openSUSE-SU-2024:14347-1: moderate: apr-devel-1.7.5-1.1 on GA media
openSUSE-SU-2024:14351-1: moderate: postgresql15-15.8-1.1 on GA media
openSUSE-SU-2024:14348-1: moderate: postgresql12-12.20-1.1 on GA media
openSUSE-SU-2024:14352-1: moderate: python39-3.9.20-2.1 on GA media
openSUSE-SU-2024:14350-1: moderate: postgresql14-14.13-1.1 on GA media
openSUSE-SU-2024:14349-1: moderate: postgresql13-13.16-1.1 on GA media
SUSE-SU-2024:3341-1: important: Security update for kubernetes1.23
SUSE-SU-2024:3339-1: moderate: Security update for libmfx
SUSE-SU-2024:3342-1: important: Security update for kubernetes1.24
SUSE-SU-2024:3343-1: important: Security update for kubernetes1.24
SUSE-SU-2024:3344-1: important: Security update for kubernetes1.25
SUSE-SU-2024:3345-1: moderate: Security update for python-azure-identity
SUSE-SU-2024:3337-1: important: Security update for the Linux Kernel
SUSE-SU-2024:3338-1: important: Security update for the Linux Kernel
openSUSE-SU-2024:14347-1: moderate: apr-devel-1.7.5-1.1 on GA media
# apr-devel-1.7.5-1.1 on GA media
Announcement ID: openSUSE-SU-2024:14347-1
Rating: moderate
Cross-References:
* CVE-2023-49582
CVSS scores:
* CVE-2023-49582 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-49582 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the apr-devel-1.7.5-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* apr-devel 1.7.5-1.1
* libapr1-0 1.7.5-1.1
## References:
* https://www.suse.com/security/cve/CVE-2023-49582.html
openSUSE-SU-2024:14351-1: moderate: postgresql15-15.8-1.1 on GA media
# postgresql15-15.8-1.1 on GA media
Announcement ID: openSUSE-SU-2024:14351-1
Rating: moderate
Cross-References:
* CVE-2024-7348
CVSS scores:
* CVE-2024-7348 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-7348 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the postgresql15-15.8-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* postgresql15 15.8-1.1
* postgresql15-contrib 15.8-1.1
* postgresql15-devel 15.8-1.1
* postgresql15-docs 15.8-1.1
* postgresql15-llvmjit 15.8-1.1
* postgresql15-llvmjit-devel 15.8-1.1
* postgresql15-plperl 15.8-1.1
* postgresql15-plpython 15.8-1.1
* postgresql15-pltcl 15.8-1.1
* postgresql15-server 15.8-1.1
* postgresql15-server-devel 15.8-1.1
* postgresql15-test 15.8-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-7348.html
openSUSE-SU-2024:14348-1: moderate: postgresql12-12.20-1.1 on GA media
# postgresql12-12.20-1.1 on GA media
Announcement ID: openSUSE-SU-2024:14348-1
Rating: moderate
Cross-References:
* CVE-2024-7348
CVSS scores:
* CVE-2024-7348 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-7348 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the postgresql12-12.20-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* postgresql12 12.20-1.1
* postgresql12-contrib 12.20-1.1
* postgresql12-devel 12.20-1.1
* postgresql12-docs 12.20-1.1
* postgresql12-llvmjit 12.20-1.1
* postgresql12-llvmjit-devel 12.20-1.1
* postgresql12-plperl 12.20-1.1
* postgresql12-plpython 12.20-1.1
* postgresql12-pltcl 12.20-1.1
* postgresql12-server 12.20-1.1
* postgresql12-server-devel 12.20-1.1
* postgresql12-test 12.20-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-7348.html
openSUSE-SU-2024:14352-1: moderate: python39-3.9.20-2.1 on GA media
# python39-3.9.20-2.1 on GA media
Announcement ID: openSUSE-SU-2024:14352-1
Rating: moderate
Cross-References:
* CVE-2024-7592
CVSS scores:
* CVE-2024-7592 ( SUSE ): 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the python39-3.9.20-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python39 3.9.20-2.1
* python39-curses 3.9.20-2.1
* python39-dbm 3.9.20-2.1
* python39-idle 3.9.20-2.1
* python39-tk 3.9.20-2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-7592.html
openSUSE-SU-2024:14350-1: moderate: postgresql14-14.13-1.1 on GA media
# postgresql14-14.13-1.1 on GA media
Announcement ID: openSUSE-SU-2024:14350-1
Rating: moderate
Cross-References:
* CVE-2024-7348
CVSS scores:
* CVE-2024-7348 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-7348 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the postgresql14-14.13-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* postgresql14 14.13-1.1
* postgresql14-contrib 14.13-1.1
* postgresql14-devel 14.13-1.1
* postgresql14-docs 14.13-1.1
* postgresql14-llvmjit 14.13-1.1
* postgresql14-llvmjit-devel 14.13-1.1
* postgresql14-plperl 14.13-1.1
* postgresql14-plpython 14.13-1.1
* postgresql14-pltcl 14.13-1.1
* postgresql14-server 14.13-1.1
* postgresql14-server-devel 14.13-1.1
* postgresql14-test 14.13-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-7348.html
openSUSE-SU-2024:14349-1: moderate: postgresql13-13.16-1.1 on GA media
# postgresql13-13.16-1.1 on GA media
Announcement ID: openSUSE-SU-2024:14349-1
Rating: moderate
Cross-References:
* CVE-2024-7348
CVSS scores:
* CVE-2024-7348 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-7348 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the postgresql13-13.16-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* postgresql13 13.16-1.1
* postgresql13-contrib 13.16-1.1
* postgresql13-devel 13.16-1.1
* postgresql13-docs 13.16-1.1
* postgresql13-llvmjit 13.16-1.1
* postgresql13-llvmjit-devel 13.16-1.1
* postgresql13-plperl 13.16-1.1
* postgresql13-plpython 13.16-1.1
* postgresql13-pltcl 13.16-1.1
* postgresql13-server 13.16-1.1
* postgresql13-server-devel 13.16-1.1
* postgresql13-test 13.16-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-7348.html
SUSE-SU-2024:3341-1: important: Security update for kubernetes1.23
# Security update for kubernetes1.23
Announcement ID: SUSE-SU-2024:3341-1
Rating: important
References:
* bsc#1062303
* bsc#1194400
* bsc#1211630
* bsc#1211631
* bsc#1214406
* bsc#1216109
* bsc#1216123
* bsc#1219964
* bsc#1221400
* bsc#1222539
* bsc#1226136
* bsc#1229858
* bsc#1229867
* bsc#1229869
* bsc#1230323
Cross-References:
* CVE-2021-25743
* CVE-2023-2727
* CVE-2023-2728
* CVE-2023-39325
* CVE-2023-44487
* CVE-2023-45288
* CVE-2024-0793
* CVE-2024-24786
* CVE-2024-3177
CVSS scores:
* CVE-2021-25743 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2021-25743 ( NVD ): 3.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
* CVE-2023-2727 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2728 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2728 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-39325 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39325 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45288 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0793 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24786 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-3177 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-3177 ( NVD ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves nine vulnerabilities and has six security fixes can now be
installed.
## Description:
This update for kubernetes1.23 fixes the following issues:
* CVE-2021-25743: escape, meta and control sequences in raw data output to
terminal not neutralized. (bsc#1194400)
* CVE-2023-2727: bypass of policies imposed by the ImagePolicyWebhook
admission plugin. (bsc#1211630)
* CVE-2023-2728: bypass of the mountable secrets policy enforced by the
ServiceAccount admission plugin. (bsc#1211631)
* CVE-2023-39325: go1.20: excessive resource consumption when dealing with
rapid stream resets. (bsc#1229869)
* CVE-2023-44487: google.golang.org/grpc, kube-apiserver: HTTP/2 rapid reset
vulnerability. (bsc#1229869)
* CVE-2023-45288: golang.org/x/net: excessive CPU consumption when processing
unlimited sets of headers. (bsc#1229869)
* CVE-2024-0793: kube-controller-manager pod crash when processing malformed
HPA v1 manifests. (bsc#1219964)
* CVE-2024-3177: bypass of the mountable secrets policy enforced by the
ServiceAccount admission plugin. (bsc#1222539)
* CVE-2024-24786: github.com/golang/protobuf: infinite loop when unmarshaling
invalid JSON. (bsc#1229867)
Bug fixes:
* Use -trimpath in non-DBG mode for reproducible builds. (bsc#1062303)
* Fix multiple issues for successful `kubeadm init` run. (bsc#1214406)
* Update go to version 1.22.5 in build requirements. (bsc#1229858)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3341=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3341=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3341=1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3341=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3341=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kubernetes1.24-kubelet-common-1.24.17-150400.9.16.1
* kubernetes1.24-kubelet-1.24.17-150400.9.16.1
* kubernetes1.24-scheduler-1.24.17-150400.9.16.1
* kubernetes1.24-client-common-1.24.17-150400.9.16.1
* kubernetes1.24-controller-manager-1.24.17-150400.9.16.1
* kubernetes1.24-apiserver-1.24.17-150400.9.16.1
* kubernetes1.24-proxy-1.24.17-150400.9.16.1
* kubernetes1.24-kubeadm-1.24.17-150400.9.16.1
* kubernetes1.24-client-1.24.17-150400.9.16.1
* openSUSE Leap 15.4 (noarch)
* kubernetes1.24-client-bash-completion-1.24.17-150400.9.16.1
* kubernetes1.24-client-fish-completion-1.24.17-150400.9.16.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* kubernetes1.24-client-common-1.24.17-150400.9.16.1
* kubernetes1.24-client-1.24.17-150400.9.16.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* kubernetes1.24-client-common-1.24.17-150400.9.16.1
* kubernetes1.24-client-1.24.17-150400.9.16.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* kubernetes1.24-client-common-1.24.17-150400.9.16.1
* kubernetes1.24-client-1.24.17-150400.9.16.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* kubernetes1.24-client-common-1.24.17-150400.9.16.1
* kubernetes1.24-client-1.24.17-150400.9.16.1
## References:
* https://www.suse.com/security/cve/CVE-2021-25743.html
* https://www.suse.com/security/cve/CVE-2023-2727.html
* https://www.suse.com/security/cve/CVE-2023-2728.html
* https://www.suse.com/security/cve/CVE-2023-39325.html
* https://www.suse.com/security/cve/CVE-2023-44487.html
* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2024-0793.html
* https://www.suse.com/security/cve/CVE-2024-24786.html
* https://www.suse.com/security/cve/CVE-2024-3177.html
* https://bugzilla.suse.com/show_bug.cgi?id=1062303
* https://bugzilla.suse.com/show_bug.cgi?id=1194400
* https://bugzilla.suse.com/show_bug.cgi?id=1211630
* https://bugzilla.suse.com/show_bug.cgi?id=1211631
* https://bugzilla.suse.com/show_bug.cgi?id=1214406
* https://bugzilla.suse.com/show_bug.cgi?id=1216109
* https://bugzilla.suse.com/show_bug.cgi?id=1216123
* https://bugzilla.suse.com/show_bug.cgi?id=1219964
* https://bugzilla.suse.com/show_bug.cgi?id=1221400
* https://bugzilla.suse.com/show_bug.cgi?id=1222539
* https://bugzilla.suse.com/show_bug.cgi?id=1226136
* https://bugzilla.suse.com/show_bug.cgi?id=1229858
* https://bugzilla.suse.com/show_bug.cgi?id=1229867
* https://bugzilla.suse.com/show_bug.cgi?id=1229869
* https://bugzilla.suse.com/show_bug.cgi?id=1230323
SUSE-SU-2024:3339-1: moderate: Security update for libmfx
# Security update for libmfx
Announcement ID: SUSE-SU-2024:3339-1
Rating: moderate
References:
* bsc#1219494
* bsc#1226892
* bsc#1226897
* bsc#1226898
* bsc#1226899
* bsc#1226900
* bsc#1226901
* jsc#PED-10024
Cross-References:
* CVE-2023-22656
* CVE-2023-45221
* CVE-2023-47169
* CVE-2023-47282
* CVE-2023-48368
CVSS scores:
* CVE-2023-22656 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
* CVE-2023-45221 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
* CVE-2023-47169 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-47282 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
* CVE-2023-48368 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
Affected Products:
* Desktop Applications Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Package Hub 15 15-SP5
An update that solves five vulnerabilities, contains one feature and has two
security fixes can now be installed.
## Description:
This update for libmfx fixes the following issues:
* CVE-2023-48368: Fixed an improper input validation. (bsc#1226897)
* CVE-2023-45221: Fixed an improper buffer restrictions. (bsc#1226898)
* CVE-2023-22656: Fixed an out-of-bounds read. (bsc#1226899)
* CVE-2023-47282: Fixed an out-of-bounds write. (bsc#1226900)
* CVE-2023-47169: Fixed an improper buffer restrictions. (bsc#1226901)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3339=1 SUSE-2024-3339=1
* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-3339=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3339=1
## Package List:
* openSUSE Leap 15.5 (x86_64)
* libmfx1-22.6.1-150500.3.5.1
* libmfx-22.6.1-150500.3.5.1
* libmfx-debugsource-22.6.1-150500.3.5.1
* libmfx1-debuginfo-22.6.1-150500.3.5.1
* Desktop Applications Module 15-SP5 (x86_64)
* libmfx1-22.6.1-150500.3.5.1
* libmfx-debugsource-22.6.1-150500.3.5.1
* libmfx1-debuginfo-22.6.1-150500.3.5.1
* SUSE Package Hub 15 15-SP5 (x86_64)
* libmfx1-22.6.1-150500.3.5.1
## References:
* https://www.suse.com/security/cve/CVE-2023-22656.html
* https://www.suse.com/security/cve/CVE-2023-45221.html
* https://www.suse.com/security/cve/CVE-2023-47169.html
* https://www.suse.com/security/cve/CVE-2023-47282.html
* https://www.suse.com/security/cve/CVE-2023-48368.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219494
* https://bugzilla.suse.com/show_bug.cgi?id=1226892
* https://bugzilla.suse.com/show_bug.cgi?id=1226897
* https://bugzilla.suse.com/show_bug.cgi?id=1226898
* https://bugzilla.suse.com/show_bug.cgi?id=1226899
* https://bugzilla.suse.com/show_bug.cgi?id=1226900
* https://bugzilla.suse.com/show_bug.cgi?id=1226901
* https://jira.suse.com/browse/PED-10024
SUSE-SU-2024:3342-1: important: Security update for kubernetes1.24
# Security update for kubernetes1.24
Announcement ID: SUSE-SU-2024:3342-1
Rating: important
References:
* bsc#1216109
* bsc#1216123
* bsc#1221400
* bsc#1226136
* bsc#1229858
* bsc#1229867
* bsc#1229869
* bsc#1230323
Cross-References:
* CVE-2023-39325
* CVE-2023-44487
* CVE-2023-45288
* CVE-2024-24786
CVSS scores:
* CVE-2023-39325 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39325 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45288 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24786 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Containers Module 15-SP5
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves four vulnerabilities and has four security fixes can now
be installed.
## Description:
This update for kubernetes1.24 fixes the following issues:
* CVE-2023-39325: go1.20: excessive resource consumption when dealing with
rapid stream resets. (bsc#1229869)
* CVE-2023-44487: google.golang.org/grpc, kube-apiserver: HTTP/2 rapid reset
vulnerability. (bsc#1229869)
* CVE-2023-45288: golang.org/x/net: excessive CPU consumption when processing
unlimited sets of headers. (bsc#1229869)
* CVE-2024-24786: github.com/golang/protobuf: infinite loop when unmarshaling
invalid JSON. (bsc#1229867)
Bug fixes:
* Update go to version 1.22.5 in build requirements. (bsc#1229858)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3342=1 openSUSE-SLE-15.5-2024-3342=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3342=1
* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-3342=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.24-apiserver-1.24.17-150500.3.22.1
* kubernetes1.24-proxy-1.24.17-150500.3.22.1
* kubernetes1.24-kubelet-1.24.17-150500.3.22.1
* kubernetes1.24-kubelet-common-1.24.17-150500.3.22.1
* kubernetes1.24-client-common-1.24.17-150500.3.22.1
* kubernetes1.24-kubeadm-1.24.17-150500.3.22.1
* kubernetes1.24-scheduler-1.24.17-150500.3.22.1
* kubernetes1.24-client-1.24.17-150500.3.22.1
* kubernetes1.24-controller-manager-1.24.17-150500.3.22.1
* openSUSE Leap 15.5 (noarch)
* kubernetes1.24-client-fish-completion-1.24.17-150500.3.22.1
* kubernetes1.24-client-bash-completion-1.24.17-150500.3.22.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.24-apiserver-1.24.17-150500.3.22.1
* kubernetes1.24-proxy-1.24.17-150500.3.22.1
* kubernetes1.24-kubelet-1.24.17-150500.3.22.1
* kubernetes1.24-kubelet-common-1.24.17-150500.3.22.1
* kubernetes1.24-client-common-1.24.17-150500.3.22.1
* kubernetes1.24-kubeadm-1.24.17-150500.3.22.1
* kubernetes1.24-scheduler-1.24.17-150500.3.22.1
* kubernetes1.24-client-1.24.17-150500.3.22.1
* kubernetes1.24-controller-manager-1.24.17-150500.3.22.1
* openSUSE Leap 15.6 (noarch)
* kubernetes1.24-client-fish-completion-1.24.17-150500.3.22.1
* kubernetes1.24-client-bash-completion-1.24.17-150500.3.22.1
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.24-client-1.24.17-150500.3.22.1
* kubernetes1.24-client-common-1.24.17-150500.3.22.1
## References:
* https://www.suse.com/security/cve/CVE-2023-39325.html
* https://www.suse.com/security/cve/CVE-2023-44487.html
* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2024-24786.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216109
* https://bugzilla.suse.com/show_bug.cgi?id=1216123
* https://bugzilla.suse.com/show_bug.cgi?id=1221400
* https://bugzilla.suse.com/show_bug.cgi?id=1226136
* https://bugzilla.suse.com/show_bug.cgi?id=1229858
* https://bugzilla.suse.com/show_bug.cgi?id=1229867
* https://bugzilla.suse.com/show_bug.cgi?id=1229869
* https://bugzilla.suse.com/show_bug.cgi?id=1230323
SUSE-SU-2024:3343-1: important: Security update for kubernetes1.24
# Security update for kubernetes1.24
Announcement ID: SUSE-SU-2024:3343-1
Rating: important
References:
* bsc#1062303
* bsc#1194400
* bsc#1211630
* bsc#1211631
* bsc#1214406
* bsc#1216109
* bsc#1216123
* bsc#1219964
* bsc#1221400
* bsc#1222539
* bsc#1226136
* bsc#1229858
* bsc#1229867
* bsc#1229869
* bsc#1230323
Cross-References:
* CVE-2021-25743
* CVE-2023-2727
* CVE-2023-2728
* CVE-2023-39325
* CVE-2023-44487
* CVE-2023-45288
* CVE-2024-0793
* CVE-2024-24786
* CVE-2024-3177
CVSS scores:
* CVE-2021-25743 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2021-25743 ( NVD ): 3.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
* CVE-2023-2727 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2728 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-2728 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2023-39325 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39325 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45288 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0793 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24786 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-3177 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-3177 ( NVD ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Affected Products:
* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves nine vulnerabilities and has six security fixes can now be
installed.
## Description:
This update for kubernetes1.24 fixes the following issues:
* CVE-2021-25743: escape, meta and control sequences in raw data output to
terminal not neutralized. (bsc#1194400)
* CVE-2023-2727: bypass of policies imposed by the ImagePolicyWebhook
admission plugin. (bsc#1211630)
* CVE-2023-2728: bypass of the mountable secrets policy enforced by the
ServiceAccount admission plugin. (bsc#1211631)
* CVE-2023-39325: go1.20: excessive resource consumption when dealing with
rapid stream resets. (bsc#1229869)
* CVE-2023-44487: google.golang.org/grpc, kube-apiserver: HTTP/2 rapid reset
vulnerability. (bsc#1229869)
* CVE-2023-45288: golang.org/x/net: excessive CPU consumption when processing
unlimited sets of headers. (bsc#1229869)
* CVE-2024-0793: kube-controller-manager pod crash when processing malformed
HPA v1 manifests. (bsc#1219964)
* CVE-2024-3177: bypass of the mountable secrets policy enforced by the
ServiceAccount admission plugin. (bsc#1222539)
* CVE-2024-24786: github.com/golang/protobuf: infinite loop when unmarshaling
invalid JSON. (bsc#1229867)
Bug fixes:
* Use -trimpath in non-DBG mode for reproducible builds. (bsc#1062303)
* Fix multiple issues for successful `kubeadm init` run. (bsc#1214406)
* Update go to version 1.22.5 in build requirements. (bsc#1229858)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-3343=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3343=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3343=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3343=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-3343=1
## Package List:
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
* kubernetes1.24-proxy-1.24.17-150300.7.6.1
* kubernetes1.24-kubeadm-1.24.17-150300.7.6.1
* kubernetes1.24-client-common-1.24.17-150300.7.6.1
* kubernetes1.24-kubelet-common-1.24.17-150300.7.6.1
* kubernetes1.24-scheduler-1.24.17-150300.7.6.1
* kubernetes1.24-client-1.24.17-150300.7.6.1
* kubernetes1.24-kubelet-1.24.17-150300.7.6.1
* kubernetes1.24-controller-manager-1.24.17-150300.7.6.1
* kubernetes1.24-apiserver-1.24.17-150300.7.6.1
* openSUSE Leap 15.3 (noarch)
* kubernetes1.24-client-fish-completion-1.24.17-150300.7.6.1
* kubernetes1.24-client-bash-completion-1.24.17-150300.7.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* kubernetes1.24-client-1.24.17-150300.7.6.1
* kubernetes1.24-client-common-1.24.17-150300.7.6.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* kubernetes1.24-client-1.24.17-150300.7.6.1
* kubernetes1.24-client-common-1.24.17-150300.7.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* kubernetes1.24-client-1.24.17-150300.7.6.1
* kubernetes1.24-client-common-1.24.17-150300.7.6.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* kubernetes1.24-client-1.24.17-150300.7.6.1
* kubernetes1.24-client-common-1.24.17-150300.7.6.1
## References:
* https://www.suse.com/security/cve/CVE-2021-25743.html
* https://www.suse.com/security/cve/CVE-2023-2727.html
* https://www.suse.com/security/cve/CVE-2023-2728.html
* https://www.suse.com/security/cve/CVE-2023-39325.html
* https://www.suse.com/security/cve/CVE-2023-44487.html
* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2024-0793.html
* https://www.suse.com/security/cve/CVE-2024-24786.html
* https://www.suse.com/security/cve/CVE-2024-3177.html
* https://bugzilla.suse.com/show_bug.cgi?id=1062303
* https://bugzilla.suse.com/show_bug.cgi?id=1194400
* https://bugzilla.suse.com/show_bug.cgi?id=1211630
* https://bugzilla.suse.com/show_bug.cgi?id=1211631
* https://bugzilla.suse.com/show_bug.cgi?id=1214406
* https://bugzilla.suse.com/show_bug.cgi?id=1216109
* https://bugzilla.suse.com/show_bug.cgi?id=1216123
* https://bugzilla.suse.com/show_bug.cgi?id=1219964
* https://bugzilla.suse.com/show_bug.cgi?id=1221400
* https://bugzilla.suse.com/show_bug.cgi?id=1222539
* https://bugzilla.suse.com/show_bug.cgi?id=1226136
* https://bugzilla.suse.com/show_bug.cgi?id=1229858
* https://bugzilla.suse.com/show_bug.cgi?id=1229867
* https://bugzilla.suse.com/show_bug.cgi?id=1229869
* https://bugzilla.suse.com/show_bug.cgi?id=1230323
SUSE-SU-2024:3344-1: important: Security update for kubernetes1.25
# Security update for kubernetes1.25
Announcement ID: SUSE-SU-2024:3344-1
Rating: important
References:
* bsc#1216109
* bsc#1216123
* bsc#1221400
* bsc#1226136
* bsc#1229858
* bsc#1229867
* bsc#1229869
* bsc#1230323
Cross-References:
* CVE-2023-39325
* CVE-2023-44487
* CVE-2023-45288
* CVE-2024-24786
CVSS scores:
* CVE-2023-39325 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39325 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45288 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24786 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Containers Module 15-SP5
* Containers Module 15-SP6
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves four vulnerabilities and has four security fixes can now
be installed.
## Description:
This update for kubernetes1.25 fixes the following issues:
* CVE-2023-45288: golang.org/x/net: excessive CPU consumption when processing
unlimited sets of headers. (bsc#1229869)
* CVE-2023-44487: google.golang.org/grpc, kube-apiserver: HTTP/2 rapid reset
vulnerability. (bsc#1229869)
* CVE-2024-24786: github.com/golang/protobuf: infinite loop when unmarshaling
invalid JSON. (bsc#1229867)
Bug fixes:
* Update go to version 1.22.5 in build requirements. (bsc#1229858)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3344=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3344=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3344=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3344=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3344=1
* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-3344=1
* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-3344=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3344=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3344=1
## Package List:
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* kubernetes1.25-client-common-1.25.16-150400.9.16.1
* kubernetes1.25-client-1.25.16-150400.9.16.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* kubernetes1.25-client-common-1.25.16-150400.9.16.1
* kubernetes1.25-client-1.25.16-150400.9.16.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kubernetes1.25-client-common-1.25.16-150400.9.16.1
* kubernetes1.25-kubelet-1.25.16-150400.9.16.1
* kubernetes1.25-proxy-1.25.16-150400.9.16.1
* kubernetes1.25-kubelet-common-1.25.16-150400.9.16.1
* kubernetes1.25-client-1.25.16-150400.9.16.1
* kubernetes1.25-kubeadm-1.25.16-150400.9.16.1
* kubernetes1.25-scheduler-1.25.16-150400.9.16.1
* kubernetes1.25-apiserver-1.25.16-150400.9.16.1
* kubernetes1.25-controller-manager-1.25.16-150400.9.16.1
* openSUSE Leap 15.4 (noarch)
* kubernetes1.25-client-bash-completion-1.25.16-150400.9.16.1
* kubernetes1.25-client-fish-completion-1.25.16-150400.9.16.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.25-client-common-1.25.16-150400.9.16.1
* kubernetes1.25-client-1.25.16-150400.9.16.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.25-client-common-1.25.16-150400.9.16.1
* kubernetes1.25-kubelet-1.25.16-150400.9.16.1
* kubernetes1.25-proxy-1.25.16-150400.9.16.1
* kubernetes1.25-kubelet-common-1.25.16-150400.9.16.1
* kubernetes1.25-client-1.25.16-150400.9.16.1
* kubernetes1.25-kubeadm-1.25.16-150400.9.16.1
* kubernetes1.25-scheduler-1.25.16-150400.9.16.1
* kubernetes1.25-apiserver-1.25.16-150400.9.16.1
* kubernetes1.25-controller-manager-1.25.16-150400.9.16.1
* openSUSE Leap 15.6 (noarch)
* kubernetes1.25-client-bash-completion-1.25.16-150400.9.16.1
* kubernetes1.25-client-fish-completion-1.25.16-150400.9.16.1
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.25-client-common-1.25.16-150400.9.16.1
* kubernetes1.25-client-1.25.16-150400.9.16.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.25-client-common-1.25.16-150400.9.16.1
* kubernetes1.25-client-1.25.16-150400.9.16.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* kubernetes1.25-client-common-1.25.16-150400.9.16.1
* kubernetes1.25-client-1.25.16-150400.9.16.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* kubernetes1.25-client-common-1.25.16-150400.9.16.1
* kubernetes1.25-client-1.25.16-150400.9.16.1
## References:
* https://www.suse.com/security/cve/CVE-2023-39325.html
* https://www.suse.com/security/cve/CVE-2023-44487.html
* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2024-24786.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216109
* https://bugzilla.suse.com/show_bug.cgi?id=1216123
* https://bugzilla.suse.com/show_bug.cgi?id=1221400
* https://bugzilla.suse.com/show_bug.cgi?id=1226136
* https://bugzilla.suse.com/show_bug.cgi?id=1229858
* https://bugzilla.suse.com/show_bug.cgi?id=1229867
* https://bugzilla.suse.com/show_bug.cgi?id=1229869
* https://bugzilla.suse.com/show_bug.cgi?id=1230323
SUSE-SU-2024:3345-1: moderate: Security update for python-azure-identity
# Security update for python-azure-identity
Announcement ID: SUSE-SU-2024:3345-1
Rating: moderate
References:
* bsc#1230100
Cross-References:
* CVE-2024-35255
CVSS scores:
* CVE-2024-35255 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-35255 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* Public Cloud Module 15-SP6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for python-azure-identity fixes the following issues:
* CVE-2024-35255: Fixed an Azure identity libraries elevation of privilege
vulnerability. (bsc#1230100)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3345=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3345=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3345=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-3345=1
* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-3345=1
* Public Cloud Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2024-3345=1
## Package List:
* openSUSE Leap 15.4 (noarch)
* python311-azure-identity-1.15.0-150400.11.6.1
* openSUSE Leap 15.5 (noarch)
* python311-azure-identity-1.15.0-150400.11.6.1
* openSUSE Leap 15.6 (noarch)
* python311-azure-identity-1.15.0-150400.11.6.1
* Public Cloud Module 15-SP4 (noarch)
* python311-azure-identity-1.15.0-150400.11.6.1
* Public Cloud Module 15-SP5 (noarch)
* python311-azure-identity-1.15.0-150400.11.6.1
* Public Cloud Module 15-SP6 (noarch)
* python311-azure-identity-1.15.0-150400.11.6.1
## References:
* https://www.suse.com/security/cve/CVE-2024-35255.html
* https://bugzilla.suse.com/show_bug.cgi?id=1230100
SUSE-SU-2024:3337-1: important: Security update for the Linux Kernel
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2024:3337-1
Rating: important
References:
* bsc#1230413
Affected Products:
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Real Time Module 15-SP5
An update that has one security fix can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various
security bugfixes.
The following non-security bugs were fixed:
* Revert "mm, kmsan: fix infinite recursion due to RCU critical section"
(bsc#1230413)
* Revert "mm/sparsemem: fix race in accessing memory_section->usage"
(bsc#1230413)
* Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()"
(bsc#1230413)
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3337=1 openSUSE-SLE-15.5-2024-3337=1
* openSUSE Leap Micro 5.5
zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3337=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-3337=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3337=1
* SUSE Real Time Module 15-SP5
zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2024-3337=1
## Package List:
* openSUSE Leap 15.5 (noarch)
* kernel-devel-rt-5.14.21-150500.13.70.2
* kernel-source-rt-5.14.21-150500.13.70.2
* openSUSE Leap 15.5 (x86_64)
* kernel-rt_debug-debuginfo-5.14.21-150500.13.70.2
* ocfs2-kmp-rt-5.14.21-150500.13.70.2
* kernel-rt-debuginfo-5.14.21-150500.13.70.2
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.70.2
* kselftests-kmp-rt-5.14.21-150500.13.70.2
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.70.2
* kernel-rt-optional-debuginfo-5.14.21-150500.13.70.2
* kernel-rt-extra-debuginfo-5.14.21-150500.13.70.2
* kernel-rt-livepatch-devel-5.14.21-150500.13.70.2
* kernel-rt-vdso-5.14.21-150500.13.70.2
* kernel-rt-devel-debuginfo-5.14.21-150500.13.70.2
* dlm-kmp-rt-5.14.21-150500.13.70.2
* kernel-rt_debug-debugsource-5.14.21-150500.13.70.2
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.70.2
* reiserfs-kmp-rt-5.14.21-150500.13.70.2
* kernel-rt_debug-vdso-5.14.21-150500.13.70.2
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.70.2
* kernel-syms-rt-5.14.21-150500.13.70.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.70.2
* kernel-rt-debugsource-5.14.21-150500.13.70.2
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.70.2
* reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.70.2
* kernel-rt-devel-5.14.21-150500.13.70.2
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.70.2
* kselftests-kmp-rt-debuginfo-5.14.21-150500.13.70.2
* kernel-rt-extra-5.14.21-150500.13.70.2
* kernel-livepatch-SLE15-SP5-RT_Update_20-debugsource-1-150500.11.3.2
* kernel-rt_debug-livepatch-devel-5.14.21-150500.13.70.2
* kernel-livepatch-5_14_21-150500_13_70-rt-debuginfo-1-150500.11.3.2
* gfs2-kmp-rt-5.14.21-150500.13.70.2
* kernel-rt-optional-5.14.21-150500.13.70.2
* cluster-md-kmp-rt-5.14.21-150500.13.70.2
* kernel-rt_debug-devel-5.14.21-150500.13.70.2
* kernel-rt-livepatch-5.14.21-150500.13.70.2
* kernel-livepatch-5_14_21-150500_13_70-rt-1-150500.11.3.2
* openSUSE Leap 15.5 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150500.13.70.2
* kernel-rt-5.14.21-150500.13.70.2
* openSUSE Leap Micro 5.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.70.2
* openSUSE Leap Micro 5.5 (x86_64)
* kernel-rt-debuginfo-5.14.21-150500.13.70.2
* kernel-rt-debugsource-5.14.21-150500.13.70.2
* SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.70.2
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* kernel-rt-debuginfo-5.14.21-150500.13.70.2
* kernel-rt-debugsource-5.14.21-150500.13.70.2
* SUSE Linux Enterprise Micro 5.5 (noarch)
* kernel-source-rt-5.14.21-150500.13.70.2
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_70-rt-1-150500.11.3.2
* kernel-livepatch-SLE15-SP5-RT_Update_20-debugsource-1-150500.11.3.2
* kernel-livepatch-5_14_21-150500_13_70-rt-debuginfo-1-150500.11.3.2
* SUSE Real Time Module 15-SP5 (x86_64)
* kernel-rt_debug-debuginfo-5.14.21-150500.13.70.2
* ocfs2-kmp-rt-5.14.21-150500.13.70.2
* kernel-rt-debuginfo-5.14.21-150500.13.70.2
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.70.2
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.70.2
* kernel-rt-vdso-5.14.21-150500.13.70.2
* kernel-rt-devel-debuginfo-5.14.21-150500.13.70.2
* dlm-kmp-rt-5.14.21-150500.13.70.2
* kernel-rt_debug-debugsource-5.14.21-150500.13.70.2
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.70.2
* kernel-rt_debug-vdso-5.14.21-150500.13.70.2
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.70.2
* kernel-syms-rt-5.14.21-150500.13.70.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.70.2
* kernel-rt-debugsource-5.14.21-150500.13.70.2
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.70.2
* kernel-rt-devel-5.14.21-150500.13.70.2
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.70.2
* gfs2-kmp-rt-5.14.21-150500.13.70.2
* cluster-md-kmp-rt-5.14.21-150500.13.70.2
* kernel-rt_debug-devel-5.14.21-150500.13.70.2
* SUSE Real Time Module 15-SP5 (noarch)
* kernel-devel-rt-5.14.21-150500.13.70.2
* kernel-source-rt-5.14.21-150500.13.70.2
* SUSE Real Time Module 15-SP5 (nosrc x86_64)
* kernel-rt_debug-5.14.21-150500.13.70.2
* kernel-rt-5.14.21-150500.13.70.2
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1230413
SUSE-SU-2024:3338-1: important: Security update for the Linux Kernel
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2024:3338-1
Rating: important
References:
* bsc#1230350
* bsc#1230413
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Real Time Module 15-SP6
An update that has two security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various
security bugfixes.
The following non-security bugs were fixed:
* Drop soundwire patch that caused a regression (bsc#1230350)
* Revert "mm, kmsan: fix infinite recursion due to RCU critical section"
(bsc#1230413)
* Revert "mm/sparsemem: fix race in accessing memory_section->usage"
(bsc#1230413)
* Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()"
(bsc#1230413)
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3338=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2024-3338=1
* SUSE Real Time Module 15-SP6
zypper in -t patch SUSE-SLE-Module-RT-15-SP6-2024-3338=1
## Package List:
* openSUSE Leap 15.6 (x86_64)
* kernel-rt-vdso-debuginfo-6.4.0-150600.10.11.2
* ocfs2-kmp-rt-6.4.0-150600.10.11.2
* kernel-rt-optional-6.4.0-150600.10.11.2
* kernel-rt_debug-vdso-6.4.0-150600.10.11.2
* kselftests-kmp-rt-6.4.0-150600.10.11.2
* cluster-md-kmp-rt-6.4.0-150600.10.11.2
* kernel-rt_debug-vdso-debuginfo-6.4.0-150600.10.11.2
* kernel-rt_debug-devel-6.4.0-150600.10.11.2
* kernel-rt_debug-debugsource-6.4.0-150600.10.11.2
* dlm-kmp-rt-6.4.0-150600.10.11.2
* kernel-rt-vdso-6.4.0-150600.10.11.2
* kernel-rt-extra-debuginfo-6.4.0-150600.10.11.2
* dlm-kmp-rt-debuginfo-6.4.0-150600.10.11.2
* cluster-md-kmp-rt-debuginfo-6.4.0-150600.10.11.2
* kernel-rt-optional-debuginfo-6.4.0-150600.10.11.2
* kernel-rt-debugsource-6.4.0-150600.10.11.2
* kernel-rt-extra-6.4.0-150600.10.11.2
* kernel-rt-devel-6.4.0-150600.10.11.2
* kernel-rt-livepatch-devel-6.4.0-150600.10.11.2
* gfs2-kmp-rt-6.4.0-150600.10.11.2
* kernel-rt-debuginfo-6.4.0-150600.10.11.2
* kselftests-kmp-rt-debuginfo-6.4.0-150600.10.11.2
* reiserfs-kmp-rt-6.4.0-150600.10.11.2
* kernel-rt_debug-devel-debuginfo-6.4.0-150600.10.11.2
* gfs2-kmp-rt-debuginfo-6.4.0-150600.10.11.2
* reiserfs-kmp-rt-debuginfo-6.4.0-150600.10.11.2
* kernel-rt-devel-debuginfo-6.4.0-150600.10.11.2
* kernel-syms-rt-6.4.0-150600.10.11.1
* kernel-rt_debug-livepatch-devel-6.4.0-150600.10.11.2
* ocfs2-kmp-rt-debuginfo-6.4.0-150600.10.11.2
* kernel-rt_debug-debuginfo-6.4.0-150600.10.11.2
* openSUSE Leap 15.6 (noarch)
* kernel-source-rt-6.4.0-150600.10.11.2
* kernel-devel-rt-6.4.0-150600.10.11.2
* openSUSE Leap 15.6 (nosrc x86_64)
* kernel-rt_debug-6.4.0-150600.10.11.2
* kernel-rt-6.4.0-150600.10.11.2
* SUSE Linux Enterprise Live Patching 15-SP6 (x86_64)
* kernel-livepatch-6_4_0-150600_10_11-rt-debuginfo-1-150600.1.3.2
* kernel-livepatch-6_4_0-150600_10_11-rt-1-150600.1.3.2
* kernel-livepatch-SLE15-SP6-RT_Update_3-debugsource-1-150600.1.3.2
* SUSE Real Time Module 15-SP6 (x86_64)
* cluster-md-kmp-rt-6.4.0-150600.10.11.2
* kernel-rt-devel-debuginfo-6.4.0-150600.10.11.2
* kernel-rt_debug-devel-6.4.0-150600.10.11.2
* kernel-syms-rt-6.4.0-150600.10.11.1
* kernel-rt_debug-debugsource-6.4.0-150600.10.11.2
* dlm-kmp-rt-6.4.0-150600.10.11.2
* kernel-rt-devel-6.4.0-150600.10.11.2
* ocfs2-kmp-rt-6.4.0-150600.10.11.2
* gfs2-kmp-rt-6.4.0-150600.10.11.2
* kernel-rt-debuginfo-6.4.0-150600.10.11.2
* dlm-kmp-rt-debuginfo-6.4.0-150600.10.11.2
* cluster-md-kmp-rt-debuginfo-6.4.0-150600.10.11.2
* kernel-rt-debugsource-6.4.0-150600.10.11.2
* kernel-rt_debug-devel-debuginfo-6.4.0-150600.10.11.2
* ocfs2-kmp-rt-debuginfo-6.4.0-150600.10.11.2
* kernel-rt_debug-debuginfo-6.4.0-150600.10.11.2
* gfs2-kmp-rt-debuginfo-6.4.0-150600.10.11.2
* SUSE Real Time Module 15-SP6 (noarch)
* kernel-source-rt-6.4.0-150600.10.11.2
* kernel-devel-rt-6.4.0-150600.10.11.2
* SUSE Real Time Module 15-SP6 (nosrc x86_64)
* kernel-rt_debug-6.4.0-150600.10.11.2
* kernel-rt-6.4.0-150600.10.11.2
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1230350
* https://bugzilla.suse.com/show_bug.cgi?id=1230413