SUSE 5149 Published by

The following security updates have been released for openSUSE Leap and SUSE Linux Enterprise:

SUSE-SU-2024:2597-1: important: Security update for apache2
SUSE-SU-2024:2572-1: moderate: Security update for python312
SUSE-SU-2024:2575-1: moderate: Security update for kernel-firmware
SUSE-SU-2024:2576-1: moderate: Security update for gnome-shell
SUSE-SU-2024:2578-1: important: Security update for java-21-openjdk
SUSE-SU-2024:2584-1: important: Security update for libgit2
SUSE-SU-2024:2568-1: important: Security update for mockito, snakeyaml, testng
SUSE-SU-2024:2567-1: important: Security update for emacs
SUSE-SU-2024:2545-1: important: Security update for python-Django
SUSE-SU-2024:2542-1: moderate: Security update for nodejs18
SUSE-SU-2024:2531-1: important: Security update for xen
SUSE-SU-2024:2485-1: important: Security update for tomcat
SUSE-SU-2024:2409-1: important: Security update for libvpx
SUSE-SU-2024:2400-1: low: Security update for python-zipp
SUSE-SU-2024:2413-1: important: Security update for tomcat10




SUSE-SU-2024:2597-1: important: Security update for apache2


# Security update for apache2

Announcement ID: SUSE-SU-2024:2597-1
Rating: important
References:

* bsc#1227268
* bsc#1227269
* bsc#1227272

Cross-References:

* CVE-2024-36387
* CVE-2024-38475
* CVE-2024-38476

CVSS scores:

* CVE-2024-36387 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-38475 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
* CVE-2024-38476 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for apache2 fixes the following issues:

* CVE-2024-36387: Fixed DoS by null pointer in websocket over HTTP/2
(bsc#1227272)
* CVE-2024-38475: Fixed improper escaping of output in mod_rewrite
(bsc#1227268)
* CVE-2024-38476: Fixed server may use exploitable/malicious backend
application output to run local handlers via internal redirect (bsc#1227269)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-2597=1 openSUSE-SLE-15.6-2024-2597=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2597=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2597=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-2597=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* apache2-event-2.4.58-150600.5.18.1
* apache2-worker-debuginfo-2.4.58-150600.5.18.1
* apache2-utils-2.4.58-150600.5.18.1
* apache2-worker-2.4.58-150600.5.18.1
* apache2-event-debuginfo-2.4.58-150600.5.18.1
* apache2-debuginfo-2.4.58-150600.5.18.1
* apache2-event-debugsource-2.4.58-150600.5.18.1
* apache2-prefork-2.4.58-150600.5.18.1
* apache2-worker-debugsource-2.4.58-150600.5.18.1
* apache2-prefork-debuginfo-2.4.58-150600.5.18.1
* apache2-2.4.58-150600.5.18.1
* apache2-prefork-debugsource-2.4.58-150600.5.18.1
* apache2-utils-debuginfo-2.4.58-150600.5.18.1
* apache2-utils-debugsource-2.4.58-150600.5.18.1
* apache2-debugsource-2.4.58-150600.5.18.1
* apache2-devel-2.4.58-150600.5.18.1
* openSUSE Leap 15.6 (noarch)
* apache2-manual-2.4.58-150600.5.18.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* apache2-prefork-2.4.58-150600.5.18.1
* apache2-debuginfo-2.4.58-150600.5.18.1
* apache2-prefork-debuginfo-2.4.58-150600.5.18.1
* apache2-2.4.58-150600.5.18.1
* apache2-prefork-debugsource-2.4.58-150600.5.18.1
* apache2-debugsource-2.4.58-150600.5.18.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* apache2-event-2.4.58-150600.5.18.1
* apache2-event-debugsource-2.4.58-150600.5.18.1
* apache2-debuginfo-2.4.58-150600.5.18.1
* apache2-debugsource-2.4.58-150600.5.18.1
* apache2-event-debuginfo-2.4.58-150600.5.18.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* apache2-worker-debuginfo-2.4.58-150600.5.18.1
* apache2-utils-2.4.58-150600.5.18.1
* apache2-worker-2.4.58-150600.5.18.1
* apache2-worker-debugsource-2.4.58-150600.5.18.1
* apache2-utils-debuginfo-2.4.58-150600.5.18.1
* apache2-utils-debugsource-2.4.58-150600.5.18.1
* apache2-devel-2.4.58-150600.5.18.1

## References:

* https://www.suse.com/security/cve/CVE-2024-36387.html
* https://www.suse.com/security/cve/CVE-2024-38475.html
* https://www.suse.com/security/cve/CVE-2024-38476.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227268
* https://bugzilla.suse.com/show_bug.cgi?id=1227269
* https://bugzilla.suse.com/show_bug.cgi?id=1227272



SUSE-SU-2024:2572-1: moderate: Security update for python312


# Security update for python312

Announcement ID: SUSE-SU-2024:2572-1
Rating: moderate
References:

* bsc#1225660
* bsc#1226447
* bsc#1226448
* bsc#1227152
* bsc#1227378

Cross-References:

* CVE-2024-0397
* CVE-2024-4030
* CVE-2024-4032

CVSS scores:

* CVE-2024-0397 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2024-4030 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-4032 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.6
* Python 3 Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities and has two security fixes can now
be installed.

## Description:

This update for python312 fixes the following issues:

* CVE-2024-4032: Corrected information about public and private IPv4 and IPv6
address ranges (bsc#1226448).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-2572=1 SUSE-2024-2572=1

* Python 3 Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-2572=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* python312-dbm-debuginfo-3.12.4-150600.3.3.1
* libpython3_12-1_0-debuginfo-3.12.4-150600.3.3.1
* python312-base-3.12.4-150600.3.3.1
* python312-idle-3.12.4-150600.3.3.1
* python312-tools-3.12.4-150600.3.3.1
* python312-dbm-3.12.4-150600.3.3.1
* python312-debuginfo-3.12.4-150600.3.3.1
* python312-3.12.4-150600.3.3.1
* python312-devel-3.12.4-150600.3.3.1
* python312-testsuite-3.12.4-150600.3.3.1
* libpython3_12-1_0-3.12.4-150600.3.3.1
* python312-testsuite-debuginfo-3.12.4-150600.3.3.1
* python312-debugsource-3.12.4-150600.3.3.1
* python312-doc-3.12.4-150600.3.3.1
* python312-tk-3.12.4-150600.3.3.1
* python312-curses-3.12.4-150600.3.3.1
* python312-core-debugsource-3.12.4-150600.3.3.1
* python312-curses-debuginfo-3.12.4-150600.3.3.1
* python312-base-debuginfo-3.12.4-150600.3.3.1
* python312-doc-devhelp-3.12.4-150600.3.3.1
* python312-tk-debuginfo-3.12.4-150600.3.3.1
* openSUSE Leap 15.6 (x86_64)
* libpython3_12-1_0-32bit-3.12.4-150600.3.3.1
* python312-32bit-3.12.4-150600.3.3.1
* python312-32bit-debuginfo-3.12.4-150600.3.3.1
* python312-base-32bit-debuginfo-3.12.4-150600.3.3.1
* python312-base-32bit-3.12.4-150600.3.3.1
* libpython3_12-1_0-32bit-debuginfo-3.12.4-150600.3.3.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* python312-base-64bit-debuginfo-3.12.4-150600.3.3.1
* libpython3_12-1_0-64bit-debuginfo-3.12.4-150600.3.3.1
* python312-base-64bit-3.12.4-150600.3.3.1
* python312-64bit-3.12.4-150600.3.3.1
* python312-64bit-debuginfo-3.12.4-150600.3.3.1
* libpython3_12-1_0-64bit-3.12.4-150600.3.3.1
* Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* python312-debuginfo-3.12.4-150600.3.3.1
* python312-dbm-debuginfo-3.12.4-150600.3.3.1
* python312-3.12.4-150600.3.3.1
* python312-devel-3.12.4-150600.3.3.1
* python312-core-debugsource-3.12.4-150600.3.3.1
* libpython3_12-1_0-debuginfo-3.12.4-150600.3.3.1
* python312-dbm-3.12.4-150600.3.3.1
* python312-tk-debuginfo-3.12.4-150600.3.3.1
* python312-base-3.12.4-150600.3.3.1
* python312-curses-debuginfo-3.12.4-150600.3.3.1
* libpython3_12-1_0-3.12.4-150600.3.3.1
* python312-idle-3.12.4-150600.3.3.1
* python312-base-debuginfo-3.12.4-150600.3.3.1
* python312-tk-3.12.4-150600.3.3.1
* python312-tools-3.12.4-150600.3.3.1
* python312-debugsource-3.12.4-150600.3.3.1
* python312-curses-3.12.4-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-0397.html
* https://www.suse.com/security/cve/CVE-2024-4030.html
* https://www.suse.com/security/cve/CVE-2024-4032.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225660
* https://bugzilla.suse.com/show_bug.cgi?id=1226447
* https://bugzilla.suse.com/show_bug.cgi?id=1226448
* https://bugzilla.suse.com/show_bug.cgi?id=1227152
* https://bugzilla.suse.com/show_bug.cgi?id=1227378



SUSE-SU-2024:2575-1: moderate: Security update for kernel-firmware


# Security update for kernel-firmware

Announcement ID: SUSE-SU-2024:2575-1
Rating: moderate
References:

* bsc#1219458
* bsc#1222319
* bsc#1225600
* bsc#1225601

Cross-References:

* CVE-2023-38417
* CVE-2023-47210

CVSS scores:

* CVE-2023-38417 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-47210 ( SUSE ): 4.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities and has two security fixes can now be
installed.

## Description:

This update for kernel-firmware fixes the following issues:

* CVE-2023-38417: Fixed improper input validation for some Intel(R)
PROSet/Wireless WiFi software for linux before version 23.20 (bsc#1225600)
* CVE-2023-47210: Fixed improper input validation for some Intel(R)
PROSet/Wireless WiFi software before version 23.20 (bsc#1225601)

* Update to version 20240712 (git commit ed874ed83cac):

* amdgpu: update DMCUB to v0.0.225.0 for Various AMDGPU Asics
* qcom: add gpu firmwares for x1e80100 chipset (bsc#1219458)
* linux-firmware: add firmware for qat_402xx devices
* amdgpu: update raven firmware
* amdgpu: update SMU 13.0.10 firmware
* amdgpu: update SDMA 6.0.3 firmware
* amdgpu: update PSP 13.0.10 firmware
* amdgpu: update GC 11.0.3 firmware
* amdgpu: update vega20 firmware
* amdgpu: update PSP 13.0.5 firmware
* amdgpu: update PSP 13.0.8 firmware
* amdgpu: update vega12 firmware
* amdgpu: update vega10 firmware
* amdgpu: update VCN 4.0.0 firmware
* amdgpu: update SDMA 6.0.0 firmware
* amdgpu: update PSP 13.0.0 firmware
* amdgpu: update GC 11.0.0 firmware
* amdgpu: update picasso firmware
* amdgpu: update beige goby firmware
* amdgpu: update vangogh firmware
* amdgpu: update dimgrey cavefish firmware
* amdgpu: update navy flounder firmware
* amdgpu: update PSP 13.0.11 firmware
* amdgpu: update GC 11.0.4 firmware
* amdgpu: update green sardine firmware
* amdgpu: update VCN 4.0.2 firmware
* amdgpu: update SDMA 6.0.1 firmware
* amdgpu: update PSP 13.0.4 firmware
* amdgpu: update GC 11.0.1 firmware
* amdgpu: update sienna cichlid firmware
* amdgpu: update VPE 6.1.1 firmware
* amdgpu: update VCN 4.0.6 firmware
* amdgpu: update SDMA 6.1.1 firmware
* amdgpu: update PSP 14.0.1 firmware
* amdgpu: update GC 11.5.1 firmware
* amdgpu: update VCN 4.0.5 firmware
* amdgpu: update SDMA 6.1.0 firmware
* amdgpu: update PSP 14.0.0 firmware
* amdgpu: update GC 11.5.0 firmware
* amdgpu: update navi14 firmware
* amdgpu: update renoir firmware
* amdgpu: update navi12 firmware
* amdgpu: update PSP 13.0.6 firmware
* amdgpu: update GC 9.4.3 firmware
* amdgpu: update yellow carp firmware
* amdgpu: update VCN 4.0.4 firmware
* amdgpu: update SMU 13.0.7 firmware
* amdgpu: update SDMA 6.0.2 firmware
* amdgpu: update PSP 13.0.7 firmware
* amdgpu: update GC 11.0.2 firmware
* amdgpu: update navi10 firmware
* amdgpu: update raven2 firmware
* amdgpu: update aldebaran firmware
* linux-firmware: Update AMD cpu microcode
* linux-firmware: Add ISH firmware file for Intel Lunar Lake platform
* amdgpu: update DMCUB to v0.0.224.0 for Various AMDGPU Asics
* cirrus: cs35l41: Update various firmware for ASUS laptops using CS35L41
* amdgpu: Update ISP FW for isp v4.1.1

* Update to version 20240622 (git commit 7d931f8afa51):

* linux-firmware: mediatek: Update MT8173 VPU firmware to v1.2.0
* qcom: Add AIC100 firmware files

* Update to version 20240618 (git commit 7d931f8afa51):

* amlogic: Update bluetooth firmware binary
* linux-firmware: Update firmware file for Intel BlazarU core
* linux-firmware: Update firmware file for Intel Bluetooth Magnetor core
* linux-firmware: Update firmware file for Intel Bluetooth Solar core
* linux-firmware: Update firmware file for Intel Bluetooth Pulsar core
* rtl_bt: Update RTL8822C BT UART firmware to 0xB5D6_6DCB
* rtl_bt: Update RTL8822C BT USB firmware to 0xAED6_6DCB
* amdgpu: update DMCUB to v0.0.222.0 for DCN314
* iwlwifi: add ty/So/Ma firmwares for core88-87 release
* iwlwifi: update cc/Qu/QuZ firmwares for core88-87 release
* linux-firmware: add new cc33xx firmware for cc33xx chips
* cirrus: cs35l56: Update firmware for Cirrus CS35L56 for ASUS UM5606 laptop
* cirrus: cs35l56: Update firmware for Cirrus CS35L56 for various ASUS laptops
* linux-firmware: Add firmware for Lenovo Thinkbooks
* amdgpu: update yellow carp firmware
* amdgpu: update VCN 4.0.4 firmware
* amdgpu: update SDMA 6.0.2 firmware
* amdgpu: update PSP 13.0.7 firmware
* amdgpu: update GC 11.0.2 firmware
* amdgpu: update navi10 firmware
* amdgpu: update raven2 firmware
* amdgpu: update raven firmware
* amdgpu: update SMU 13.0.10 firmware
* amdgpu: update SDMA 6.0.3 firmware
* amdgpu: update PSP 13.0.10 firmware
* amdgpu: update GC 11.0.3 firmware
* amdgpu: update VCN 3.1.2 firmware
* amdgpu: update PSP 13.0.5 firmware
* amdgpu: update psp 13.0.8 firmware
* amdgpu: update vega20 firmware
* amdgpu: update vega12 firmware
* amdgpu: update vega10 firmware
* amdgpu: update VCN 4.0.0 firmware
* amdgpu: update smu 13.0.0 firmware
* amdgpu: update SDMA 6.0.0 firmware
* amdgpu: update PSP 13.0.0 firmware
* amdgpu: update GC 11.0.0 firmware
* amdgpu: update picasso firmware
* amdgpu: update beige goby firmware
* amdgpu: update vangogh firmware
* amdgpu: update dimgrey cavefish firmware
* amdgpu: update green sardine firmware
* amdgpu: update navy flounder firmware
* amdgpu: update PSP 13.0.11 firmware
* amdgpu: update GC 11.0.4 firmware
* amdgpu: update VCN 4.0.2 firmware
* amdgpu: update SDMA 6.0.1 firmware
* amdgpu: update PSP 13.0.4 firmware
* amdgpu: update GC 11.0.1 firmware
* amdgpu: update sienna cichlid firmware
* amdgpu: update VCN 4.0.5 firmware
* amdgpu: update PSP 14.0.0 firmware
* amdgpu: update GC 11.5.0 firmware
* amdgpu: update navi14 firmware
* amdgpu: update SMU 13.0.6 firmware
* amdgpu: update PSP 13.0.6 firmware
* amdgpu: update GC 9.4.3 firmware
* amdgpu: update renoir firmware
* amdgpu: update navi12 firmware
* amdgpu: update aldebaran firmware
* amdgpu: add support for PSP 14.0.1
* amdgpu: add support for VPE 6.1.1
* amdgpu: add support for VCN 4.0.6
* amdgpu: add support for SDMA 6.1.1
* amdgpu: add support for GC 11.5.1
* amdgpu: Add support for DCN 3.5.1
* QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00639
* cnm: update chips&media wave521c firmware.
* linux-firmware: Add ordinary firmware for RTL8821AU device

* Update to version 20240519 (git commit aae8224390e2):

* amdgpu: add new ISP 4.1.1 firmware

* Update to version 20240510 (git commit 7c2303328d8e):

* linux-firmware: Amphion: Update vpu firmware
* linux-firmware: Update firmware file for Intel BlazarU core
* linux-firmware: Update firmware file for Intel Bluetooth Magnetor core
* linux-firmware: Update firmware file for Intel Bluetooth Solar core
* linux-firmware: Update firmware file for Intel Bluetooth Solar core
* i915: Add BMG DMC v2.06
* linux-firmware: Add CS35L41 HDA Firmware for Asus HN7306
* linux-firmware: Update firmware tuning for HP Consumer Laptop
* amdgpu: DMCUB updates for various AMDGPU ASICs
* rtl_bt: Update RTL8822C BT UART firmware to 0x0FD6_407B
* rtl_bt: Update RTL8822C BT USB firmware to 0x0ED6_407B
* cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various ASUS laptops
* linux-firmware: Add firmware and tuning for Lenovo Y770S

* Update to version 20240426 (git commit 2398d264f953):

* amdgpu: DMCUB updates for various AMDGPU ASICs
* linux-firmware: Add firmware for Cirrus CS35L56 for various HP laptops
* i915: Update Xe2LPD DMC to v2.20
* linux-firmware: Remove Calibration Firmware and Tuning for CS35L41
* linux-firmware: Add firmware for Lenovo Thinkbook 13X
* ASoC: tas2781: Add dsp firmware for Thinkpad ICE-1 laptop
* amdgpu: add DMCUB 3.5 firmware
* amdgpu: add VPE 6.1.0 firmware
* amdgpu: add VCN 4.0.5 firmware
* amdgpu: add UMSCH 4.0.0 firmware
* amdgpu: add SDMA 6.1.0 firmware
* amdgpu: add PSP 14.0.0 firmware
* amdgpu: add GC 11.5.0 firmware
* amdgpu: update license date

* Update to version 20240419 (git commit 7eab37522984):

* Montage: update firmware for Mont-TSSE
* linux-firmware: Add tuning parameter configs for CS35L41 Firmware
* linux-firmware: Fix firmware names for Laptop SSID 104316a3
* linux-firmware: Add CS35L41 HDA Firmware for Lenovo Legion Slim 7 16ARHA7
* linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
* linux-firmware: update firmware for MT7922 WiFi device
* iwlwifi: add gl FW for core87-44 release
* iwlwifi: add ty/So/Ma firmwares for core87-44 release
* iwlwifi: update cc/Qu/QuZ firmwares for core87-44 release
* nvidia: Update Tegra210 XUSB firmware to v50.29
* amdgpu: update beige goby firmware
* amdgpu: update dimgrey cavefish firmware
* amdgpu: update psp 13.0.11 firmware
* amdgpu: update gc 11.0.4 firmware
* amdgpu: update navy flounder firmware
* amdgpu: update renoir firmware
* amdgpu: update vcn 4.0.2 firmware
* amdgpu: update sdma 6.0.1 firmware
* amdgpu: update psp 13.0.4 firmware
* amdgpu: update gc 11.0.1 firmware
* amdgpu: update sienna cichlid firmware
* amdgpu: update vega20 firmware
* amdgpu: update yellow carp firmware
* amdgpu: update green sardine firmware
* amdgpu: update vega12 firmware
* amdgpu: update raven2 firmware
* amdgpu: update vcn 4.0.4 firmware
* amdgpu: update smu 13.0.7 firmware
* amdgpu: update sdma 6.0.2 firmware
* amdgpu: update ipsp 13.0.7 firmware
* amdgpu: update gc 11.0.2 firmware
* amdgpu: update vega10 firmware
* amdgpu: update raven firmware
* amdgpu: update navi14 firmware
* amdgpu: update smu 13.0.10 firmware
* amdgpu: update sdma 6.0.3 firmware
* amdgpu: update psp 13.0.10 firmware
* amdgpu: update gc 11.0.3 firmware
* amdgpu: update vcn 3.1.2 firmware
* amdgpu: update psp 13.0.5 firmware
* amdgpu: update gc 10.3.6 firmware
* amdgpu: update navi12 firmware
* amdgpu: update arcturus firmware
* amdgpu: update vangogh firmware
* amdgpu: update navi10 firmware
* amdgpu: update vcn 4.0.3 firmware
* amdgpu: update smu 13.0.6 firmware
* amdgpu: update psp 13.0.6 firmware
* amdgpu: update gc 9.4.3 firmware
* amdgpu: update vcn 4.0.0 firmware
* amdgpu: update smu 13.0.0 firmware
* amdgpu: update sdma 6.0.0 firmware
* amdgpu: update psp 13.0.0 firmware
* amdgpu: update gc 11.0.0 firmware
* amdgpu: update firmware
* amdgpu: update aldebaran firmware
* amdgpu: update psp 13.0.8 firmware
* amdgpu: update gc 10.3.7 firmware
* linux-firmware: mediatek: Update MT8173 VPU firmware to v1.1.9
* ath10k: WCN3990: hw1.0: add qcm2290 firmware API file
* ath10k: WCN3990: hw1.0: move firmware back from qcom/ location
* i915: Add DG2 HuC 7.10.15
* amdgpu: DMCUB updates for various AMDGPU ASICs
* linux-firmware: update firmware for en8811h 2.5G ethernet phy
* rtw89: 8852c: update fw to v0.27.56.14
* rtw89: 8922a: add firmware v0.35.18.0
* rtw88: Add RTL8703B firmware v11.0.0

* Drop duplicated WHENCE from kernel-firmware-* subpackages (bsc#1222319)

* Update to version 20240322 (git commit 9a6a0cc195c1):

* mekdiatek: Update mt8186 SOF firmware to v2.0.1
* linux-firmware: Add firmware for Cirrus CS35L56 for Dell laptops
* Montage: update firmware for Mont-TSSE
* WHENCE: Link the Raspberry Pi CM4 and 5B to the 4B
* Intel Bluetooth: Update firmware file for Intel Bluetooth BE200
* Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX101
* Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX203
* Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX211
* Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX101
* Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX101
* Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX203
* Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX203
* Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX211
* Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX211
* Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX210
* Intel Bluetooth: Update firmware file for Intel Bluetooth AX200
* Intel Bluetooth: Update firmware file for Intel Bluetooth AX201
* Intel Bluetooth: Update firmware file for Intel Bluetooth 9560
* Intel Bluetooth: Update firmware file for Intel Bluetooth 9260
* amdgpu: DMCUB updates for various AMDGPU ASICs
* linux-firmware: mediatek: Update MT8173 VPU firmware to v1.1.8
* imx: sdma: update firmware to v3.6/v4.6

* Update to version 20240312 (git commit 4a404b5bfdb9):

* linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
* iwlwifi: update 9000-family firmwares to core85-89
* rtl_bt: Update RTL8852A BT USB firmware to 0xD9D6_17DA
* linux-firmware: update firmware for MT7921 WiFi device
* linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
* linux-firmware: update firmware for MT7922 WiFi device
* linux-firmware: Add CS35L41 HDA Firmware for Lenovo Thinkbook 16P Laptops

* Update to version 20240229 (git commit 977332782302):

* amdgpu: Update VCN firmware binaries
* Intel IPU2: Add firmware files
* brcm: Add nvram for the Acer Iconia One 7 B1-750 tablet
* i915: Add Xe2LPD DMC v2.18
* i915: Update MTL DMC v2.21

* Update to version 20240220 (git commit 73b4429fae36):

* linux-firmware: update firmware for en8811h 2.5G ethernet phy
* linux-firmware: add firmware for MT7996
* xe: First GuC release for LNL and Xe
* i915: Add GuC v70.20.0 for ADL-P, DG1, DG2, MTL and TGL
* linux-firmware: Add CS35L41 firmware for Lenovo Legion 7i gen7 laptop
(16IAX7)
* brcm: Add nvram for the Asus Memo Pad 7 ME176C tablet
* ice: update ice DDP package to 1.3.36.0
* Intel IPU3 ImgU: Move firmware file under intel/ipu
* Intel IPU6: Move firmware binaries under ipu/
* check_whence: Add a check for duplicate link entries
* WHENCE: Clean up section separators
* linux-firmware: Add CS35L41 firmware for additional ASUS Zenbook 2023 models
* panthor: Add initial firmware for Gen10 Arm Mali GPUs
* amdgpu: DMCUB Updates for DCN321: 7.0.38.0
* amdgpu: DMCUB updates for Yellow Carp: 4.0.68.0
* qcom: update venus firmware file for v5.4
* Montage: add firmware for Mont-TSSE
* amdgpu: update DMCUB to v0.0.203.0 for DCN314 and DCN32
* linux-firmware: Remove 2 HP laptops using CS35L41 Audio Firmware
* linux-firmware: Fix filenames for some CS35L41 firmwares for HP

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-2575=1 openSUSE-SLE-15.6-2024-2575=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2575=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* kernel-firmware-ath12k-20240712-150600.3.3.1
* kernel-firmware-marvell-20240712-150600.3.3.1
* kernel-firmware-nfp-20240712-150600.3.3.1
* kernel-firmware-dpaa2-20240712-150600.3.3.1
* kernel-firmware-chelsio-20240712-150600.3.3.1
* kernel-firmware-prestera-20240712-150600.3.3.1
* kernel-firmware-realtek-20240712-150600.3.3.1
* kernel-firmware-bnx2-20240712-150600.3.3.1
* kernel-firmware-bluetooth-20240712-150600.3.3.1
* kernel-firmware-mellanox-20240712-150600.3.3.1
* kernel-firmware-liquidio-20240712-150600.3.3.1
* kernel-firmware-ath10k-20240712-150600.3.3.1
* ucode-amd-20240712-150600.3.3.1
* kernel-firmware-ueagle-20240712-150600.3.3.1
* kernel-firmware-mediatek-20240712-150600.3.3.1
* kernel-firmware-mwifiex-20240712-150600.3.3.1
* kernel-firmware-atheros-20240712-150600.3.3.1
* kernel-firmware-qcom-20240712-150600.3.3.1
* kernel-firmware-network-20240712-150600.3.3.1
* kernel-firmware-radeon-20240712-150600.3.3.1
* kernel-firmware-i915-20240712-150600.3.3.1
* kernel-firmware-iwlwifi-20240712-150600.3.3.1
* kernel-firmware-serial-20240712-150600.3.3.1
* kernel-firmware-usb-network-20240712-150600.3.3.1
* kernel-firmware-amdgpu-20240712-150600.3.3.1
* kernel-firmware-nvidia-20240712-150600.3.3.1
* kernel-firmware-intel-20240712-150600.3.3.1
* kernel-firmware-ti-20240712-150600.3.3.1
* kernel-firmware-ath11k-20240712-150600.3.3.1
* kernel-firmware-media-20240712-150600.3.3.1
* kernel-firmware-qlogic-20240712-150600.3.3.1
* kernel-firmware-all-20240712-150600.3.3.1
* kernel-firmware-20240712-150600.3.3.1
* kernel-firmware-sound-20240712-150600.3.3.1
* kernel-firmware-platform-20240712-150600.3.3.1
* kernel-firmware-brcm-20240712-150600.3.3.1
* Basesystem Module 15-SP6 (noarch)
* kernel-firmware-ath12k-20240712-150600.3.3.1
* kernel-firmware-marvell-20240712-150600.3.3.1
* kernel-firmware-nfp-20240712-150600.3.3.1
* kernel-firmware-dpaa2-20240712-150600.3.3.1
* kernel-firmware-chelsio-20240712-150600.3.3.1
* kernel-firmware-prestera-20240712-150600.3.3.1
* kernel-firmware-realtek-20240712-150600.3.3.1
* kernel-firmware-bnx2-20240712-150600.3.3.1
* kernel-firmware-bluetooth-20240712-150600.3.3.1
* kernel-firmware-mellanox-20240712-150600.3.3.1
* kernel-firmware-liquidio-20240712-150600.3.3.1
* kernel-firmware-ath10k-20240712-150600.3.3.1
* ucode-amd-20240712-150600.3.3.1
* kernel-firmware-ueagle-20240712-150600.3.3.1
* kernel-firmware-mediatek-20240712-150600.3.3.1
* kernel-firmware-mwifiex-20240712-150600.3.3.1
* kernel-firmware-atheros-20240712-150600.3.3.1
* kernel-firmware-qcom-20240712-150600.3.3.1
* kernel-firmware-network-20240712-150600.3.3.1
* kernel-firmware-radeon-20240712-150600.3.3.1
* kernel-firmware-i915-20240712-150600.3.3.1
* kernel-firmware-iwlwifi-20240712-150600.3.3.1
* kernel-firmware-serial-20240712-150600.3.3.1
* kernel-firmware-usb-network-20240712-150600.3.3.1
* kernel-firmware-amdgpu-20240712-150600.3.3.1
* kernel-firmware-nvidia-20240712-150600.3.3.1
* kernel-firmware-intel-20240712-150600.3.3.1
* kernel-firmware-ti-20240712-150600.3.3.1
* kernel-firmware-ath11k-20240712-150600.3.3.1
* kernel-firmware-media-20240712-150600.3.3.1
* kernel-firmware-qlogic-20240712-150600.3.3.1
* kernel-firmware-all-20240712-150600.3.3.1
* kernel-firmware-sound-20240712-150600.3.3.1
* kernel-firmware-platform-20240712-150600.3.3.1
* kernel-firmware-brcm-20240712-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2023-38417.html
* https://www.suse.com/security/cve/CVE-2023-47210.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219458
* https://bugzilla.suse.com/show_bug.cgi?id=1222319
* https://bugzilla.suse.com/show_bug.cgi?id=1225600
* https://bugzilla.suse.com/show_bug.cgi?id=1225601



SUSE-SU-2024:2576-1: moderate: Security update for gnome-shell


# Security update for gnome-shell

Announcement ID: SUSE-SU-2024:2576-1
Rating: moderate
References:

* bsc#1215485
* bsc#1225567

Cross-References:

* CVE-2023-43090
* CVE-2024-36472

CVSS scores:

* CVE-2023-43090 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-43090 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-36472 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

Affected Products:

* Desktop Applications Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for gnome-shell fixes the following issues:

* CVE-2024-36472: Fixed portal helper automatically launched without user
confirmation (bsc#1225567)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-2576=1 openSUSE-SLE-15.6-2024-2576=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-2576=1

* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-2576=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* gnome-extensions-45.3-150600.5.6.1
* gnome-shell-45.3-150600.5.6.1
* gnome-shell-debugsource-45.3-150600.5.6.1
* gnome-shell-calendar-debuginfo-45.3-150600.5.6.1
* gnome-shell-debuginfo-45.3-150600.5.6.1
* gnome-shell-devel-45.3-150600.5.6.1
* gnome-shell-calendar-45.3-150600.5.6.1
* openSUSE Leap 15.6 (noarch)
* gnome-shell-lang-45.3-150600.5.6.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* gnome-extensions-45.3-150600.5.6.1
* gnome-shell-45.3-150600.5.6.1
* gnome-shell-debugsource-45.3-150600.5.6.1
* gnome-shell-debuginfo-45.3-150600.5.6.1
* gnome-shell-devel-45.3-150600.5.6.1
* Desktop Applications Module 15-SP6 (noarch)
* gnome-shell-lang-45.3-150600.5.6.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* gnome-shell-calendar-debuginfo-45.3-150600.5.6.1
* gnome-shell-debuginfo-45.3-150600.5.6.1
* gnome-shell-debugsource-45.3-150600.5.6.1
* gnome-shell-calendar-45.3-150600.5.6.1

## References:

* https://www.suse.com/security/cve/CVE-2023-43090.html
* https://www.suse.com/security/cve/CVE-2024-36472.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215485
* https://bugzilla.suse.com/show_bug.cgi?id=1225567



SUSE-SU-2024:2578-1: important: Security update for java-21-openjdk


# Security update for java-21-openjdk

Announcement ID: SUSE-SU-2024:2578-1
Rating: important
References:

* bsc#1227298
* bsc#1228046
* bsc#1228047
* bsc#1228048
* bsc#1228051
* bsc#1228052

Cross-References:

* CVE-2024-21131
* CVE-2024-21138
* CVE-2024-21140
* CVE-2024-21145
* CVE-2024-21147

CVSS scores:

* CVE-2024-21131 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-21138 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21140 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-21145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-21147 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves five vulnerabilities and has one security fix can now be
installed.

## Description:

This update for java-21-openjdk fixes the following issues:

Updated to version 21.0.4+7 (July 2024 CPU):

* CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046).
* CVE-2024-21138: Fixed an infinite loop due to excessive symbol length
(bsc#1228047).
* CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination
(bsc#1228048).
* CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling
(bsc#1228052).
* CVE-2024-21145: Fixed an index overflow in RangeCheckElimination
(bsc#1228051).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-2578=1 openSUSE-SLE-15.6-2024-2578=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2578=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* java-21-openjdk-21.0.4.0-150600.3.3.1
* java-21-openjdk-headless-debuginfo-21.0.4.0-150600.3.3.1
* java-21-openjdk-jmods-21.0.4.0-150600.3.3.1
* java-21-openjdk-debugsource-21.0.4.0-150600.3.3.1
* java-21-openjdk-headless-21.0.4.0-150600.3.3.1
* java-21-openjdk-src-21.0.4.0-150600.3.3.1
* java-21-openjdk-debuginfo-21.0.4.0-150600.3.3.1
* java-21-openjdk-devel-21.0.4.0-150600.3.3.1
* java-21-openjdk-devel-debuginfo-21.0.4.0-150600.3.3.1
* java-21-openjdk-demo-21.0.4.0-150600.3.3.1
* openSUSE Leap 15.6 (noarch)
* java-21-openjdk-javadoc-21.0.4.0-150600.3.3.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* java-21-openjdk-21.0.4.0-150600.3.3.1
* java-21-openjdk-headless-debuginfo-21.0.4.0-150600.3.3.1
* java-21-openjdk-debugsource-21.0.4.0-150600.3.3.1
* java-21-openjdk-headless-21.0.4.0-150600.3.3.1
* java-21-openjdk-debuginfo-21.0.4.0-150600.3.3.1
* java-21-openjdk-devel-21.0.4.0-150600.3.3.1
* java-21-openjdk-devel-debuginfo-21.0.4.0-150600.3.3.1
* java-21-openjdk-demo-21.0.4.0-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-21131.html
* https://www.suse.com/security/cve/CVE-2024-21138.html
* https://www.suse.com/security/cve/CVE-2024-21140.html
* https://www.suse.com/security/cve/CVE-2024-21145.html
* https://www.suse.com/security/cve/CVE-2024-21147.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227298
* https://bugzilla.suse.com/show_bug.cgi?id=1228046
* https://bugzilla.suse.com/show_bug.cgi?id=1228047
* https://bugzilla.suse.com/show_bug.cgi?id=1228048
* https://bugzilla.suse.com/show_bug.cgi?id=1228051
* https://bugzilla.suse.com/show_bug.cgi?id=1228052



SUSE-SU-2024:2584-1: important: Security update for libgit2


# Security update for libgit2

Announcement ID: SUSE-SU-2024:2584-1
Rating: important
References:

* bsc#1219660
* bsc#1219664

Cross-References:

* CVE-2024-24575
* CVE-2024-24577

CVSS scores:

* CVE-2024-24575 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24575 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24577 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
* CVE-2024-24577 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for libgit2 fixes the following issues:

Update to 1.7.2:

Security fixes:

* CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in
git_index_add (bsc#1219660)
* CVE-2024-24575: Fixed potential infinite loop condition in
git_revparse_single() (bsc#1219664)

Other fixes: \- A bug in the smart transport negotiation could have caused an
out-of-bounds read when a remote server did not advertise capabilities.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-2584=1 openSUSE-SLE-15.6-2024-2584=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2584=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libgit2-tools-1.7.2-150600.3.3.1
* libgit2-devel-1.7.2-150600.3.3.1
* libgit2-1_7-debuginfo-1.7.2-150600.3.3.1
* libgit2-debuginfo-1.7.2-150600.3.3.1
* libgit2-debugsource-1.7.2-150600.3.3.1
* libgit2-tools-debuginfo-1.7.2-150600.3.3.1
* libgit2-1_7-1.7.2-150600.3.3.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libgit2-tools-1.7.2-150600.3.3.1
* libgit2-devel-1.7.2-150600.3.3.1
* libgit2-1_7-debuginfo-1.7.2-150600.3.3.1
* libgit2-debuginfo-1.7.2-150600.3.3.1
* libgit2-debugsource-1.7.2-150600.3.3.1
* libgit2-tools-debuginfo-1.7.2-150600.3.3.1
* libgit2-1_7-1.7.2-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-24575.html
* https://www.suse.com/security/cve/CVE-2024-24577.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219660
* https://bugzilla.suse.com/show_bug.cgi?id=1219664



SUSE-SU-2024:2568-1: important: Security update for mockito, snakeyaml, testng


The content of this message was lost. It was probably cross-posted to
multiple lists and previously handled on another list.



SUSE-SU-2024:2567-1: important: Security update for emacs


# Security update for emacs

Announcement ID: SUSE-SU-2024:2567-1
Rating: important
References:

* bsc#1226957

Cross-References:

* CVE-2024-39331

CVSS scores:

* CVE-2024-39331 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP5
* Basesystem Module 15-SP6
* Desktop Applications Module 15-SP5
* Desktop Applications Module 15-SP6
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for emacs fixes the following issues:

* CVE-2024-39331: Fixed evaluation of arbitrary unsafe Elisp code in Org mode
(bsc#1226957).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2567=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-2567=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-2567=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-2567=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-2567=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-2567=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-2567=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-2567=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2567=1

* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-2567=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-2567=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2567=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2567=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2567=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2567=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* emacs-debuginfo-27.2-150400.3.17.1
* emacs-nox-debuginfo-27.2-150400.3.17.1
* emacs-x11-27.2-150400.3.17.1
* emacs-x11-debuginfo-27.2-150400.3.17.1
* etags-debuginfo-27.2-150400.3.17.1
* emacs-nox-27.2-150400.3.17.1
* emacs-debugsource-27.2-150400.3.17.1
* etags-27.2-150400.3.17.1
* emacs-27.2-150400.3.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* emacs-el-27.2-150400.3.17.1
* emacs-info-27.2-150400.3.17.1
* SUSE Manager Proxy 4.3 (x86_64)
* emacs-debuginfo-27.2-150400.3.17.1
* emacs-nox-debuginfo-27.2-150400.3.17.1
* etags-debuginfo-27.2-150400.3.17.1
* emacs-nox-27.2-150400.3.17.1
* emacs-debugsource-27.2-150400.3.17.1
* etags-27.2-150400.3.17.1
* emacs-27.2-150400.3.17.1
* SUSE Manager Proxy 4.3 (noarch)
* emacs-el-27.2-150400.3.17.1
* emacs-info-27.2-150400.3.17.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* emacs-debuginfo-27.2-150400.3.17.1
* emacs-nox-debuginfo-27.2-150400.3.17.1
* etags-debuginfo-27.2-150400.3.17.1
* emacs-nox-27.2-150400.3.17.1
* emacs-debugsource-27.2-150400.3.17.1
* etags-27.2-150400.3.17.1
* emacs-27.2-150400.3.17.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* emacs-el-27.2-150400.3.17.1
* emacs-info-27.2-150400.3.17.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* emacs-debuginfo-27.2-150400.3.17.1
* emacs-nox-debuginfo-27.2-150400.3.17.1
* etags-debuginfo-27.2-150400.3.17.1
* emacs-nox-27.2-150400.3.17.1
* emacs-debugsource-27.2-150400.3.17.1
* etags-27.2-150400.3.17.1
* emacs-27.2-150400.3.17.1
* SUSE Manager Server 4.3 (noarch)
* emacs-el-27.2-150400.3.17.1
* emacs-info-27.2-150400.3.17.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* emacs-debuginfo-27.2-150400.3.17.1
* emacs-nox-debuginfo-27.2-150400.3.17.1
* emacs-x11-27.2-150400.3.17.1
* emacs-x11-debuginfo-27.2-150400.3.17.1
* etags-debuginfo-27.2-150400.3.17.1
* emacs-nox-27.2-150400.3.17.1
* emacs-debugsource-27.2-150400.3.17.1
* etags-27.2-150400.3.17.1
* emacs-27.2-150400.3.17.1
* openSUSE Leap 15.4 (noarch)
* emacs-el-27.2-150400.3.17.1
* emacs-info-27.2-150400.3.17.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* emacs-debuginfo-27.2-150400.3.17.1
* emacs-nox-debuginfo-27.2-150400.3.17.1
* emacs-x11-27.2-150400.3.17.1
* emacs-x11-debuginfo-27.2-150400.3.17.1
* etags-debuginfo-27.2-150400.3.17.1
* emacs-nox-27.2-150400.3.17.1
* emacs-debugsource-27.2-150400.3.17.1
* etags-27.2-150400.3.17.1
* emacs-27.2-150400.3.17.1
* openSUSE Leap 15.5 (noarch)
* emacs-el-27.2-150400.3.17.1
* emacs-info-27.2-150400.3.17.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* emacs-debuginfo-27.2-150400.3.17.1
* emacs-nox-debuginfo-27.2-150400.3.17.1
* emacs-x11-27.2-150400.3.17.1
* emacs-x11-debuginfo-27.2-150400.3.17.1
* etags-debuginfo-27.2-150400.3.17.1
* emacs-nox-27.2-150400.3.17.1
* emacs-debugsource-27.2-150400.3.17.1
* etags-27.2-150400.3.17.1
* emacs-27.2-150400.3.17.1
* openSUSE Leap 15.6 (noarch)
* emacs-el-27.2-150400.3.17.1
* emacs-info-27.2-150400.3.17.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* emacs-debuginfo-27.2-150400.3.17.1
* emacs-nox-debuginfo-27.2-150400.3.17.1
* etags-debuginfo-27.2-150400.3.17.1
* emacs-nox-27.2-150400.3.17.1
* emacs-debugsource-27.2-150400.3.17.1
* etags-27.2-150400.3.17.1
* emacs-27.2-150400.3.17.1
* Basesystem Module 15-SP5 (noarch)
* emacs-el-27.2-150400.3.17.1
* emacs-info-27.2-150400.3.17.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* emacs-debuginfo-27.2-150400.3.17.1
* emacs-nox-debuginfo-27.2-150400.3.17.1
* etags-debuginfo-27.2-150400.3.17.1
* emacs-nox-27.2-150400.3.17.1
* emacs-debugsource-27.2-150400.3.17.1
* etags-27.2-150400.3.17.1
* emacs-27.2-150400.3.17.1
* Basesystem Module 15-SP6 (noarch)
* emacs-el-27.2-150400.3.17.1
* emacs-info-27.2-150400.3.17.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* emacs-x11-27.2-150400.3.17.1
* emacs-x11-debuginfo-27.2-150400.3.17.1
* emacs-debugsource-27.2-150400.3.17.1
* emacs-debuginfo-27.2-150400.3.17.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* emacs-x11-27.2-150400.3.17.1
* emacs-x11-debuginfo-27.2-150400.3.17.1
* emacs-debugsource-27.2-150400.3.17.1
* emacs-debuginfo-27.2-150400.3.17.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* emacs-debuginfo-27.2-150400.3.17.1
* emacs-nox-debuginfo-27.2-150400.3.17.1
* emacs-x11-27.2-150400.3.17.1
* emacs-x11-debuginfo-27.2-150400.3.17.1
* etags-debuginfo-27.2-150400.3.17.1
* emacs-nox-27.2-150400.3.17.1
* emacs-debugsource-27.2-150400.3.17.1
* etags-27.2-150400.3.17.1
* emacs-27.2-150400.3.17.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* emacs-el-27.2-150400.3.17.1
* emacs-info-27.2-150400.3.17.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* emacs-debuginfo-27.2-150400.3.17.1
* emacs-nox-debuginfo-27.2-150400.3.17.1
* emacs-x11-27.2-150400.3.17.1
* emacs-x11-debuginfo-27.2-150400.3.17.1
* etags-debuginfo-27.2-150400.3.17.1
* emacs-nox-27.2-150400.3.17.1
* emacs-debugsource-27.2-150400.3.17.1
* etags-27.2-150400.3.17.1
* emacs-27.2-150400.3.17.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* emacs-el-27.2-150400.3.17.1
* emacs-info-27.2-150400.3.17.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* emacs-debuginfo-27.2-150400.3.17.1
* emacs-nox-debuginfo-27.2-150400.3.17.1
* emacs-x11-27.2-150400.3.17.1
* emacs-x11-debuginfo-27.2-150400.3.17.1
* etags-debuginfo-27.2-150400.3.17.1
* emacs-nox-27.2-150400.3.17.1
* emacs-debugsource-27.2-150400.3.17.1
* etags-27.2-150400.3.17.1
* emacs-27.2-150400.3.17.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
* emacs-el-27.2-150400.3.17.1
* emacs-info-27.2-150400.3.17.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* emacs-debuginfo-27.2-150400.3.17.1
* emacs-nox-debuginfo-27.2-150400.3.17.1
* emacs-x11-27.2-150400.3.17.1
* emacs-x11-debuginfo-27.2-150400.3.17.1
* etags-debuginfo-27.2-150400.3.17.1
* emacs-nox-27.2-150400.3.17.1
* emacs-debugsource-27.2-150400.3.17.1
* etags-27.2-150400.3.17.1
* emacs-27.2-150400.3.17.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* emacs-el-27.2-150400.3.17.1
* emacs-info-27.2-150400.3.17.1

## References:

* https://www.suse.com/security/cve/CVE-2024-39331.html
* https://bugzilla.suse.com/show_bug.cgi?id=1226957



SUSE-SU-2024:2545-1: important: Security update for python-Django


# Security update for python-Django

Announcement ID: SUSE-SU-2024:2545-1
Rating: important
References:

* bsc#1207565
* bsc#1227590
* bsc#1227593
* bsc#1227594
* bsc#1227595

Cross-References:

* CVE-2023-23969
* CVE-2024-38875
* CVE-2024-39329
* CVE-2024-39330
* CVE-2024-39614

CVSS scores:

* CVE-2023-23969 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-23969 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-38875 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-39329 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-39330 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-39614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5

An update that solves five vulnerabilities can now be installed.

## Description:

This update for python-Django fixes the following issues:

* CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs
with a very large number of brackets (bsc#1227590)
* CVE-2024-39329: Fixed username enumeration through timing difference for
users with unusable passwords (bsc#1227593)
* CVE-2024-39330: Fixed potential directory traversal in
django.core.files.storage.Storage.save() (bsc#1227594)
* CVE-2024-39614: Fixed potential denial-of-service through
django.utils.translation.get_supported_language_variant() (bsc#1227595)
* CVE-2023-23969: Fixed potential denial-of-service via Accept-Language
headers (bsc#1207565)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-2545=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* python3-Django-2.0.7-150000.1.20.1

## References:

* https://www.suse.com/security/cve/CVE-2023-23969.html
* https://www.suse.com/security/cve/CVE-2024-38875.html
* https://www.suse.com/security/cve/CVE-2024-39329.html
* https://www.suse.com/security/cve/CVE-2024-39330.html
* https://www.suse.com/security/cve/CVE-2024-39614.html
* https://bugzilla.suse.com/show_bug.cgi?id=1207565
* https://bugzilla.suse.com/show_bug.cgi?id=1227590
* https://bugzilla.suse.com/show_bug.cgi?id=1227593
* https://bugzilla.suse.com/show_bug.cgi?id=1227594
* https://bugzilla.suse.com/show_bug.cgi?id=1227595



SUSE-SU-2024:2542-1: moderate: Security update for nodejs18


# Security update for nodejs18

Announcement ID: SUSE-SU-2024:2542-1
Rating: moderate
References:

* bsc#1222665
* bsc#1227554
* bsc#1227560

Cross-References:

* CVE-2024-22020
* CVE-2024-27980
* CVE-2024-36138

CVSS scores:

* CVE-2024-22020 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* Web and Scripting Module 15-SP5

An update that solves three vulnerabilities can now be installed.

## Description:

This update for nodejs18 fixes the following issues:

Update to 18.20.4:

* CVE-2024-36138: Fixed CVE-2024-27980 fix bypass (bsc#1227560)
* CVE-2024-22020: Fixed a bypass of network import restriction via data URL
(bsc#1227554)

Changes in 18.20.3:

* This release fixes a regression introduced in Node.js 18.19.0 where
http.server.close() was incorrectly closing idle connections. deps:
* acorn updated to 8.11.3.
* acorn-walk updated to 8.3.2.
* ada updated to 2.7.8.
* c-ares updated to 1.28.1.
* corepack updated to 0.28.0.
* nghttp2 updated to 1.61.0.
* ngtcp2 updated to 1.3.0.
* npm updated to 10.7.0. Includes a fix from npm@10.5.1 to limit the number of
open connections npm/cli#7324.
* simdutf updated to 5.2.4.

Changes in 18.20.2:

* CVE-2024-27980: Fixed command injection via args parameter of
child_process.spawn without shell option enabled on Windows (bsc#1222665)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-2542=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-2542=1

* Web and Scripting Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2024-2542=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* nodejs18-18.20.4-150400.9.24.2
* nodejs18-debugsource-18.20.4-150400.9.24.2
* npm18-18.20.4-150400.9.24.2
* nodejs18-devel-18.20.4-150400.9.24.2
* nodejs18-debuginfo-18.20.4-150400.9.24.2
* corepack18-18.20.4-150400.9.24.2
* openSUSE Leap 15.4 (noarch)
* nodejs18-docs-18.20.4-150400.9.24.2
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* nodejs18-18.20.4-150400.9.24.2
* nodejs18-debugsource-18.20.4-150400.9.24.2
* npm18-18.20.4-150400.9.24.2
* nodejs18-devel-18.20.4-150400.9.24.2
* nodejs18-debuginfo-18.20.4-150400.9.24.2
* corepack18-18.20.4-150400.9.24.2
* openSUSE Leap 15.5 (noarch)
* nodejs18-docs-18.20.4-150400.9.24.2
* Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* nodejs18-18.20.4-150400.9.24.2
* nodejs18-debugsource-18.20.4-150400.9.24.2
* npm18-18.20.4-150400.9.24.2
* nodejs18-devel-18.20.4-150400.9.24.2
* nodejs18-debuginfo-18.20.4-150400.9.24.2
* Web and Scripting Module 15-SP5 (noarch)
* nodejs18-docs-18.20.4-150400.9.24.2

## References:

* https://www.suse.com/security/cve/CVE-2024-22020.html
* https://www.suse.com/security/cve/CVE-2024-27980.html
* https://www.suse.com/security/cve/CVE-2024-36138.html
* https://bugzilla.suse.com/show_bug.cgi?id=1222665
* https://bugzilla.suse.com/show_bug.cgi?id=1227554
* https://bugzilla.suse.com/show_bug.cgi?id=1227560



SUSE-SU-2024:2531-1: important: Security update for xen


# Security update for xen

Announcement ID: SUSE-SU-2024:2531-1
Rating: important
References:

* bsc#1027519
* bsc#1214718
* bsc#1221984
* bsc#1225953
* bsc#1227355

Cross-References:

* CVE-2023-46842
* CVE-2024-31143

CVSS scores:

* CVE-2023-46842 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-31143 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities and has three security fixes can now
be installed.

## Description:

This update for xen fixes the following issues:

* CVE-2023-46842: Fixed x86 HVM hypercalls may trigger Xen bug check (XSA-454,
bsc#1221984).
* CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458,
bsc#1227355).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-2531=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-2531=1 openSUSE-SLE-15.6-2024-2531=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2531=1

## Package List:

* Server Applications Module 15-SP6 (x86_64)
* xen-debugsource-4.18.2_06-150600.3.3.1
* xen-4.18.2_06-150600.3.3.1
* xen-tools-4.18.2_06-150600.3.3.1
* xen-tools-debuginfo-4.18.2_06-150600.3.3.1
* xen-devel-4.18.2_06-150600.3.3.1
* Server Applications Module 15-SP6 (noarch)
* xen-tools-xendomains-wait-disk-4.18.2_06-150600.3.3.1
* openSUSE Leap 15.6 (aarch64 x86_64 i586)
* xen-debugsource-4.18.2_06-150600.3.3.1
* xen-tools-domU-4.18.2_06-150600.3.3.1
* xen-devel-4.18.2_06-150600.3.3.1
* xen-libs-4.18.2_06-150600.3.3.1
* xen-libs-debuginfo-4.18.2_06-150600.3.3.1
* xen-tools-domU-debuginfo-4.18.2_06-150600.3.3.1
* openSUSE Leap 15.6 (x86_64)
* xen-libs-32bit-debuginfo-4.18.2_06-150600.3.3.1
* xen-libs-32bit-4.18.2_06-150600.3.3.1
* openSUSE Leap 15.6 (aarch64 x86_64)
* xen-4.18.2_06-150600.3.3.1
* xen-doc-html-4.18.2_06-150600.3.3.1
* xen-tools-4.18.2_06-150600.3.3.1
* xen-tools-debuginfo-4.18.2_06-150600.3.3.1
* openSUSE Leap 15.6 (noarch)
* xen-tools-xendomains-wait-disk-4.18.2_06-150600.3.3.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* xen-libs-64bit-4.18.2_06-150600.3.3.1
* xen-libs-64bit-debuginfo-4.18.2_06-150600.3.3.1
* Basesystem Module 15-SP6 (x86_64)
* xen-debugsource-4.18.2_06-150600.3.3.1
* xen-tools-domU-4.18.2_06-150600.3.3.1
* xen-libs-4.18.2_06-150600.3.3.1
* xen-libs-debuginfo-4.18.2_06-150600.3.3.1
* xen-tools-domU-debuginfo-4.18.2_06-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2023-46842.html
* https://www.suse.com/security/cve/CVE-2024-31143.html
* https://bugzilla.suse.com/show_bug.cgi?id=1027519
* https://bugzilla.suse.com/show_bug.cgi?id=1214718
* https://bugzilla.suse.com/show_bug.cgi?id=1221984
* https://bugzilla.suse.com/show_bug.cgi?id=1225953
* https://bugzilla.suse.com/show_bug.cgi?id=1227355



SUSE-SU-2024:2485-1: important: Security update for tomcat


# Security update for tomcat

Announcement ID: SUSE-SU-2024:2485-1
Rating: important
References:

* bsc#1227399

Cross-References:

* CVE-2024-34750

CVSS scores:

* CVE-2024-34750 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Server 4.3
* Web and Scripting Module 15-SP5
* Web and Scripting Module 15-SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for tomcat fixes the following issues:

Updated to version 9.0.91:

* CVE-2024-34750: Fixed an improper handling of exceptional conditions
(bsc#1227399).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-2485=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-2485=1

* Web and Scripting Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2024-2485=1

* Web and Scripting Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2024-2485=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2485=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2485=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2485=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2485=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2485=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2485=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2485=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2485=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2485=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2485=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-2485=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-2485=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* tomcat-jsvc-9.0.91-150200.68.1
* tomcat-docs-webapp-9.0.91-150200.68.1
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-javadoc-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-embed-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1
* openSUSE Leap 15.6 (noarch)
* tomcat-jsvc-9.0.91-150200.68.1
* tomcat-docs-webapp-9.0.91-150200.68.1
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-javadoc-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-embed-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1
* Web and Scripting Module 15-SP5 (noarch)
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1
* Web and Scripting Module 15-SP6 (noarch)
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1
* SUSE Manager Server 4.3 (noarch)
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1
* SUSE Enterprise Storage 7.1 (noarch)
* tomcat-admin-webapps-9.0.91-150200.68.1
* tomcat-webapps-9.0.91-150200.68.1
* tomcat-lib-9.0.91-150200.68.1
* tomcat-el-3_0-api-9.0.91-150200.68.1
* tomcat-jsp-2_3-api-9.0.91-150200.68.1
* tomcat-9.0.91-150200.68.1
* tomcat-servlet-4_0-api-9.0.91-150200.68.1

## References:

* https://www.suse.com/security/cve/CVE-2024-34750.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227399



SUSE-SU-2024:2409-1: important: Security update for libvpx


# Security update for libvpx

Announcement ID: SUSE-SU-2024:2409-1
Rating: important
References:

* bsc#1216879
* bsc#1225403
* bsc#1225879

Cross-References:

* CVE-2023-44488
* CVE-2023-6349
* CVE-2024-5197

CVSS scores:

* CVE-2023-44488 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44488 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6349 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-5197 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP5
* Basesystem Module 15-SP6
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP5
* SUSE Package Hub 15 15-SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for libvpx fixes the following issues:

* CVE-2024-5197: Fixed interger overflow when calling vpx_img_alloc() or
vpx_img_wrap() with large parameters (bsc#1225879).
* CVE-2023-6349: Fixed heap overflow when encoding a frame that has larger
dimensions than the originally configured size (bsc#1225403).
* CVE-2023-44488: Fixed heap buffer overflow in vp8 encoding (bsc#1216879).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-2409=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-2409=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-2409=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-2409=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-2409=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2409=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-2409=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2409=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2409=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2409=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2409=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2409=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2409=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-2409=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-2409=1

## Package List:

* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libvpx7-debuginfo-1.11.0-150400.3.7.1
* libvpx7-1.11.0-150400.3.7.1
* libvpx-devel-1.11.0-150400.3.7.1
* libvpx-debugsource-1.11.0-150400.3.7.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libvpx7-debuginfo-1.11.0-150400.3.7.1
* libvpx7-1.11.0-150400.3.7.1
* libvpx-devel-1.11.0-150400.3.7.1
* vpx-tools-1.11.0-150400.3.7.1
* vpx-tools-debuginfo-1.11.0-150400.3.7.1
* libvpx-debugsource-1.11.0-150400.3.7.1
* openSUSE Leap 15.4 (x86_64)
* libvpx7-32bit-debuginfo-1.11.0-150400.3.7.1
* libvpx7-32bit-1.11.0-150400.3.7.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libvpx7-64bit-1.11.0-150400.3.7.1
* libvpx7-64bit-debuginfo-1.11.0-150400.3.7.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* libvpx7-debuginfo-1.11.0-150400.3.7.1
* libvpx7-1.11.0-150400.3.7.1
* libvpx-devel-1.11.0-150400.3.7.1
* vpx-tools-1.11.0-150400.3.7.1
* vpx-tools-debuginfo-1.11.0-150400.3.7.1
* libvpx-debugsource-1.11.0-150400.3.7.1
* openSUSE Leap 15.5 (x86_64)
* libvpx7-32bit-debuginfo-1.11.0-150400.3.7.1
* libvpx7-32bit-1.11.0-150400.3.7.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libvpx7-debuginfo-1.11.0-150400.3.7.1
* libvpx7-1.11.0-150400.3.7.1
* libvpx-devel-1.11.0-150400.3.7.1
* vpx-tools-1.11.0-150400.3.7.1
* vpx-tools-debuginfo-1.11.0-150400.3.7.1
* libvpx-debugsource-1.11.0-150400.3.7.1
* openSUSE Leap 15.6 (x86_64)
* libvpx7-32bit-debuginfo-1.11.0-150400.3.7.1
* libvpx7-32bit-1.11.0-150400.3.7.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libvpx7-debuginfo-1.11.0-150400.3.7.1
* libvpx7-1.11.0-150400.3.7.1
* libvpx-devel-1.11.0-150400.3.7.1
* libvpx-debugsource-1.11.0-150400.3.7.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libvpx7-debuginfo-1.11.0-150400.3.7.1
* libvpx7-1.11.0-150400.3.7.1
* libvpx-devel-1.11.0-150400.3.7.1
* libvpx-debugsource-1.11.0-150400.3.7.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* vpx-tools-1.11.0-150400.3.7.1
* vpx-tools-debuginfo-1.11.0-150400.3.7.1
* libvpx-debugsource-1.11.0-150400.3.7.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* vpx-tools-1.11.0-150400.3.7.1
* vpx-tools-debuginfo-1.11.0-150400.3.7.1
* libvpx-debugsource-1.11.0-150400.3.7.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libvpx7-debuginfo-1.11.0-150400.3.7.1
* libvpx7-1.11.0-150400.3.7.1
* libvpx-devel-1.11.0-150400.3.7.1
* libvpx-debugsource-1.11.0-150400.3.7.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libvpx7-debuginfo-1.11.0-150400.3.7.1
* libvpx7-1.11.0-150400.3.7.1
* libvpx-devel-1.11.0-150400.3.7.1
* libvpx-debugsource-1.11.0-150400.3.7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* libvpx7-debuginfo-1.11.0-150400.3.7.1
* libvpx7-1.11.0-150400.3.7.1
* libvpx-devel-1.11.0-150400.3.7.1
* libvpx-debugsource-1.11.0-150400.3.7.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* libvpx7-debuginfo-1.11.0-150400.3.7.1
* libvpx7-1.11.0-150400.3.7.1
* libvpx-devel-1.11.0-150400.3.7.1
* libvpx-debugsource-1.11.0-150400.3.7.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libvpx7-debuginfo-1.11.0-150400.3.7.1
* libvpx7-1.11.0-150400.3.7.1
* libvpx-devel-1.11.0-150400.3.7.1
* libvpx-debugsource-1.11.0-150400.3.7.1
* SUSE Manager Proxy 4.3 (x86_64)
* libvpx7-debuginfo-1.11.0-150400.3.7.1
* libvpx7-1.11.0-150400.3.7.1
* libvpx-devel-1.11.0-150400.3.7.1
* libvpx-debugsource-1.11.0-150400.3.7.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libvpx7-debuginfo-1.11.0-150400.3.7.1
* libvpx7-1.11.0-150400.3.7.1
* libvpx-devel-1.11.0-150400.3.7.1
* libvpx-debugsource-1.11.0-150400.3.7.1

## References:

* https://www.suse.com/security/cve/CVE-2023-44488.html
* https://www.suse.com/security/cve/CVE-2023-6349.html
* https://www.suse.com/security/cve/CVE-2024-5197.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216879
* https://bugzilla.suse.com/show_bug.cgi?id=1225403
* https://bugzilla.suse.com/show_bug.cgi?id=1225879



SUSE-SU-2024:2400-1: low: Security update for python-zipp


# Security update for python-zipp

Announcement ID: SUSE-SU-2024:2400-1
Rating: low
References:

* bsc#1227547

Cross-References:

* CVE-2024-5569

CVSS scores:

* CVE-2024-5569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* Public Cloud Module 15-SP4
* Python 3 Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for python-zipp fixes the following issues:

* CVE-2024-5569: Fixed DoS vulnerability when processing a specially crafted
zip file (bsc#1227547).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-2400=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-2400=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-2400=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-2400=1

* Python 3 Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-2400=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* python311-zipp-3.15.0-150400.10.10.1
* openSUSE Leap 15.5 (noarch)
* python311-zipp-3.15.0-150400.10.10.1
* openSUSE Leap 15.6 (noarch)
* python311-zipp-3.15.0-150400.10.10.1
* Public Cloud Module 15-SP4 (noarch)
* python311-zipp-3.15.0-150400.10.10.1
* Python 3 Module 15-SP5 (noarch)
* python311-zipp-3.15.0-150400.10.10.1

## References:

* https://www.suse.com/security/cve/CVE-2024-5569.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227547



SUSE-SU-2024:2413-1: important: Security update for tomcat10


# Security update for tomcat10

Announcement ID: SUSE-SU-2024:2413-1
Rating: important
References:

* bsc#1227399

Cross-References:

* CVE-2024-34750

CVSS scores:

* CVE-2024-34750 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* Web and Scripting Module 15-SP5
* Web and Scripting Module 15-SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for tomcat10 fixes the following issues:

* CVE-2024-34750: Fixed an improper handling of exceptional conditions
(bsc#1227399).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-2413=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-2413=1

* Web and Scripting Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2024-2413=1

* Web and Scripting Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2024-2413=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* tomcat10-admin-webapps-10.1.25-150200.5.25.1
* tomcat10-servlet-6_0-api-10.1.25-150200.5.25.1
* tomcat10-10.1.25-150200.5.25.1
* tomcat10-lib-10.1.25-150200.5.25.1
* tomcat10-docs-webapp-10.1.25-150200.5.25.1
* tomcat10-jsp-3_1-api-10.1.25-150200.5.25.1
* tomcat10-jsvc-10.1.25-150200.5.25.1
* tomcat10-embed-10.1.25-150200.5.25.1
* tomcat10-webapps-10.1.25-150200.5.25.1
* tomcat10-el-5_0-api-10.1.25-150200.5.25.1
* openSUSE Leap 15.6 (noarch)
* tomcat10-admin-webapps-10.1.25-150200.5.25.1
* tomcat10-servlet-6_0-api-10.1.25-150200.5.25.1
* tomcat10-10.1.25-150200.5.25.1
* tomcat10-lib-10.1.25-150200.5.25.1
* tomcat10-docs-webapp-10.1.25-150200.5.25.1
* tomcat10-doc-10.1.25-150200.5.25.1
* tomcat10-jsp-3_1-api-10.1.25-150200.5.25.1
* tomcat10-jsvc-10.1.25-150200.5.25.1
* tomcat10-embed-10.1.25-150200.5.25.1
* tomcat10-webapps-10.1.25-150200.5.25.1
* tomcat10-el-5_0-api-10.1.25-150200.5.25.1
* Web and Scripting Module 15-SP5 (noarch)
* tomcat10-admin-webapps-10.1.25-150200.5.25.1
* tomcat10-servlet-6_0-api-10.1.25-150200.5.25.1
* tomcat10-10.1.25-150200.5.25.1
* tomcat10-lib-10.1.25-150200.5.25.1
* tomcat10-jsp-3_1-api-10.1.25-150200.5.25.1
* tomcat10-webapps-10.1.25-150200.5.25.1
* tomcat10-el-5_0-api-10.1.25-150200.5.25.1
* Web and Scripting Module 15-SP6 (noarch)
* tomcat10-admin-webapps-10.1.25-150200.5.25.1
* tomcat10-servlet-6_0-api-10.1.25-150200.5.25.1
* tomcat10-10.1.25-150200.5.25.1
* tomcat10-lib-10.1.25-150200.5.25.1
* tomcat10-jsp-3_1-api-10.1.25-150200.5.25.1
* tomcat10-webapps-10.1.25-150200.5.25.1
* tomcat10-el-5_0-api-10.1.25-150200.5.25.1

## References:

* https://www.suse.com/security/cve/CVE-2024-34750.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227399