SUSE 5180 Published by

SUSE Linux has been updated with security enhancements, featuring Botan-3.6.0-1.1, Python313-3.13.0-3.1, as well as a significant security update for Chromium:

openSUSE-SU-2024:14429-1: moderate: Botan-3.6.0-1.1 on GA media
openSUSE-SU-2024:14430-1: moderate: python313-3.13.0-3.1 on GA media
openSUSE-SU-2024:0341-1: important: Security update for chromium




openSUSE-SU-2024:14429-1: moderate: Botan-3.6.0-1.1 on GA media


# Botan-3.6.0-1.1 on GA media

Announcement ID: openSUSE-SU-2024:14429-1
Rating: moderate

Cross-References:

* CVE-2024-50382

CVSS scores:

* CVE-2024-50382 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-50382 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the Botan-3.6.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* Botan 3.6.0-1.1
* Botan-doc 3.6.0-1.1
* libbotan-3-6 3.6.0-1.1
* libbotan-devel 3.6.0-1.1
* python3-botan 3.6.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-50382.html



openSUSE-SU-2024:14430-1: moderate: python313-3.13.0-3.1 on GA media


# python313-3.13.0-3.1 on GA media

Announcement ID: openSUSE-SU-2024:14430-1
Rating: moderate

Cross-References:

* CVE-2024-9287

CVSS scores:

* CVE-2024-9287 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-9287 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python313-3.13.0-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python313 3.13.0-3.1
* python313-curses 3.13.0-3.1
* python313-dbm 3.13.0-3.1
* python313-idle 3.13.0-3.1
* python313-tk 3.13.0-3.1
* python313-x86-64-v3 3.13.0-3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-9287.html



openSUSE-SU-2024:0341-1: important: Security update for chromium


openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2024:0341-1
Rating: important
References: #1232060
Cross-References: CVE-2024-10229 CVE-2024-10230 CVE-2024-10231

Affected Products:
openSUSE Backports SLE-15-SP5
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Chromium 130.0.6723.69 (boo#1232060)

* CVE-2024-10229: Inappropriate implementation in Extensions
* CVE-2024-10230: Type Confusion in V8
* CVE-2024-10231: Type Confusion in V8

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2024-341=1

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-341=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 x86_64):

chromedriver-130.0.6723.69-bp156.2.44.1
chromedriver-debuginfo-130.0.6723.69-bp156.2.44.1
chromium-130.0.6723.69-bp156.2.44.1
chromium-debuginfo-130.0.6723.69-bp156.2.44.1

- openSUSE Backports SLE-15-SP5 (aarch64 x86_64):

chromedriver-130.0.6723.69-bp155.2.132.1
chromium-130.0.6723.69-bp155.2.132.1

References:

https://www.suse.com/security/cve/CVE-2024-10229.html
https://www.suse.com/security/cve/CVE-2024-10230.html
https://www.suse.com/security/cve/CVE-2024-10231.html
https://bugzilla.suse.com/1232060