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections . - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators . - Fix Xserver crash on keyboard remapping oval:org.secpod.oval:def:89048765 This update for git fixes the following issues: * CVE-2023-25652: Fixed partial overwrite of paths outside the working tree . * CVE-2023-25815: Fixed malicious placemtn of crafted message . * CVE-2023-29007: Fixed arbitrary configuration injection . oval:org.secpod.oval:def:89049664 This update for Golang Prometheus fixes the following issues: golang-github-prometheus-alertmanager: * CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. There are no direct sou ... oval:org.secpod.oval:def:89050960 This update for opensc fixes the following issues: * CVE-2023-40660: Fixed a PIN bypass that could be triggered when cards tracked their own login state . * CVE-2023-40661: Fixed several memory safety issues that could happen during the card enrollment process using pkcs15-init . oval:org.secpod.oval:def:89051317 This update for gnutls fixes the following issues: * CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange . oval:org.secpod.oval:def:89051255 This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 : * CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. * CVE-2021-46774: Insufficient input validatio ... oval:org.secpod.oval:def:89051286 This update for wireshark fixes the following issues: Update to 3.6.19: * CVE-2023-6175: NetScreen file parser crash . oval:org.secpod.oval:def:89049035 This update for tiff fixes the following issues: Fixed multiple out of bounds read/write security issues: CVE-2023-0795 , CVE-2023-0796 , CVE-2023-0797 , CVE-2023-0798 , CVE-2023-0799 , CVE-2023-0800 , CVE-2023-0801 , CVE-2023-0802 , CVE-2023-0803 , CVE-2023-0804 . oval:org.secpod.oval:def:89051011 This update for java-11-openjdk fixes the following issues: * Upgraded to JDK 11.0.21+9 : * CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS . Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/1 ... oval:org.secpod.oval:def:89051041 This update for java-17-openjdk fixes the following issues: * Updated to JDK 17.0.9+9 : * CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS . * CVE-2023-22025: Fixed a memory corruption issue in applications using AVX-512 . Please visit the Oracle Release Note ... oval:org.secpod.oval:def:89049809 This update for vim fixes the following issues: Security fixes: * CVE-2023-4733: Fixed use-after-free in function buflist_altfpos . * CVE-2023-4734: Fixed segmentation fault in function f_fullcommand . * CVE-2023-4735: Fixed out of bounds write in ops.c . * CVE-2023-4738: Fixed heap buffer overflow ... oval:org.secpod.oval:def:89050961 This update for wireshark fixes the following issues: Updated to version 3.6.17: * CVE-2023-5371: Fixed a memory leak issue in the RTPS dissector . oval:org.secpod.oval:def:89049815 This update for libvpx fixes the following issues: * CVE-2023-5217: Fixed a heap buffer overflow . oval:org.secpod.oval:def:89049021 This update for cups fixes the following issues: * CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient . oval:org.secpod.oval:def:89049016 This update for cups fixes the following issues: * CVE-2023-32324: Fixed a buffer overflow in format_log_line which could cause a denial-of-service . oval:org.secpod.oval:def:89049248 This update for vim fixes the following issues: * CVE-2023-2426: Fixed out-of-range pointer offset . * CVE-2023-2609: Fixed NULL pointer dereference . * CVE-2023-2610: Fixed integer overflow or wraparound . oval:org.secpod.oval:def:89049369 This update for webkit2gtk3 fixes the following issues: * Provide/obsolete WebKit2GTK-%{_apiver}-lang * Have the lang package provide libwebkit2gtk3-lang * Adjustments of update version 2.40.5 : * Added missing CVE references: CVE-2023-32393, CVE-2023-37450 oval:org.secpod.oval:def:89048813 This update for ncurses fixes the following issues: * CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data . oval:org.secpod.oval:def:89051362 This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16. Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknow ... oval:org.secpod.oval:def:89051125 This update for postgresql14 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value at runtime. This could result in disclosure o ... oval:org.secpod.oval:def:89049279 This update for postgresql15 fixes the following issues: * Update to 15.4 * CVE-2023-39417: Fixed potential SQL injection for trusted extensions. * CVE-2023-39418: Fix MERGE to enforce row security oval:org.secpod.oval:def:89049276 This update for postgresql15 fixes the following issues: * Update to 14.9 * CVE-2023-39417: Fixed potential SQL injection for trusted extensions oval:org.secpod.oval:def:89051147 This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16. Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknow ... oval:org.secpod.oval:def:89049261 This update for java-11-openjdk fixes the following issues: Updated to jdk-11.0.20+8 : * CVE-2023-22006: Fixed vulnerability in the network component . * CVE-2023-22036: Fixed vulnerability in the utility component . * CVE-2023-22041: Fixed vulnerability in the hotspot component . * CVE-2023-22044: ... oval:org.secpod.oval:def:89049171 This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.8+7 : * CVE-2023-22006: Fixed vulnerability in the network component . * CVE-2023-22036: Fixed vulnerability in the utility component . * CVE-2023-22041: Fixed vulnerability in the hotspot component . * CVE-2023- ... oval:org.secpod.oval:def:89048851 This update for java-11-openjdk fixes the following issues: Upgrade to upsteam tag jdk-11.0.19+7 : * CVE-2023-21930: Fixed AES support . * CVE-2023-21937: Fixed String platform support . * CVE-2023-21938: Fixed runtime support . * CVE-2023-21939: Fixed Swing platform support . * CVE-2023-21954: Fixe ... oval:org.secpod.oval:def:89048811 This update for java-17-openjdk fixes the following issues: Update to upstrem tag jdk-17.0.7+7 Security fixes: * CVE-2023-21930: Fixed AES support . * CVE-2023-21937: Fixed String platform support . * CVE-2023-21938: Fixed runtime support . * CVE-2023-21939: Fixed Swing platform support . * CVE-202 ... oval:org.secpod.oval:def:89048717 This update for harfbuzz fixes the following issues: * CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O growth via consecutive marks . oval:org.secpod.oval:def:89049577 This update for quagga fixes the following issues: * CVE-2023-38802: Fixed bad length handling in BGP attribute handling . * CVE-2023-41358: Fixed possible crash when processing NLRIs if the attribute length is zero . oval:org.secpod.oval:def:89048198 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash . - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash . - CVE-2023-0054: Fixed an out of bounds memory write that c ... oval:org.secpod.oval:def:89048084 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 . - CVE-2022-3520: vim: Heap-based Buffer Overflow . - CVE-2022-3591: vim: Use After Free . - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vi ... oval:org.secpod.oval:def:89047707 This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.4+8 - CVE-2022-21540: Improve class compilation - CVE-2022-21541: Enhance MethodHandle invocations - CVE-2022-34169: Improve Xalan supports - CVE-2022-21549: java.util.random does not correctly sample exp ... oval:org.secpod.oval:def:89047620 This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.16+8 - CVE-2022-21540: Improve class compilation - CVE-2022-21541: Enhance MethodHandle invocations - CVE-2022-34169: Improve Xalan supports oval:org.secpod.oval:def:89047742 This update for libostree fixes the following issues: - CVE-2014-9862: Fixed a memory corruption issue that could be triggered when diffing binary files . oval:org.secpod.oval:def:89046983 This update for oniguruma fixes the following issues: - CVE-2019-19246: Fixed an out of bounds access during regular expression matching . - CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression . - CVE-2019-19203: Fixed an out of bounds access when performing a s ... oval:org.secpod.oval:def:89051089 This update for clamav fixes the following issues: * Updated to version 0.103.11: * CVE-2023-40477: Updated libclamunrar dependency to version 6.2.12 . oval:org.secpod.oval:def:89051189 This update for python3-Twisted fixes the following issues: * CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests oval:org.secpod.oval:def:89051176 This update for xerces-c fixes the following issues: * CVE-2023-37536: Fixed an integer overflow that could have led to a out-of- bounds memory accesses . oval:org.secpod.oval:def:89051139 This update for openssl-1_1 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service . oval:org.secpod.oval:def:89051254 This update for openssl-3 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service . Bug fixes: * The default /etc/ssl/openssl3.cnf file will include any configuration files that other packages might pl ... oval:org.secpod.oval:def:89048830 This update for golang-github-prometheus-alertmanager and golang-github- prometheus-node_exporter fixes the following issues: golang-github-prometheus-alertmanager: * Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning golang-github-prometheus-node_exporter: * Sec ... oval:org.secpod.oval:def:89051376 This update for pam fixes the following issues: * CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation . * Check localtime_r return value to fix crashing oval:org.secpod.oval:def:89050793 This update for shadow fixes the following issues: * CVE-2023-4641: Fixed potential password leak . oval:org.secpod.oval:def:89051256 This update for python3-cryptography fixes the following issues: * CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle . oval:org.secpod.oval:def:89051118 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for ... oval:org.secpod.oval:def:89049390 This update for gcc7 fixes the following issues: Security issue fixed: * CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 . Other fixes: * Fixed KASAN kernel compile. [bsc#1205145] * Fixed ICE with C++17 code as reported in [bsc#1204505] * Fixed altivec.h redefining bool in C++ ... oval:org.secpod.oval:def:89050992 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for ... oval:org.secpod.oval:def:89049845 This update for ghostscript fixes the following issues: * CVE-2023-43115: Fixed remote code execution via crafted PostScript documents in gdevijs.c . oval:org.secpod.oval:def:89047404 This update for java-11-openjdk fixes the following issues: - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols . - CVE-2022-21434: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multipl ... oval:org.secpod.oval:def:89051340 This update for wireshark fixes the following issues: * Updated to Wireshark 3.6.20: * CVE-2024-0208: Fixed a crash in the GVCP dissector . * CVE-2024-0209: Fixed a crash in the IEEE 1609.2 dissector . oval:org.secpod.oval:def:89051338 This update for wireshark fixes the following issues: * Updated to Wireshark 3.6.20: * CVE-2024-0208: Fixed a crash in the GVCP dissector . * CVE-2024-0209: Fixed a crash in the IEEE 1609.2 dissector . oval:org.secpod.oval:def:89047570 This update for freetype2 fixes the following issues: - CVE-2022-27404 Fixed a segmentation fault via a crafted typeface . - CVE-2022-27405 Fixed a buffer overflow via a crafted typeface . - CVE-2022-27406 Fixed a segmentation fault via a crafted typeface . Non-security fixes: - Updated to version 2 ... oval:org.secpod.oval:def:89047646 This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommand . - Add "ldap_ignore_unreadable_references" parameter to skip unreadable objects referenced by "member" attributte - Fix 32-bit libraries package. ... oval:org.secpod.oval:def:89049331 This update for ghostscript fixes the following issues: * CVE-2023-38559: Fixed out-of-bounds read in devn_pcx_write_rle that could result in DoS . oval:org.secpod.oval:def:89048695 This update for ghostscript fixes the following issues: * CVE-2023-28879: Fixed buffer Overflow in s_xBCPE_process . oval:org.secpod.oval:def:89048579 This update for java-11-openjdk fixes the following issues: * CVE-2023-21843: Fixed soundbank URL remote loading . * CVE-2023-21835: Fixed handshake DoS attack against DTLS connections . Bugfixes: * Remove broken accessibility sub-package . oval:org.secpod.oval:def:89048847 This update for postgresql15 fixes the following issues: Updated to version 15.3: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script . \- CVE-2023-2455: Fixed an issue that could allow a us ... oval:org.secpod.oval:def:89048845 This update for postgresql14 fixes the following issues: Updated to version 14.8: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script . \- CVE-2023-2455: Fixed an issue that could allow a us ... oval:org.secpod.oval:def:89049024 This update for libwebp fixes the following issues: * CVE-2023-1999: Fixed a double free . oval:org.secpod.oval:def:89051246 This update for openvswitch fixes the following issues: * CVE-2023-5366: Fixed missing masks on a final stage with ports trie . oval:org.secpod.oval:def:89051184 This update for openvswitch fixes the following issues: * CVE-2023-5366: Fixed missing masks on a final stage with ports trie . oval:org.secpod.oval:def:89049001 This update for python3 fixes the following issues: * CVE-2007-4559: Fixed filter for tarfile.extractall . * Fixed unittest.mock.patch.dict returns function when applied to coroutines . oval:org.secpod.oval:def:89048950 This update for openldap2 fixes the following issues: * CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x . oval:org.secpod.oval:def:89051109 This update for w3m fixes the following issues: * Update to version 0.5.3+git20230121 * CVE-2023-38252: Fixed an out-of-bounds write in function Strnew_size that allows attackers to cause a denial of service via a crafted HTML file. * CVE-2023-38253: Fixed an out-of-bounds write in function growbuf ... oval:org.secpod.oval:def:89048072 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free . - CVE-2022-43551: Fixed HSTS bypass via IDN . oval:org.secpod.oval:def:89048135 This update for postgresql-jdbc fixes the following issues: - CVE-2022-41946: Fixed a local information disclosure issue due to improper handling of temporary files . oval:org.secpod.oval:def:89047957 This update for libarchive fixes the following issues: - CVE-2022-36227: Fixed potential NULL pointer dereference in __archive_write_allocate_filter . oval:org.secpod.oval:def:89047757 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion . - CVE-2022-42916: Fixed HSTS bypass via IDN . oval:org.secpod.oval:def:89048118 This update for w3m fixes the following issues: - CVE-2022-38223: Fixed a memory safety issue when dumping crafted input to standard out . oval:org.secpod.oval:def:89047527 This update for libvirt fixes the following issues: - CVE-2022-0897: Fixed a crash in nwfilter when counting number of network filters . The following non-security bugs were fixed: - qemu: Improve save operation by increasing pipe size c61d1e9b-virfile-set-pipe-size.patch, 47d6d185-virfile-fix-inden ... oval:org.secpod.oval:def:89048931 This update for libvirt fixes the following issues: * CVE-2023-2700: Fixed a memory leak that could be triggered by repeatedly querying an SR-IOV PCI device"s capabilities . Non-security fixes: * Fixed a potential crash during driver cleanup . * Added Apparmor support for SUSE edk2 firmware paths . ... oval:org.secpod.oval:def:89047724 This update for libarchive fixes the following issues: - CVE-2022-26280: Fixed out-of-bounds read via the component zipx_lzma_alone_init . - CVE-2021-36976: Fixed use-after-free in copy_string . - CVE-2017-5601: Fixed out-of-bounds memory access preventing denial-of-service . oval:org.secpod.oval:def:89049134 This update for openssh fixes the following issues: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent"s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim"s system and if the agen ... oval:org.secpod.oval:def:89047560 This update for libcaca fixes the following issues: - CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no data is written and space is allocated for the header only, not taking into account that sprintf appends a NUL byte . oval:org.secpod.oval:def:89047951 This update for net-snmp fixes the following issues: Updated to version 5.9.3 : - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access. - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable th ... oval:org.secpod.oval:def:89047651 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service . oval:org.secpod.oval:def:89048087 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script . oval:org.secpod.oval:def:89048586 This update for curl fixes the following issues: * CVE-2023-27533: Fixed TELNET option IAC injection . * CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy . * CVE-2023-27535: Fixed FTP too eager connection reuse . * CVE-2023-27536: Fixed GSS delegation too eager connection reuse . * CVE-2023-2 ... oval:org.secpod.oval:def:89048600 This update for libxslt fixes the following issues: * CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT . oval:org.secpod.oval:def:89051234 This update for squid fixes the following issues: * CVE-2023-49285: Fixed buffer over read bug on HTTP Message processing flow * CVE-2023-49286: Fixed Denial of Service vulnerability in helper process management * Fix X-Forwarded-For Stack Overflow oval:org.secpod.oval:def:89051164 This update for squid fixes the following issues: * CVE-2023-46728: Remove gopher support . * Fixed overread in HTTP request header parsing . oval:org.secpod.oval:def:89048997 This update for bind fixes the following issues: Update to release 9.16.42 Security Fixes: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. * A query that prioritizes stale data over lookup triggers a fetch to r ... oval:org.secpod.oval:def:89049418 This update for bind fixes the following issues: Update to release 9.16.44: * CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly . oval:org.secpod.oval:def:89050982 This update for suse-module-tools fixes the following issues: * Updated to version 15.4.18: * CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module . * CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules . oval:org.secpod.oval:def:89049043 This update for dnsdist fixes the following issues: * update to 1.8.0 * Implements dnsdist in SLE15 * Security fix: fixes a possible record smugging with a crafted DNS query with trailing data * update to 1.2.0 This release also addresses two security issues of low severity, CVE-2016-7069 and CVE ... oval:org.secpod.oval:def:89047751 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - Fixed a regression caused by the patch for CVE-2022-25236 . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: ... oval:org.secpod.oval:def:89049563 This update for python3 fixes the following issues: * CVE-2023-40217: Fixed TLS handshake bypass on closed sockets . oval:org.secpod.oval:def:89048686 This update for sudo fixes the following issue: Security issues: * CVE-2023-28486: Fixed sudo does not escape control characters in log messages. * CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. * CVE-2023-27320: Fixed a potential security issue with a double f ... oval:org.secpod.oval:def:89049332 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter . * CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem . ... oval:org.secpod.oval:def:89050951 This update for qemu fixes the following issues: * CVE-2023-3180: Fixed a buffer overflow in the virtio-crypto device . * CVE-2021-3750: Fixed a DMA reentrancy in the USB EHCI device that could lead to use-after-free . * CVE-2021-3638: Fixed a buffer overflow in the ati-vga device . * CVE-2023-3354: ... oval:org.secpod.oval:def:89051557 This update for salt and python-pyzmq fixes the following issues: salt: * Update to Salt release version 3006.0 * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new ... oval:org.secpod.oval:def:89051567 This update for rabbitmq-c fixes the following issues: * CVE-2023-35789: Fixed insecure credentials submission . oval:org.secpod.oval:def:89051445 This update for perl fixes the following issues: * CVE-2023-31484: Enable TLS cert verification in CPAN . oval:org.secpod.oval:def:89051580 This update for poppler fixes the following issues: * CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service . oval:org.secpod.oval:def:89051397 This update for bluez fixes the following issues: * CVE-2023-50229: Fixed an out of bounds write in the primary version counter for the Phone Book Access Profile implementation . * CVE-2023-50230: Fixed an out of bounds write in the secondary version counter for the Phone Book Access Profile impleme ... oval:org.secpod.oval:def:89051403 This update for python-Pillow fixes the following issues: * CVE-2023-50447: Fixed arbitrary code execution via the environment parameter oval:org.secpod.oval:def:89051407 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.7.0 ESR : * CVE-2024-0741: Out of bounds write in ANGLE * CVE-2024-0742: Failure to update user input timestamp * CVE-2024-0746: Crash when listing printers on Linux * CVE-2024-0747: Bypass of ... oval:org.secpod.oval:def:89051420 This update for xen fixes the following issues: * CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89051442 This update for xerces-c fixes the following issues: * CVE-2018-1311: fixed use-after-free triggered during the scanning of external DTDs potentially leading to DOS oval:org.secpod.oval:def:89051453 This update for libavif fixes the following issues: * CVE-2023-6704: Fixed use after free by not storing colorproperties until alpha item is found . oval:org.secpod.oval:def:89051451 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service . \- suse-build-key- import.service \- suse-build-key-import.timer It imports the future SUSE L ... oval:org.secpod.oval:def:89051465 This update for salt fixes the following issues: Security issues fixed: * CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master * CVE-2024-22232: Prevent directory traversal attacks in the master"s serve_file method Bugs fixed: * Ensure that pillar refresh ... oval:org.secpod.oval:def:89051476 This update for postgresql13 fixes the following issues: Upgrade to 13.14: * CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY . oval:org.secpod.oval:def:89051490 This update for postgresql16 fixes the following issues: Upgrade to 16.2: * CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY . oval:org.secpod.oval:def:89051495 This update for postgresql15 fixes the following issues: Upgrade to 15.6: * CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY . oval:org.secpod.oval:def:89051494 This update for postgresql14 fixes the following issues: Upgrade to 14.11: * CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY . oval:org.secpod.oval:def:89051489 This update for openvswitch fixes the following issues: * CVE-2024-22563: Fixed memory leak via the function xmalloc__ in /lib/util.c . oval:org.secpod.oval:def:89051524 This update for dpdk fixes the following issues: * Fixed a regression caused by incomplete fix for CVE-2022-2132 . oval:org.secpod.oval:def:89051505 This update for python-aiohttp, python-time-machine fixes the following issues: python-aiohttp was updated to version 3.9.3: * Fixed backwards compatibility breakage of `ssl` parameter when set outside of `ClientSession` * Improved test suite handling of paths and temp files to consistently use pa ... oval:org.secpod.oval:def:89051533 This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: * CVE-2024-23653: BuildKit API doesn"t validate entitlement on container creation . * CVE-2024-23652: Fixed arbitrary deletion of files . * CVE-2024-23651: Fixed race condition in mo ... oval:org.secpod.oval:def:89051531 This update for php-composer2 fixes the following issues: * CVE-2024-24821: Fixed potential arbitrary code execution when Composer is invoked within a directory with tampered files . oval:org.secpod.oval:def:89051537 This update for python310 fixes the following issues: * CVE-2023-27043: Fixed incorrectly parser of e-mail addresses which contain a special character . oval:org.secpod.oval:def:89051536 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.8.0 ESR : * CVE-2024-1546: Out-of-bounds memory read in networking channels * CVE-2024-1547: Alert dialog could have been spoofed on another site * CVE-2024-1548: Fullscreen Notification could ... oval:org.secpod.oval:def:89051600 This update for apache2-mod_auth_openidc fixes the following issues: * CVE-2024-24814: Fixed a denial of service when using `OIDCSessionType client-cookie` and manipulating cookies . oval:org.secpod.oval:def:89051616 This update for giflib fixes the following issues: Update to version 5.2.2 * Fixes for CVE-2023-48161 , CVE-2022-28506 * # 138 Documentation for obsolete utilities still installed * # 139: Typo in "LZW image data" page * # 140: Typo in "LZW image data" page * # 141: Typo in "Bits and bytes" page ... oval:org.secpod.oval:def:89051615 This update for sudo fixes the following issues: * CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks . oval:org.secpod.oval:def:89051634 This update for sudo fixes the following issues: NOTE: This update has been retracted as some logic was not correct. * CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks . oval:org.secpod.oval:def:89051627 This update for wpa_supplicant fixes the following issues: * CVE-2023-52160: Bypassing WiFi Authentication . oval:org.secpod.oval:def:89051636 This update for openssl-1_1 fixes the following issues: * CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file . oval:org.secpod.oval:def:89051654 This update for glibc fixes the following issues: Security issues fixed: * qsort: harden handling of degenerated / non transient compare function Other issues fixed: * getaddrinfo: translate ENOMEM to EAI_MEMORY * aarch64: correct CFI in rawmemchr oval:org.secpod.oval:def:89051649 This update for sudo fixes the following issues: * CVE-2023-42465: Fixed issues introduced by first patches . oval:org.secpod.oval:def:89051670 This update for gdb fixes the following issues: * Drop libdebuginfod1 BuildRequires/Recommends. The former isn"t needed because there"s a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it"s bogus since RPM auto generated dependency will ... oval:org.secpod.oval:def:89051685 This update for openvswitch fixes the following issues: * CVE-2023-3966: Fixed invalid memory access in Geneve with HW offload . oval:org.secpod.oval:def:89051705 This update for netty, netty-tcnative fixes the following issues: * CVE-2024-29025: Fixed out of memory due to large number of form fields . oval:org.secpod.oval:def:89051721 This update for gradle, gradle-bootstrap fixes the following issues: * CVE-2021-29429: Fixed information disclosure through temporary directory permissions . * CVE-2019-15052: Fixed authentication credentials disclosure . gradle: * Fixed RPM package building issues due to changed dependencies gradle ... oval:org.secpod.oval:def:89051746 This update for python-Pillow fixes the following issues: * CVE-2024-28219: Fixed buffer overflow in _imagingcms.c Other fixes: \- Re-enabled build tests for s390x and ppc oval:org.secpod.oval:def:89051762 This update for eclipse, maven-surefire, tycho fixes the following issues: eclipse received the following security fix: * CVE-2023-4218: Fixed a bug where parsing files with xml content laeds to XXE attacks. maven-sunfire was updated from version 2.22.0 to 2.22.2: * Changes in version 2.22.2: * Bug ... oval:org.secpod.oval:def:89051770 This update for pgadmin4 fixes the following issues: * CVE-2024-2044: Fixed unsafe deserialization and Remote Code Execution by an authenticated user oval:org.secpod.oval:def:89051782 This update for wireshark fixes the following issues: Security fixes: * CVE-2024-24476: Fixed a denial of service in ws_manuf_lookup_str Other fixes: * Wireshark 3.6.22: * Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.22 ... oval:org.secpod.oval:def:89051793 This update for apache-commons-configuration2 fixes the following issues: * CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator . * CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flatten with a cyclical object tree . oval:org.secpod.oval:def:89051549 This update for bind fixes the following issues: * CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm . oval:org.secpod.oval:def:89051574 This update for gcc12 fixes the following issues: * CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 . oval:org.secpod.oval:def:89051585 This update for Java fixes the following issues: apache-commons-codec was updated to version 1.16.1: * Changes in version 1.16.1: * New features: * Added Maven property project.build.outputTimestamp for build reproducibility * Bugs fixed: * Correct error in Base64 Javadoc * Added minimum Java versio ... oval:org.secpod.oval:def:89051606 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Update to 550.54.14 * Added vGPU Host and vGPU Guest support. For vGPU Host, please refer to the README.vgpu packaged in the vGPU Host Package for more details. Security issues fixed: * CVE-202 ... oval:org.secpod.oval:def:89051629 This update for jetty-minimal fixes the following issues: * CVE-2024-22201: Fixed denial-of-service via HTTP/2 connection leak . oval:org.secpod.oval:def:89051640 This update for openssl-1_0_0 fixes the following issues: * CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file . oval:org.secpod.oval:def:89051814 This update for fontforge fixes the following issues: * CVE-2024-25081: Fixed command injection via crafted filenames . * CVE-2024-25082: Fixed command injection via crafted archives or compressed files . oval:org.secpod.oval:def:89051648 This update for vim fixes the following issues: * CVE-2023-48231: Fixed Use-After-Free in win_close . * CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol . * CVE-2023-48233: Fixed overflow with count for :s command . * CVE-2023-48234: Fixed overflow in nv_z_get_count . * CV ... oval:org.secpod.oval:def:89051446 This update for java-17-openjdk fixes the following issues: Updated to version 17.0.10 : * CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check . * CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier . * CVE-2024-20921: Fixed an inc ... oval:org.secpod.oval:def:89051543 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 20: [bsc#1219843] Security fixes: * CVE-2023-33850: Fixed information disclosure vulnerability due to the consumed GSKit library . * CVE-2024-20932: Fixed incorrect handling of ZIP files with dup ... oval:org.secpod.oval:def:89051644 This update for java-1_8_0-openjdk fixes the following issues: * CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS . * CVE-2024-20921: Fixed range check loop optimization issue . * CVE-2024-20926: Fixed rbitrary Java code execution in Nashorn . * CVE-2024-20919: F ... oval:org.secpod.oval:def:89051443 This update for java-11-openjdk fixes the following issues: Updated to version 11.0.22 : * CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check . * CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier . * CVE-2024-20921: Fixed an inc ... oval:org.secpod.oval:def:89049079 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. NOTE: This update was retracted due to a serious regression in the i915 graphics card driver. * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver . * CVE-2022-38096: Fix ... oval:org.secpod.oval:def:89048690 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver . * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query . * CVE-2023-0045: Fixed missing Flush IBP in ib_ ... oval:org.secpod.oval:def:89051527 This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: * CVE-2023-5388: Fixed timing attack against RSA decryption in TLS oval:org.secpod.oval:def:89051456 This update for squid fixes the following issues: * CVE-2023-50269: fixed X-Forwarded-For Stack Overflow. * CVE-2024-23638: fixed Denial of Service attack against Cache Manager error responses oval:org.secpod.oval:def:89051712 This update for squid fixes the following issues: * CVE-2024-25617: Fixes denial of service in HTTP header parser * CVE-2024-25111: Fixes Chunked Encoding Stack Overflow oval:org.secpod.oval:def:89051128 This update for frr fixes the following issues: * CVE-2023-46752: Fixed denial of service caused by mishandling malformed MP_REACH_NLRI data . * CVE-2023-46753: Fixed denial of service caused by crafted BGP UPDATE messages . oval:org.secpod.oval:def:89050953 This update for samba fixes the following issues: * CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. * CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep call on AD DC. * CVE-2023-4154: Fixed a bug in dirsync ... oval:org.secpod.oval:def:89051009 This update for nghttp2 fixes the following issues: * CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack oval:org.secpod.oval:def:89051815 This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues: abseil-cpp was updated to: Update to 20230802.1: * Add StdcppWaiter to the end of the list of waiter implementations Update to 20230802.0 What"s New: * Added the nullability li ... oval:org.secpod.oval:def:89051577 This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send . * CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability . * CVE-2023-34967: Fixed samba spotligh ... oval:org.secpod.oval:def:89047753 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging . - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request . - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords . ... oval:org.secpod.oval:def:89047441 This update for frr fixes the following issues: - CVE-2022-26125, CVE-2022-26126: Fixed buffer overflows in unpack_tlv_router_cap . - CVE-2022-26127: Fixed heap buffer overflow in babel_packet_examin . - CVE-2022-26128: Fixed buffer overflows in babel_packet_examin . - CVE-2022-26129: Fixed buffer o ... oval:org.secpod.oval:def:89048160 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch oval:org.secpod.oval:def:89048145 This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored . - Updated to version 3.79.3 : - CVE-2022-23491: Removed trust for 3 root c ... oval:org.secpod.oval:def:89047479 This update for openjpeg2 fixes the following issues: - CVE-2018-5727: Fixed integer overflow vulnerability in theopj_t1_encode_cblks function . - CVE-2018-5785: Fixed integer overflow caused by an out-of-bounds leftshift in the opj_j2k_setup_encoder function . - CVE-2018-6616: Fixed excessive itera ... oval:org.secpod.oval:def:89051733 This update for expat fixes the following issues: * CVE-2023-52425: Fixed a DoS caused by processing large tokens. * CVE-2024-28757: Fixed an XML Entity Expansion oval:org.secpod.oval:def:89051457 This update for runc fixes the following issues: * Update to runc v1.1.12 The following CVE was already fixed with the previous release. * CVE-2024-21626: Fixed container breakout. oval:org.secpod.oval:def:89051433 This update for runc fixes the following issues: Update to runc v1.1.11: * CVE-2024-21626: Fixed container breakout oval:org.secpod.oval:def:89049008 This update for python-sqlparse fixes the following issues: * CVE-2023-30608: Fixed a Regular Expression Denial of Service vulnerability . oval:org.secpod.oval:def:89047815 This update for openssl-3 fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. - CVE-2022-1292: Properly sanitise shell metacharacters in c_rehash script. - CVE-2022-1343: Fixed incorrect signature verification in OCSP_basic_verify . - CVE-2022-2097: Fix ... oval:org.secpod.oval:def:89047650 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode . oval:org.secpod.oval:def:89048898 This update for rmt-server fixes the following issues: Updated to version 2.13: * CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency . * CVE-2023-27530: Fixed a denial of service issue in multipart request parsing . Non-security fixes: * Fixed transactional update on GCE . * Use H ... oval:org.secpod.oval:def:89047785 This update for grub2 fixes the following issues: This update provides security fixes and hardenings for Boothole 3 / Boothole 2022 - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap - CVE-2021-3696: Fixed that a crafted PNG image could lead to out- ... oval:org.secpod.oval:def:89051622 This update for go1.21 fixes the following issues: * Upgrade go to version 1.21.8 * CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect * CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm * CVE-2024-24783: cry ... oval:org.secpod.oval:def:89051713 This update for go1.21 fixes the following issues: * CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames Other changes: \- go minor release upgrade to 1.21.9 oval:org.secpod.oval:def:89051060 This update for squid fixes the following issues: * CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP . * CVE-2023-46847: Denial of Service in HTTP Digest Authentication . * CVE-2023-46724: Fix validation of certificates with CN=* . * CVE-2023-46848: Denial of Service in FTP . oval:org.secpod.oval:def:89051696 This update for krb5 fixes the following issues: * CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c . * CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c . oval:org.secpod.oval:def:89051262 This update for curl fixes the following issues: * CVE-2023-46218: Fixed cookie mixed case PSL bypass . * CVE-2023-46219: HSTS long file name clears contents . oval:org.secpod.oval:def:89051296 This update for libqt5-qtbase fixes the following issues: * CVE-2023-37369: Fixed buffer overflow in QXmlStreamReader . * libq5-qtbase was rebuild against icu 73. jsc#PED-6193 oval:org.secpod.oval:def:89051289 This update for libqt5-qtbase fixes the following issues: * CVE-2023-37369: Fixed buffer overflow in QXmlStreamReader . * libq5-qtbase was rebuild against icu 73. jsc#PED-6193 oval:org.secpod.oval:def:89051698 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.9.1esr ESR MFSA 2024-16 . * CVE-2024-29944: Privileged JavaScript Execution via Event Handlers . Firefox Extended Support Release 115.9.0 ESR : * CVE-2024-0743: Crash in NSS TLS method . * CVE-2024-2605: ... oval:org.secpod.oval:def:89051006 This update for openssl-3 fixes the following issues: * CVE-2023-5363: Incorrect cipher key and IV length processing. * CVE-2023-3817: Add test of DH_check with q = p + 1 oval:org.secpod.oval:def:89047701 This update for webkit2gtk3 fixes the following issues: - Updated to version 2.36.7 : - CVE-2022-32893: Fixed an issue that would be triggered when processing malicious web content and that could lead to arbitrary code execution. - Fixed several crashes and rendering issues. - Updated to version 2.3 ... oval:org.secpod.oval:def:89048524 This update fixes the following issues: dracut-saltboot: * Update to verion 0.1.1674034019.a93ff61 * Install copied wicked config as client.xml * Update to version 0.1.1673279145.e7616bd grafana: * CVE-2022-46146: Fix basic authentication bypass by updating the exporter toolkit to version 0.7.3 * ... oval:org.secpod.oval:def:89049562 This update for binutils fixes the following issues: Update to version 2.41 [jsc#PED-5778]: * The MIPS port now supports the Sony Interactive Entertainment Allegrex processor, used with the PlayStation Portable, which implements the MIPS II ISA along with a single-precision FPU and a few implementat ... oval:org.secpod.oval:def:89048171 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data . oval:org.secpod.oval:def:89048601 This update for redis fixes the following issues: * CVE-2022-36021: Fixed integer overflow in RANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands . * CVE-2023-25155: Fixed integer Overflow in RAND commands can lead to assertion . The following non-security bug was fixed: * Fixed redis-sentinel not star ... oval:org.secpod.oval:def:89048808 This update for redis fixes the following issues: * CVE-2022-36021: Fixed possible integer overflow via specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands . * CVE-2023-28856: Fixed possible DoS when using HINCRBYFLOAT to create an hash field . * CVE-2023-25155: Fixed integer overflo ... oval:org.secpod.oval:def:89048177 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3344: Fixed a bug where nested shutdown interception could lead to host crash - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can ... oval:org.secpod.oval:def:89048063 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec . - CVE-2022-42328: Guests could trigger denial of service via the netback driver . - CVE-2022-42329: Gues ... oval:org.secpod.oval:def:89047807 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings . - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 . - CVE-2022-26362: Fixed a race condition in typeref acquisition . ... oval:org.secpod.oval:def:89047635 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO . - CVE-2022-2585: Fixed use-after-free in POSIX CPU timer . - CVE-2022-21505: Fixed kexec ... oval:org.secpod.oval:def:89047716 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information . - CVE-2022-34918: Fixed a buffer overflow with nft_se ... oval:org.secpod.oval:def:89047682 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain . - C ... oval:org.secpod.oval:def:89048517 This update for python3 fixes the following issues: * CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters . The following non-security bug was fixed: * Eliminate unnecessary and dangerous calls to PyThread_exit_thread . oval:org.secpod.oval:def:89047409 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // . oval:org.secpod.oval:def:89048504 This update for python3 fixes the following issues: * CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names . Bugfixes: * Fixed issue where email.generator.py replaces a non-existent header . oval:org.secpod.oval:def:89047573 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module . oval:org.secpod.oval:def:89048487 This update for qemu fixes the following issues: * CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc . * CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length . oval:org.secpod.oval:def:89048616 This update for qemu fixes the following issues: * CVE-2022-4144: Fixed qxl_phys2virt unsafe address translation that can lead to out-of-bounds read . * CVE-2022-3165: Fixed integer underflow in vnc_client_cut_text_ext . * CVE-2022-1050: Fixed use-after-free issue in pvrdma_exec_cmd . Bugfixes: * Fi ... oval:org.secpod.oval:def:89047690 This update for qemu fixes the following issues: - CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak - CVE-2022-26353: Fixed map leaking on error during receive - CVE-2021-4207: Fixed double fetch in qxl_cursor can lead to heap buffer overflow - CVE-2021-4206: Fixed ... oval:org.secpod.oval:def:89047763 This update for mariadb fixes the following issues: - Added mariadb-galera Update to 10.6.8 : - CVE-2021-46669 - CVE-2022-27376 - CVE-2022-27377 - CVE-2022-27378 - CVE-2022-27379 - CVE-2022-27380 - CVE-2022-27381 - CVE-2022-27382 - CVE-2022-27383 - CVE-2022-27384 - CVE-2022-27386 - CVE-2 ... oval:org.secpod.oval:def:89047687 This update for mariadb fixes the following issues: - Updated to 10.6.9: - CVE-2022-32082: Fixed a reachable assertion that would crash the server . - CVE-2022-32089: Fixed a segmentation fault that coudl be triggered via a crafted query . - CVE-2022-32081: Fixed a buffer overflow on instant ADD/DRO ... oval:org.secpod.oval:def:89049295 This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20230808 release. * CVE-2022-40982: Fixed a potential security vulnerability in some Intel, Processors which may allow information disclosure. * CVE-2023-23908: Fixed a potential security vulnerability in some ... oval:org.secpod.oval:def:89049087 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel i915 Graphics drivers that may have allowed an authentic ... oval:org.secpod.oval:def:89048515 This update for xen fixes the following issues: * CVE-2022-27672: Fixed speculative execution vulnerability due to RAS being dynamically partitioned between non-idle threads . Bugfixes: * Fixed launch-xenstore error * Fixed issues in VMX . oval:org.secpod.oval:def:89048689 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. * CVE-2022-3523: Fixed a use after free related to device private page handling . * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver . * CVE-2022-38096: Fixed NULL-ptr ... oval:org.secpod.oval:def:89047531 This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 : - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Update to version 2.34.5 : - CVE-2022-22589: A validation issue was addressed with improved input sanitization. - ... oval:org.secpod.oval:def:89047371 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.0 : - CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22629: Fixed a buffer overflow that may le ... oval:org.secpod.oval:def:89047665 This update for postgresql-jdbc fixes the following issues: - CVE-2022-26520: Fixed arbitrary File Write Vulnerability oval:org.secpod.oval:def:89047678 This update for python-numpy fixes the following issues: - CVE-2021-41495: Fixed Null Pointer Dereference in numpy.sort . oval:org.secpod.oval:def:89048062 This update for openssl-3 fixes the following issues: - CVE-2022-3996: Fixed X.509 Policy Constraints Double Locking oval:org.secpod.oval:def:89049015 This update for webkit2gtk3 fixes the following issues: Add security patches : * CVE-2023-28204: Fixed processing of web content that may disclose sensitive information . * CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution . oval:org.secpod.oval:def:89048088 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3: - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content . oval:org.secpod.oval:def:89047666 This update for webkit2gtk3 fixes the following issues: - Update to version 2.36.5 : - Add support for PAC proxy in the WebDriver implementation. - Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. - Fix WebKitWebView::context-menu when ... oval:org.secpod.oval:def:89048994 This update for webkit2gtk3 fixes the following issues: Add security patches : * CVE-2023-28204: Fixed processing of web content that may disclose sensitive information . * CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution . oval:org.secpod.oval:def:89047654 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 : - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted. - CVE-2022-2 ... oval:org.secpod.oval:def:89047736 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer . - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted ... oval:org.secpod.oval:def:89048164 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user"s password . - Updated to version 4.15.13: - CVE-2022-37966: Fixed an issue where a weak cipher would b ... oval:org.secpod.oval:def:89047942 Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content . - CVE-2022-32923: Fixed possible information leak via maliciously crafted web content . - CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website . - CVE-2022-42823 ... oval:org.secpod.oval:def:89051252 This update for tiff fixes the following issues: * CVE-2023-2731: Fix null pointer deference in LZWDecode . * CVE-2023-1916: Fix out-of-bounds read in extractImageSection . * CVE-2023-26965: Fix heap-based use after free in loadImage . * CVE-2022-40090: Fix infinite loop in TIFFReadDirectory . oval:org.secpod.oval:def:89047406 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API . - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence . - Package the Tcl bindings ... oval:org.secpod.oval:def:89047403 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files . - CVE-2021-3875: Fixed heap-based buffer overflow . - CVE-2021-3903: Fixed heap-based buffer overflow . - CVE-2021-3968: Fixed heap-based buffer overflow . - CVE-2021-3973: Fixed heap-based buff ... oval:org.secpod.oval:def:89047530 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c . oval:org.secpod.oval:def:89047740 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service - CVE-2022-32206: HTTP compression denial of service - CVE-2022-32207: Unpreserved file permissions - CVE-2022-32208: FTP-KRB bad message verification oval:org.secpod.oval:def:89047475 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion . - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods . - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP . - CVE-2021-31 ... oval:org.secpod.oval:def:89047026 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0313: - CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent . - CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address . - CVE-2022-2175: Fixed buffer over-read through cmdline_inse ... oval:org.secpod.oval:def:89048776 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 : * CVE-2022-0108: Fixed information leak. * CVE-2022-32885: Fixed arbitrary code execution. * CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. * CVE-2023-27932: Fixed Same Origin Policy bypas ... oval:org.secpod.oval:def:89047797 This update for webkit2gtk3 fixes the following issues: Updated to version 2.36.8 : - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution. - CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution. oval:org.secpod.oval:def:89047582 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow . - CVE-2021-3796: Fixed use-after-free in nv_replace in normal.c . - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status drawscreen.c . - CVE-2021-3927: Fixed heap-based buffer overflow ... oval:org.secpod.oval:def:89047453 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field . oval:org.secpod.oval:def:89048661 This update for ldb, samba fixes the following issues: ldb: * CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module . * CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes . samba: * CVE-2023-0922: Fixed cleartext password sending by AD DC admin too ... oval:org.secpod.oval:def:89048908 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot . * CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could all ... oval:org.secpod.oval:def:89051068 This update for tiff fixes the following issues: * CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff . * CVE-2023-38288: Fixed an integer overflow in raw2tiff . * CVE-2023-3576: Fixed a memory leak in tiffcrop . * CVE-2020-18768: Fixed an out of bounds read in tiffcp . * CVE-2023-26966: F ... oval:org.secpod.oval:def:89051183 This update for vim fixes the following issues: * CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 * CVE-2023-5441: segfault in exmode when redrawing * CVE-2023-5535: use-after-free from buf_contents_changed * CVE-2023-46246: Integer Overflow in :history command oval:org.secpod.oval:def:89048857 This update for curl adds the following feature: Update to version 8.0.1 * CVE-2023-28319: use-after-free in SSH sha256 fingerprint check . * CVE-2023-28320: siglongjmp race condition . * CVE-2023-28321: IDN wildcard matching . * CVE-2023-28322: POST-after-PUT confusion . oval:org.secpod.oval:def:89050946 This update for curl fixes the following issues: * CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. * CVE-2023-38546: Fixed a cookie injection with none file oval:org.secpod.oval:def:89049566 This update for curl fixes the following issues: * CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header oval:org.secpod.oval:def:89051749 This update for xorg-x11-server fixes the following issues: * CVE-2024-31080: Fixed ProcXIGetSelectedEvents to use unswapped length . * CVE-2024-31081: Fixed ProcXIPassiveGrabDevice to use unswapped length to send reply . * CVE-2024-31082: Fixed ProcAppleDRICreatePixmap to use unswapped length to se ... oval:org.secpod.oval:def:89051725 This update for buildah fixes the following issues: * CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. * Update to version 1.34.1 for compatibility with Docker 25.0 . See the corresponding release notes: * https://github.com/containers/buildah/releases/tag/v1.34.1 * ... oval:org.secpod.oval:def:89051702 This update for podman fixes the following issues: * CVE-2024-1753: Fixed full container escape at build time . oval:org.secpod.oval:def:89051326 This update for libssh2_org fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity . oval:org.secpod.oval:def:89051329 This update for python-paramiko fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack . * Update to 3.4.0. oval:org.secpod.oval:def:89051532 This update for openssh fixes the following issues: * CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection oval:org.secpod.oval:def:89051405 This update for apache-parent, apache-sshd fixes the following issues: apache-parent was updated from version 28 to 31: * Version 31: * New Features: * Added maven-checkstyle-plugin to pluginManagement * Improvements: * Set minimalMavenBuildVersion to 3.6.3 - the minimum used by plugins * Using an S ... oval:org.secpod.oval:def:89051444 This update for bouncycastle, jsch fixes the following issues: * Updated jsch to version 0.2.15: * CVE-2023-48795: Fixed a prefix truncation issue that could lead to disclosure of sensitive information . * Updated bouncycastle to version 1.77. oval:org.secpod.oval:def:89051492 This update for libssh2_org fixes the following issues: * Always add the KEX pseudo-methods "ext-info-c" and "kex-strict- c-v00 at openssh.com" when configuring custom method list. [bsc#1218971, CVE-2023-48795] * The strict-kex extension is announced in the list of available KEX methods. However, wh ... oval:org.secpod.oval:def:89051280 This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity . the following non-security bug was fixed: * Fix the "no route to host" error when connecting via ProxyJump oval:org.secpod.oval:def:89051401 This update for erlang fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack oval:org.secpod.oval:def:89051167 This update for libxml2 fixes the following issues: * CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode in tree.c . oval:org.secpod.oval:def:89049398 This update for libxml2 fixes the following issues: * CVE-2023-39615: Fixed crafted xml can cause global buffer overflow . oval:org.secpod.oval:def:89048770 This update for libxml2 fixes the following issues: * CVE-2023-29469: Fixed inconsistent result when hashing empty strings . * CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType . The following non-security bug was fixed: * Remove unneeded dependency . oval:org.secpod.oval:def:89048613 This update for glibc fixes the following issues: Security issue fixed: * CVE-2023-0687: Fix allocated buffer overflow in gmon Other issues fixed: * Fix avx2 strncmp offset compare condition check * elf: Allow dlopen of filter object to work * powerpc: Fix unrecognized instruction errors with rec ... oval:org.secpod.oval:def:89051417 This update for xorg-x11-server fixes the following issues: * CVE-2024-0408: Fixed SELinux unlabeled GLX PBuffer. * CVE-2024-0409: Fixed SELinux context corruption oval:org.secpod.oval:def:89051373 This update for xorg-x11-server fixes the following issues: Security fixes: * CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer * CVE-2024-0229: Fixed reattaching to different master device may lead to out- of-bounds memory access * CVE-2024-21885: Fixed heap buf ... oval:org.secpod.oval:def:89051230 This update for xorg-x11-server fixes the following issues: * CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions . * CVE-2023-6478: Fixed out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty . oval:org.secpod.oval:def:89051298 This update for xorg-x11-server fixes the following issues: * CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions . oval:org.secpod.oval:def:89051386 This update for libssh fixes the following issues: Security fixes: * CVE-2023-6004: Fixed command injection using proxycommand * CVE-2023-48795: Fixed potential downgrade attack using strict kex * CVE-2023-6918: Fixed missing checks for return values of MD functions * CVE-2023-1667: Fixed NULL de ... oval:org.secpod.oval:def:89051391 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector"s deletion of SKB races with unix_stream_read_genericon the socket that t ... oval:org.secpod.oval:def:89051365 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality . * CVE-2023-2006: Fixed a race condition in the RxRPC network pro ... oval:org.secpod.oval:def:89051040 This update for xorg-x11-server fixes the following issues: * CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol . * CVE-2023-5380: Fixed a memory safety issue that could be triggered when using multiple protocol screens . * CVE-2023-5367: Fix ... oval:org.secpod.oval:def:89050990 This update for grub2 fixes the following issues: Security fixes: \- CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. \- CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. Other fixes: \- Fix a bo ... oval:org.secpod.oval:def:89049823 This update for libXpm fixes the following issues: * CVE-2023-43788: Fixed an out of bounds read when creating an image . * CVE-2023-43789: Fixed an out of bounds read when parsing an XPM file with a corrupted colormap . oval:org.secpod.oval:def:89049827 This update for libX11 fixes the following issues: * CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage . * CVE-2023-43787: Fixed integer overflow in XCreateImage leading to a heap overflow . * CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms . oval:org.secpod.oval:def:89051076 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write i ... oval:org.secpod.oval:def:89051077 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel i ... oval:org.secpod.oval:def:89051043 This update for webkit2gtk3 ships missing Lang packages to SUSE Linux Enterprise 15 SP4 and SP5. Security fixes: * CVE-2023-41993: Fixed an issue where processing malicious web content could have lead to arbitrary code execution . * CVE-2023-39928: Fixed a use-after-free that could be exploited to e ... oval:org.secpod.oval:def:89049335 This update for qemu fixes the following issues: * CVE-2023-2861: Fixed improper access control on special files in 9pfs . * CVE-2023-3301: Fixed NULL pointer dereference in vhost_vdpa_get_vhost_net . * CVE-2023-3255: Fixed infinite loop in inflate_buffer leads to denial of service . oval:org.secpod.oval:def:89048553 This update for tpm2-0-tss fixes the following issues: * CVE-2023-22745: Fixed a memory safety issue that could be exploited by local attackers with TPM access . oval:org.secpod.oval:def:89051458 This update for tomcat fixes the following issues: Updated to Tomcat 9.0.85: * CVE-2023-45648: Improve trailer header parsing . * CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows . * CVE-2023-42795: Improve handling of failures during recycle methods . * CVE-2023-46589: Fixed HTT ... oval:org.secpod.oval:def:89051780 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.10.0 ESR : * CVE-2024-3852: GetBoundName in the JIT returned the wrong object * CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement * CVE-2024-3857: Incorrect JITting of argu ... oval:org.secpod.oval:def:89048901 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation . * CVE-2022-2196: Fixed a reg ... oval:org.secpod.oval:def:89051808 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts . * CVE-2023-52463: Fixed null pointer dereference in efivarfs . * CVE-2023-52559: Fixed a bug by avoidin ... oval:org.secpod.oval:def:89051716 This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20240312 release. * CVE-2023-39368: Protection mechanism failure of bus lock regulator for some Intel Processors may allow an unauthenticated user to potentially enable denial of service via network access * CV ... oval:org.secpod.oval:def:89051239 This update for hplip fixes the following issues: * Fixed insecure /tmp file paths inside hppsfilter booklet printing oval:org.secpod.oval:def:89051729 This update for nghttp2 fixes the following issues: * CVE-2024-28182: Fixed denial of service via http/2 continuation frames oval:org.secpod.oval:def:89051795 This update for glibc fixes the following issues: * iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence oval:org.secpod.oval:def:89048769 This update for libtpms fixes the following issues: * CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption . * CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption . oval:org.secpod.oval:def:89048653 This update for python-cryptography fixes the following issues: * CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object . oval:org.secpod.oval:def:89048975 This update for bluez fixes the following issues: * CVE-2023-27349: Fixed crash while handling unsupported events . oval:org.secpod.oval:def:89051467 This update for openssl-3 fixes the following issues: * CVE-2023-6129: Fixed vector register clobbering on PowerPC. * CVE-2023-6237: Fixed excessive time spent checking invalid RSA public keys. * CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file . oval:org.secpod.oval:def:89051764 This update for nodejs16 fixes the following issues: * CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session that could lead to HTTP/2 server crash * CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation oval:org.secpod.oval:def:89051735 This update for util-linux fixes the following issues: * CVE-2024-28085: Properly neutralize escape sequences in wall oval:org.secpod.oval:def:89051723 This update for curl fixes the following issues: * CVE-2024-2004: Fix the uUsage of disabled protocol logic. * CVE-2024-2398: Fix HTTP/2 push headers memory-leak oval:org.secpod.oval:def:89051715 This update for libvirt fixes the following issues: * CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. The following non-security bug was fixed: * Avoid memleak in virNodeDeviceGetPCIVPDDynamicCap . oval:org.secpod.oval:def:89051657 This update for python3 fixes the following issues: * CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory . * CVE-2022-48566: Make compare_digest more constant-time . oval:org.secpod.oval:def:89051608 This update for python311 fixes the following issues: * CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory . * CVE-2023-27043: Fixed incorrect e-mqil parsing . * CVE-2022-25236: Fixed an expat vulnerability by supporting expat greater than= 2.4.4 . oval:org.secpod.oval:def:89051630 This update for python310 fixes the following issues: * CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory . oval:org.secpod.oval:def:89051718 This update for python310 fixes the following issues: * CVE-2024-0450: Fixed "quoted-overlap" in zipfile module is python310 * CVE-2023-52425: Fixed denial of service caused by processing large tokens in expat module in python310 * CVE-2023-6597: Fixed tempfile.TemporaryDirectory fails on removing ... oval:org.secpod.oval:def:89051796 This update for qemu fixes the following issues: * CVE-2023-3019: Fixed heap use-after-free in e1000e_write_packet_to_guest * CVE-2023-6683: Fixed NULL pointer dereference in qemu_clipboard_request * CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command * CVE-2024-344 ... oval:org.secpod.oval:def:89051742 This update for less fixes the following issues: * CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters . oval:org.secpod.oval:def:89051771 This update for tomcat fixes the following issues: * CVE-2024-24549: Fixed denial of service during header validation for HTTP/2 stream * CVE-2024-23672: Fixed denial of service due to malicious WebSocket client keeping connection open Other fixes: \- Update to Tomcat 9.0.87 * Catalina \+ Fix: Min ... oval:org.secpod.oval:def:89051160 This update for webkit2gtk3 fixes the following issues: Update to version 2.42.2 : * CVE-2023-41983: Processing web content may lead to a denial-of-service. * CVE-2023-42852: Processing web content may lead to arbitrary code execution. Already previously fixed: * CVE-2022-32919: Visiting a website t ... oval:org.secpod.oval:def:89048569 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.5 : * CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content. Update to version 2.38.4 : * CVE-2023-23517: Fixed web content processing that could have led to arbitrary code execution. ... oval:org.secpod.oval:def:89051750 This update for webkit2gtk3 fixes the following issues: * CVE-2024-23252: Fixed denial of service via crafted web content . * CVE-2024-23254: Fixed possible audio data exilftration cross-origin via malicious website . * CVE-2024-23263: Fixed lack of Content Security Policy enforcing via malicious cr ... oval:org.secpod.oval:def:89051605 This update for postgresql-jdbc fixes the following issues: * CVE-2024-1597: Fixed SQL Injection via line comment generation . oval:org.secpod.oval:def:89051528 This update for bind fixes the following issues: Update to release 9.16.48: Feature Changes: * The IP addresses for B.ROOT-SERVERS.NET have been updated to 170.247.170.2 and 2801:1b8:10::b. Security Fixes: * Validating DNS messages containing a lot of DNSSEC signatures could cause excessive CPU load ... oval:org.secpod.oval:def:89051596 This update for nodejs18 fixes the following issues: Update to 18.19.1: * CVE-2024-21892: Code injection and privilege escalation through Linux capabilities . * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks . * CVE-2023-46809: Node.js is vu ... oval:org.secpod.oval:def:89051591 This update for nodejs16 fixes the following issues: Security issues fixed: * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack . * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks . * CVE-2024-22025: Denial of Service by resource exh ... oval:org.secpod.oval:def:89051765 This update for nodejs18 fixes the following issues: Update to 18.20.1 Security fixes: * CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session that could lead to HTTP/2 server crash * CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation * CVE-202 ... oval:org.secpod.oval:def:89051807 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev . * CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc . * CVE-2 ... oval:org.secpod.oval:def:89051794 This update for shim fixes the following issues: * Update shim-install to set the TPM2 SRK algorithm * Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above Update to version 15.8: Security issues fixed: * mok: fix LogError invocation * avoid incorrectly tr ... oval:org.secpod.oval:def:89051804 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate function . * CVE-2024-1086: Fixed a use-after-free vulnerability insi ... oval:org.secpod.oval:def:89051500 This update for webkit2gtk3 fixes the following issues: Update to version 2.42.5 : * CVE-2024-23222: Fixed processing maliciously crafted web content that may have led to arbitrary code execution . * CVE-2024-23206: Fixed fingerprint user via maliciously crafted webpages . * CVE-2024-23213: Fixed pr ... oval:org.secpod.oval:def:89051324 This update for postfix fixes the following issues: * CVE-2023-51764: Fixed SMTP smuggling attack . oval:org.secpod.oval:def:89051377 This update for perl-Spreadsheet-ParseExcel fixes the following issues: * CVE-2023-7101: Fixed a command injection issue when parsing an untrusted spreadsheet . oval:org.secpod.oval:def:89051323 This update for webkit2gtk3 fixes the following issues: * CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution . * CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of- service . * CVE-2023-41074: Fixed use-after-free in the MediaRecorder ... oval:org.secpod.oval:def:89051235 This update for webkit2gtk3 fixes the following issues: Update to version 2.42.3 : * Fix flickering while playing videos with DMA-BUF sink. * Fix color picker being triggered in the inspector when typing "tan". * Do not special case the "sans" font family name. * Fix build failure with libxml2 versi ... oval:org.secpod.oval:def:89051151 This update for strongswan fixes the following issues: * CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution . oval:org.secpod.oval:def:89048511 This update for apache2 fixes the following issues: * CVE-2023-27522: Fixed HTTP response splitting in mod_proxy_uwsgi . * CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy . The following non-security bugs were fixed: * Fixed mod_proxy handling of very long urls * Fixed p ... oval:org.secpod.oval:def:89051090 This update for apache2 fixes the following issues: * CVE-2023-31122: Fixed an out of bounds read in mod_macro . Non-security fixes: * Fixed the content type handling in mod_proxy_http2 . * Fixed a floating point exception crash . oval:org.secpod.oval:def:89051121 This update for xen fixes the following issues: * CVE-2023-20588: AMD CPU transitional execution leak via division by zero . * CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests . * CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling . * CVE-2023-34 ... oval:org.secpod.oval:def:89049285 This update for kernel-firmware fixes the following issues: * CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89049337 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" . * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec . * CVE-2023-2056 ... oval:org.secpod.oval:def:89049573 This update for xen fixes the following issues: * CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero . * CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests . ## Special Instructions and Notes: * Please reboot the system after install ... oval:org.secpod.oval:def:89051080 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-37453: Fixed oversight in SuperSpeed initialization . * CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c . ... oval:org.secpod.oval:def:89051081 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. NOTE: This update was retracted due to severe USB problems. The following security bugs were fixed: * CVE-2023-37453: Fixed oversight in SuperSpeed initialization . * CVE-2023-4569: Fixed information leak i ... oval:org.secpod.oval:def:89051078 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the ke ... oval:org.secpod.oval:def:89049145 This update for openssl-1_1 fixes the following issues: * CVE-2023-3446: Fixed DH_check excessive time with over sized modulus . oval:org.secpod.oval:def:89049160 This update for openssl-3 fixes the following issues: * CVE-2023-2975: Fixed AES-SIV implementation ignores empty associated data entries . * CVE-2023-3446: Fixed DH_check excessive time with over sized modulus . oval:org.secpod.oval:def:89049169 This update for kernel-firmware fixes the following issues: * CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability . ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89051664 This update for spectre-meltdown-checker fixes the following issues: * updated to 0.46 This release mainly focuses on the detection of the new Zenbleed vulnerability, among few other changes that were in line waiting for a release: * feat: detect the vulnerability and mitigation of Zenbleed * feat ... oval:org.secpod.oval:def:89049333 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service . * CVE-2 ... oval:org.secpod.oval:def:89048738 This update for openssl-1_1 fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored . * CVE-2023-0466: Certificate policy check were not enabled . oval:org.secpod.oval:def:89048610 This update for openssl-3 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . oval:org.secpod.oval:def:89048722 This update for openssl-3 fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored . * CVE-2023-0466: Certificate policy check were not enabled . * Update further expiring certificates that affect tests oval:org.secpod.oval:def:89048928 This update for openssl-1_1 fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers . oval:org.secpod.oval:def:89048942 This update for openssl-3 fixes the following issues: * Update to version 3.0.8 . * CVE-2022-40735: Fixed remote trigger of expensive server-side DHE modular- exponentiation with long exponents in Diffie-Hellman Key Agreement Protocol . * CVE-2023-1255: Fixed input buffer over-read in AES-XTS implem ... oval:org.secpod.oval:def:89049306 This update for xen fixes the following issues: * CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. * CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. * CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potenti ... oval:org.secpod.oval:def:89048589 This update for openssl-1_1 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . oval:org.secpod.oval:def:89049023 This update for c-ares fixes the following issues: Update to version 1.19.1: * CVE-2023-32067: 0-byte UDP payload causes Denial of Service * CVE-2023-31147: Insufficient randomness in generation of DNS query IDs * CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton * CVE-2023-31124: AutoTools ... oval:org.secpod.oval:def:89049019 This update for mariadb fixes the following issues: Updated to version 10.6.13: * CVE-2022-47015: Fixed a denial of service that could be triggered by a crafted SQL query . oval:org.secpod.oval:def:89047597 This update for unbound fixes the following issues: - CVE-2019-25031: Fixed configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack . - CVE-2019-25032: Fixed integer overflow in the regional allocator via regional_alloc . - CVE-2019-25033: Fixed integer ove ... |
