5449 matches found
Security update for postgresql12
This update for postgresql12 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...
Security update for postgresql14
This update for postgresql14 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.46.3 bsc1232747: CVE-2024-44244: Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-44296: Processing maliciously crafted web content may prevent Content Security Policy from bein...
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2021-47589: igbvf: fix double free in igbvfprobe bsc1226557. CVE-2024-35937: wifi: cfg80211: check A-MSDU format more carefully bsc1224526. CVE-2024-47674: mm: avo...
Security update for bea-stax, xstream
This update for bea-stax, xstream fixes the following issues: CVE-2024-47072: Fixed possible remote denial-of-service via a stack overflow bsc1233085. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for SUSE Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...
Security update for SUSE Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...
Security update for SUSE Manager Client Tools
This update fixes the following issues: golang-github-lusitaniae-apacheexporter: Security issues fixed: CVE-2023-3978: Fixed security bug in x/net dependency bsc1213933 Other changes and issues fixed: Delete unpackaged debug files for RHEL Do not include source files in the package for RHEL 9...
Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Description: This update fixes the following issues: mgr-daemon: Version 4.3.11-0 Update translation strings spacecmd: Version 4.3.29-0 Speed up softwarechannelremovepackages bsc1227606 spacewalk-backend: Version 4.3.30-0 Make ISSv1 timezone independent bsc1221505 reposync: introduce timeout when...
Security update for apache2
This update for apache2 fixes the following issues: CVE-2023-45802: Fixed regression with previous fix bsc1233165. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed f...
Security update for buildah
This update for buildah fixes the following issues: CVE-2024-9676: Fixed github.com/containers/storage: symlink traversal vulnerability in the containers/storage library can cause Denial of Service DoS bsc1231698: CVE-2024-9675: VUL-0: CVE-2024-9675: buildah,podman: buildah: cache arbitrary...
Security update for java-1_8_0-openjdk
This update for java-180-openjdk fixes the following issues: Update to version jdk8u432 icedtea-3.33.0: CVE-2024-21208: Enhance HTTP client bsc1231702. CVE-2024-21210: Improve handling of vectorization bsc1231711. CVE-2024-21217: Improve deserialization support bsc1231716. CVE-2024-21235: Improve...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-48879: efi: fix NULL-deref in init error path bsc1229556. CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1231893. CVE-2022-48957: dpaa2-switc...
Security update for expat
This update for expat fixes the following issues: CVE-2024-50602: Fixed a denial of service via XMLResumeParser bsc1232579. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...
Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20241104T154416 2024-11-04T15:44:16Z. Refs jscPED-11136 Go CVE Numbering Authority IDs added or updated with aliases: GO-2024-3233 CVE-2024-46872 GHSA-762g-9p7f-mrww GO-2024-3234 CVE-2024-47401 GHSA-762v-rq7q-ff9...
Security update for libarchive
This update for libarchive fixes the following issues: CVE-2024-20697: Fixed Out of bounds Remote Code Execution Vulnerability bsc1225972. CVE-2024-48958: Fixed out-of-bounds access via a crafted archive file in executefilterdelta function bsc1231624. Patch Instructions: To install this SUSE upda...
Security update for curl
This update for curl fixes the following issues: CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry bsc1232528 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...
Security update for libgsf
This update for libgsf fixes the following issues: CVE-2024-42415, CVE-2024-36474: Fixed integer overflows affecting memory allocation bsc1231282, bsc1231283. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-150600237 fixes several issues. The following security issues were fixed: CVE-2024-42133: Bluetooth: Ignore too large handle values in BIG bsc1231419 CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819. CVE-2024-36899:...
Security update for python3
This update for python3 fixes the following issues: Security fixes: CVE-2024-9287: properly quote path names provided when creating a virtual environment bsc1232241 Other fixes: Drop .pyc files from docdir for reproducible builds bsc1230906 Patch Instructions: To install this SUSE update use the...
Security update for rubygem-actionmailer-5_1
This update for rubygem-actionmailer-51 fixes the following issues: CVE-2024-47889: Fixed Possible ReDoS vulnerability in blockformat in Action Mailer bsc1231723. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for uwsgi
This update for uwsgi fixes the following issues: CVE-2024-24795: Fixed HTTP Response Splitting in multiple modules bsc1222332 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-15020024191 fixes several issues. The following security issues were fixed: CVE-2021-47600: dm btree remove: fix use after free in rebalancechildren bsc1227472. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb:...
Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-15020024178 fixes several issues. The following security issues were fixed: CVE-2021-47600: dm btree remove: fix use after free in rebalancechildren bsc1227472. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb:...
Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005552 fixes several issues. The following security issues were fixed: CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2024-35863: Fixed potential UAF i...
Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819. CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails bsc1227808...
Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. CVE-2024-42133: Bluetooth: Ignore too large handle values in BIG bsc1231419 CVE-2024-35863: Fixed potential UAF in...
Security update for the Linux Kernel RT (Live Patch 15 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001355 fixes several issues. The following security issues were fixed: CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2024-35863: Fixed potential UAF i...
Security update for the Linux Kernel (Live Patch 56 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122216 fixes several issues. The following security issues were fixed: CVE-2024-35863: Fixed potential UAF in isvalidoplockbreak bsc1225011. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819. CVE-2024-35862: Fixed...
Security update for the Linux Kernel (Live Patch 54 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122201 fixes several issues. The following security issues were fixed: CVE-2024-35863: Fixed potential UAF in isvalidoplockbreak bsc1225011. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819. CVE-2024-35862: Fixed...
Security update for go1.21-openssl
This update for go1.21-openssl fixes the following issues: CVE-2024-34158: Fixed stack exhaustion in Parse in go/build/constraint bsc1230254. CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode in encoding/gob bsc1230253. CVE-2024-34155: Fixed stack exhaustion in all Parse functions...
Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-15020024183 fixes several issues. The following security issues were fixed: CVE-2021-47600: dm btree remove: fix use after free in rebalancechildren bsc1227472. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb:...
Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059153 fixes several issues. The following security issues were fixed: CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow bsc1225819. CVE-2024-35862:...
Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-15020024188 fixes several issues. The following security issues were fixed: CVE-2021-47600: dm btree remove: fix use after free in rebalancechildren bsc1227472. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb:...
Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-15020024166 fixes several issues. The following security issues were fixed: CVE-2021-47600: dm btree remove: fix use after free in rebalancechildren bsc1227472. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb:...
Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-15020024197 fixes several issues. The following security issues were fixed: CVE-2021-47600: dm btree remove: fix use after free in rebalancechildren bsc1227472. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2021-47291: ipv6:...
Security update for cups-filters
This update for cups-filters fixes the following issues: CVE-2024-47850: Fixed cups-browsed can be abused to initiate remote DDoS against third-party targets bsc1231294 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.46.0 bsc1231039. CVE-2024-40866 CVE-2024-44187 Already fixed in version 2.44.3: CVE-2024-4558 CVE-2024-27838 CVE-2024-27851 Already fixed in version 2.44.2: CVE-2024-27834 CVE-2024-27808 CVE-2024-27820 CVE-2024-27833...
Security update for protobuf
This update for protobuf fixes the following issues: CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer bsc1230778 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...
Security update for qemu
This update for qemu fixes the following issues: Security fixes: CVE-2024-8354: Fixed assertion failure in usbepget bsc1230834 CVE-2024-8612: Fixed information leak in virtio devices bsc1230915 Update version to 8.2.7: Security fixes: CVE-2024-7409: Fixed denial of service via improper...
Security update for php7
This update for php7 fixes the following issues: CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable collision...
Security update for php8
This update for php8 fixes the following issues: Update to php 8.2.24: CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environme...
Security update for buildah
This update for buildah fixes the following issues: CVE-2024-9675: Fixed arbitrary cache directory mount bsc1231499 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed...
Security update for jetty-minimal
This update for jetty-minimal fixes the following issues: CVE-2024-8184: Fixed remote denial-of-service in ThreadLimitHandler.getRemote bsc1231651. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...
Security update for OpenIPMI
This update for OpenIPMI fixes the following issues: CVE-2024-42934: Fixed missing check on the authorization type on incoming LAN messages in IPMI simulator bsc1229910 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024125 fixes several issues. The following security issues were fixed: CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails bsc1227808 CVE-2024-41059: hfsplus: fix uninit-value in copyname bsc1228573. Patch Instructions:...
Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024119 fixes several issues. The following security issues were fixed: CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. CVE-2024-40954...
Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005559 fixes several issues. The following security issues were fixed: CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. CVE-2024-40954:...
Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-15020024194 fixes several issues. The following security issues were fixed: CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions bsc1227651...
Security update for the Linux Kernel (Live Patch 56 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122216 fixes several issues. The following security issues were fixed: CVE-2024-41059: hfsplus: fix uninit-value in copyname bsc1228573. CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 bsc1226325. CVE-2021-47378: Destroy cm id before...