SUSE 5149 Published by

The following two security updates are available for SUSE Linux Enterprise 15 SP5:

openSUSE-SU-2024:0048-1: important: Security update for pdns-recursor
openSUSE-SU-2024:0047-1: important: Security update for hugin




openSUSE-SU-2024:0048-1: important: Security update for pdns-recursor


openSUSE Security Update: Security update for pdns-recursor
_______________________________

Announcement ID: openSUSE-SU-2024:0048-1
Rating: important
References: #1209897 #1219823 #1219826
Cross-References: CVE-2023-26437 CVE-2023-50387 CVE-2023-50868

CVSS scores:
CVE-2023-26437 (NVD) : 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L
CVE-2023-50387 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-50868 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:
openSUSE Backports SLE-15-SP5
_______________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for pdns-recursor fixes the following issues:

Update to 4.8.6:

* fixes case when crafted DNSSEC records in a zone can lead to a denial of
service in Recursor
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-202
4-01.html (boo#1219823, boo#1219826, CVE-2023-50387, CVE-2023-50868)

Changes in 4.8.5:

* (I)XFR: handle partial read of len prefix.
* YaHTTP: Prevent integer overflow on very large chunks.
* Fix setting of policy tags for packet cache hits.

Changes in 4.8.4:

* Deterred spoofing attempts can lead to authoritative servers being
marked unavailable (boo#1209897, CVE-2023-26437)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-48=1

Package List:

- openSUSE Backports SLE-15-SP5 (aarch64 ppc64le x86_64):

pdns-recursor-4.8.6-bp155.2.3.1

References:

https://www.suse.com/security/cve/CVE-2023-26437.html
https://www.suse.com/security/cve/CVE-2023-50387.html
https://www.suse.com/security/cve/CVE-2023-50868.html
https://bugzilla.suse.com/1209897
https://bugzilla.suse.com/1219823
https://bugzilla.suse.com/1219826



openSUSE-SU-2024:0047-1: important: Security update for hugin


openSUSE Security Update: Security update for hugin
_______________________________

Announcement ID: openSUSE-SU-2024:0047-1
Rating: important
References: #1219819 #1219820 #1219821 #1219822
Cross-References: CVE-2024-25442 CVE-2024-25443 CVE-2024-25445
CVE-2024-25446
Affected Products:
openSUSE Backports SLE-15-SP5
_______________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for hugin fixes the following issues:

Update to version 2023.0.0:

* PTBatcherGUI can now also queue user defined assistant and user
defined output sequences.
* PTBatcherGUI: Added option to generate panorama sequences from an
existing pto template.
* Assistant: Added option to select different output options like
projection, FOV or canvas size depending on different variables (e.g.
image count, field of view, lens type).
* Allow building with epoxy instead of GLEW for OpenGL pointer
management.
* Several improvements to crop tool (outside crop, aspect ratio, ...).
* Several bug fixes (e.g. in verdandi/internal blender).
* Updated translations.
- fixed: boo#1219819 (CVE-2024-25442), boo#1219820 (CVE-2024-25443)
boo#1219821 (CVE-2024-25445), boo#1219822 (CVE-2024-25446)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-47=1

Package List:

- openSUSE Backports SLE-15-SP5 (aarch64 ppc64le s390x x86_64):

hugin-2023.0.0-bp155.2.3.1

References:

https://www.suse.com/security/cve/CVE-2024-25442.html
https://www.suse.com/security/cve/CVE-2024-25443.html
https://www.suse.com/security/cve/CVE-2024-25445.html
https://www.suse.com/security/cve/CVE-2024-25446.html
https://bugzilla.suse.com/1219819
https://bugzilla.suse.com/1219820
https://bugzilla.suse.com/1219821
https://bugzilla.suse.com/1219822