Containerd, Go, Libcap, Colord, RunC, 389-DS, Expat updates for SUSE

SUSE 5086 Published by

The following security updates have been released for openSUSE Leap and SUSE Linux Enterprise:

SUSE-SU-2024:3221-1: important: Security update for containerd
SUSE-SU-2024:3214-1: moderate: Security update for go1.23
SUSE-SU-2024:3217-1: moderate: Security update for libpcap
SUSE-SU-2024:3219-1: moderate: Security update for colord
SUSE-SU-2024:3222-1: low: Security update for runc
SUSE-SU-2024:3213-1: moderate: Security update for go1.22
SUSE-SU-2024:3218-1: important: Security update for 389-ds
SUSE-SU-2024:3216-1: moderate: Security update for expat




SUSE-SU-2024:3221-1: important: Security update for containerd


# Security update for containerd

Announcement ID: SUSE-SU-2024:3221-1
Rating: important
References:

* bsc#1200528
* bsc#1217070
* bsc#1228553

Cross-References:

* CVE-2022-1996
* CVE-2023-45142
* CVE-2023-47108

CVSS scores:

* CVE-2022-1996 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2022-1996 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2022-1996 ( NVD ): 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
* CVE-2023-45142 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45142 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-47108 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-47108 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Containers Module 15-SP5
* Containers Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* openSUSE Leap Micro 5.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for containerd fixes the following issues:

* Update to containerd v1.7.21
* CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource
consumption) due to unbound cardinality metrics. (bsc#1217070)
* CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap Micro 5.5
zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3221=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3221=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3221=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3221=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3221=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3221=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3221=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-3221=1

* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-3221=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-3221=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3221=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3221=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3221=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3221=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3221=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3221=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3221=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3221=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3221=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3221=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-3221=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-3221=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3221=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3221=1

## Package List:

* openSUSE Leap Micro 5.5 (aarch64 s390x x86_64)
* containerd-1.7.21-150000.117.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* containerd-1.7.21-150000.117.1
* containerd-devel-1.7.21-150000.117.1
* containerd-ctr-1.7.21-150000.117.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* containerd-1.7.21-150000.117.1
* containerd-devel-1.7.21-150000.117.1
* containerd-ctr-1.7.21-150000.117.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* containerd-1.7.21-150000.117.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* containerd-1.7.21-150000.117.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* containerd-1.7.21-150000.117.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* containerd-1.7.21-150000.117.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* containerd-1.7.21-150000.117.1
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* containerd-1.7.21-150000.117.1
* containerd-devel-1.7.21-150000.117.1
* containerd-ctr-1.7.21-150000.117.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* containerd-1.7.21-150000.117.1
* containerd-devel-1.7.21-150000.117.1
* containerd-ctr-1.7.21-150000.117.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* containerd-1.7.21-150000.117.1
* containerd-ctr-1.7.21-150000.117.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* containerd-1.7.21-150000.117.1
* containerd-ctr-1.7.21-150000.117.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* containerd-1.7.21-150000.117.1
* containerd-devel-1.7.21-150000.117.1
* containerd-ctr-1.7.21-150000.117.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* containerd-1.7.21-150000.117.1
* containerd-devel-1.7.21-150000.117.1
* containerd-ctr-1.7.21-150000.117.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* containerd-1.7.21-150000.117.1
* containerd-ctr-1.7.21-150000.117.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* containerd-1.7.21-150000.117.1
* containerd-ctr-1.7.21-150000.117.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* containerd-1.7.21-150000.117.1
* containerd-devel-1.7.21-150000.117.1
* containerd-ctr-1.7.21-150000.117.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* containerd-1.7.21-150000.117.1
* containerd-ctr-1.7.21-150000.117.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* containerd-1.7.21-150000.117.1
* containerd-ctr-1.7.21-150000.117.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* containerd-1.7.21-150000.117.1
* containerd-devel-1.7.21-150000.117.1
* containerd-ctr-1.7.21-150000.117.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* containerd-1.7.21-150000.117.1
* containerd-ctr-1.7.21-150000.117.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* containerd-1.7.21-150000.117.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* containerd-1.7.21-150000.117.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* containerd-1.7.21-150000.117.1

## References:

* https://www.suse.com/security/cve/CVE-2022-1996.html
* https://www.suse.com/security/cve/CVE-2023-45142.html
* https://www.suse.com/security/cve/CVE-2023-47108.html
* https://bugzilla.suse.com/show_bug.cgi?id=1200528
* https://bugzilla.suse.com/show_bug.cgi?id=1217070
* https://bugzilla.suse.com/show_bug.cgi?id=1228553



SUSE-SU-2024:3214-1: moderate: Security update for go1.23


# Security update for go1.23

Announcement ID: SUSE-SU-2024:3214-1
Rating: moderate
References:

* bsc#1229122
* bsc#1230252
* bsc#1230253
* bsc#1230254

Cross-References:

* CVE-2024-34155
* CVE-2024-34156
* CVE-2024-34158

CVSS scores:

* CVE-2024-34155 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-34156 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-34156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-34158 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-34158 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Development Tools Module 15-SP5
* Development Tools Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities and has one security fix can now be
installed.

## Description:

This update for go1.23 fixes the following issues:

* Update go v1.23.1
* CVE-2024-34155: Fixed stack exhaustion in all Parse* functions.
(bsc#1230252)
* CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode. (bsc#1230253)
* CVE-2024-34158: Fixed stack exhaustion in Parse. (bsc#1230254)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3214=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3214=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3214=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3214=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* go1.23-race-1.23.1-150000.1.6.1
* go1.23-1.23.1-150000.1.6.1
* go1.23-doc-1.23.1-150000.1.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.23-race-1.23.1-150000.1.6.1
* go1.23-1.23.1-150000.1.6.1
* go1.23-doc-1.23.1-150000.1.6.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* go1.23-race-1.23.1-150000.1.6.1
* go1.23-1.23.1-150000.1.6.1
* go1.23-doc-1.23.1-150000.1.6.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* go1.23-race-1.23.1-150000.1.6.1
* go1.23-1.23.1-150000.1.6.1
* go1.23-doc-1.23.1-150000.1.6.1

## References:

* https://www.suse.com/security/cve/CVE-2024-34155.html
* https://www.suse.com/security/cve/CVE-2024-34156.html
* https://www.suse.com/security/cve/CVE-2024-34158.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229122
* https://bugzilla.suse.com/show_bug.cgi?id=1230252
* https://bugzilla.suse.com/show_bug.cgi?id=1230253
* https://bugzilla.suse.com/show_bug.cgi?id=1230254



SUSE-SU-2024:3217-1: moderate: Security update for libpcap


# Security update for libpcap

Announcement ID: SUSE-SU-2024:3217-1
Rating: moderate
References:

* bsc#1230020
* bsc#1230034

Cross-References:

* CVE-2023-7256
* CVE-2024-8006

CVSS scores:

* CVE-2023-7256 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-8006 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for libpcap fixes the following issues:

* CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex().
(bsc#1230034)
* CVE-2023-7256: double free via struct addrinfo in function
sock_initaddress(). (bsc#1230020)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3217=1 openSUSE-SLE-15.6-2024-3217=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3217=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3217=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libpcap1-debuginfo-1.10.4-150600.3.3.2
* libpcap1-1.10.4-150600.3.3.2
* libpcap-devel-static-1.10.4-150600.3.3.2
* libpcap-debugsource-1.10.4-150600.3.3.2
* libpcap-devel-1.10.4-150600.3.3.2
* openSUSE Leap 15.6 (x86_64)
* libpcap1-32bit-debuginfo-1.10.4-150600.3.3.2
* libpcap-devel-32bit-1.10.4-150600.3.3.2
* libpcap1-32bit-1.10.4-150600.3.3.2
* openSUSE Leap 15.6 (aarch64_ilp32)
* libpcap-devel-64bit-1.10.4-150600.3.3.2
* libpcap1-64bit-debuginfo-1.10.4-150600.3.3.2
* libpcap1-64bit-1.10.4-150600.3.3.2
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libpcap-debugsource-1.10.4-150600.3.3.2
* libpcap-devel-1.10.4-150600.3.3.2
* libpcap1-1.10.4-150600.3.3.2
* libpcap1-debuginfo-1.10.4-150600.3.3.2
* SUSE Package Hub 15 15-SP6 (x86_64)
* libpcap-debugsource-1.10.4-150600.3.3.2
* libpcap1-32bit-debuginfo-1.10.4-150600.3.3.2
* libpcap1-32bit-1.10.4-150600.3.3.2

## References:

* https://www.suse.com/security/cve/CVE-2023-7256.html
* https://www.suse.com/security/cve/CVE-2024-8006.html
* https://bugzilla.suse.com/show_bug.cgi?id=1230020
* https://bugzilla.suse.com/show_bug.cgi?id=1230034



SUSE-SU-2024:3219-1: moderate: Security update for colord


# Security update for colord

Announcement ID: SUSE-SU-2024:3219-1
Rating: moderate
References:

* bsc#1208056

Affected Products:

* Basesystem Module 15-SP6
* Desktop Applications Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP6

An update that has one security fix can now be installed.

## Description:

This update for colord fixes the following issues:

* Fixed a potential local privilege escalation by removing the script in the
specfile which changes the ownership of /var/lib/colord. (bsc#1208056)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3219=1 openSUSE-SLE-15.6-2024-3219=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3219=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-3219=1

* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-3219=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libcolord2-debuginfo-1.4.6-150600.3.3.1
* colord-color-profiles-1.4.6-150600.3.3.1
* libcolorhug2-debuginfo-1.4.6-150600.3.3.1
* colord-1.4.6-150600.3.3.1
* typelib-1_0-Colord-1_0-1.4.6-150600.3.3.1
* typelib-1_0-Colorhug-1_0-1.4.6-150600.3.3.1
* libcolord2-1.4.6-150600.3.3.1
* colord-debuginfo-1.4.6-150600.3.3.1
* libcolord-devel-1.4.6-150600.3.3.1
* libcolorhug2-1.4.6-150600.3.3.1
* colord-debugsource-1.4.6-150600.3.3.1
* openSUSE Leap 15.6 (noarch)
* colord-lang-1.4.6-150600.3.3.1
* openSUSE Leap 15.6 (x86_64)
* libcolord2-32bit-debuginfo-1.4.6-150600.3.3.1
* libcolord2-32bit-1.4.6-150600.3.3.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libcolord2-64bit-1.4.6-150600.3.3.1
* libcolord2-64bit-debuginfo-1.4.6-150600.3.3.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libcolord2-debuginfo-1.4.6-150600.3.3.1
* colord-debuginfo-1.4.6-150600.3.3.1
* colord-debugsource-1.4.6-150600.3.3.1
* libcolord2-1.4.6-150600.3.3.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* colord-color-profiles-1.4.6-150600.3.3.1
* libcolorhug2-debuginfo-1.4.6-150600.3.3.1
* typelib-1_0-Colord-1_0-1.4.6-150600.3.3.1
* typelib-1_0-Colorhug-1_0-1.4.6-150600.3.3.1
* colord-debuginfo-1.4.6-150600.3.3.1
* libcolord-devel-1.4.6-150600.3.3.1
* libcolorhug2-1.4.6-150600.3.3.1
* colord-debugsource-1.4.6-150600.3.3.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* colord-1.4.6-150600.3.3.1
* colord-debuginfo-1.4.6-150600.3.3.1
* colord-debugsource-1.4.6-150600.3.3.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (noarch)
* colord-lang-1.4.6-150600.3.3.1

## References:

* https://bugzilla.suse.com/show_bug.cgi?id=1208056



SUSE-SU-2024:3222-1: low: Security update for runc


# Security update for runc

Announcement ID: SUSE-SU-2024:3222-1
Rating: low
References:

* bsc#1230092

Cross-References:

* CVE-2024-45310

CVSS scores:

* CVE-2024-45310 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Affected Products:

* Containers Module 15-SP5
* Containers Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* openSUSE Leap Micro 5.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for runc fixes the following issues:

* Update to runc v1.1.14
* CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty
files/directories on host. (bsc#1230092)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap Micro 5.5
zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3222=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3222=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3222=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3222=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3222=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3222=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3222=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-3222=1

* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-3222=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-3222=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3222=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3222=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3222=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3222=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3222=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3222=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3222=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3222=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3222=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3222=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-3222=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-3222=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3222=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3222=1

## Package List:

* openSUSE Leap Micro 5.5 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* runc-debuginfo-1.1.14-150000.70.1
* runc-1.1.14-150000.70.1

## References:

* https://www.suse.com/security/cve/CVE-2024-45310.html
* https://bugzilla.suse.com/show_bug.cgi?id=1230092



SUSE-SU-2024:3213-1: moderate: Security update for go1.22


# Security update for go1.22

Announcement ID: SUSE-SU-2024:3213-1
Rating: moderate
References:

* bsc#1218424
* bsc#1230252
* bsc#1230253
* bsc#1230254

Cross-References:

* CVE-2024-34155
* CVE-2024-34156
* CVE-2024-34158

CVSS scores:

* CVE-2024-34155 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-34156 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-34156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-34158 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-34158 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Development Tools Module 15-SP5
* Development Tools Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities and has one security fix can now be
installed.

## Description:

This update for go1.22 fixes the following issues:

* Update go v1.22.7
* CVE-2024-34155: Fixed stack exhaustion in all Parse* functions.
(bsc#1230252)
* CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode. (bsc#1230253)
* CVE-2024-34158: Fixed stack exhaustion in Parse. (bsc#1230254)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3213=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3213=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3213=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3213=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* go1.22-doc-1.22.7-150000.1.27.1
* go1.22-1.22.7-150000.1.27.1
* go1.22-race-1.22.7-150000.1.27.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.22-doc-1.22.7-150000.1.27.1
* go1.22-1.22.7-150000.1.27.1
* go1.22-race-1.22.7-150000.1.27.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* go1.22-doc-1.22.7-150000.1.27.1
* go1.22-1.22.7-150000.1.27.1
* go1.22-race-1.22.7-150000.1.27.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* go1.22-doc-1.22.7-150000.1.27.1
* go1.22-1.22.7-150000.1.27.1
* go1.22-race-1.22.7-150000.1.27.1

## References:

* https://www.suse.com/security/cve/CVE-2024-34155.html
* https://www.suse.com/security/cve/CVE-2024-34156.html
* https://www.suse.com/security/cve/CVE-2024-34158.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218424
* https://bugzilla.suse.com/show_bug.cgi?id=1230252
* https://bugzilla.suse.com/show_bug.cgi?id=1230253
* https://bugzilla.suse.com/show_bug.cgi?id=1230254



SUSE-SU-2024:3218-1: important: Security update for 389-ds


# Security update for 389-ds

Announcement ID: SUSE-SU-2024:3218-1
Rating: important
References:

* bsc#1219836
* bsc#1225507
* bsc#1225512
* bsc#1226277

Cross-References:

* CVE-2024-1062
* CVE-2024-2199
* CVE-2024-3657
* CVE-2024-5953

CVSS scores:

* CVE-2024-1062 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-2199 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-3657 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-3657 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-5953 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-5953 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for 389-ds fixes the following issues:

* Update to version 2.0.20
* CVE-2024-3657: DOS via via specially crafted kerberos AS-REQ request.
(bsc#1225512)
* CVE-2024-5953: Malformed userPassword hashes may cause a denial of service.
(bsc#1226277)
* CVE-2024-2199: Malformed userPassword may cause crash at do_modify in
slapd/modify.c. (bsc#1225507)
* CVE-2024-1062: Fixed a heap overflow leading to denail-of-servce while
writing a value larger than 256 chars in log_entry_attr. (bsc#1219836)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3218=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3218=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3218=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-3218=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3218=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3218=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3218=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3218=1

## Package List:

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* 389-ds-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-debugsource-2.0.20~git9.5e2d637c-150400.3.42.3
* lib389-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* 389-ds-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-debugsource-2.0.20~git9.5e2d637c-150400.3.42.3
* lib389-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* SUSE Manager Proxy 4.3 (x86_64)
* 389-ds-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-debugsource-2.0.20~git9.5e2d637c-150400.3.42.3
* lib389-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* 389-ds-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-debugsource-2.0.20~git9.5e2d637c-150400.3.42.3
* lib389-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* 389-ds-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-debugsource-2.0.20~git9.5e2d637c-150400.3.42.3
* lib389-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* 389-ds-snmp-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-snmp-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-debugsource-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
* lib389-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* 389-ds-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-debugsource-2.0.20~git9.5e2d637c-150400.3.42.3
* lib389-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* 389-ds-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
* 389-ds-debugsource-2.0.20~git9.5e2d637c-150400.3.42.3
* lib389-2.0.20~git9.5e2d637c-150400.3.42.3
* libsvrcore0-debuginfo-2.0.20~git9.5e2d637c-150400.3.42.3

## References:

* https://www.suse.com/security/cve/CVE-2024-1062.html
* https://www.suse.com/security/cve/CVE-2024-2199.html
* https://www.suse.com/security/cve/CVE-2024-3657.html
* https://www.suse.com/security/cve/CVE-2024-5953.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219836
* https://bugzilla.suse.com/show_bug.cgi?id=1225507
* https://bugzilla.suse.com/show_bug.cgi?id=1225512
* https://bugzilla.suse.com/show_bug.cgi?id=1226277



SUSE-SU-2024:3216-1: moderate: Security update for expat


# Security update for expat

Announcement ID: SUSE-SU-2024:3216-1
Rating: moderate
References:

* bsc#1229930
* bsc#1229931
* bsc#1229932

Cross-References:

* CVE-2024-45490
* CVE-2024-45491
* CVE-2024-45492

CVSS scores:

* CVE-2024-45490 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-45490 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-45490 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45491 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-45491 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-45491 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45492 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-45492 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-45492 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP5
* Basesystem Module 15-SP6
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* openSUSE Leap Micro 5.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for expat fixes the following issues:

* CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
* CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
* CVE-2024-45490: negative length for XML_ParseBuffer not rejected.
(bsc#1229930)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3216=1

* openSUSE Leap Micro 5.5
zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3216=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3216=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3216=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3216=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3216=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3216=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3216=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-3216=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3216=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3216=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* expat-debugsource-2.4.4-150400.3.22.1
* expat-2.4.4-150400.3.22.1
* libexpat1-debuginfo-2.4.4-150400.3.22.1
* libexpat-devel-2.4.4-150400.3.22.1
* libexpat1-2.4.4-150400.3.22.1
* expat-debuginfo-2.4.4-150400.3.22.1
* openSUSE Leap 15.4 (x86_64)
* libexpat1-32bit-debuginfo-2.4.4-150400.3.22.1
* libexpat-devel-32bit-2.4.4-150400.3.22.1
* libexpat1-32bit-2.4.4-150400.3.22.1
* expat-32bit-debuginfo-2.4.4-150400.3.22.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libexpat-devel-64bit-2.4.4-150400.3.22.1
* libexpat1-64bit-2.4.4-150400.3.22.1
* expat-64bit-debuginfo-2.4.4-150400.3.22.1
* libexpat1-64bit-debuginfo-2.4.4-150400.3.22.1
* openSUSE Leap Micro 5.5 (aarch64 s390x x86_64)
* expat-debugsource-2.4.4-150400.3.22.1
* libexpat1-2.4.4-150400.3.22.1
* libexpat1-debuginfo-2.4.4-150400.3.22.1
* expat-debuginfo-2.4.4-150400.3.22.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* expat-debugsource-2.4.4-150400.3.22.1
* expat-2.4.4-150400.3.22.1
* libexpat1-debuginfo-2.4.4-150400.3.22.1
* libexpat-devel-2.4.4-150400.3.22.1
* libexpat1-2.4.4-150400.3.22.1
* expat-debuginfo-2.4.4-150400.3.22.1
* openSUSE Leap 15.5 (x86_64)
* libexpat1-32bit-debuginfo-2.4.4-150400.3.22.1
* libexpat-devel-32bit-2.4.4-150400.3.22.1
* libexpat1-32bit-2.4.4-150400.3.22.1
* expat-32bit-debuginfo-2.4.4-150400.3.22.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* expat-debugsource-2.4.4-150400.3.22.1
* expat-2.4.4-150400.3.22.1
* libexpat1-debuginfo-2.4.4-150400.3.22.1
* libexpat-devel-2.4.4-150400.3.22.1
* libexpat1-2.4.4-150400.3.22.1
* expat-debuginfo-2.4.4-150400.3.22.1
* openSUSE Leap 15.6 (x86_64)
* libexpat1-32bit-debuginfo-2.4.4-150400.3.22.1
* libexpat-devel-32bit-2.4.4-150400.3.22.1
* libexpat1-32bit-2.4.4-150400.3.22.1
* expat-32bit-debuginfo-2.4.4-150400.3.22.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* expat-debugsource-2.4.4-150400.3.22.1
* libexpat1-2.4.4-150400.3.22.1
* libexpat1-debuginfo-2.4.4-150400.3.22.1
* expat-debuginfo-2.4.4-150400.3.22.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* expat-debugsource-2.4.4-150400.3.22.1
* libexpat1-2.4.4-150400.3.22.1
* libexpat1-debuginfo-2.4.4-150400.3.22.1
* expat-debuginfo-2.4.4-150400.3.22.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* expat-debugsource-2.4.4-150400.3.22.1
* libexpat1-2.4.4-150400.3.22.1
* libexpat1-debuginfo-2.4.4-150400.3.22.1
* expat-debuginfo-2.4.4-150400.3.22.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* expat-debugsource-2.4.4-150400.3.22.1
* libexpat1-2.4.4-150400.3.22.1
* libexpat1-debuginfo-2.4.4-150400.3.22.1
* expat-debuginfo-2.4.4-150400.3.22.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* expat-debugsource-2.4.4-150400.3.22.1
* libexpat1-2.4.4-150400.3.22.1
* libexpat1-debuginfo-2.4.4-150400.3.22.1
* expat-debuginfo-2.4.4-150400.3.22.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* expat-debugsource-2.4.4-150400.3.22.1
* expat-2.4.4-150400.3.22.1
* libexpat1-debuginfo-2.4.4-150400.3.22.1
* libexpat-devel-2.4.4-150400.3.22.1
* libexpat1-2.4.4-150400.3.22.1
* expat-debuginfo-2.4.4-150400.3.22.1
* Basesystem Module 15-SP5 (x86_64)
* libexpat1-32bit-debuginfo-2.4.4-150400.3.22.1
* libexpat1-32bit-2.4.4-150400.3.22.1
* expat-32bit-debuginfo-2.4.4-150400.3.22.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* expat-debugsource-2.4.4-150400.3.22.1
* expat-2.4.4-150400.3.22.1
* libexpat1-debuginfo-2.4.4-150400.3.22.1
* libexpat-devel-2.4.4-150400.3.22.1
* libexpat1-2.4.4-150400.3.22.1
* expat-debuginfo-2.4.4-150400.3.22.1
* Basesystem Module 15-SP6 (x86_64)
* libexpat1-32bit-debuginfo-2.4.4-150400.3.22.1
* libexpat1-32bit-2.4.4-150400.3.22.1
* expat-32bit-debuginfo-2.4.4-150400.3.22.1

## References:

* https://www.suse.com/security/cve/CVE-2024-45490.html
* https://www.suse.com/security/cve/CVE-2024-45491.html
* https://www.suse.com/security/cve/CVE-2024-45492.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229930
* https://bugzilla.suse.com/show_bug.cgi?id=1229931
* https://bugzilla.suse.com/show_bug.cgi?id=1229932


Kernel, OSBuild-Composer, Mdadm, Dovecot, Initscripts updates for Oracle Linux

Setuptools, Expat, Kernel, Xmltok updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...