5387 matches found
Security update for wpa_supplicant
This update for wpasupplicant fixes the following issues: CVE-2023-52160: Fixed WiFi authentication bypass bsc1219975. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command list...
Security update for libndp
This update for libndp fixes the following issues: CVE-2024-5564: Fixed buffer overflow in route information length field bsc1225771. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...
Security update for libarchive
This update for libarchive fixes the following issues: CVE-2024-48958: Fixed out-of-bounds access in executefilterdelta bsc1231624. CVE-2024-20697: Fixed out-of-bounds remote code execution vulnerability bsc1225972. CVE-2024-48957: Fixed out-of-bounds access in executefilteraudio bsc1231544. Patc...
Security update for expat
This update for expat fixes the following issues: CVE-2024-50602: Fixed possible denial-of-service vulnerability inside XMLResumeParser bsc1232579. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...
Security update for skopeo
This update for skopeo fixes the following issues: CVE-2024-9676: Fixed symlink traversal vulnerability in the containers/storage library that could have let to a denial-of-service attack bsc1231698. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods lik...
Security update for curl
This update for curl fixes the following issues: CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry bsc1232528 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...
Security update for Mesa
This update for Mesa fixes the following issues: CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId bsc1222040. CVE-2023-45919: Fixed buffer over-read in glXQueryServerString bsc1222041. CVE-2023-45922: Fixed segmentation violation in glXGetDrawableAttribute...
Security update for openssl-3
This update for openssl-3 fixes the following issues: CVE-2024-41996: Fixed a denial of service in the Diffie-Hellman Key Agreement Protocol bsc1230698. CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 Patch Instructions: To install this SUSE update use the SUSE recommended installatio...
Security update for podman
This update for podman fixes the following issues: CVE-2024-9676: Fixed a denial of service via a symlink traversal in the containers/storage library bsc1231698 CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library bsc1231230 CVE-2024-9675: Fixed caching...
Security update for qemu
This update for qemu fixes the following issues: Bugfixes and CVEs: hw/usb/hcd-ohci: Fix 1510, 303: pid not IN or OUT bsc1230834, CVE-2024-8354 softmmu: Support concurrent bounce buffers bsc1230915, CVE-2024-8612 system/physmem: Per-AddressSpace bounce buffering bsc1230915, CVE-2024-8612...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52610: net/sched: actct: fix skb leak and crash on ooo frags bsc1221610. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow...
Security update for patch
This update for patch fixes the following issues: CVE-2019-20633: Fix double-free/OOB read in pch.c bsc1167721 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...
Security update for iperf
This update for iperf fixes the following issues: update to 3.17.1 bsc1224262, CVE-2024-26306: BREAKING CHANGE: iperf3's authentication features, when used with OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel timing attack. To address this flaw, a change has been made to the...
Security update for protobuf
This update for protobuf fixes the following issues: CVE-2024-7254: Fixed a stack overflow vulnerability in protocol buffers bsc1230778 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52610: net/sched: actct: fix skb leak and crash on ooo frags bsc1221610. CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocshow...
Security update for sevctl
This update for sevctl fixes the following issues: Security issue fixed: CVE-2023-50711: Fixed out of bounds memory accesses in a vendored dependency bsc1218502 Non-security issue fixed: Update vendored dependencies and re-enable cargo update obs service bsc1229953 Patch Instructions: To install...
Security update for opensc
This update for opensc fixes the following issues: CVE-2024-8443: Fixed heap buffer overflow in OpenPGP driver when generating key bsc1230364 CVE-2024-45620: Fixed incorrect handling of the length of buffers or files in pkcs15init bsc1230076 CVE-2024-45619: Fixed incorrect handling length of...
Security update for tiff
This update for tiff fixes the following issues: CVE-2024-7006: Fix pointer deref in tifdirinfo.c bsc1228924 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for you...
Security update for libdb-4_8
This update for libdb-48 fixes the following issues: CVE-2019-2708: Fixed data store execution leading to partial DoS bsc1174414 Changes: libdb: Data store execution leads to partial DoS Backport the upsteam commits: Fixed several possible crashes when running dbverify on a corrupted database...
Security update for SUSE Manager Client Tools and Salt Bundle
This update for SUSE Manager Client Tools and Salt Bundle the following issues: uyuni-tools: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent...
Security update for python311
This update for python311 fixes the following issues: CVE-2024-8088: Fixed a denial of service in zipfile bsc1229704 CVE-2024-6232: Fixed a ReDos via excessive backtracking while parsing header values bsc1230227 CVE-2024-7592: Fixed a denial of service in the http.cookies module bsc1229596 Patch...
Security update for orc
This update for orc fixes the following issues: CVE-2024-40897: Fixed a stack-based buffer overflow when formatting error messages bsc1228184 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you c...
Security update for libpcap
This update for libpcap fixes the following issues: CVE-2024-8006: Fixed NULL pointer dereference in pcapfindalldevsex bsc1230034 CVE-2023-7256: Fixed double free via addrinfo in sockinitaddress bsc1230020 Patch Instructions: To install this SUSE update use the SUSE recommended installation metho...
Security update for ucode-intel
This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20240910 release bsc1230400 CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access...
Security update for rust-keylime
This update for rust-keylime fixes the following issues: Update vendored crates CVE-2024-43806, bsc1229952, bsc1230029 rustix 0.37.25 rustix 0.38.34 shlex 1.3.0 Update to version 0.2.6+13: Enable test functional/iak-idevid-persisted-and-protected builddeps: bump uuid from 1.7.0 to 1.10.0 builddep...
Security update for docker
This update for docker fixes the following issues: Security fixes: CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts bsc1219267 CVE-2024-23652: Fixed insufficient validation of parent directory on mount bsc1219268 CVE-2024-23653: Fixed insufficient validation on...
Security update for containerized-data-importer
This update for containerized-data-importer fixes the following issues: Update to version 1.60.1 Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.60.1 Add registry path for SLE15 SP7 Bump to the latest tag 1.60.1-150600.3.9.1 Use the images based on SLE15 SP6...
Security update for kubevirt
This update for kubevirt fixes the following issues: Update to version 1.3.1 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.3.1 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.3.0 Fix DV error report via VM printable status Fix permission error in storage...
Security update for gtk3
This update for gtk3 fixes the following issues: CVE-2024-6655: Fixed library injection from current working directory bsc1228120. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
Security update for libarchive
This update for libarchive fixes the following issues: CVE-2024-20696: Fixed out-of-bounds access in in copyfromlzsswindowtounp bsc1225971 CVE-2024-20697: Fixed heap based buffer overflow in rar e8 filter bsc1225972 Patch Instructions: To install this SUSE update use the SUSE recommended...
Security update for krb5
This update for krb5 fixes the following issues: CVE-2024-37370: Confidential GSS krb5 wrap tokens with invalid plaintext Extra Count fields were erroneously accepted during unwrap bsc1227186 CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields...
Security update for python-setuptools
This update for python-setuptools fixes the following issues: CVE-2024-6345: Fixed code execution via download functions in the packageindex module in pypa/setuptools bsc1228105 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for git
This update for git fixes the following issues: git was updated to 2.45.1: CVE-2024-32002: recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion bsc1224168 CVE-2024-32004: arbitrary code execution during local clones bsc1224170...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52489: mm/sparsemem: fix race in accessing memorysection-usage bsc1221326. CVE-2023-52581: netfilter: nftables: fix memleak when more than 255 elements...
Security update for runc
This update for runc fixes the following issues: Update to runc v1.1.14. Upstream changelog is available from . CVE-2024-45310: Fixed that runc can be tricked into creating empty files/directories on host bsc1230092 Update to runc v1.1.13. Upstream changelog is available from . Fixed a performanc...
Security update for expat
This update for expat fixes the following issues: CVE-2024-45492: detect integer overflow in function nextScaffoldPart bsc1229932 CVE-2024-45491: detect integer overflow in dtdCopy bsc1229931 CVE-2024-45490: reject negative len for XMLParseBuffer bsc1229930 CVE-2024-28757: XML Entity Expansion...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. This release includes the first live patch. The following security bugs were fixed: CVE-2023-52489: mm/sparsemem: fix race in accessing memorysection-usage bsc1221326. CVE-2023-52581: netfilter: nftables:...
Security update for libxml2
This update for libxml2 fixes the following issues: CVE-2024-34459: Fixed buffer over-read in bsc1224282 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your...
Security update for selinux-policy
This update for selinux-policy fixes the following issues: Update to version 20230523+git25.ad22dd7f: Backport wtmpdb label change to have the same wtmpdb label as in SL Micro 6.1 bsc1229132 Add authrwwtmpdbloginrecords to domains using authmanageloginrecords Add authrwwtmpdbloginrecords to modul...
Security update for systemd
This update for systemd fixes the following issues: Import commit 0512d0d1fc0b54a84964281708036a46ab39c153 0512d0d1fc cgroup: Rename effective limits internal table jscPED-5659 765846b70b cgroup: Restrict effective limits with global resource provision jscPED-5659 e29909088b test: Add effective...
Security update for keepalived
This update for keepalived fixes the following issues: CVE-2024-41184: Fixed integer overflow in vrrpipsetshandler bsc1228123 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...
Security update for glibc
This update for glibc fixes the following issues: Fixed security issues: CVE-2024-33602: Use timet for return type of addgetnetgrentX bsc1223425 CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache bsc1223423 CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response...
Security update for python-urllib3
This update for python-urllib3 fixes the following issues: CVE-2024-37891: Fixed issue where proxy-authorization request header was not stripped during cross-origin redirects bsc1226469 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for qemu
This update for qemu fixes the following issues: Fix bsc1221812: block: Reschedule query-block during qcow2 invalidation bsc1221812 Fix bsc1229007, CVE-2024-7409: nbd/server: CVE-2024-7409: Close stray clients at server-stop bsc1229007 nbd/server: CVE-2024-7409: Drop non-negotiating clients...
Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: CVE-2024-34064, CVE-2024-22195: HTML attribute injection when passing user input as keys to xmlattr filter bsc1223980, bsc1218722 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for python-requests
This update for python-requests fixes the following issues: Update to 2.32.2 To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed getconnection to a new public API, getconnectionwithtlscontext. Existing custom HTTPAdapters will need to...
Security update for avahi
This update for avahi fixes the following issues: Security issues fixed: CVE-2023-38471: Extract host name using avahiunescapelabel bsc1216594. CVE-2023-38469: Reject overly long TXT resource records bsc1216598. Non-security issue fixed: no longer supply bogus services to callbacks bsc1226586...
Security update for glib2
This update for glib2 fixes the following issues: Fixed a possible use after free regression introduced by CVE-2024-34397 patch bsc1224044. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can...
Security update for mozilla-nss
This update for mozilla-nss fixes the following issues: update to NSS 3.101.2 ChaChaXor to return after the function update to NSS 3.101.1 missing sqlite header. GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101 add diagnostic assertions for SFTKObject refcount. freeing...
Security update for curl
This update for curl fixes the following issues: Security issues fixed: CVE-2024-7264: ASN.1 date parser overread bsc1228535 CVE-2024-6197: Freeing stack buffer in utf8asn1str bsc1227888 CVE-2024-2379: QUIC certificate check bypass with wolfSSL bsc1221666 CVE-2024-2466: TLS certificate check bypa...