Security update for ucode-intel

This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20240910 release bsc1230400 CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update vendored crates CVE-2024-43806, bsc1229952, bsc1230029 rustix 0.37.25 rustix 0.38.34 shlex 1.3.0 Update to version 0.2.6+13: Enable test functional/iak-idevid-persisted-and-protected builddeps: bump uuid from 1.7.0 to 1.10.0 builddep...

Security update for docker

This update for docker fixes the following issues: Security fixes: CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts bsc1219267 CVE-2024-23652: Fixed insufficient validation of parent directory on mount bsc1219268 CVE-2024-23653: Fixed insufficient validation on...

Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issues: Update to version 1.60.1 Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.60.1 Add registry path for SLE15 SP7 Bump to the latest tag 1.60.1-150600.3.9.1 Use the images based on SLE15 SP6...

Security update for kubevirt

This update for kubevirt fixes the following issues: Update to version 1.3.1 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.3.1 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.3.0 Fix DV error report via VM printable status Fix permission error in storage...

Security update for gtk3

This update for gtk3 fixes the following issues: CVE-2024-6655: Fixed library injection from current working directory bsc1228120. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

Security update for python-setuptools

This update for python-setuptools fixes the following issues: CVE-2024-6345: Fixed code execution via download functions in the packageindex module in pypa/setuptools bsc1228105 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

Security update for libarchive

This update for libarchive fixes the following issues: CVE-2024-20696: Fixed out-of-bounds access in in copyfromlzsswindowtounp bsc1225971 CVE-2024-20697: Fixed heap based buffer overflow in rar e8 filter bsc1225972 Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for krb5

This update for krb5 fixes the following issues: CVE-2024-37370: Confidential GSS krb5 wrap tokens with invalid plaintext Extra Count fields were erroneously accepted during unwrap bsc1227186 CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields...

Security update for git

This update for git fixes the following issues: git was updated to 2.45.1: CVE-2024-32002: recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion bsc1224168 CVE-2024-32004: arbitrary code execution during local clones bsc1224170...

Security update for runc

This update for runc fixes the following issues: Update to runc v1.1.14. Upstream changelog is available from . CVE-2024-45310: Fixed that runc can be tricked into creating empty files/directories on host bsc1230092 Update to runc v1.1.13. Upstream changelog is available from . Fixed a performanc...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52489: mm/sparsemem: fix race in accessing memorysection-usage bsc1221326. CVE-2023-52581: netfilter: nftables: fix memleak when more than 255 elements...

Security update for expat

This update for expat fixes the following issues: CVE-2024-45492: detect integer overflow in function nextScaffoldPart bsc1229932 CVE-2024-45491: detect integer overflow in dtdCopy bsc1229931 CVE-2024-45490: reject negative len for XMLParseBuffer bsc1229930 CVE-2024-28757: XML Entity Expansion...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. This release includes the first live patch. The following security bugs were fixed: CVE-2023-52489: mm/sparsemem: fix race in accessing memorysection-usage bsc1221326. CVE-2023-52581: netfilter: nftables:...

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2024-34459: Fixed buffer over-read in bsc1224282 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your...

Security update for selinux-policy

This update for selinux-policy fixes the following issues: Update to version 20230523+git25.ad22dd7f: Backport wtmpdb label change to have the same wtmpdb label as in SL Micro 6.1 bsc1229132 Add authrwwtmpdbloginrecords to domains using authmanageloginrecords Add authrwwtmpdbloginrecords to modul...

Security update for systemd

This update for systemd fixes the following issues: Import commit 0512d0d1fc0b54a84964281708036a46ab39c153 0512d0d1fc cgroup: Rename effective limits internal table jscPED-5659 765846b70b cgroup: Restrict effective limits with global resource provision jscPED-5659 e29909088b test: Add effective...

Security update for keepalived

This update for keepalived fixes the following issues: CVE-2024-41184: Fixed integer overflow in vrrpipsetshandler bsc1228123 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...

Security update for glibc

This update for glibc fixes the following issues: Fixed security issues: CVE-2024-33602: Use timet for return type of addgetnetgrentX bsc1223425 CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache bsc1223423 CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response...

Security update for python-urllib3

This update for python-urllib3 fixes the following issues: CVE-2024-37891: Fixed issue where proxy-authorization request header was not stripped during cross-origin redirects bsc1226469 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for qemu

This update for qemu fixes the following issues: Fix bsc1221812: block: Reschedule query-block during qcow2 invalidation bsc1221812 Fix bsc1229007, CVE-2024-7409: nbd/server: CVE-2024-7409: Close stray clients at server-stop bsc1229007 nbd/server: CVE-2024-7409: Drop non-negotiating clients...

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2024-34064, CVE-2024-22195: HTML attribute injection when passing user input as keys to xmlattr filter bsc1223980, bsc1218722 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for python-requests

This update for python-requests fixes the following issues: Update to 2.32.2 To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed getconnection to a new public API, getconnectionwithtlscontext. Existing custom HTTPAdapters will need to...

Security update for avahi

This update for avahi fixes the following issues: Security issues fixed: CVE-2023-38471: Extract host name using avahiunescapelabel bsc1216594. CVE-2023-38469: Reject overly long TXT resource records bsc1216598. Non-security issue fixed: no longer supply bogus services to callbacks bsc1226586...

Security update for glib2

This update for glib2 fixes the following issues: Fixed a possible use after free regression introduced by CVE-2024-34397 patch bsc1224044. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can...

Security update for curl

This update for curl fixes the following issues: Security issues fixed: CVE-2024-7264: ASN.1 date parser overread bsc1228535 CVE-2024-6197: Freeing stack buffer in utf8asn1str bsc1227888 CVE-2024-2379: QUIC certificate check bypass with wolfSSL bsc1221666 CVE-2024-2466: TLS certificate check bypa...

Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: update to NSS 3.101.2 ChaChaXor to return after the function update to NSS 3.101.1 missing sqlite header. GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101 add diagnostic assertions for SFTKObject refcount. freeing...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-41014: xfs: add bounds checking to xlogrecoverprocessdata bsc1228408. CVE-2024-41013: xfs: do not walk off the end of a directory data block bsc1228405...

Security update for python311, python-rpm-macros

This update for python311, python-rpm-macros fixes the following issues: python311: - CVE-2024-0450: Fixed zipfile module vulnerability with "quoted-overlap" zipbomb bsc1221854 - CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges bsc1226448 - CVE-2024-0397: Fixed memory race condition...

Security update for unbound

This update for unbound fixes the following issues: Update to 1.20.0: Features: The config for discard-timeout, wait-limit, wait-limit-cookie, wait-limit-netblock and wait-limit-cookie-netblock was added, for the fix to the DNSBomb issue. Merge GH1027: Introduce 'cache-min-negative-ttl' option...

Security update for ca-certificates-mozilla

This update for ca-certificates-mozilla fixes the following issues: Updated to 2.68 state of Mozilla SSL root CAs bsc1227525 Added: FIRMAPROFESIONAL CA ROOT-A WEB Distrust: GLOBALTRUST 2020 Updated to 2.66 state of Mozilla SSL root CAs bsc1220356 Added: CommScope Public Trust ECC Root-01 CommScop...

Security update for ucode-intel

This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20240514 release bsc1224277 CVE-2023-45733: Security updates for INTEL-SA-01051 CVE-2023-46103: Security updates for INTEL-SA-01052 CVE-2023-45745,CVE-2023-47855: Security updates for INTEL-SA-01036...

Security update for skopeo

This update for skopeo fixes the following issues: Update to version 1.14.4: CVE-2024-3727: digest type does not guarantee valid type bsc1224123 Packit: update packit targets Bump gopkg.in/go-jose to v2.6.3 Bump ocicrypt and go-jose CVE-2024-28180 Freeze the fedora-minimal image reference at Fedo...

Security update for gnutls

This update for gnutls fixes the following issues: CVE-2024-28835: certtool crash when verifying a certificate chain bsc1221747 CVE-2024-28834: Fixed side-channel in the deterministic ECDSA bsc1221746 jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtread...

Security update for openssl-3, libpulp, ulp-macros

This update for openssl-3, libpulp, ulp-macros fixes the following issues: openssl-3: - CVE-2024-6119: possible denial of service in X.509 name checks bsc1229465 - CVE-2024-5535: SSLselectnextproto buffer overread bsc1227138 - CVE-2024-4741: Fixed a use-after-free with SSLfreebuffers bsc1225551...

Security update for kernel-firmware

This update for kernel-firmware fixes the following issues: Update to version 20240712: amdgpu: update DMCUB to v0.0.225.0 for Various AMDGPU Asics qcom: add gpu firmwares for x1e80100 chipset bsc1219458 linux-firmware: add firmware for qat402xx devices amdgpu: update raven firmware amdgpu: updat...

Security update for podman

This update for podman fixes the following issues: CVE-2024-6104: Fixed dependency issue with go-retryablehttp: url might write sensitive information to log file bsc1227052. Update to version 4.9.5: Bump to v4.9.5 Update release notes for v4.9.5 fix "concurrent map writes" in network ls compat...

Security update for libvirt

This update for libvirt fixes the following issues: Security issue fixed: CVE-2024-4418: rpc: ensure temporary GSource is removed from client event loop bsc1223849 Non-security issue fixed: libxl: Fix domxml-to-native conversion bsc1222584 qemu: Fix migration with custom XML bsc1226492 Patch...

Security update for qemu

This update for qemu fixes the following issues: Update to version 8.2.5: target/loongarch: fix a wrong print in cpu dump ui/sdl2: Allow host to power down screen target/i386: fix SSE and SSE2 feature check target/i386: fix xsave.flat from kvm-unit-tests disas/riscv: Decode all of the pmpcfg and...

Security update for wget

This update for wget fixes the following issues: CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. bsc1226419 Update to GNU wget 1.24.5: Fix how subdomain matches are checked for HSTS. Wget will now also parse the srcset attribute in HTML tags Support reading...

Security update for openssh

This update for openssh fixes the following issues: CVE-2024-39894: Fixed timing attacks against echo-off password entry bsc1227318 CVE-2024-6387: Fixed race condition in a signal handler bsc1226642. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods lik...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-41014: xfs: add bounds checking to xlogrecoverprocessdata bsc1228408. CVE-2024-41013: xfs: do not walk off the end of a directory data block bsc1228405...

Security update for less

This update for less fixes the following issues: CVE-2024-32487: Fix a bug where mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. bsc1222849 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate...

Security update for nghttp2

This update for nghttp2 fixes the following issues: CVE-2024-28182: Fixed denial of service via http/2 continuation frames bsc1221399 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...

Security update for util-linux

This update for util-linux fixes the following issues: Security issue fixed: CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. bsc1221831 Non-security issues fixed: Fix hang of lscpu -e bsc1225598 lscpu: Add more ARM cores bsc1223605 Document that...

Security update for buildah

This update for buildah fixes the following issues: Update to version 1.35.5 CVE-2024-11218: Fix TOCTOU error when bind and cache mounts use "src" values. bsc1236272 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

Security update for buildah

This update for buildah fixes the following issues: Update to version 1.35.5 CVE-2024-11218: Fix TOCTOU error when bind and cache mounts use "src" values. bsc1236272 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

Security update for ignition

This update for ignition fixes the following issues: CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 bsc1236518 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

Security update for orc

This update for orc fixes the following issues: CVE-2024-40897: Fixed stack-based buffer overflow in the Orc compiler when formatting error messages for certain input files bsc1228184 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for apptainer

This update for apptainer fixes the following issues: CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 bsc1236528 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...