The following security updates have been released for openSUSE and SUSE Linux Enterprise:

SUSE-SU-2024:1607-1: important: Security update for python-Pillow
SUSE-SU-2024:1608-1: important: Security update for python-Werkzeug
SUSE-SU-2024:1605-1: moderate: Security update for tpm2-0-tss
SUSE-SU-2024:1610-1: important: Security update for freerdp
SUSE-SU-2024:1598-1: important: Security update for less
SUSE-SU-2024:1591-1: important: Security update for python-Werkzeug
SUSE-SU-2024:1588-1: moderate: Security update for go1.21
SUSE-SU-2024:1587-1: moderate: Security update for go1.22
SUSE-SU-2024:1590-1: moderate: Security update for ghostscript
SUSE-SU-2024:1593-1: important: Security update for ffmpeg
SUSE-SU-2024:1592-1: important: Security update for ffmpeg-4
SUSE-SU-2024:1578-1: important: Security update for sssd
SUSE-SU-2024:1579-1: important: Security update for sssd
SUSE-SU-2024:1571-1: important: Security update for python-pymongo
SUSE-SU-2024:1557-1: moderate: Security update for rpm
SUSE-SU-2024:1549-1: important: Security update for sssd
SUSE-SU-2024:1539-1: moderate: Security update for bouncycastle
SUSE-SU-2024:1540-1: moderate: Security update for xen
SUSE-SU-2024:1535-1: important: Security update for flatpak
SUSE-SU-2024:1536-1: important: Security update for flatpak

SUSE-SU-2024:1607-1: important: Security update for python-Pillow

# Security update for python-Pillow

Announcement ID: SUSE-SU-2024:1607-1
Rating: important
References:

* bsc#1185784
* bsc#1185785
* bsc#1185786
* bsc#1185803
* bsc#1185804
* bsc#1185805

Cross-References:

* CVE-2021-25287
* CVE-2021-25288
* CVE-2021-28675
* CVE-2021-28676
* CVE-2021-28677
* CVE-2021-28678

CVSS scores:

* CVE-2021-25287 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2021-25287 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2021-25288 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-25288 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2021-28675 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-28675 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2021-28676 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-28676 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-28677 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-28677 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-28678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-28678 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.5

An update that solves six vulnerabilities can now be installed.

## Description:

This update for python-Pillow fixes the following issues:

* CVE-2021-25287: out-of-bounds read in J2kDecode in j2ku_graya_la
(bsc#1185805)
* CVE-2021-25288: out-of-bounds read in J2kDecode in j2ku_gray_i (bsc#1185803)
* CVE-2021-28675: DoS in PsdImagePlugin (bsc#1185804)
* CVE-2021-28676: infinite loop in FliDecode.c can lead to DoS (bsc#1185786)
* CVE-2021-28677: DoS in the open phase via a malicious EPS file (bsc#1185785)
* CVE-2021-28678: improper check in BlpImagePlugin can lead to DoS
(bsc#1185784)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-1607=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1607=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python-Pillow-debuginfo-7.2.0-150300.3.12.1
* python3-Pillow-tk-7.2.0-150300.3.12.1
* python-Pillow-debugsource-7.2.0-150300.3.12.1
* python3-Pillow-7.2.0-150300.3.12.1
* python3-Pillow-tk-debuginfo-7.2.0-150300.3.12.1
* python3-Pillow-debuginfo-7.2.0-150300.3.12.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python-Pillow-debuginfo-7.2.0-150300.3.12.1
* python3-Pillow-tk-7.2.0-150300.3.12.1
* python-Pillow-debugsource-7.2.0-150300.3.12.1
* python3-Pillow-7.2.0-150300.3.12.1
* python3-Pillow-tk-debuginfo-7.2.0-150300.3.12.1
* python3-Pillow-debuginfo-7.2.0-150300.3.12.1

## References:

* https://www.suse.com/security/cve/CVE-2021-25287.html
* https://www.suse.com/security/cve/CVE-2021-25288.html
* https://www.suse.com/security/cve/CVE-2021-28675.html
* https://www.suse.com/security/cve/CVE-2021-28676.html
* https://www.suse.com/security/cve/CVE-2021-28677.html
* https://www.suse.com/security/cve/CVE-2021-28678.html
* https://bugzilla.suse.com/show_bug.cgi?id=1185784
* https://bugzilla.suse.com/show_bug.cgi?id=1185785
* https://bugzilla.suse.com/show_bug.cgi?id=1185786
* https://bugzilla.suse.com/show_bug.cgi?id=1185803
* https://bugzilla.suse.com/show_bug.cgi?id=1185804
* https://bugzilla.suse.com/show_bug.cgi?id=1185805

SUSE-SU-2024:1608-1: important: Security update for python-Werkzeug

# Security update for python-Werkzeug

Announcement ID: SUSE-SU-2024:1608-1
Rating: important
References:

* bsc#1223979

Cross-References:

* CVE-2024-34069

CVSS scores:

* CVE-2024-34069 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP2

An update that solves one vulnerability can now be installed.

## Description:

This update for python-Werkzeug fixes the following issues:

* CVE-2024-34069: Fixed a remote code execution through debugger when
interacting with attacker controlled domain (bsc#1223979).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1608=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-1608=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1608=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1608=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1608=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* python-Werkzeug-doc-0.14.1-150100.6.9.1
* openSUSE Leap 15.6 (noarch)
* python-Werkzeug-doc-0.14.1-150100.6.9.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* python3-Werkzeug-0.14.1-150100.6.9.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* python3-Werkzeug-0.14.1-150100.6.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* python3-Werkzeug-0.14.1-150100.6.9.1

## References:

* https://www.suse.com/security/cve/CVE-2024-34069.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223979

SUSE-SU-2024:1605-1: moderate: Security update for tpm2-0-tss

# Security update for tpm2-0-tss

Announcement ID: SUSE-SU-2024:1605-1
Rating: moderate
References:

* bsc#1223690

Cross-References:

* CVE-2024-29040

CVSS scores:

* CVE-2024-29040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected Products:

* openSUSE Leap 15.3

An update that solves one vulnerability can now be installed.

## Description:

This update for tpm2-0-tss fixes the following issues:

* CVE-2024-29040: Fixed quote data validation by Fapi_VerifyQuote
(bsc#1223690).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-1605=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* libtss2-sys0-2.4.5-150300.3.9.1
* libtss2-esys0-2.4.5-150300.3.9.1
* libtss2-tcti-device0-debuginfo-2.4.5-150300.3.9.1
* tpm2-0-tss-debugsource-2.4.5-150300.3.9.1
* libtss2-fapi0-debuginfo-2.4.5-150300.3.9.1
* libtss2-sys0-debuginfo-2.4.5-150300.3.9.1
* libtss2-tctildr0-debuginfo-2.4.5-150300.3.9.1
* tpm2-0-tss-devel-2.4.5-150300.3.9.1
* tpm2-0-tss-2.4.5-150300.3.9.1
* libtss2-rc0-2.4.5-150300.3.9.1
* libtss2-rc0-debuginfo-2.4.5-150300.3.9.1
* libtss2-esys0-debuginfo-2.4.5-150300.3.9.1
* libtss2-tcti-mssim0-2.4.5-150300.3.9.1
* libtss2-tcti-device0-2.4.5-150300.3.9.1
* libtss2-mu0-debuginfo-2.4.5-150300.3.9.1
* libtss2-tcti-mssim0-debuginfo-2.4.5-150300.3.9.1
* libtss2-fapi0-2.4.5-150300.3.9.1
* libtss2-tctildr0-2.4.5-150300.3.9.1
* libtss2-mu0-2.4.5-150300.3.9.1
* openSUSE Leap 15.3 (x86_64)
* libtss2-tcti-device0-32bit-2.4.5-150300.3.9.1
* libtss2-esys0-32bit-2.4.5-150300.3.9.1
* libtss2-tcti-mssim0-32bit-2.4.5-150300.3.9.1
* libtss2-tcti-mssim0-32bit-debuginfo-2.4.5-150300.3.9.1
* libtss2-sys0-32bit-2.4.5-150300.3.9.1
* libtss2-sys0-32bit-debuginfo-2.4.5-150300.3.9.1
* libtss2-mu0-32bit-2.4.5-150300.3.9.1
* libtss2-esys0-32bit-debuginfo-2.4.5-150300.3.9.1
* libtss2-mu0-32bit-debuginfo-2.4.5-150300.3.9.1
* libtss2-tcti-device0-32bit-debuginfo-2.4.5-150300.3.9.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* libtss2-tcti-device0-64bit-debuginfo-2.4.5-150300.3.9.1
* libtss2-esys0-64bit-2.4.5-150300.3.9.1
* libtss2-mu0-64bit-debuginfo-2.4.5-150300.3.9.1
* libtss2-esys0-64bit-debuginfo-2.4.5-150300.3.9.1
* libtss2-mu0-64bit-2.4.5-150300.3.9.1
* libtss2-tcti-mssim0-64bit-debuginfo-2.4.5-150300.3.9.1
* libtss2-sys0-64bit-debuginfo-2.4.5-150300.3.9.1
* libtss2-tcti-mssim0-64bit-2.4.5-150300.3.9.1
* libtss2-tcti-device0-64bit-2.4.5-150300.3.9.1
* libtss2-sys0-64bit-2.4.5-150300.3.9.1

## References:

* https://www.suse.com/security/cve/CVE-2024-29040.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223690

SUSE-SU-2024:1610-1: important: Security update for freerdp

# Security update for freerdp

Announcement ID: SUSE-SU-2024:1610-1
Rating: important
References:

* bsc#1223293
* bsc#1223294
* bsc#1223295
* bsc#1223296
* bsc#1223297
* bsc#1223298

Cross-References:

* CVE-2024-32039
* CVE-2024-32040
* CVE-2024-32041
* CVE-2024-32458
* CVE-2024-32459
* CVE-2024-32460

CVSS scores:

* CVE-2024-32039 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-32040 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-32041 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-32458 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-32459 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-32460 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
* SUSE Package Hub 15 15-SP5

An update that solves six vulnerabilities can now be installed.

## Description:

This update for freerdp fixes the following issues:

* CVE-2024-32039: Fixed an out-of-bounds write with variables of type uint32
(bsc#1223293)
* CVE-2024-32040: Fixed a integer underflow when using the 'NSC' codec
(bsc#1223294)
* CVE-2024-32041: Fixed an out-of-bounds read in Stream_GetRemainingLength()
(bsc#1223295)
* CVE-2024-32458: Fixed an out-of-bounds read on pSrcData[] (bsc#1223296)
* CVE-2024-32459: Fixed an out-of-bounds read in case SrcSize less than 4
(bsc#1223297)
* CVE-2024-32460: Fixed an out-of-bounds read when using '/bpp:32' legacy
'GDI' drawing path (bsc#1223298)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-1610=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1610=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1610=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1610=1

* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-1610=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* freerdp-debugsource-2.4.0-150400.3.29.1
* libfreerdp2-2.4.0-150400.3.29.1
* freerdp-server-debuginfo-2.4.0-150400.3.29.1
* libwinpr2-debuginfo-2.4.0-150400.3.29.1
* libuwac0-0-2.4.0-150400.3.29.1
* freerdp-debuginfo-2.4.0-150400.3.29.1
* winpr2-devel-2.4.0-150400.3.29.1
* freerdp-2.4.0-150400.3.29.1
* freerdp-wayland-2.4.0-150400.3.29.1
* libuwac0-0-debuginfo-2.4.0-150400.3.29.1
* freerdp-proxy-2.4.0-150400.3.29.1
* freerdp-server-2.4.0-150400.3.29.1
* freerdp-wayland-debuginfo-2.4.0-150400.3.29.1
* libwinpr2-2.4.0-150400.3.29.1
* libfreerdp2-debuginfo-2.4.0-150400.3.29.1
* freerdp-devel-2.4.0-150400.3.29.1
* freerdp-proxy-debuginfo-2.4.0-150400.3.29.1
* uwac0-0-devel-2.4.0-150400.3.29.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* freerdp-debugsource-2.4.0-150400.3.29.1
* libfreerdp2-2.4.0-150400.3.29.1
* freerdp-server-debuginfo-2.4.0-150400.3.29.1
* libwinpr2-debuginfo-2.4.0-150400.3.29.1
* libuwac0-0-2.4.0-150400.3.29.1
* freerdp-debuginfo-2.4.0-150400.3.29.1
* winpr2-devel-2.4.0-150400.3.29.1
* freerdp-2.4.0-150400.3.29.1
* freerdp-wayland-2.4.0-150400.3.29.1
* libuwac0-0-debuginfo-2.4.0-150400.3.29.1
* freerdp-proxy-2.4.0-150400.3.29.1
* freerdp-server-2.4.0-150400.3.29.1
* freerdp-wayland-debuginfo-2.4.0-150400.3.29.1
* libwinpr2-2.4.0-150400.3.29.1
* libfreerdp2-debuginfo-2.4.0-150400.3.29.1
* freerdp-devel-2.4.0-150400.3.29.1
* freerdp-proxy-debuginfo-2.4.0-150400.3.29.1
* uwac0-0-devel-2.4.0-150400.3.29.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x)
* freerdp-debugsource-2.4.0-150400.3.29.1
* libfreerdp2-2.4.0-150400.3.29.1
* freerdp-server-debuginfo-2.4.0-150400.3.29.1
* libwinpr2-debuginfo-2.4.0-150400.3.29.1
* libuwac0-0-2.4.0-150400.3.29.1
* freerdp-debuginfo-2.4.0-150400.3.29.1
* winpr2-devel-2.4.0-150400.3.29.1
* freerdp-2.4.0-150400.3.29.1
* freerdp-wayland-2.4.0-150400.3.29.1
* libuwac0-0-debuginfo-2.4.0-150400.3.29.1
* freerdp-proxy-2.4.0-150400.3.29.1
* freerdp-server-2.4.0-150400.3.29.1
* freerdp-wayland-debuginfo-2.4.0-150400.3.29.1
* libwinpr2-2.4.0-150400.3.29.1
* libfreerdp2-debuginfo-2.4.0-150400.3.29.1
* freerdp-devel-2.4.0-150400.3.29.1
* freerdp-proxy-debuginfo-2.4.0-150400.3.29.1
* uwac0-0-devel-2.4.0-150400.3.29.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* freerdp-debugsource-2.4.0-150400.3.29.1
* libfreerdp2-2.4.0-150400.3.29.1
* libwinpr2-debuginfo-2.4.0-150400.3.29.1
* freerdp-debuginfo-2.4.0-150400.3.29.1
* winpr2-devel-2.4.0-150400.3.29.1
* freerdp-2.4.0-150400.3.29.1
* freerdp-proxy-2.4.0-150400.3.29.1
* libwinpr2-2.4.0-150400.3.29.1
* libfreerdp2-debuginfo-2.4.0-150400.3.29.1
* freerdp-devel-2.4.0-150400.3.29.1
* freerdp-proxy-debuginfo-2.4.0-150400.3.29.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* freerdp-debugsource-2.4.0-150400.3.29.1
* libfreerdp2-2.4.0-150400.3.29.1
* libwinpr2-debuginfo-2.4.0-150400.3.29.1
* freerdp-debuginfo-2.4.0-150400.3.29.1
* winpr2-devel-2.4.0-150400.3.29.1
* freerdp-2.4.0-150400.3.29.1
* freerdp-proxy-2.4.0-150400.3.29.1
* libwinpr2-2.4.0-150400.3.29.1
* libfreerdp2-debuginfo-2.4.0-150400.3.29.1
* freerdp-devel-2.4.0-150400.3.29.1
* freerdp-proxy-debuginfo-2.4.0-150400.3.29.1

## References:

* https://www.suse.com/security/cve/CVE-2024-32039.html
* https://www.suse.com/security/cve/CVE-2024-32040.html
* https://www.suse.com/security/cve/CVE-2024-32041.html
* https://www.suse.com/security/cve/CVE-2024-32458.html
* https://www.suse.com/security/cve/CVE-2024-32459.html
* https://www.suse.com/security/cve/CVE-2024-32460.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223293
* https://bugzilla.suse.com/show_bug.cgi?id=1223294
* https://bugzilla.suse.com/show_bug.cgi?id=1223295
* https://bugzilla.suse.com/show_bug.cgi?id=1223296
* https://bugzilla.suse.com/show_bug.cgi?id=1223297
* https://bugzilla.suse.com/show_bug.cgi?id=1223298

SUSE-SU-2024:1598-1: important: Security update for less

# Security update for less

Announcement ID: SUSE-SU-2024:1598-1
Rating: important
References:

* bsc#1222849

Cross-References:

* CVE-2024-32487

CVSS scores:

* CVE-2024-32487 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for less fixes the following issues:

* CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is
set leads to OS command execution. (bsc#1222849)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-1598=1

* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2024-1598=1

* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-1598=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1598=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-1598=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-1598=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-1598=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-1598=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-1598=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1598=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1598=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1598=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1598=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1598=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1598=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1598=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-1598=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1598=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* SUSE Manager Proxy 4.3 (x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* less-debuginfo-590-150400.3.9.1
* less-590-150400.3.9.1
* less-debugsource-590-150400.3.9.1

## References:

* https://www.suse.com/security/cve/CVE-2024-32487.html
* https://bugzilla.suse.com/show_bug.cgi?id=1222849

SUSE-SU-2024:1591-1: important: Security update for python-Werkzeug

# Security update for python-Werkzeug

Announcement ID: SUSE-SU-2024:1591-1
Rating: important
References:

* bsc#1223979

Cross-References:

* CVE-2024-34069

CVSS scores:

* CVE-2024-34069 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* Python 3 Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for python-Werkzeug fixes the following issues:

* CVE-2024-34069: Fixed a remote code execution through debugger when
interacting with attacker controlled domain (bsc#1223979).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1591=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1591=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1591=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-1591=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1591=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-1591=1

* Python 3 Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-1591=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1591=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1591=1

## Package List:

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
* python311-Werkzeug-2.3.6-150400.6.9.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* python311-Werkzeug-2.3.6-150400.6.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* python311-Werkzeug-2.3.6-150400.6.9.1
* openSUSE Leap 15.4 (noarch)
* python311-Werkzeug-2.3.6-150400.6.9.1
* openSUSE Leap 15.5 (noarch)
* python311-Werkzeug-2.3.6-150400.6.9.1
* openSUSE Leap 15.6 (noarch)
* python311-Werkzeug-2.3.6-150400.6.9.1
* Python 3 Module 15-SP5 (noarch)
* python311-Werkzeug-2.3.6-150400.6.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* python311-Werkzeug-2.3.6-150400.6.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* python311-Werkzeug-2.3.6-150400.6.9.1

## References:

* https://www.suse.com/security/cve/CVE-2024-34069.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223979

SUSE-SU-2024:1588-1: moderate: Security update for go1.21

# Security update for go1.21

Announcement ID: SUSE-SU-2024:1588-1
Rating: moderate
References:

* bsc#1212475
* bsc#1224017

Cross-References:

* CVE-2024-24787

CVSS scores:

* CVE-2024-24787 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Development Tools Module 15-SP5
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for go1.21 fixes the following issues:

Update to go1.21.10:

* CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin
(bsc#1224017)
* net/http: TestRequestLimit/h2 becomes significantly more expensive and
slower after x/net@v0.23.0

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1588=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-1588=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-1588=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1588=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1588=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1588=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1588=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1588=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* go1.21-doc-1.21.10-150000.1.33.1
* go1.21-race-1.21.10-150000.1.33.1
* go1.21-1.21.10-150000.1.33.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.21-doc-1.21.10-150000.1.33.1
* go1.21-race-1.21.10-150000.1.33.1
* go1.21-1.21.10-150000.1.33.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* go1.21-doc-1.21.10-150000.1.33.1
* go1.21-race-1.21.10-150000.1.33.1
* go1.21-1.21.10-150000.1.33.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* go1.21-doc-1.21.10-150000.1.33.1
* go1.21-race-1.21.10-150000.1.33.1
* go1.21-1.21.10-150000.1.33.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* go1.21-doc-1.21.10-150000.1.33.1
* go1.21-race-1.21.10-150000.1.33.1
* go1.21-1.21.10-150000.1.33.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* go1.21-doc-1.21.10-150000.1.33.1
* go1.21-race-1.21.10-150000.1.33.1
* go1.21-1.21.10-150000.1.33.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* go1.21-doc-1.21.10-150000.1.33.1
* go1.21-1.21.10-150000.1.33.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 x86_64)
* go1.21-race-1.21.10-150000.1.33.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* go1.21-doc-1.21.10-150000.1.33.1
* go1.21-1.21.10-150000.1.33.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* go1.21-race-1.21.10-150000.1.33.1

## References:

* https://www.suse.com/security/cve/CVE-2024-24787.html
* https://bugzilla.suse.com/show_bug.cgi?id=1212475
* https://bugzilla.suse.com/show_bug.cgi?id=1224017

SUSE-SU-2024:1587-1: moderate: Security update for go1.22

# Security update for go1.22

Announcement ID: SUSE-SU-2024:1587-1
Rating: moderate
References:

* bsc#1218424
* bsc#1224017
* bsc#1224018

Cross-References:

* CVE-2024-24787
* CVE-2024-24788

CVSS scores:

* CVE-2024-24787 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-24788 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* Development Tools Module 15-SP5
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves two vulnerabilities and has one security fix can now be
installed.

## Description:

This update for go1.22 fixes the following issues:

Update to go1.22.3:

* CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin
(bsc#1224017)
* CVE-2024-24788: net: high cpu usage in extractExtendedRCode (bsc#1224018)
* cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64le
* cmd/compile: changing a hot concrete method to interface method triggers a
PGO ICE
* runtime: deterministic fallback hashes across process boundary
* net/http: TestRequestLimit/h2 becomes significantly more expensive and
slower after x/net@v0.23.0

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1587=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-1587=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-1587=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* go1.22-1.22.3-150000.1.15.1
* go1.22-race-1.22.3-150000.1.15.1
* go1.22-doc-1.22.3-150000.1.15.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.22-1.22.3-150000.1.15.1
* go1.22-race-1.22.3-150000.1.15.1
* go1.22-doc-1.22.3-150000.1.15.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* go1.22-1.22.3-150000.1.15.1
* go1.22-race-1.22.3-150000.1.15.1
* go1.22-doc-1.22.3-150000.1.15.1

## References:

* https://www.suse.com/security/cve/CVE-2024-24787.html
* https://www.suse.com/security/cve/CVE-2024-24788.html
* https://bugzilla.suse.com/show_bug.cgi?id=1218424
* https://bugzilla.suse.com/show_bug.cgi?id=1224017
* https://bugzilla.suse.com/show_bug.cgi?id=1224018

SUSE-SU-2024:1590-1: moderate: Security update for ghostscript

# Security update for ghostscript

Announcement ID: SUSE-SU-2024:1590-1
Rating: moderate
References:

* bsc#1223852

Cross-References:

* CVE-2023-52722

CVSS scores:

* CVE-2023-52722 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for ghostscript fixes the following issues:

* CVE-2023-52722: Do not allow eexec seeds other than the Type 1 standard
while using SAFER mode (bsc#1223852).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1590=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1590=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* ghostscript-debugsource-9.52-150000.188.1
* ghostscript-x11-9.52-150000.188.1
* ghostscript-debuginfo-9.52-150000.188.1
* ghostscript-x11-debuginfo-9.52-150000.188.1
* ghostscript-devel-9.52-150000.188.1
* ghostscript-9.52-150000.188.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* ghostscript-debugsource-9.52-150000.188.1
* ghostscript-x11-9.52-150000.188.1
* ghostscript-debuginfo-9.52-150000.188.1
* ghostscript-x11-debuginfo-9.52-150000.188.1
* ghostscript-devel-9.52-150000.188.1
* ghostscript-9.52-150000.188.1

## References:

* https://www.suse.com/security/cve/CVE-2023-52722.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223852

SUSE-SU-2024:1593-1: important: Security update for ffmpeg

# Security update for ffmpeg

Announcement ID: SUSE-SU-2024:1593-1
Rating: important
References:

* bsc#1223256

Cross-References:

* CVE-2023-50010

CVSS scores:

* CVE-2023-50010 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Desktop Applications Module 15-SP5
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
* SUSE Package Hub 15 15-SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for ffmpeg fixes the following issues:

* CVE-2023-50010: Fixed an arbitrary code execution via the set_encoder_id()
(bsc#1223256).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1593=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-1593=1

* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-1593=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1593=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1593=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1593=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1593=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1593=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1593=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1593=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1593=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1593=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1593=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1593=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1593=1

* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-1593=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-1593=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libpostproc-devel-3.4.2-150200.11.44.1
* libavdevice57-debuginfo-3.4.2-150200.11.44.1
* libavdevice57-3.4.2-150200.11.44.1
* libavresample-devel-3.4.2-150200.11.44.1
* libswresample-devel-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* ffmpeg-private-devel-3.4.2-150200.11.44.1
* libpostproc54-debuginfo-3.4.2-150200.11.44.1
* libavcodec57-3.4.2-150200.11.44.1
* libavutil55-debuginfo-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-3.4.2-150200.11.44.1
* libavdevice-devel-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* libswscale-devel-3.4.2-150200.11.44.1
* libavutil55-3.4.2-150200.11.44.1
* libavutil-devel-3.4.2-150200.11.44.1
* libavfilter6-3.4.2-150200.11.44.1
* libswresample2-debuginfo-3.4.2-150200.11.44.1
* libswscale4-debuginfo-3.4.2-150200.11.44.1
* libavfilter6-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* libswresample2-3.4.2-150200.11.44.1
* libswscale4-3.4.2-150200.11.44.1
* libavcodec-devel-3.4.2-150200.11.44.1
* libavfilter-devel-3.4.2-150200.11.44.1
* libavformat-devel-3.4.2-150200.11.44.1
* libavcodec57-debuginfo-3.4.2-150200.11.44.1
* openSUSE Leap 15.5 (x86_64)
* libavfilter6-32bit-debuginfo-3.4.2-150200.11.44.1
* libavdevice57-32bit-3.4.2-150200.11.44.1
* libavutil55-32bit-debuginfo-3.4.2-150200.11.44.1
* libavresample3-32bit-3.4.2-150200.11.44.1
* libavcodec57-32bit-debuginfo-3.4.2-150200.11.44.1
* libswresample2-32bit-3.4.2-150200.11.44.1
* libavresample3-32bit-debuginfo-3.4.2-150200.11.44.1
* libavutil55-32bit-3.4.2-150200.11.44.1
* libpostproc54-32bit-3.4.2-150200.11.44.1
* libswscale4-32bit-debuginfo-3.4.2-150200.11.44.1
* libavdevice57-32bit-debuginfo-3.4.2-150200.11.44.1
* libavformat57-32bit-3.4.2-150200.11.44.1
* libswscale4-32bit-3.4.2-150200.11.44.1
* libavcodec57-32bit-3.4.2-150200.11.44.1
* libavformat57-32bit-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-32bit-debuginfo-3.4.2-150200.11.44.1
* libswresample2-32bit-debuginfo-3.4.2-150200.11.44.1
* libavfilter6-32bit-3.4.2-150200.11.44.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libpostproc-devel-3.4.2-150200.11.44.1
* libavdevice57-debuginfo-3.4.2-150200.11.44.1
* libavdevice57-3.4.2-150200.11.44.1
* libavresample-devel-3.4.2-150200.11.44.1
* libswresample-devel-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* ffmpeg-private-devel-3.4.2-150200.11.44.1
* libpostproc54-debuginfo-3.4.2-150200.11.44.1
* libavcodec57-3.4.2-150200.11.44.1
* libavutil55-debuginfo-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-3.4.2-150200.11.44.1
* libavdevice-devel-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* libswscale-devel-3.4.2-150200.11.44.1
* libavutil55-3.4.2-150200.11.44.1
* libavutil-devel-3.4.2-150200.11.44.1
* libavfilter6-3.4.2-150200.11.44.1
* libswresample2-debuginfo-3.4.2-150200.11.44.1
* libswscale4-debuginfo-3.4.2-150200.11.44.1
* libavfilter6-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* libswresample2-3.4.2-150200.11.44.1
* libswscale4-3.4.2-150200.11.44.1
* libavcodec-devel-3.4.2-150200.11.44.1
* libavfilter-devel-3.4.2-150200.11.44.1
* libavformat-devel-3.4.2-150200.11.44.1
* libavcodec57-debuginfo-3.4.2-150200.11.44.1
* openSUSE Leap 15.6 (x86_64)
* libavfilter6-32bit-debuginfo-3.4.2-150200.11.44.1
* libavdevice57-32bit-3.4.2-150200.11.44.1
* libavutil55-32bit-debuginfo-3.4.2-150200.11.44.1
* libavresample3-32bit-3.4.2-150200.11.44.1
* libavcodec57-32bit-debuginfo-3.4.2-150200.11.44.1
* libswresample2-32bit-3.4.2-150200.11.44.1
* libavresample3-32bit-debuginfo-3.4.2-150200.11.44.1
* libavutil55-32bit-3.4.2-150200.11.44.1
* libpostproc54-32bit-3.4.2-150200.11.44.1
* libswscale4-32bit-debuginfo-3.4.2-150200.11.44.1
* libavdevice57-32bit-debuginfo-3.4.2-150200.11.44.1
* libavformat57-32bit-3.4.2-150200.11.44.1
* libswscale4-32bit-3.4.2-150200.11.44.1
* libavcodec57-32bit-3.4.2-150200.11.44.1
* libavformat57-32bit-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-32bit-debuginfo-3.4.2-150200.11.44.1
* libswresample2-32bit-debuginfo-3.4.2-150200.11.44.1
* libavfilter6-32bit-3.4.2-150200.11.44.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libswscale4-3.4.2-150200.11.44.1
* libavutil55-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libpostproc-devel-3.4.2-150200.11.44.1
* libswresample2-debuginfo-3.4.2-150200.11.44.1
* libswscale4-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-3.4.2-150200.11.44.1
* libavcodec57-3.4.2-150200.11.44.1
* libswscale-devel-3.4.2-150200.11.44.1
* libswresample-devel-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* libswresample2-3.4.2-150200.11.44.1
* libavutil55-3.4.2-150200.11.44.1
* libpostproc54-debuginfo-3.4.2-150200.11.44.1
* libavutil-devel-3.4.2-150200.11.44.1
* libavcodec57-debuginfo-3.4.2-150200.11.44.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* libavfilter6-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libavfilter6-debuginfo-3.4.2-150200.11.44.1
* libavdevice57-debuginfo-3.4.2-150200.11.44.1
* libavdevice57-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* ffmpeg-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libpostproc-devel-3.4.2-150200.11.44.1
* libavresample-devel-3.4.2-150200.11.44.1
* libswresample-devel-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* libpostproc54-debuginfo-3.4.2-150200.11.44.1
* libavcodec57-3.4.2-150200.11.44.1
* libavutil55-debuginfo-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* libswscale-devel-3.4.2-150200.11.44.1
* libavutil55-3.4.2-150200.11.44.1
* libavutil-devel-3.4.2-150200.11.44.1
* libswresample2-debuginfo-3.4.2-150200.11.44.1
* libswscale4-debuginfo-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* libswresample2-3.4.2-150200.11.44.1
* libswscale4-3.4.2-150200.11.44.1
* libavcodec57-debuginfo-3.4.2-150200.11.44.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libpostproc-devel-3.4.2-150200.11.44.1
* libavresample-devel-3.4.2-150200.11.44.1
* libswresample-devel-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* libpostproc54-debuginfo-3.4.2-150200.11.44.1
* libavcodec57-3.4.2-150200.11.44.1
* libavutil55-debuginfo-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* libswscale-devel-3.4.2-150200.11.44.1
* libavutil55-3.4.2-150200.11.44.1
* libavutil-devel-3.4.2-150200.11.44.1
* libswresample2-debuginfo-3.4.2-150200.11.44.1
* libswscale4-debuginfo-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* libswresample2-3.4.2-150200.11.44.1
* libswscale4-3.4.2-150200.11.44.1
* libavcodec57-debuginfo-3.4.2-150200.11.44.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* libswresample2-3.4.2-150200.11.44.1
* libswscale4-3.4.2-150200.11.44.1
* libavutil55-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libpostproc-devel-3.4.2-150200.11.44.1
* libswresample2-debuginfo-3.4.2-150200.11.44.1
* libswscale4-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-3.4.2-150200.11.44.1
* libavcodec57-3.4.2-150200.11.44.1
* libswscale-devel-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* libswresample-devel-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* libavutil55-3.4.2-150200.11.44.1
* libpostproc54-debuginfo-3.4.2-150200.11.44.1
* libavutil-devel-3.4.2-150200.11.44.1
* libavcodec57-debuginfo-3.4.2-150200.11.44.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* libswresample2-3.4.2-150200.11.44.1
* libswscale4-3.4.2-150200.11.44.1
* libavutil55-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libpostproc-devel-3.4.2-150200.11.44.1
* libswresample2-debuginfo-3.4.2-150200.11.44.1
* libswscale4-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-3.4.2-150200.11.44.1
* libavcodec57-3.4.2-150200.11.44.1
* libswscale-devel-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* libswresample-devel-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* libavutil55-3.4.2-150200.11.44.1
* libpostproc54-debuginfo-3.4.2-150200.11.44.1
* libavutil-devel-3.4.2-150200.11.44.1
* libavcodec57-debuginfo-3.4.2-150200.11.44.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libpostproc-devel-3.4.2-150200.11.44.1
* libavresample-devel-3.4.2-150200.11.44.1
* libswresample-devel-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* libpostproc54-debuginfo-3.4.2-150200.11.44.1
* libavcodec57-3.4.2-150200.11.44.1
* libavutil55-debuginfo-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* libswscale-devel-3.4.2-150200.11.44.1
* libavutil55-3.4.2-150200.11.44.1
* libavutil-devel-3.4.2-150200.11.44.1
* libswresample2-debuginfo-3.4.2-150200.11.44.1
* libswscale4-debuginfo-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* libswresample2-3.4.2-150200.11.44.1
* libswscale4-3.4.2-150200.11.44.1
* libavcodec-devel-3.4.2-150200.11.44.1
* libavformat-devel-3.4.2-150200.11.44.1
* libavcodec57-debuginfo-3.4.2-150200.11.44.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libpostproc-devel-3.4.2-150200.11.44.1
* libavresample-devel-3.4.2-150200.11.44.1
* libswresample-devel-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* libpostproc54-debuginfo-3.4.2-150200.11.44.1
* libavcodec57-3.4.2-150200.11.44.1
* libavutil55-debuginfo-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* libswscale-devel-3.4.2-150200.11.44.1
* libavutil55-3.4.2-150200.11.44.1
* libavutil-devel-3.4.2-150200.11.44.1
* libswresample2-debuginfo-3.4.2-150200.11.44.1
* libswscale4-debuginfo-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* libswresample2-3.4.2-150200.11.44.1
* libswscale4-3.4.2-150200.11.44.1
* libavcodec57-debuginfo-3.4.2-150200.11.44.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libpostproc-devel-3.4.2-150200.11.44.1
* libavresample-devel-3.4.2-150200.11.44.1
* libswresample-devel-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* libpostproc54-debuginfo-3.4.2-150200.11.44.1
* libavcodec57-3.4.2-150200.11.44.1
* libavutil55-debuginfo-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* libswscale-devel-3.4.2-150200.11.44.1
* libavutil55-3.4.2-150200.11.44.1
* libavutil-devel-3.4.2-150200.11.44.1
* libswresample2-debuginfo-3.4.2-150200.11.44.1
* libswscale4-debuginfo-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* libswresample2-3.4.2-150200.11.44.1
* libswscale4-3.4.2-150200.11.44.1
* libavcodec57-debuginfo-3.4.2-150200.11.44.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* libswresample2-3.4.2-150200.11.44.1
* libswscale4-3.4.2-150200.11.44.1
* libavutil55-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libpostproc-devel-3.4.2-150200.11.44.1
* libswresample2-debuginfo-3.4.2-150200.11.44.1
* libswscale4-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-3.4.2-150200.11.44.1
* libavcodec57-3.4.2-150200.11.44.1
* libswscale-devel-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* libswresample-devel-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* libavutil55-3.4.2-150200.11.44.1
* libpostproc54-debuginfo-3.4.2-150200.11.44.1
* libavutil-devel-3.4.2-150200.11.44.1
* libavcodec57-debuginfo-3.4.2-150200.11.44.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libpostproc-devel-3.4.2-150200.11.44.1
* libavresample-devel-3.4.2-150200.11.44.1
* libswresample-devel-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* libpostproc54-debuginfo-3.4.2-150200.11.44.1
* libavcodec57-3.4.2-150200.11.44.1
* libavutil55-debuginfo-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* libswscale-devel-3.4.2-150200.11.44.1
* libavutil55-3.4.2-150200.11.44.1
* libavutil-devel-3.4.2-150200.11.44.1
* libswresample2-debuginfo-3.4.2-150200.11.44.1
* libswscale4-debuginfo-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* libswresample2-3.4.2-150200.11.44.1
* libswscale4-3.4.2-150200.11.44.1
* libavcodec57-debuginfo-3.4.2-150200.11.44.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libpostproc-devel-3.4.2-150200.11.44.1
* libavresample-devel-3.4.2-150200.11.44.1
* libswresample-devel-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* libpostproc54-debuginfo-3.4.2-150200.11.44.1
* libavcodec57-3.4.2-150200.11.44.1
* libavutil55-debuginfo-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* libswscale-devel-3.4.2-150200.11.44.1
* libavutil55-3.4.2-150200.11.44.1
* libavutil-devel-3.4.2-150200.11.44.1
* libswresample2-debuginfo-3.4.2-150200.11.44.1
* libswscale4-debuginfo-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* libswresample2-3.4.2-150200.11.44.1
* libswscale4-3.4.2-150200.11.44.1
* libavcodec57-debuginfo-3.4.2-150200.11.44.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* libswresample2-3.4.2-150200.11.44.1
* libswscale4-3.4.2-150200.11.44.1
* libavutil55-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libpostproc-devel-3.4.2-150200.11.44.1
* libswresample2-debuginfo-3.4.2-150200.11.44.1
* libswscale4-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-3.4.2-150200.11.44.1
* libavcodec57-3.4.2-150200.11.44.1
* libswscale-devel-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* libswresample-devel-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* libavutil55-3.4.2-150200.11.44.1
* libpostproc54-debuginfo-3.4.2-150200.11.44.1
* libavutil-devel-3.4.2-150200.11.44.1
* libavcodec57-debuginfo-3.4.2-150200.11.44.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libavcodec-devel-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libavresample-devel-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* libavformat-devel-3.4.2-150200.11.44.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* libavresample3-debuginfo-3.4.2-150200.11.44.1
* ffmpeg-debuginfo-3.4.2-150200.11.44.1
* libpostproc-devel-3.4.2-150200.11.44.1
* libavresample-devel-3.4.2-150200.11.44.1
* libswresample-devel-3.4.2-150200.11.44.1
* ffmpeg-debugsource-3.4.2-150200.11.44.1
* libpostproc54-debuginfo-3.4.2-150200.11.44.1
* libavcodec57-3.4.2-150200.11.44.1
* libavutil55-debuginfo-3.4.2-150200.11.44.1
* libavformat57-debuginfo-3.4.2-150200.11.44.1
* libpostproc54-3.4.2-150200.11.44.1
* libavformat57-3.4.2-150200.11.44.1
* libswscale-devel-3.4.2-150200.11.44.1
* libavutil55-3.4.2-150200.11.44.1
* libavutil-devel-3.4.2-150200.11.44.1
* libswresample2-debuginfo-3.4.2-150200.11.44.1
* libswscale4-debuginfo-3.4.2-150200.11.44.1
* libavresample3-3.4.2-150200.11.44.1
* libswresample2-3.4.2-150200.11.44.1
* libswscale4-3.4.2-150200.11.44.1
* libavcodec57-debuginfo-3.4.2-150200.11.44.1

## References:

* https://www.suse.com/security/cve/CVE-2023-50010.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223256

SUSE-SU-2024:1592-1: important: Security update for ffmpeg-4

# Security update for ffmpeg-4

Announcement ID: SUSE-SU-2024:1592-1
Rating: important
References:

* bsc#1223256

Cross-References:

* CVE-2023-50010

CVSS scores:

* CVE-2023-50010 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
* SUSE Package Hub 15 15-SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for ffmpeg-4 fixes the following issues:

* CVE-2023-50010: Fixed an arbitrary code execution via the set_encoder_id()
(bsc#1223256).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-1592=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1592=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1592=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1592=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1592=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1592=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1592=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1592=1

* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-1592=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* ffmpeg-4-libpostproc-devel-4.4-150400.3.27.1
* libavresample4_0-4.4-150400.3.27.1
* libswscale5_9-4.4-150400.3.27.1
* libavutil56_70-4.4-150400.3.27.1
* libswresample3_9-4.4-150400.3.27.1
* libavutil56_70-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-libavfilter-devel-4.4-150400.3.27.1
* ffmpeg-4-libswresample-devel-4.4-150400.3.27.1
* libavfilter7_110-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-private-devel-4.4-150400.3.27.1
* libswresample3_9-debuginfo-4.4-150400.3.27.1
* libavcodec58_134-4.4-150400.3.27.1
* libavdevice58_13-4.4-150400.3.27.1
* ffmpeg-4-4.4-150400.3.27.1
* ffmpeg-4-debuginfo-4.4-150400.3.27.1
* libavdevice58_13-debuginfo-4.4-150400.3.27.1
* libavcodec58_134-debuginfo-4.4-150400.3.27.1
* libpostproc55_9-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-debugsource-4.4-150400.3.27.1
* ffmpeg-4-libswscale-devel-4.4-150400.3.27.1
* libavfilter7_110-4.4-150400.3.27.1
* libpostproc55_9-4.4-150400.3.27.1
* ffmpeg-4-libavformat-devel-4.4-150400.3.27.1
* ffmpeg-4-libavresample-devel-4.4-150400.3.27.1
* ffmpeg-4-libavutil-devel-4.4-150400.3.27.1
* libavresample4_0-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-libavdevice-devel-4.4-150400.3.27.1
* libswscale5_9-debuginfo-4.4-150400.3.27.1
* libavformat58_76-4.4-150400.3.27.1
* ffmpeg-4-libavcodec-devel-4.4-150400.3.27.1
* libavformat58_76-debuginfo-4.4-150400.3.27.1
* openSUSE Leap 15.4 (x86_64)
* libavfilter7_110-32bit-debuginfo-4.4-150400.3.27.1
* libavcodec58_134-32bit-debuginfo-4.4-150400.3.27.1
* libavfilter7_110-32bit-4.4-150400.3.27.1
* libpostproc55_9-32bit-debuginfo-4.4-150400.3.27.1
* libavutil56_70-32bit-4.4-150400.3.27.1
* libavformat58_76-32bit-4.4-150400.3.27.1
* libswscale5_9-32bit-4.4-150400.3.27.1
* libavresample4_0-32bit-4.4-150400.3.27.1
* libswscale5_9-32bit-debuginfo-4.4-150400.3.27.1
* libavcodec58_134-32bit-4.4-150400.3.27.1
* libavformat58_76-32bit-debuginfo-4.4-150400.3.27.1
* libavdevice58_13-32bit-debuginfo-4.4-150400.3.27.1
* libswresample3_9-32bit-debuginfo-4.4-150400.3.27.1
* libavdevice58_13-32bit-4.4-150400.3.27.1
* libswresample3_9-32bit-4.4-150400.3.27.1
* libpostproc55_9-32bit-4.4-150400.3.27.1
* libavresample4_0-32bit-debuginfo-4.4-150400.3.27.1
* libavutil56_70-32bit-debuginfo-4.4-150400.3.27.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libavfilter7_110-64bit-4.4-150400.3.27.1
* libavresample4_0-64bit-4.4-150400.3.27.1
* libavcodec58_134-64bit-debuginfo-4.4-150400.3.27.1
* libavutil56_70-64bit-4.4-150400.3.27.1
* libavdevice58_13-64bit-4.4-150400.3.27.1
* libavformat58_76-64bit-debuginfo-4.4-150400.3.27.1
* libpostproc55_9-64bit-4.4-150400.3.27.1
* libavcodec58_134-64bit-4.4-150400.3.27.1
* libswresample3_9-64bit-debuginfo-4.4-150400.3.27.1
* libavfilter7_110-64bit-debuginfo-4.4-150400.3.27.1
* libavresample4_0-64bit-debuginfo-4.4-150400.3.27.1
* libswscale5_9-64bit-4.4-150400.3.27.1
* libavformat58_76-64bit-4.4-150400.3.27.1
* libswscale5_9-64bit-debuginfo-4.4-150400.3.27.1
* libavutil56_70-64bit-debuginfo-4.4-150400.3.27.1
* libpostproc55_9-64bit-debuginfo-4.4-150400.3.27.1
* libavdevice58_13-64bit-debuginfo-4.4-150400.3.27.1
* libswresample3_9-64bit-4.4-150400.3.27.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* ffmpeg-4-libpostproc-devel-4.4-150400.3.27.1
* libavresample4_0-4.4-150400.3.27.1
* libswscale5_9-4.4-150400.3.27.1
* libavutil56_70-4.4-150400.3.27.1
* libswresample3_9-4.4-150400.3.27.1
* libavutil56_70-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-libavfilter-devel-4.4-150400.3.27.1
* ffmpeg-4-libswresample-devel-4.4-150400.3.27.1
* libavfilter7_110-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-private-devel-4.4-150400.3.27.1
* libswresample3_9-debuginfo-4.4-150400.3.27.1
* libavcodec58_134-4.4-150400.3.27.1
* libavdevice58_13-4.4-150400.3.27.1
* ffmpeg-4-4.4-150400.3.27.1
* ffmpeg-4-debuginfo-4.4-150400.3.27.1
* libavdevice58_13-debuginfo-4.4-150400.3.27.1
* libavcodec58_134-debuginfo-4.4-150400.3.27.1
* libpostproc55_9-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-debugsource-4.4-150400.3.27.1
* ffmpeg-4-libswscale-devel-4.4-150400.3.27.1
* libavfilter7_110-4.4-150400.3.27.1
* libpostproc55_9-4.4-150400.3.27.1
* ffmpeg-4-libavformat-devel-4.4-150400.3.27.1
* ffmpeg-4-libavresample-devel-4.4-150400.3.27.1
* ffmpeg-4-libavutil-devel-4.4-150400.3.27.1
* libavresample4_0-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-libavdevice-devel-4.4-150400.3.27.1
* libswscale5_9-debuginfo-4.4-150400.3.27.1
* libavformat58_76-4.4-150400.3.27.1
* ffmpeg-4-libavcodec-devel-4.4-150400.3.27.1
* libavformat58_76-debuginfo-4.4-150400.3.27.1
* openSUSE Leap 15.5 (x86_64)
* libavfilter7_110-32bit-debuginfo-4.4-150400.3.27.1
* libavcodec58_134-32bit-debuginfo-4.4-150400.3.27.1
* libavfilter7_110-32bit-4.4-150400.3.27.1
* libpostproc55_9-32bit-debuginfo-4.4-150400.3.27.1
* libavutil56_70-32bit-4.4-150400.3.27.1
* libavformat58_76-32bit-4.4-150400.3.27.1
* libswscale5_9-32bit-4.4-150400.3.27.1
* libavresample4_0-32bit-4.4-150400.3.27.1
* libswscale5_9-32bit-debuginfo-4.4-150400.3.27.1
* libavcodec58_134-32bit-4.4-150400.3.27.1
* libavformat58_76-32bit-debuginfo-4.4-150400.3.27.1
* libavdevice58_13-32bit-debuginfo-4.4-150400.3.27.1
* libswresample3_9-32bit-debuginfo-4.4-150400.3.27.1
* libavdevice58_13-32bit-4.4-150400.3.27.1
* libswresample3_9-32bit-4.4-150400.3.27.1
* libpostproc55_9-32bit-4.4-150400.3.27.1
* libavresample4_0-32bit-debuginfo-4.4-150400.3.27.1
* libavutil56_70-32bit-debuginfo-4.4-150400.3.27.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* ffmpeg-4-libpostproc-devel-4.4-150400.3.27.1
* libavresample4_0-4.4-150400.3.27.1
* libswscale5_9-4.4-150400.3.27.1
* libavutil56_70-4.4-150400.3.27.1
* libswresample3_9-4.4-150400.3.27.1
* libavutil56_70-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-libavfilter-devel-4.4-150400.3.27.1
* ffmpeg-4-libswresample-devel-4.4-150400.3.27.1
* libavfilter7_110-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-private-devel-4.4-150400.3.27.1
* libswresample3_9-debuginfo-4.4-150400.3.27.1
* libavcodec58_134-4.4-150400.3.27.1
* libavdevice58_13-4.4-150400.3.27.1
* ffmpeg-4-4.4-150400.3.27.1
* ffmpeg-4-debuginfo-4.4-150400.3.27.1
* libavdevice58_13-debuginfo-4.4-150400.3.27.1
* libavcodec58_134-debuginfo-4.4-150400.3.27.1
* libpostproc55_9-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-debugsource-4.4-150400.3.27.1
* ffmpeg-4-libswscale-devel-4.4-150400.3.27.1
* libavfilter7_110-4.4-150400.3.27.1
* libpostproc55_9-4.4-150400.3.27.1
* ffmpeg-4-libavformat-devel-4.4-150400.3.27.1
* ffmpeg-4-libavresample-devel-4.4-150400.3.27.1
* ffmpeg-4-libavutil-devel-4.4-150400.3.27.1
* libavresample4_0-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-libavdevice-devel-4.4-150400.3.27.1
* libswscale5_9-debuginfo-4.4-150400.3.27.1
* libavformat58_76-4.4-150400.3.27.1
* ffmpeg-4-libavcodec-devel-4.4-150400.3.27.1
* libavformat58_76-debuginfo-4.4-150400.3.27.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libpostproc55_9-4.4-150400.3.27.1
* ffmpeg-4-debuginfo-4.4-150400.3.27.1
* libavcodec58_134-debuginfo-4.4-150400.3.27.1
* libpostproc55_9-debuginfo-4.4-150400.3.27.1
* libswresample3_9-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-debugsource-4.4-150400.3.27.1
* libavcodec58_134-4.4-150400.3.27.1
* libavformat58_76-4.4-150400.3.27.1
* libavutil56_70-4.4-150400.3.27.1
* libswresample3_9-4.4-150400.3.27.1
* libavutil56_70-debuginfo-4.4-150400.3.27.1
* libavformat58_76-debuginfo-4.4-150400.3.27.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libpostproc55_9-4.4-150400.3.27.1
* ffmpeg-4-debuginfo-4.4-150400.3.27.1
* libavcodec58_134-debuginfo-4.4-150400.3.27.1
* libpostproc55_9-debuginfo-4.4-150400.3.27.1
* libswresample3_9-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-debugsource-4.4-150400.3.27.1
* libavcodec58_134-4.4-150400.3.27.1
* libavformat58_76-4.4-150400.3.27.1
* libavutil56_70-4.4-150400.3.27.1
* libswresample3_9-4.4-150400.3.27.1
* libavutil56_70-debuginfo-4.4-150400.3.27.1
* libavformat58_76-debuginfo-4.4-150400.3.27.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* libpostproc55_9-4.4-150400.3.27.1
* ffmpeg-4-debuginfo-4.4-150400.3.27.1
* libswscale5_9-4.4-150400.3.27.1
* libavcodec58_134-debuginfo-4.4-150400.3.27.1
* libpostproc55_9-debuginfo-4.4-150400.3.27.1
* libswscale5_9-debuginfo-4.4-150400.3.27.1
* libswresample3_9-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-debugsource-4.4-150400.3.27.1
* libavcodec58_134-4.4-150400.3.27.1
* libavformat58_76-4.4-150400.3.27.1
* libavutil56_70-4.4-150400.3.27.1
* libswresample3_9-4.4-150400.3.27.1
* libavutil56_70-debuginfo-4.4-150400.3.27.1
* libavformat58_76-debuginfo-4.4-150400.3.27.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* libpostproc55_9-4.4-150400.3.27.1
* ffmpeg-4-debuginfo-4.4-150400.3.27.1
* libavcodec58_134-debuginfo-4.4-150400.3.27.1
* libpostproc55_9-debuginfo-4.4-150400.3.27.1
* libswresample3_9-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-debugsource-4.4-150400.3.27.1
* libavcodec58_134-4.4-150400.3.27.1
* libavformat58_76-4.4-150400.3.27.1
* libavutil56_70-4.4-150400.3.27.1
* libswresample3_9-4.4-150400.3.27.1
* libavutil56_70-debuginfo-4.4-150400.3.27.1
* libavformat58_76-debuginfo-4.4-150400.3.27.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libpostproc55_9-4.4-150400.3.27.1
* ffmpeg-4-debuginfo-4.4-150400.3.27.1
* libavcodec58_134-debuginfo-4.4-150400.3.27.1
* libpostproc55_9-debuginfo-4.4-150400.3.27.1
* libswresample3_9-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-debugsource-4.4-150400.3.27.1
* libavcodec58_134-4.4-150400.3.27.1
* libavformat58_76-4.4-150400.3.27.1
* libavutil56_70-4.4-150400.3.27.1
* libswresample3_9-4.4-150400.3.27.1
* libavutil56_70-debuginfo-4.4-150400.3.27.1
* libavformat58_76-debuginfo-4.4-150400.3.27.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* ffmpeg-4-debuginfo-4.4-150400.3.27.1
* libswscale5_9-4.4-150400.3.27.1
* libavcodec58_134-debuginfo-4.4-150400.3.27.1
* libswscale5_9-debuginfo-4.4-150400.3.27.1
* libswresample3_9-debuginfo-4.4-150400.3.27.1
* ffmpeg-4-debugsource-4.4-150400.3.27.1
* libavcodec58_134-4.4-150400.3.27.1
* libavformat58_76-4.4-150400.3.27.1
* libavutil56_70-4.4-150400.3.27.1
* libswresample3_9-4.4-150400.3.27.1
* libavutil56_70-debuginfo-4.4-150400.3.27.1
* libavformat58_76-debuginfo-4.4-150400.3.27.1

## References:

* https://www.suse.com/security/cve/CVE-2023-50010.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223256

SUSE-SU-2024:1578-1: important: Security update for sssd

# Security update for sssd

Announcement ID: SUSE-SU-2024:1578-1
Rating: important
References:

* bsc#1223100

Cross-References:

* CVE-2023-3758

CVSS scores:

* CVE-2023-3758 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for sssd fixes the following issues:

* CVE-2023-3758: Fixed race condition during authorization that lead to GPO
policies functioning inconsistently (bsc#1223100)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1578=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1578=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1578=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1578=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-1578=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1578=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-1578=1

* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2024-1578=1

* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-1578=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-1578=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-1578=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-1578=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-1578=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1578=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1578=1

## Package List:

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* libipa_hbac0-2.5.2-150400.4.27.1
* sssd-dbus-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-common-debuginfo-2.5.2-150400.4.27.1
* sssd-tools-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap-devel-2.5.2-150400.4.27.1
* sssd-proxy-2.5.2-150400.4.27.1
* sssd-common-32bit-2.5.2-150400.4.27.1
* sssd-krb5-2.5.2-150400.4.27.1
* libsss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_idmap0-2.5.2-150400.4.27.1
* libsss_simpleifp0-2.5.2-150400.4.27.1
* sssd-tools-2.5.2-150400.4.27.1
* libsss_certmap-devel-2.5.2-150400.4.27.1
* sssd-ldap-debuginfo-2.5.2-150400.4.27.1
* sssd-ipa-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-debuginfo-2.5.2-150400.4.27.1
* libsss_certmap0-2.5.2-150400.4.27.1
* sssd-kcm-2.5.2-150400.4.27.1
* libipa_hbac-devel-2.5.2-150400.4.27.1
* python3-sssd-config-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp-devel-2.5.2-150400.4.27.1
* libsss_certmap0-debuginfo-2.5.2-150400.4.27.1
* python3-sssd-config-2.5.2-150400.4.27.1
* libsss_nss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap0-2.5.2-150400.4.27.1
* sssd-common-32bit-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-debuginfo-2.5.2-150400.4.27.1
* sssd-ad-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-2.5.2-150400.4.27.1
* sssd-dbus-2.5.2-150400.4.27.1
* sssd-ipa-2.5.2-150400.4.27.1
* libsss_idmap-devel-2.5.2-150400.4.27.1
* sssd-krb5-common-2.5.2-150400.4.27.1
* sssd-proxy-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp0-debuginfo-2.5.2-150400.4.27.1
* sssd-2.5.2-150400.4.27.1
* sssd-common-debuginfo-2.5.2-150400.4.27.1
* sssd-common-2.5.2-150400.4.27.1
* sssd-debugsource-2.5.2-150400.4.27.1
* sssd-ad-2.5.2-150400.4.27.1
* sssd-kcm-debuginfo-2.5.2-150400.4.27.1
* libipa_hbac0-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-2.5.2-150400.4.27.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* libipa_hbac0-2.5.2-150400.4.27.1
* sssd-dbus-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-common-debuginfo-2.5.2-150400.4.27.1
* sssd-tools-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap-devel-2.5.2-150400.4.27.1
* sssd-proxy-2.5.2-150400.4.27.1
* sssd-krb5-2.5.2-150400.4.27.1
* libsss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_idmap0-2.5.2-150400.4.27.1
* libsss_simpleifp0-2.5.2-150400.4.27.1
* sssd-tools-2.5.2-150400.4.27.1
* libsss_certmap-devel-2.5.2-150400.4.27.1
* sssd-ldap-debuginfo-2.5.2-150400.4.27.1
* sssd-ipa-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-debuginfo-2.5.2-150400.4.27.1
* libsss_certmap0-2.5.2-150400.4.27.1
* sssd-kcm-2.5.2-150400.4.27.1
* libipa_hbac-devel-2.5.2-150400.4.27.1
* python3-sssd-config-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp-devel-2.5.2-150400.4.27.1
* libsss_certmap0-debuginfo-2.5.2-150400.4.27.1
* python3-sssd-config-2.5.2-150400.4.27.1
* libsss_nss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap0-2.5.2-150400.4.27.1
* sssd-krb5-debuginfo-2.5.2-150400.4.27.1
* sssd-ad-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-2.5.2-150400.4.27.1
* sssd-dbus-2.5.2-150400.4.27.1
* sssd-ipa-2.5.2-150400.4.27.1
* libsss_idmap-devel-2.5.2-150400.4.27.1
* sssd-krb5-common-2.5.2-150400.4.27.1
* sssd-proxy-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp0-debuginfo-2.5.2-150400.4.27.1
* sssd-2.5.2-150400.4.27.1
* sssd-common-debuginfo-2.5.2-150400.4.27.1
* sssd-common-2.5.2-150400.4.27.1
* sssd-debugsource-2.5.2-150400.4.27.1
* sssd-ad-2.5.2-150400.4.27.1
* sssd-kcm-debuginfo-2.5.2-150400.4.27.1
* libipa_hbac0-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-2.5.2-150400.4.27.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (x86_64)
* sssd-common-32bit-2.5.2-150400.4.27.1
* sssd-common-32bit-debuginfo-2.5.2-150400.4.27.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libipa_hbac0-2.5.2-150400.4.27.1
* sssd-dbus-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-common-debuginfo-2.5.2-150400.4.27.1
* sssd-tools-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap-devel-2.5.2-150400.4.27.1
* sssd-proxy-2.5.2-150400.4.27.1
* sssd-krb5-2.5.2-150400.4.27.1
* libsss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_idmap0-2.5.2-150400.4.27.1
* libsss_simpleifp0-2.5.2-150400.4.27.1
* sssd-tools-2.5.2-150400.4.27.1
* libsss_certmap-devel-2.5.2-150400.4.27.1
* sssd-ldap-debuginfo-2.5.2-150400.4.27.1
* sssd-ipa-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-debuginfo-2.5.2-150400.4.27.1
* libsss_certmap0-2.5.2-150400.4.27.1
* sssd-kcm-2.5.2-150400.4.27.1
* libipa_hbac-devel-2.5.2-150400.4.27.1
* python3-sssd-config-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp-devel-2.5.2-150400.4.27.1
* libsss_certmap0-debuginfo-2.5.2-150400.4.27.1
* python3-sssd-config-2.5.2-150400.4.27.1
* libsss_nss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap0-2.5.2-150400.4.27.1
* sssd-krb5-debuginfo-2.5.2-150400.4.27.1
* sssd-ad-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-2.5.2-150400.4.27.1
* sssd-dbus-2.5.2-150400.4.27.1
* sssd-ipa-2.5.2-150400.4.27.1
* libsss_idmap-devel-2.5.2-150400.4.27.1
* sssd-krb5-common-2.5.2-150400.4.27.1
* sssd-proxy-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp0-debuginfo-2.5.2-150400.4.27.1
* sssd-2.5.2-150400.4.27.1
* sssd-common-debuginfo-2.5.2-150400.4.27.1
* sssd-common-2.5.2-150400.4.27.1
* sssd-debugsource-2.5.2-150400.4.27.1
* sssd-ad-2.5.2-150400.4.27.1
* sssd-kcm-debuginfo-2.5.2-150400.4.27.1
* libipa_hbac0-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-2.5.2-150400.4.27.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* sssd-common-32bit-2.5.2-150400.4.27.1
* sssd-common-32bit-debuginfo-2.5.2-150400.4.27.1
* SUSE Manager Proxy 4.3 (x86_64)
* libipa_hbac0-2.5.2-150400.4.27.1
* sssd-dbus-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-common-debuginfo-2.5.2-150400.4.27.1
* sssd-tools-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap-devel-2.5.2-150400.4.27.1
* sssd-proxy-2.5.2-150400.4.27.1
* sssd-common-32bit-2.5.2-150400.4.27.1
* sssd-krb5-2.5.2-150400.4.27.1
* libsss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_idmap0-2.5.2-150400.4.27.1
* libsss_simpleifp0-2.5.2-150400.4.27.1
* sssd-tools-2.5.2-150400.4.27.1
* libsss_certmap-devel-2.5.2-150400.4.27.1
* sssd-ldap-debuginfo-2.5.2-150400.4.27.1
* sssd-ipa-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-debuginfo-2.5.2-150400.4.27.1
* libsss_certmap0-2.5.2-150400.4.27.1
* sssd-kcm-2.5.2-150400.4.27.1
* libipa_hbac-devel-2.5.2-150400.4.27.1
* python3-sssd-config-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp-devel-2.5.2-150400.4.27.1
* libsss_certmap0-debuginfo-2.5.2-150400.4.27.1
* python3-sssd-config-2.5.2-150400.4.27.1
* libsss_nss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap0-2.5.2-150400.4.27.1
* sssd-common-32bit-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-debuginfo-2.5.2-150400.4.27.1
* sssd-ad-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-2.5.2-150400.4.27.1
* sssd-dbus-2.5.2-150400.4.27.1
* sssd-ipa-2.5.2-150400.4.27.1
* libsss_idmap-devel-2.5.2-150400.4.27.1
* sssd-krb5-common-2.5.2-150400.4.27.1
* sssd-proxy-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp0-debuginfo-2.5.2-150400.4.27.1
* sssd-2.5.2-150400.4.27.1
* sssd-common-debuginfo-2.5.2-150400.4.27.1
* sssd-common-2.5.2-150400.4.27.1
* sssd-debugsource-2.5.2-150400.4.27.1
* sssd-ad-2.5.2-150400.4.27.1
* sssd-kcm-debuginfo-2.5.2-150400.4.27.1
* libipa_hbac0-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-2.5.2-150400.4.27.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libipa_hbac0-2.5.2-150400.4.27.1
* sssd-dbus-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-common-debuginfo-2.5.2-150400.4.27.1
* sssd-tools-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap-devel-2.5.2-150400.4.27.1
* sssd-proxy-2.5.2-150400.4.27.1
* sssd-common-32bit-2.5.2-150400.4.27.1
* sssd-krb5-2.5.2-150400.4.27.1
* libsss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_idmap0-2.5.2-150400.4.27.1
* libsss_simpleifp0-2.5.2-150400.4.27.1
* sssd-tools-2.5.2-150400.4.27.1
* libsss_certmap-devel-2.5.2-150400.4.27.1
* sssd-ldap-debuginfo-2.5.2-150400.4.27.1
* sssd-ipa-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-debuginfo-2.5.2-150400.4.27.1
* libsss_certmap0-2.5.2-150400.4.27.1
* sssd-kcm-2.5.2-150400.4.27.1
* libipa_hbac-devel-2.5.2-150400.4.27.1
* python3-sssd-config-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp-devel-2.5.2-150400.4.27.1
* libsss_certmap0-debuginfo-2.5.2-150400.4.27.1
* python3-sssd-config-2.5.2-150400.4.27.1
* libsss_nss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap0-2.5.2-150400.4.27.1
* sssd-common-32bit-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-debuginfo-2.5.2-150400.4.27.1
* sssd-ad-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-2.5.2-150400.4.27.1
* sssd-dbus-2.5.2-150400.4.27.1
* sssd-ipa-2.5.2-150400.4.27.1
* libsss_idmap-devel-2.5.2-150400.4.27.1
* sssd-krb5-common-2.5.2-150400.4.27.1
* sssd-proxy-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp0-debuginfo-2.5.2-150400.4.27.1
* sssd-2.5.2-150400.4.27.1
* sssd-common-debuginfo-2.5.2-150400.4.27.1
* sssd-common-2.5.2-150400.4.27.1
* sssd-debugsource-2.5.2-150400.4.27.1
* sssd-ad-2.5.2-150400.4.27.1
* sssd-kcm-debuginfo-2.5.2-150400.4.27.1
* libipa_hbac0-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-2.5.2-150400.4.27.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libipa_hbac0-2.5.2-150400.4.27.1
* sssd-dbus-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-common-debuginfo-2.5.2-150400.4.27.1
* sssd-tools-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap-devel-2.5.2-150400.4.27.1
* sssd-proxy-2.5.2-150400.4.27.1
* sssd-krb5-2.5.2-150400.4.27.1
* libsss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_idmap0-2.5.2-150400.4.27.1
* libsss_simpleifp0-2.5.2-150400.4.27.1
* sssd-tools-2.5.2-150400.4.27.1
* libsss_certmap-devel-2.5.2-150400.4.27.1
* sssd-ldap-debuginfo-2.5.2-150400.4.27.1
* sssd-ipa-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-debuginfo-2.5.2-150400.4.27.1
* libsss_certmap0-2.5.2-150400.4.27.1
* sssd-kcm-2.5.2-150400.4.27.1
* libipa_hbac-devel-2.5.2-150400.4.27.1
* python3-sssd-config-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp-devel-2.5.2-150400.4.27.1
* libsss_certmap0-debuginfo-2.5.2-150400.4.27.1
* python3-sssd-config-2.5.2-150400.4.27.1
* libsss_nss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap0-2.5.2-150400.4.27.1
* sssd-krb5-debuginfo-2.5.2-150400.4.27.1
* sssd-ad-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-2.5.2-150400.4.27.1
* sssd-dbus-2.5.2-150400.4.27.1
* sssd-ipa-2.5.2-150400.4.27.1
* libsss_idmap-devel-2.5.2-150400.4.27.1
* sssd-krb5-common-2.5.2-150400.4.27.1
* sssd-proxy-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp0-debuginfo-2.5.2-150400.4.27.1
* sssd-2.5.2-150400.4.27.1
* sssd-common-debuginfo-2.5.2-150400.4.27.1
* sssd-common-2.5.2-150400.4.27.1
* sssd-debugsource-2.5.2-150400.4.27.1
* sssd-ad-2.5.2-150400.4.27.1
* sssd-kcm-debuginfo-2.5.2-150400.4.27.1
* libipa_hbac0-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-2.5.2-150400.4.27.1
* SUSE Manager Server 4.3 (x86_64)
* sssd-common-32bit-2.5.2-150400.4.27.1
* sssd-common-32bit-debuginfo-2.5.2-150400.4.27.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libipa_hbac0-2.5.2-150400.4.27.1
* python3-ipa_hbac-debuginfo-2.5.2-150400.4.27.1
* python3-sss_nss_idmap-debuginfo-2.5.2-150400.4.27.1
* sssd-dbus-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-common-debuginfo-2.5.2-150400.4.27.1
* sssd-tools-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap-devel-2.5.2-150400.4.27.1
* sssd-proxy-2.5.2-150400.4.27.1
* sssd-krb5-2.5.2-150400.4.27.1
* libsss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_idmap0-2.5.2-150400.4.27.1
* libsss_simpleifp0-2.5.2-150400.4.27.1
* sssd-tools-2.5.2-150400.4.27.1
* libsss_certmap-devel-2.5.2-150400.4.27.1
* python3-ipa_hbac-2.5.2-150400.4.27.1
* libnfsidmap-sss-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-debuginfo-2.5.2-150400.4.27.1
* sssd-ipa-debuginfo-2.5.2-150400.4.27.1
* python3-sss-murmur-2.5.2-150400.4.27.1
* python3-sss-murmur-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-debuginfo-2.5.2-150400.4.27.1
* libsss_certmap0-2.5.2-150400.4.27.1
* sssd-kcm-2.5.2-150400.4.27.1
* libipa_hbac-devel-2.5.2-150400.4.27.1
* libsss_simpleifp-devel-2.5.2-150400.4.27.1
* libsss_certmap0-debuginfo-2.5.2-150400.4.27.1
* python3-sssd-config-debuginfo-2.5.2-150400.4.27.1
* python3-sssd-config-2.5.2-150400.4.27.1
* libsss_nss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap0-2.5.2-150400.4.27.1
* sssd-krb5-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-2.5.2-150400.4.27.1
* sssd-dbus-2.5.2-150400.4.27.1
* sssd-ipa-2.5.2-150400.4.27.1
* python3-sss_nss_idmap-2.5.2-150400.4.27.1
* libsss_idmap-devel-2.5.2-150400.4.27.1
* sssd-krb5-common-2.5.2-150400.4.27.1
* sssd-proxy-debuginfo-2.5.2-150400.4.27.1
* libnfsidmap-sss-2.5.2-150400.4.27.1
* sssd-common-2.5.2-150400.4.27.1
* libsss_simpleifp0-debuginfo-2.5.2-150400.4.27.1
* sssd-2.5.2-150400.4.27.1
* sssd-common-debuginfo-2.5.2-150400.4.27.1
* sssd-ad-debuginfo-2.5.2-150400.4.27.1
* sssd-debugsource-2.5.2-150400.4.27.1
* sssd-ad-2.5.2-150400.4.27.1
* sssd-kcm-debuginfo-2.5.2-150400.4.27.1
* libipa_hbac0-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-2.5.2-150400.4.27.1
* openSUSE Leap 15.4 (x86_64)
* sssd-common-32bit-2.5.2-150400.4.27.1
* sssd-common-32bit-debuginfo-2.5.2-150400.4.27.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* sssd-common-64bit-debuginfo-2.5.2-150400.4.27.1
* sssd-common-64bit-2.5.2-150400.4.27.1
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* libsss_nss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap0-2.5.2-150400.4.27.1
* sssd-ldap-2.5.2-150400.4.27.1
* libsss_certmap0-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-debuginfo-2.5.2-150400.4.27.1
* sssd-2.5.2-150400.4.27.1
* sssd-common-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-common-debuginfo-2.5.2-150400.4.27.1
* libsss_certmap0-2.5.2-150400.4.27.1
* sssd-krb5-common-2.5.2-150400.4.27.1
* sssd-common-2.5.2-150400.4.27.1
* sssd-debugsource-2.5.2-150400.4.27.1
* libsss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_idmap0-2.5.2-150400.4.27.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* libsss_nss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap0-2.5.2-150400.4.27.1
* sssd-ldap-2.5.2-150400.4.27.1
* libsss_certmap0-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-debuginfo-2.5.2-150400.4.27.1
* sssd-2.5.2-150400.4.27.1
* sssd-common-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-common-debuginfo-2.5.2-150400.4.27.1
* libsss_certmap0-2.5.2-150400.4.27.1
* sssd-krb5-common-2.5.2-150400.4.27.1
* sssd-common-2.5.2-150400.4.27.1
* sssd-debugsource-2.5.2-150400.4.27.1
* libsss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_idmap0-2.5.2-150400.4.27.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libsss_nss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap0-2.5.2-150400.4.27.1
* sssd-ldap-2.5.2-150400.4.27.1
* libsss_certmap0-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-debuginfo-2.5.2-150400.4.27.1
* sssd-2.5.2-150400.4.27.1
* sssd-common-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-common-debuginfo-2.5.2-150400.4.27.1
* libsss_certmap0-2.5.2-150400.4.27.1
* sssd-krb5-common-2.5.2-150400.4.27.1
* sssd-common-2.5.2-150400.4.27.1
* sssd-debugsource-2.5.2-150400.4.27.1
* libsss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_idmap0-2.5.2-150400.4.27.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libsss_nss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap0-2.5.2-150400.4.27.1
* sssd-ldap-2.5.2-150400.4.27.1
* libsss_certmap0-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-debuginfo-2.5.2-150400.4.27.1
* sssd-2.5.2-150400.4.27.1
* sssd-common-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-common-debuginfo-2.5.2-150400.4.27.1
* libsss_certmap0-2.5.2-150400.4.27.1
* sssd-krb5-common-2.5.2-150400.4.27.1
* sssd-common-2.5.2-150400.4.27.1
* sssd-debugsource-2.5.2-150400.4.27.1
* libsss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_idmap0-2.5.2-150400.4.27.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libsss_nss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap0-2.5.2-150400.4.27.1
* sssd-ldap-2.5.2-150400.4.27.1
* libsss_certmap0-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-debuginfo-2.5.2-150400.4.27.1
* sssd-2.5.2-150400.4.27.1
* sssd-common-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-common-debuginfo-2.5.2-150400.4.27.1
* libsss_certmap0-2.5.2-150400.4.27.1
* sssd-krb5-common-2.5.2-150400.4.27.1
* sssd-common-2.5.2-150400.4.27.1
* sssd-debugsource-2.5.2-150400.4.27.1
* libsss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_idmap0-2.5.2-150400.4.27.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libsss_nss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap0-2.5.2-150400.4.27.1
* sssd-ldap-2.5.2-150400.4.27.1
* libsss_certmap0-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-debuginfo-2.5.2-150400.4.27.1
* sssd-2.5.2-150400.4.27.1
* sssd-common-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-common-debuginfo-2.5.2-150400.4.27.1
* libsss_certmap0-2.5.2-150400.4.27.1
* sssd-krb5-common-2.5.2-150400.4.27.1
* sssd-common-2.5.2-150400.4.27.1
* sssd-debugsource-2.5.2-150400.4.27.1
* libsss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_idmap0-2.5.2-150400.4.27.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libipa_hbac0-2.5.2-150400.4.27.1
* sssd-dbus-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-common-debuginfo-2.5.2-150400.4.27.1
* sssd-tools-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap-devel-2.5.2-150400.4.27.1
* sssd-proxy-2.5.2-150400.4.27.1
* sssd-krb5-2.5.2-150400.4.27.1
* libsss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_idmap0-2.5.2-150400.4.27.1
* libsss_simpleifp0-2.5.2-150400.4.27.1
* sssd-tools-2.5.2-150400.4.27.1
* libsss_certmap-devel-2.5.2-150400.4.27.1
* sssd-ldap-debuginfo-2.5.2-150400.4.27.1
* sssd-ipa-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-debuginfo-2.5.2-150400.4.27.1
* libsss_certmap0-2.5.2-150400.4.27.1
* sssd-kcm-2.5.2-150400.4.27.1
* libipa_hbac-devel-2.5.2-150400.4.27.1
* python3-sssd-config-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp-devel-2.5.2-150400.4.27.1
* libsss_certmap0-debuginfo-2.5.2-150400.4.27.1
* python3-sssd-config-2.5.2-150400.4.27.1
* libsss_nss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap0-2.5.2-150400.4.27.1
* sssd-krb5-debuginfo-2.5.2-150400.4.27.1
* sssd-ad-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-2.5.2-150400.4.27.1
* sssd-dbus-2.5.2-150400.4.27.1
* sssd-ipa-2.5.2-150400.4.27.1
* libsss_idmap-devel-2.5.2-150400.4.27.1
* sssd-krb5-common-2.5.2-150400.4.27.1
* sssd-proxy-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp0-debuginfo-2.5.2-150400.4.27.1
* sssd-2.5.2-150400.4.27.1
* sssd-common-debuginfo-2.5.2-150400.4.27.1
* sssd-common-2.5.2-150400.4.27.1
* sssd-debugsource-2.5.2-150400.4.27.1
* sssd-ad-2.5.2-150400.4.27.1
* sssd-kcm-debuginfo-2.5.2-150400.4.27.1
* libipa_hbac0-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-2.5.2-150400.4.27.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* sssd-common-32bit-2.5.2-150400.4.27.1
* sssd-common-32bit-debuginfo-2.5.2-150400.4.27.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libipa_hbac0-2.5.2-150400.4.27.1
* sssd-dbus-debuginfo-2.5.2-150400.4.27.1
* sssd-krb5-common-debuginfo-2.5.2-150400.4.27.1
* sssd-tools-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap-devel-2.5.2-150400.4.27.1
* sssd-proxy-2.5.2-150400.4.27.1
* sssd-krb5-2.5.2-150400.4.27.1
* libsss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_idmap0-2.5.2-150400.4.27.1
* libsss_simpleifp0-2.5.2-150400.4.27.1
* sssd-tools-2.5.2-150400.4.27.1
* libsss_certmap-devel-2.5.2-150400.4.27.1
* sssd-ldap-debuginfo-2.5.2-150400.4.27.1
* sssd-ipa-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-debuginfo-2.5.2-150400.4.27.1
* libsss_certmap0-2.5.2-150400.4.27.1
* sssd-kcm-2.5.2-150400.4.27.1
* libipa_hbac-devel-2.5.2-150400.4.27.1
* python3-sssd-config-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp-devel-2.5.2-150400.4.27.1
* libsss_certmap0-debuginfo-2.5.2-150400.4.27.1
* python3-sssd-config-2.5.2-150400.4.27.1
* libsss_nss_idmap0-debuginfo-2.5.2-150400.4.27.1
* libsss_nss_idmap0-2.5.2-150400.4.27.1
* sssd-krb5-debuginfo-2.5.2-150400.4.27.1
* sssd-ad-debuginfo-2.5.2-150400.4.27.1
* sssd-ldap-2.5.2-150400.4.27.1
* sssd-dbus-2.5.2-150400.4.27.1
* sssd-ipa-2.5.2-150400.4.27.1
* libsss_idmap-devel-2.5.2-150400.4.27.1
* sssd-krb5-common-2.5.2-150400.4.27.1
* sssd-proxy-debuginfo-2.5.2-150400.4.27.1
* libsss_simpleifp0-debuginfo-2.5.2-150400.4.27.1
* sssd-2.5.2-150400.4.27.1
* sssd-common-debuginfo-2.5.2-150400.4.27.1
* sssd-common-2.5.2-150400.4.27.1
* sssd-debugsource-2.5.2-150400.4.27.1
* sssd-ad-2.5.2-150400.4.27.1
* sssd-kcm-debuginfo-2.5.2-150400.4.27.1
* libipa_hbac0-debuginfo-2.5.2-150400.4.27.1
* sssd-winbind-idmap-2.5.2-150400.4.27.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* sssd-common-32bit-2.5.2-150400.4.27.1
* sssd-common-32bit-debuginfo-2.5.2-150400.4.27.1

## References:

* https://www.suse.com/security/cve/CVE-2023-3758.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223100

SUSE-SU-2024:1579-1: important: Security update for sssd

# Security update for sssd

Announcement ID: SUSE-SU-2024:1579-1
Rating: important
References:

* bsc#1223100

Cross-References:

* CVE-2023-3758

CVSS scores:

* CVE-2023-3758 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for sssd fixes the following issues:

* CVE-2023-3758: Fixed race condition during authorization that lead to GPO
policies functioning inconsistently (bsc#1223100)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-1579=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1579=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-1579=1 openSUSE-SLE-15.5-2024-1579=1

## Package List:

* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* libsss_idmap0-debuginfo-2.5.2-150500.10.17.1
* sssd-common-2.5.2-150500.10.17.1
* libsss_certmap0-debuginfo-2.5.2-150500.10.17.1
* sssd-krb5-common-debuginfo-2.5.2-150500.10.17.1
* sssd-ldap-2.5.2-150500.10.17.1
* sssd-debugsource-2.5.2-150500.10.17.1
* libsss_nss_idmap0-debuginfo-2.5.2-150500.10.17.1
* sssd-2.5.2-150500.10.17.1
* sssd-common-debuginfo-2.5.2-150500.10.17.1
* sssd-ldap-debuginfo-2.5.2-150500.10.17.1
* sssd-krb5-common-2.5.2-150500.10.17.1
* libsss_idmap0-2.5.2-150500.10.17.1
* libsss_certmap0-2.5.2-150500.10.17.1
* libsss_nss_idmap0-2.5.2-150500.10.17.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libsss_certmap0-debuginfo-2.5.2-150500.10.17.1
* sssd-proxy-debuginfo-2.5.2-150500.10.17.1
* libsss_nss_idmap0-debuginfo-2.5.2-150500.10.17.1
* sssd-winbind-idmap-debuginfo-2.5.2-150500.10.17.1
* libsss_idmap-devel-2.5.2-150500.10.17.1
* sssd-dbus-debuginfo-2.5.2-150500.10.17.1
* libsss_certmap0-2.5.2-150500.10.17.1
* libsss_nss_idmap0-2.5.2-150500.10.17.1
* libsss_idmap0-debuginfo-2.5.2-150500.10.17.1
* libipa_hbac-devel-2.5.2-150500.10.17.1
* libsss_simpleifp-devel-2.5.2-150500.10.17.1
* sssd-common-2.5.2-150500.10.17.1
* sssd-ipa-2.5.2-150500.10.17.1
* sssd-debugsource-2.5.2-150500.10.17.1
* sssd-ad-2.5.2-150500.10.17.1
* python3-sssd-config-2.5.2-150500.10.17.1
* libsss_certmap-devel-2.5.2-150500.10.17.1
* sssd-krb5-common-2.5.2-150500.10.17.1
* sssd-ad-debuginfo-2.5.2-150500.10.17.1
* sssd-krb5-2.5.2-150500.10.17.1
* sssd-krb5-debuginfo-2.5.2-150500.10.17.1
* sssd-tools-2.5.2-150500.10.17.1
* sssd-krb5-common-debuginfo-2.5.2-150500.10.17.1
* sssd-winbind-idmap-2.5.2-150500.10.17.1
* sssd-ipa-debuginfo-2.5.2-150500.10.17.1
* libsss_nss_idmap-devel-2.5.2-150500.10.17.1
* sssd-tools-debuginfo-2.5.2-150500.10.17.1
* python3-sssd-config-debuginfo-2.5.2-150500.10.17.1
* sssd-kcm-2.5.2-150500.10.17.1
* sssd-ldap-2.5.2-150500.10.17.1
* libsss_simpleifp0-debuginfo-2.5.2-150500.10.17.1
* sssd-dbus-2.5.2-150500.10.17.1
* sssd-proxy-2.5.2-150500.10.17.1
* sssd-2.5.2-150500.10.17.1
* sssd-common-debuginfo-2.5.2-150500.10.17.1
* sssd-ldap-debuginfo-2.5.2-150500.10.17.1
* sssd-kcm-debuginfo-2.5.2-150500.10.17.1
* libsss_simpleifp0-2.5.2-150500.10.17.1
* libsss_idmap0-2.5.2-150500.10.17.1
* libipa_hbac0-2.5.2-150500.10.17.1
* libipa_hbac0-debuginfo-2.5.2-150500.10.17.1
* Basesystem Module 15-SP5 (x86_64)
* sssd-common-32bit-2.5.2-150500.10.17.1
* sssd-common-32bit-debuginfo-2.5.2-150500.10.17.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* libsss_certmap0-debuginfo-2.5.2-150500.10.17.1
* sssd-proxy-debuginfo-2.5.2-150500.10.17.1
* libsss_nss_idmap0-debuginfo-2.5.2-150500.10.17.1
* sssd-winbind-idmap-debuginfo-2.5.2-150500.10.17.1
* libsss_idmap-devel-2.5.2-150500.10.17.1
* python3-sss_nss_idmap-2.5.2-150500.10.17.1
* sssd-dbus-debuginfo-2.5.2-150500.10.17.1
* libsss_certmap0-2.5.2-150500.10.17.1
* libsss_nss_idmap0-2.5.2-150500.10.17.1
* libsss_idmap0-debuginfo-2.5.2-150500.10.17.1
* libipa_hbac-devel-2.5.2-150500.10.17.1
* libsss_simpleifp-devel-2.5.2-150500.10.17.1
* sssd-common-2.5.2-150500.10.17.1
* sssd-ipa-2.5.2-150500.10.17.1
* python3-ipa_hbac-debuginfo-2.5.2-150500.10.17.1
* sssd-debugsource-2.5.2-150500.10.17.1
* libnfsidmap-sss-2.5.2-150500.10.17.1
* sssd-ad-2.5.2-150500.10.17.1
* python3-sssd-config-2.5.2-150500.10.17.1
* libsss_certmap-devel-2.5.2-150500.10.17.1
* sssd-krb5-common-2.5.2-150500.10.17.1
* sssd-ad-debuginfo-2.5.2-150500.10.17.1
* python3-ipa_hbac-2.5.2-150500.10.17.1
* sssd-krb5-2.5.2-150500.10.17.1
* sssd-krb5-debuginfo-2.5.2-150500.10.17.1
* sssd-tools-2.5.2-150500.10.17.1
* sssd-krb5-common-debuginfo-2.5.2-150500.10.17.1
* sssd-winbind-idmap-2.5.2-150500.10.17.1
* sssd-ipa-debuginfo-2.5.2-150500.10.17.1
* libsss_nss_idmap-devel-2.5.2-150500.10.17.1
* sssd-tools-debuginfo-2.5.2-150500.10.17.1
* python3-sssd-config-debuginfo-2.5.2-150500.10.17.1
* sssd-kcm-2.5.2-150500.10.17.1
* sssd-ldap-2.5.2-150500.10.17.1
* libsss_simpleifp0-debuginfo-2.5.2-150500.10.17.1
* sssd-dbus-2.5.2-150500.10.17.1
* sssd-proxy-2.5.2-150500.10.17.1
* libnfsidmap-sss-debuginfo-2.5.2-150500.10.17.1
* sssd-2.5.2-150500.10.17.1
* sssd-common-debuginfo-2.5.2-150500.10.17.1
* sssd-ldap-debuginfo-2.5.2-150500.10.17.1
* sssd-kcm-debuginfo-2.5.2-150500.10.17.1
* python3-sss_nss_idmap-debuginfo-2.5.2-150500.10.17.1
* libsss_simpleifp0-2.5.2-150500.10.17.1
* python3-sss-murmur-2.5.2-150500.10.17.1
* python3-sss-murmur-debuginfo-2.5.2-150500.10.17.1
* libsss_idmap0-2.5.2-150500.10.17.1
* libipa_hbac0-2.5.2-150500.10.17.1
* libipa_hbac0-debuginfo-2.5.2-150500.10.17.1
* openSUSE Leap 15.5 (x86_64)
* sssd-common-32bit-2.5.2-150500.10.17.1
* sssd-common-32bit-debuginfo-2.5.2-150500.10.17.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* sssd-common-64bit-debuginfo-2.5.2-150500.10.17.1
* sssd-common-64bit-2.5.2-150500.10.17.1

## References:

* https://www.suse.com/security/cve/CVE-2023-3758.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223100

SUSE-SU-2024:1571-1: important: Security update for python-pymongo

# Security update for python-pymongo

Announcement ID: SUSE-SU-2024:1571-1
Rating: important
References:

* bsc#1222492

Cross-References:

* CVE-2024-21506

CVSS scores:

* CVE-2024-21506 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Package Hub 15 15-SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for python-pymongo fixes the following issues:

* CVE-2024-21506: Fixed out-of-bounds read in the BSON module (bsc#1222492)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-1571=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1571=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1571=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python2-pymongo-3.11.0-150300.3.3.1
* python3-pymongo-3.11.0-150300.3.3.1
* python2-pymongo-debuginfo-3.11.0-150300.3.3.1
* python-pymongo-debugsource-3.11.0-150300.3.3.1
* python-pymongo-debuginfo-3.11.0-150300.3.3.1
* python3-pymongo-debuginfo-3.11.0-150300.3.3.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python-pymongo-debugsource-3.11.0-150300.3.3.1
* python3-pymongo-debuginfo-3.11.0-150300.3.3.1
* python3-pymongo-3.11.0-150300.3.3.1
* python-pymongo-debuginfo-3.11.0-150300.3.3.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* python-pymongo-debugsource-3.11.0-150300.3.3.1
* python3-pymongo-debuginfo-3.11.0-150300.3.3.1
* python3-pymongo-3.11.0-150300.3.3.1
* python-pymongo-debuginfo-3.11.0-150300.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-21506.html
* https://bugzilla.suse.com/show_bug.cgi?id=1222492

SUSE-SU-2024:1557-1: moderate: Security update for rpm

# Security update for rpm

Announcement ID: SUSE-SU-2024:1557-1
Rating: moderate
References:

* bsc#1189495
* bsc#1191175
* bsc#1218686

Cross-References:

* CVE-2021-3521

CVSS scores:

* CVE-2021-3521 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
* CVE-2021-3521 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products:

* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.4
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* Python 3 Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 Module 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 Module 4.3

An update that solves one vulnerability and has two security fixes can now be
installed.

## Description:

This update for rpm fixes the following issues:

Security fixes: \- CVE-2021-3521: Fixed missing subkey binding signature
checking (bsc#1191175)

Other fixes:

* accept more signature subpackets marked as critical (bsc#1218686)
* backport limit support for the autopatch macro (bsc#1189495)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1557=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1557=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1557=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-1557=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1557=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-1557=1

* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2024-1557=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1557=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-1557=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-1557=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-1557=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1557=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-1557=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-1557=1

* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-1557=1

* Python 3 Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-1557=1

* SUSE Manager Proxy 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-1557=1

* SUSE Manager Server 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-1557=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1557=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1557=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1557=1

## Package List:

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* rpm-4.14.3-150400.59.16.1
* python311-rpm-debuginfo-4.14.3-150400.59.16.1
* rpm-build-4.14.3-150400.59.16.1
* python311-rpm-4.14.3-150400.59.16.1
* rpm-devel-4.14.3-150400.59.16.1
* rpm-build-debuginfo-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* python-rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-debuginfo-4.14.3-150400.59.16.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (x86_64)
* rpm-32bit-4.14.3-150400.59.16.1
* rpm-32bit-debuginfo-4.14.3-150400.59.16.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* rpm-4.14.3-150400.59.16.1
* python311-rpm-debuginfo-4.14.3-150400.59.16.1
* rpm-build-4.14.3-150400.59.16.1
* python311-rpm-4.14.3-150400.59.16.1
* rpm-devel-4.14.3-150400.59.16.1
* rpm-build-debuginfo-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* python-rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-debuginfo-4.14.3-150400.59.16.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* rpm-32bit-4.14.3-150400.59.16.1
* rpm-32bit-debuginfo-4.14.3-150400.59.16.1
* SUSE Manager Proxy 4.3 (x86_64)
* rpm-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* rpm-32bit-4.14.3-150400.59.16.1
* rpm-devel-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-4.14.3-150400.59.16.1
* rpm-32bit-debuginfo-4.14.3-150400.59.16.1
* python-rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-debuginfo-4.14.3-150400.59.16.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* rpm-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* rpm-32bit-4.14.3-150400.59.16.1
* rpm-devel-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-4.14.3-150400.59.16.1
* rpm-32bit-debuginfo-4.14.3-150400.59.16.1
* python-rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-debuginfo-4.14.3-150400.59.16.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* rpm-4.14.3-150400.59.16.1
* rpm-devel-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* python-rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-debuginfo-4.14.3-150400.59.16.1
* SUSE Manager Server 4.3 (x86_64)
* rpm-32bit-4.14.3-150400.59.16.1
* rpm-32bit-debuginfo-4.14.3-150400.59.16.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* rpm-4.14.3-150400.59.16.1
* python311-rpm-debuginfo-4.14.3-150400.59.16.1
* rpm-build-4.14.3-150400.59.16.1
* python311-rpm-4.14.3-150400.59.16.1
* rpm-ndb-4.14.3-150400.59.16.1
* rpm-ndb-debugsource-4.14.3-150400.59.16.1
* rpm-build-debuginfo-4.14.3-150400.59.16.1
* rpm-devel-4.14.3-150400.59.16.1
* rpm-ndb-debuginfo-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-4.14.3-150400.59.16.1
* rpm-imaevmsign-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* python-rpm-debugsource-4.14.3-150400.59.16.1
* rpm-imaevmsign-debuginfo-4.14.3-150400.59.16.1
* python3-rpm-debuginfo-4.14.3-150400.59.16.1
* openSUSE Leap 15.4 (x86_64)
* rpm-ndb-32bit-debuginfo-4.14.3-150400.59.16.1
* rpm-32bit-4.14.3-150400.59.16.1
* rpm-ndb-32bit-4.14.3-150400.59.16.1
* rpm-32bit-debuginfo-4.14.3-150400.59.16.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* rpm-64bit-4.14.3-150400.59.16.1
* rpm-64bit-debuginfo-4.14.3-150400.59.16.1
* rpm-ndb-64bit-4.14.3-150400.59.16.1
* rpm-ndb-64bit-debuginfo-4.14.3-150400.59.16.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* rpm-4.14.3-150400.59.16.1
* rpm-ndb-4.14.3-150400.59.16.1
* rpm-ndb-debugsource-4.14.3-150400.59.16.1
* rpm-ndb-debuginfo-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* python-rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-debuginfo-4.14.3-150400.59.16.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* rpm-4.14.3-150400.59.16.1
* python311-rpm-debuginfo-4.14.3-150400.59.16.1
* rpm-build-4.14.3-150400.59.16.1
* python311-rpm-4.14.3-150400.59.16.1
* rpm-devel-4.14.3-150400.59.16.1
* rpm-ndb-4.14.3-150400.59.16.1
* rpm-build-debuginfo-4.14.3-150400.59.16.1
* rpm-ndb-debugsource-4.14.3-150400.59.16.1
* rpm-ndb-debuginfo-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* python-rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-debuginfo-4.14.3-150400.59.16.1
* openSUSE Leap 15.5 (x86_64)
* rpm-ndb-32bit-debuginfo-4.14.3-150400.59.16.1
* rpm-32bit-4.14.3-150400.59.16.1
* rpm-ndb-32bit-4.14.3-150400.59.16.1
* rpm-32bit-debuginfo-4.14.3-150400.59.16.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* rpm-4.14.3-150400.59.16.1
* rpm-ndb-4.14.3-150400.59.16.1
* rpm-ndb-debugsource-4.14.3-150400.59.16.1
* rpm-ndb-debuginfo-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* python-rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-debuginfo-4.14.3-150400.59.16.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* rpm-4.14.3-150400.59.16.1
* rpm-ndb-4.14.3-150400.59.16.1
* rpm-ndb-debugsource-4.14.3-150400.59.16.1
* rpm-ndb-debuginfo-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* python-rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-debuginfo-4.14.3-150400.59.16.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* rpm-4.14.3-150400.59.16.1
* rpm-ndb-4.14.3-150400.59.16.1
* rpm-ndb-debugsource-4.14.3-150400.59.16.1
* rpm-ndb-debuginfo-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* python-rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-debuginfo-4.14.3-150400.59.16.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* rpm-4.14.3-150400.59.16.1
* rpm-devel-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* python-rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-debuginfo-4.14.3-150400.59.16.1
* Basesystem Module 15-SP5 (x86_64)
* rpm-32bit-4.14.3-150400.59.16.1
* rpm-32bit-debuginfo-4.14.3-150400.59.16.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* rpm-build-4.14.3-150400.59.16.1
* rpm-build-debuginfo-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* rpm-ndb-debugsource-4.14.3-150400.59.16.1
* rpm-ndb-debuginfo-4.14.3-150400.59.16.1
* rpm-ndb-4.14.3-150400.59.16.1
* Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* rpm-ndb-debugsource-4.14.3-150400.59.16.1
* rpm-ndb-debuginfo-4.14.3-150400.59.16.1
* rpm-ndb-4.14.3-150400.59.16.1
* Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* python311-rpm-debuginfo-4.14.3-150400.59.16.1
* python311-rpm-4.14.3-150400.59.16.1
* SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64)
* rpm-build-4.14.3-150400.59.16.1
* rpm-build-debuginfo-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64)
* rpm-build-4.14.3-150400.59.16.1
* rpm-build-debuginfo-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* rpm-4.14.3-150400.59.16.1
* python311-rpm-debuginfo-4.14.3-150400.59.16.1
* rpm-build-4.14.3-150400.59.16.1
* python311-rpm-4.14.3-150400.59.16.1
* rpm-devel-4.14.3-150400.59.16.1
* rpm-build-debuginfo-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* python-rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-debuginfo-4.14.3-150400.59.16.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* rpm-32bit-4.14.3-150400.59.16.1
* rpm-32bit-debuginfo-4.14.3-150400.59.16.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* rpm-4.14.3-150400.59.16.1
* python311-rpm-debuginfo-4.14.3-150400.59.16.1
* rpm-build-4.14.3-150400.59.16.1
* python311-rpm-4.14.3-150400.59.16.1
* rpm-devel-4.14.3-150400.59.16.1
* rpm-build-debuginfo-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* python-rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-debuginfo-4.14.3-150400.59.16.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* rpm-32bit-4.14.3-150400.59.16.1
* rpm-32bit-debuginfo-4.14.3-150400.59.16.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* rpm-4.14.3-150400.59.16.1
* rpm-debuginfo-4.14.3-150400.59.16.1
* python311-rpm-debuginfo-4.14.3-150400.59.16.1
* rpm-build-4.14.3-150400.59.16.1
* rpm-32bit-4.14.3-150400.59.16.1
* python311-rpm-4.14.3-150400.59.16.1
* rpm-devel-4.14.3-150400.59.16.1
* rpm-build-debuginfo-4.14.3-150400.59.16.1
* rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-4.14.3-150400.59.16.1
* rpm-32bit-debuginfo-4.14.3-150400.59.16.1
* python-rpm-debugsource-4.14.3-150400.59.16.1
* python3-rpm-debuginfo-4.14.3-150400.59.16.1

## References:

* https://www.suse.com/security/cve/CVE-2021-3521.html
* https://bugzilla.suse.com/show_bug.cgi?id=1189495
* https://bugzilla.suse.com/show_bug.cgi?id=1191175
* https://bugzilla.suse.com/show_bug.cgi?id=1218686

SUSE-SU-2024:1549-1: important: Security update for sssd

# Security update for sssd

Announcement ID: SUSE-SU-2024:1549-1
Rating: important
References:

* bsc#1223100

Cross-References:

* CVE-2023-3758

CVSS scores:

* CVE-2023-3758 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves one vulnerability can now be installed.

## Description:

This update for sssd fixes the following issues:

* CVE-2023-3758: Fixed race condition during authorization that lead to GPO
policies functioning inconsistently (bsc#1223100)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-1549=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1549=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1549=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1549=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-1549=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-1549=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1549=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1549=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python3-sss_nss_idmap-1.16.1-150300.23.43.1
* sssd-krb5-common-1.16.1-150300.23.43.1
* sssd-wbclient-1.16.1-150300.23.43.1
* libsss_nss_idmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-ad-debuginfo-1.16.1-150300.23.43.1
* python3-sssd-config-1.16.1-150300.23.43.1
* libsss_certmap-devel-1.16.1-150300.23.43.1
* python3-sss-murmur-1.16.1-150300.23.43.1
* libsss_certmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-dbus-1.16.1-150300.23.43.1
* sssd-krb5-common-debuginfo-1.16.1-150300.23.43.1
* sssd-dbus-debuginfo-1.16.1-150300.23.43.1
* sssd-wbclient-devel-1.16.1-150300.23.43.1
* sssd-winbind-idmap-1.16.1-150300.23.43.1
* python3-sss_nss_idmap-debuginfo-1.16.1-150300.23.43.1
* libipa_hbac0-1.16.1-150300.23.43.1
* sssd-krb5-debuginfo-1.16.1-150300.23.43.1
* libipa_hbac0-debuginfo-1.16.1-150300.23.43.1
* libsss_certmap0-1.16.1-150300.23.43.1
* sssd-winbind-idmap-debuginfo-1.16.1-150300.23.43.1
* sssd-ipa-1.16.1-150300.23.43.1
* libsss_simpleifp0-debuginfo-1.16.1-150300.23.43.1
* libsss_simpleifp-devel-1.16.1-150300.23.43.1
* libnfsidmap-sss-1.16.1-150300.23.43.1
* sssd-ad-1.16.1-150300.23.43.1
* sssd-proxy-1.16.1-150300.23.43.1
* libsss_nss_idmap0-1.16.1-150300.23.43.1
* libsss_idmap0-1.16.1-150300.23.43.1
* libsss_idmap-devel-1.16.1-150300.23.43.1
* sssd-proxy-debuginfo-1.16.1-150300.23.43.1
* sssd-tools-debuginfo-1.16.1-150300.23.43.1
* python3-sssd-config-debuginfo-1.16.1-150300.23.43.1
* python3-sss-murmur-debuginfo-1.16.1-150300.23.43.1
* sssd-1.16.1-150300.23.43.1
* libsss_idmap0-debuginfo-1.16.1-150300.23.43.1
* libipa_hbac-devel-1.16.1-150300.23.43.1
* python3-ipa_hbac-debuginfo-1.16.1-150300.23.43.1
* sssd-krb5-1.16.1-150300.23.43.1
* sssd-ldap-debuginfo-1.16.1-150300.23.43.1
* python3-ipa_hbac-1.16.1-150300.23.43.1
* sssd-common-debuginfo-1.16.1-150300.23.43.1
* sssd-debugsource-1.16.1-150300.23.43.1
* libsss_nss_idmap-devel-1.16.1-150300.23.43.1
* sssd-ipa-debuginfo-1.16.1-150300.23.43.1
* libnfsidmap-sss-debuginfo-1.16.1-150300.23.43.1
* sssd-common-1.16.1-150300.23.43.1
* sssd-wbclient-debuginfo-1.16.1-150300.23.43.1
* sssd-ldap-1.16.1-150300.23.43.1
* sssd-tools-1.16.1-150300.23.43.1
* libsss_simpleifp0-1.16.1-150300.23.43.1
* openSUSE Leap 15.3 (x86_64)
* sssd-common-32bit-1.16.1-150300.23.43.1
* sssd-common-32bit-debuginfo-1.16.1-150300.23.43.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* sssd-common-64bit-debuginfo-1.16.1-150300.23.43.1
* sssd-common-64bit-1.16.1-150300.23.43.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* sssd-krb5-common-1.16.1-150300.23.43.1
* libsss_nss_idmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-ad-debuginfo-1.16.1-150300.23.43.1
* python3-sssd-config-1.16.1-150300.23.43.1
* libsss_certmap-devel-1.16.1-150300.23.43.1
* sssd-krb5-common-debuginfo-1.16.1-150300.23.43.1
* libsss_certmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-dbus-1.16.1-150300.23.43.1
* sssd-dbus-debuginfo-1.16.1-150300.23.43.1
* sssd-winbind-idmap-1.16.1-150300.23.43.1
* libipa_hbac0-1.16.1-150300.23.43.1
* sssd-krb5-debuginfo-1.16.1-150300.23.43.1
* libipa_hbac0-debuginfo-1.16.1-150300.23.43.1
* libsss_certmap0-1.16.1-150300.23.43.1
* sssd-winbind-idmap-debuginfo-1.16.1-150300.23.43.1
* sssd-ipa-1.16.1-150300.23.43.1
* libsss_simpleifp0-debuginfo-1.16.1-150300.23.43.1
* libsss_simpleifp-devel-1.16.1-150300.23.43.1
* sssd-ad-1.16.1-150300.23.43.1
* sssd-proxy-1.16.1-150300.23.43.1
* libsss_nss_idmap0-1.16.1-150300.23.43.1
* libsss_idmap0-1.16.1-150300.23.43.1
* libsss_idmap-devel-1.16.1-150300.23.43.1
* sssd-proxy-debuginfo-1.16.1-150300.23.43.1
* sssd-tools-debuginfo-1.16.1-150300.23.43.1
* python3-sssd-config-debuginfo-1.16.1-150300.23.43.1
* sssd-1.16.1-150300.23.43.1
* libsss_idmap0-debuginfo-1.16.1-150300.23.43.1
* libipa_hbac-devel-1.16.1-150300.23.43.1
* sssd-krb5-1.16.1-150300.23.43.1
* sssd-ldap-debuginfo-1.16.1-150300.23.43.1
* sssd-common-debuginfo-1.16.1-150300.23.43.1
* sssd-debugsource-1.16.1-150300.23.43.1
* libsss_nss_idmap-devel-1.16.1-150300.23.43.1
* sssd-ipa-debuginfo-1.16.1-150300.23.43.1
* sssd-common-1.16.1-150300.23.43.1
* sssd-ldap-1.16.1-150300.23.43.1
* sssd-tools-1.16.1-150300.23.43.1
* libsss_simpleifp0-1.16.1-150300.23.43.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* sssd-common-32bit-1.16.1-150300.23.43.1
* sssd-common-32bit-debuginfo-1.16.1-150300.23.43.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* sssd-krb5-common-1.16.1-150300.23.43.1
* libsss_nss_idmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-ad-debuginfo-1.16.1-150300.23.43.1
* python3-sssd-config-1.16.1-150300.23.43.1
* libsss_certmap-devel-1.16.1-150300.23.43.1
* sssd-krb5-common-debuginfo-1.16.1-150300.23.43.1
* libsss_certmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-dbus-1.16.1-150300.23.43.1
* sssd-dbus-debuginfo-1.16.1-150300.23.43.1
* sssd-winbind-idmap-1.16.1-150300.23.43.1
* libipa_hbac0-1.16.1-150300.23.43.1
* sssd-krb5-debuginfo-1.16.1-150300.23.43.1
* libipa_hbac0-debuginfo-1.16.1-150300.23.43.1
* libsss_certmap0-1.16.1-150300.23.43.1
* sssd-winbind-idmap-debuginfo-1.16.1-150300.23.43.1
* sssd-ipa-1.16.1-150300.23.43.1
* libsss_simpleifp0-debuginfo-1.16.1-150300.23.43.1
* libsss_simpleifp-devel-1.16.1-150300.23.43.1
* sssd-ad-1.16.1-150300.23.43.1
* sssd-proxy-1.16.1-150300.23.43.1
* libsss_nss_idmap0-1.16.1-150300.23.43.1
* libsss_idmap0-1.16.1-150300.23.43.1
* libsss_idmap-devel-1.16.1-150300.23.43.1
* sssd-proxy-debuginfo-1.16.1-150300.23.43.1
* sssd-tools-debuginfo-1.16.1-150300.23.43.1
* python3-sssd-config-debuginfo-1.16.1-150300.23.43.1
* sssd-1.16.1-150300.23.43.1
* libsss_idmap0-debuginfo-1.16.1-150300.23.43.1
* libipa_hbac-devel-1.16.1-150300.23.43.1
* sssd-krb5-1.16.1-150300.23.43.1
* sssd-ldap-debuginfo-1.16.1-150300.23.43.1
* sssd-common-debuginfo-1.16.1-150300.23.43.1
* sssd-debugsource-1.16.1-150300.23.43.1
* libsss_nss_idmap-devel-1.16.1-150300.23.43.1
* sssd-ipa-debuginfo-1.16.1-150300.23.43.1
* sssd-common-1.16.1-150300.23.43.1
* sssd-ldap-1.16.1-150300.23.43.1
* sssd-tools-1.16.1-150300.23.43.1
* libsss_simpleifp0-1.16.1-150300.23.43.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64)
* sssd-common-32bit-1.16.1-150300.23.43.1
* sssd-common-32bit-debuginfo-1.16.1-150300.23.43.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* sssd-krb5-common-1.16.1-150300.23.43.1
* libsss_nss_idmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-ad-debuginfo-1.16.1-150300.23.43.1
* python3-sssd-config-1.16.1-150300.23.43.1
* libsss_certmap-devel-1.16.1-150300.23.43.1
* sssd-krb5-common-debuginfo-1.16.1-150300.23.43.1
* libsss_certmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-dbus-1.16.1-150300.23.43.1
* sssd-dbus-debuginfo-1.16.1-150300.23.43.1
* sssd-winbind-idmap-1.16.1-150300.23.43.1
* libipa_hbac0-1.16.1-150300.23.43.1
* sssd-krb5-debuginfo-1.16.1-150300.23.43.1
* libipa_hbac0-debuginfo-1.16.1-150300.23.43.1
* libsss_certmap0-1.16.1-150300.23.43.1
* sssd-winbind-idmap-debuginfo-1.16.1-150300.23.43.1
* sssd-ipa-1.16.1-150300.23.43.1
* libsss_simpleifp0-debuginfo-1.16.1-150300.23.43.1
* libsss_simpleifp-devel-1.16.1-150300.23.43.1
* sssd-ad-1.16.1-150300.23.43.1
* sssd-proxy-1.16.1-150300.23.43.1
* libsss_nss_idmap0-1.16.1-150300.23.43.1
* libsss_idmap0-1.16.1-150300.23.43.1
* libsss_idmap-devel-1.16.1-150300.23.43.1
* sssd-proxy-debuginfo-1.16.1-150300.23.43.1
* sssd-tools-debuginfo-1.16.1-150300.23.43.1
* python3-sssd-config-debuginfo-1.16.1-150300.23.43.1
* sssd-1.16.1-150300.23.43.1
* libsss_idmap0-debuginfo-1.16.1-150300.23.43.1
* libipa_hbac-devel-1.16.1-150300.23.43.1
* sssd-krb5-1.16.1-150300.23.43.1
* sssd-ldap-debuginfo-1.16.1-150300.23.43.1
* sssd-common-debuginfo-1.16.1-150300.23.43.1
* sssd-debugsource-1.16.1-150300.23.43.1
* libsss_nss_idmap-devel-1.16.1-150300.23.43.1
* sssd-ipa-debuginfo-1.16.1-150300.23.43.1
* sssd-common-1.16.1-150300.23.43.1
* sssd-ldap-1.16.1-150300.23.43.1
* sssd-tools-1.16.1-150300.23.43.1
* libsss_simpleifp0-1.16.1-150300.23.43.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* sssd-common-32bit-1.16.1-150300.23.43.1
* sssd-common-32bit-debuginfo-1.16.1-150300.23.43.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* sssd-krb5-common-1.16.1-150300.23.43.1
* libsss_nss_idmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-ad-debuginfo-1.16.1-150300.23.43.1
* python3-sssd-config-1.16.1-150300.23.43.1
* libsss_certmap-devel-1.16.1-150300.23.43.1
* sssd-krb5-common-debuginfo-1.16.1-150300.23.43.1
* libsss_certmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-dbus-1.16.1-150300.23.43.1
* sssd-dbus-debuginfo-1.16.1-150300.23.43.1
* sssd-winbind-idmap-1.16.1-150300.23.43.1
* libipa_hbac0-1.16.1-150300.23.43.1
* sssd-krb5-debuginfo-1.16.1-150300.23.43.1
* libipa_hbac0-debuginfo-1.16.1-150300.23.43.1
* libsss_certmap0-1.16.1-150300.23.43.1
* sssd-winbind-idmap-debuginfo-1.16.1-150300.23.43.1
* sssd-ipa-1.16.1-150300.23.43.1
* libsss_simpleifp0-debuginfo-1.16.1-150300.23.43.1
* libsss_simpleifp-devel-1.16.1-150300.23.43.1
* sssd-ad-1.16.1-150300.23.43.1
* sssd-proxy-1.16.1-150300.23.43.1
* libsss_nss_idmap0-1.16.1-150300.23.43.1
* libsss_idmap0-1.16.1-150300.23.43.1
* libsss_idmap-devel-1.16.1-150300.23.43.1
* sssd-proxy-debuginfo-1.16.1-150300.23.43.1
* sssd-tools-debuginfo-1.16.1-150300.23.43.1
* python3-sssd-config-debuginfo-1.16.1-150300.23.43.1
* sssd-1.16.1-150300.23.43.1
* libsss_idmap0-debuginfo-1.16.1-150300.23.43.1
* libipa_hbac-devel-1.16.1-150300.23.43.1
* sssd-krb5-1.16.1-150300.23.43.1
* sssd-ldap-debuginfo-1.16.1-150300.23.43.1
* sssd-common-debuginfo-1.16.1-150300.23.43.1
* sssd-debugsource-1.16.1-150300.23.43.1
* libsss_nss_idmap-devel-1.16.1-150300.23.43.1
* sssd-ipa-debuginfo-1.16.1-150300.23.43.1
* sssd-common-1.16.1-150300.23.43.1
* sssd-ldap-1.16.1-150300.23.43.1
* sssd-tools-1.16.1-150300.23.43.1
* libsss_simpleifp0-1.16.1-150300.23.43.1
* SUSE Enterprise Storage 7.1 (x86_64)
* sssd-common-32bit-1.16.1-150300.23.43.1
* sssd-common-32bit-debuginfo-1.16.1-150300.23.43.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* libsss_idmap0-1.16.1-150300.23.43.1
* libsss_certmap0-1.16.1-150300.23.43.1
* sssd-krb5-common-1.16.1-150300.23.43.1
* libsss_nss_idmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-ldap-debuginfo-1.16.1-150300.23.43.1
* sssd-common-debuginfo-1.16.1-150300.23.43.1
* sssd-debugsource-1.16.1-150300.23.43.1
* sssd-krb5-common-debuginfo-1.16.1-150300.23.43.1
* libsss_certmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-1.16.1-150300.23.43.1
* sssd-common-1.16.1-150300.23.43.1
* sssd-ldap-1.16.1-150300.23.43.1
* libsss_idmap0-debuginfo-1.16.1-150300.23.43.1
* libsss_nss_idmap0-1.16.1-150300.23.43.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libsss_idmap0-1.16.1-150300.23.43.1
* libsss_certmap0-1.16.1-150300.23.43.1
* sssd-krb5-common-1.16.1-150300.23.43.1
* libsss_nss_idmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-ldap-debuginfo-1.16.1-150300.23.43.1
* sssd-common-debuginfo-1.16.1-150300.23.43.1
* sssd-debugsource-1.16.1-150300.23.43.1
* sssd-krb5-common-debuginfo-1.16.1-150300.23.43.1
* libsss_certmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-1.16.1-150300.23.43.1
* sssd-common-1.16.1-150300.23.43.1
* sssd-ldap-1.16.1-150300.23.43.1
* libsss_idmap0-debuginfo-1.16.1-150300.23.43.1
* libsss_nss_idmap0-1.16.1-150300.23.43.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libsss_idmap0-1.16.1-150300.23.43.1
* libsss_certmap0-1.16.1-150300.23.43.1
* sssd-krb5-common-1.16.1-150300.23.43.1
* libsss_nss_idmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-ldap-debuginfo-1.16.1-150300.23.43.1
* sssd-common-debuginfo-1.16.1-150300.23.43.1
* sssd-debugsource-1.16.1-150300.23.43.1
* sssd-krb5-common-debuginfo-1.16.1-150300.23.43.1
* libsss_certmap0-debuginfo-1.16.1-150300.23.43.1
* sssd-1.16.1-150300.23.43.1
* sssd-common-1.16.1-150300.23.43.1
* sssd-ldap-1.16.1-150300.23.43.1
* libsss_idmap0-debuginfo-1.16.1-150300.23.43.1
* libsss_nss_idmap0-1.16.1-150300.23.43.1

## References:

* https://www.suse.com/security/cve/CVE-2023-3758.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223100

SUSE-SU-2024:1539-1: moderate: Security update for bouncycastle

# Security update for bouncycastle

Announcement ID: SUSE-SU-2024:1539-1
Rating: moderate
References:

* bsc#1223252

Cross-References:

* CVE-2024-30171

CVSS scores:

* CVE-2024-30171 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* Development Tools Module 15-SP5
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for bouncycastle fixes the following issues:

Update to version 1.78.1, including fixes for:

* CVE-2024-30171: Fixed timing side-channel attacks against RSA decryption
(both PKCS#1v1.5 and OAEP). (bsc#1223252)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1539=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-1539=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1539=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1539=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1539=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1539=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1539=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1539=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1539=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1539=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1539=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1539=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1539=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-1539=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* bouncycastle-mail-1.78.1-150200.3.29.1
* bouncycastle-tls-1.78.1-150200.3.29.1
* bouncycastle-jmail-1.78.1-150200.3.29.1
* bouncycastle-pg-1.78.1-150200.3.29.1
* bouncycastle-javadoc-1.78.1-150200.3.29.1
* bouncycastle-util-1.78.1-150200.3.29.1
* bouncycastle-pkix-1.78.1-150200.3.29.1
* bouncycastle-1.78.1-150200.3.29.1
* Development Tools Module 15-SP5 (noarch)
* bouncycastle-pg-1.78.1-150200.3.29.1
* bouncycastle-pkix-1.78.1-150200.3.29.1
* bouncycastle-1.78.1-150200.3.29.1
* bouncycastle-util-1.78.1-150200.3.29.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* bouncycastle-pg-1.78.1-150200.3.29.1
* bouncycastle-pkix-1.78.1-150200.3.29.1
* bouncycastle-1.78.1-150200.3.29.1
* bouncycastle-util-1.78.1-150200.3.29.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* bouncycastle-pg-1.78.1-150200.3.29.1
* bouncycastle-pkix-1.78.1-150200.3.29.1
* bouncycastle-1.78.1-150200.3.29.1
* bouncycastle-util-1.78.1-150200.3.29.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* bouncycastle-pg-1.78.1-150200.3.29.1
* bouncycastle-pkix-1.78.1-150200.3.29.1
* bouncycastle-1.78.1-150200.3.29.1
* bouncycastle-util-1.78.1-150200.3.29.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* bouncycastle-pg-1.78.1-150200.3.29.1
* bouncycastle-pkix-1.78.1-150200.3.29.1
* bouncycastle-1.78.1-150200.3.29.1
* bouncycastle-util-1.78.1-150200.3.29.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
* bouncycastle-pg-1.78.1-150200.3.29.1
* bouncycastle-pkix-1.78.1-150200.3.29.1
* bouncycastle-1.78.1-150200.3.29.1
* bouncycastle-util-1.78.1-150200.3.29.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* bouncycastle-pg-1.78.1-150200.3.29.1
* bouncycastle-pkix-1.78.1-150200.3.29.1
* bouncycastle-1.78.1-150200.3.29.1
* bouncycastle-util-1.78.1-150200.3.29.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* bouncycastle-pg-1.78.1-150200.3.29.1
* bouncycastle-pkix-1.78.1-150200.3.29.1
* bouncycastle-1.78.1-150200.3.29.1
* bouncycastle-util-1.78.1-150200.3.29.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* bouncycastle-pg-1.78.1-150200.3.29.1
* bouncycastle-pkix-1.78.1-150200.3.29.1
* bouncycastle-1.78.1-150200.3.29.1
* bouncycastle-util-1.78.1-150200.3.29.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* bouncycastle-pg-1.78.1-150200.3.29.1
* bouncycastle-pkix-1.78.1-150200.3.29.1
* bouncycastle-1.78.1-150200.3.29.1
* bouncycastle-util-1.78.1-150200.3.29.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* bouncycastle-pg-1.78.1-150200.3.29.1
* bouncycastle-pkix-1.78.1-150200.3.29.1
* bouncycastle-1.78.1-150200.3.29.1
* bouncycastle-util-1.78.1-150200.3.29.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* bouncycastle-pg-1.78.1-150200.3.29.1
* bouncycastle-pkix-1.78.1-150200.3.29.1
* bouncycastle-1.78.1-150200.3.29.1
* bouncycastle-util-1.78.1-150200.3.29.1
* SUSE Enterprise Storage 7.1 (noarch)
* bouncycastle-pg-1.78.1-150200.3.29.1
* bouncycastle-pkix-1.78.1-150200.3.29.1
* bouncycastle-1.78.1-150200.3.29.1
* bouncycastle-util-1.78.1-150200.3.29.1

## References:

* https://www.suse.com/security/cve/CVE-2024-30171.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223252

SUSE-SU-2024:1540-1: moderate: Security update for xen

# Security update for xen

Announcement ID: SUSE-SU-2024:1540-1
Rating: moderate
References:

* bsc#1221984
* bsc#1222302
* bsc#1222453

Cross-References:

* CVE-2023-46842
* CVE-2024-2201
* CVE-2024-31142

CVSS scores:

* CVE-2023-46842 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-2201 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-31142 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2

An update that solves three vulnerabilities can now be installed.

## Description:

This update for xen fixes the following issues:

* CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456,
bsc#1222453)
* CVE-2023-46842: HVM hypercalls may trigger Xen bug check (XSA-454,
bsc#1221984)
* CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455,
bsc#1222302)

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-1540=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-1540=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1540=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1540=1

## Package List:

* openSUSE Leap 15.3 (aarch64 x86_64 i586)
* xen-debugsource-4.14.6_14-150300.3.72.1
* xen-tools-domU-4.14.6_14-150300.3.72.1
* xen-libs-debuginfo-4.14.6_14-150300.3.72.1
* xen-devel-4.14.6_14-150300.3.72.1
* xen-tools-domU-debuginfo-4.14.6_14-150300.3.72.1
* xen-libs-4.14.6_14-150300.3.72.1
* openSUSE Leap 15.3 (x86_64)
* xen-libs-32bit-4.14.6_14-150300.3.72.1
* xen-libs-32bit-debuginfo-4.14.6_14-150300.3.72.1
* openSUSE Leap 15.3 (aarch64 x86_64)
* xen-tools-debuginfo-4.14.6_14-150300.3.72.1
* xen-doc-html-4.14.6_14-150300.3.72.1
* xen-tools-4.14.6_14-150300.3.72.1
* xen-4.14.6_14-150300.3.72.1
* openSUSE Leap 15.3 (noarch)
* xen-tools-xendomains-wait-disk-4.14.6_14-150300.3.72.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* xen-libs-64bit-debuginfo-4.14.6_14-150300.3.72.1
* xen-libs-64bit-4.14.6_14-150300.3.72.1
* SUSE Linux Enterprise Micro 5.1 (x86_64)
* xen-debugsource-4.14.6_14-150300.3.72.1
* xen-libs-debuginfo-4.14.6_14-150300.3.72.1
* xen-libs-4.14.6_14-150300.3.72.1
* SUSE Linux Enterprise Micro 5.2 (x86_64)
* xen-debugsource-4.14.6_14-150300.3.72.1
* xen-libs-debuginfo-4.14.6_14-150300.3.72.1
* xen-libs-4.14.6_14-150300.3.72.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)
* xen-debugsource-4.14.6_14-150300.3.72.1
* xen-libs-debuginfo-4.14.6_14-150300.3.72.1
* xen-libs-4.14.6_14-150300.3.72.1

## References:

* https://www.suse.com/security/cve/CVE-2023-46842.html
* https://www.suse.com/security/cve/CVE-2024-2201.html
* https://www.suse.com/security/cve/CVE-2024-31142.html
* https://bugzilla.suse.com/show_bug.cgi?id=1221984
* https://bugzilla.suse.com/show_bug.cgi?id=1222302
* https://bugzilla.suse.com/show_bug.cgi?id=1222453

SUSE-SU-2024:1535-1: important: Security update for flatpak

# Security update for flatpak

Announcement ID: SUSE-SU-2024:1535-1
Rating: important
References:

* bsc#1223110

Cross-References:

* CVE-2024-32462

CVSS scores:

* CVE-2024-32462 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for flatpak fixes the following issues:

* CVE-2024-32462: Fixed arbitrary code execution outside sandbox via malicious
app due to insufficient 'command' argument sanitization (bsc#1223110)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-1535=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1535=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1535=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1535=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1535=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1535=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libflatpak0-1.12.8-150400.3.6.1
* flatpak-zsh-completion-1.12.8-150400.3.6.1
* flatpak-debugsource-1.12.8-150400.3.6.1
* typelib-1_0-Flatpak-1_0-1.12.8-150400.3.6.1
* system-user-flatpak-1.12.8-150400.3.6.1
* flatpak-devel-1.12.8-150400.3.6.1
* flatpak-debuginfo-1.12.8-150400.3.6.1
* flatpak-1.12.8-150400.3.6.1
* libflatpak0-debuginfo-1.12.8-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libflatpak0-1.12.8-150400.3.6.1
* flatpak-zsh-completion-1.12.8-150400.3.6.1
* flatpak-debugsource-1.12.8-150400.3.6.1
* typelib-1_0-Flatpak-1_0-1.12.8-150400.3.6.1
* system-user-flatpak-1.12.8-150400.3.6.1
* flatpak-devel-1.12.8-150400.3.6.1
* flatpak-debuginfo-1.12.8-150400.3.6.1
* flatpak-1.12.8-150400.3.6.1
* libflatpak0-debuginfo-1.12.8-150400.3.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libflatpak0-1.12.8-150400.3.6.1
* flatpak-zsh-completion-1.12.8-150400.3.6.1
* flatpak-debugsource-1.12.8-150400.3.6.1
* typelib-1_0-Flatpak-1_0-1.12.8-150400.3.6.1
* system-user-flatpak-1.12.8-150400.3.6.1
* flatpak-devel-1.12.8-150400.3.6.1
* flatpak-debuginfo-1.12.8-150400.3.6.1
* flatpak-1.12.8-150400.3.6.1
* libflatpak0-debuginfo-1.12.8-150400.3.6.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* libflatpak0-1.12.8-150400.3.6.1
* flatpak-zsh-completion-1.12.8-150400.3.6.1
* flatpak-debugsource-1.12.8-150400.3.6.1
* typelib-1_0-Flatpak-1_0-1.12.8-150400.3.6.1
* system-user-flatpak-1.12.8-150400.3.6.1
* flatpak-devel-1.12.8-150400.3.6.1
* flatpak-debuginfo-1.12.8-150400.3.6.1
* flatpak-1.12.8-150400.3.6.1
* libflatpak0-debuginfo-1.12.8-150400.3.6.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* libflatpak0-1.12.8-150400.3.6.1
* flatpak-zsh-completion-1.12.8-150400.3.6.1
* flatpak-debugsource-1.12.8-150400.3.6.1
* typelib-1_0-Flatpak-1_0-1.12.8-150400.3.6.1
* system-user-flatpak-1.12.8-150400.3.6.1
* flatpak-devel-1.12.8-150400.3.6.1
* flatpak-debuginfo-1.12.8-150400.3.6.1
* flatpak-1.12.8-150400.3.6.1
* libflatpak0-debuginfo-1.12.8-150400.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libflatpak0-1.12.8-150400.3.6.1
* flatpak-zsh-completion-1.12.8-150400.3.6.1
* flatpak-debugsource-1.12.8-150400.3.6.1
* typelib-1_0-Flatpak-1_0-1.12.8-150400.3.6.1
* system-user-flatpak-1.12.8-150400.3.6.1
* flatpak-devel-1.12.8-150400.3.6.1
* flatpak-debuginfo-1.12.8-150400.3.6.1
* flatpak-1.12.8-150400.3.6.1
* libflatpak0-debuginfo-1.12.8-150400.3.6.1

## References:

* https://www.suse.com/security/cve/CVE-2024-32462.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223110

SUSE-SU-2024:1536-1: important: Security update for flatpak

# Security update for flatpak

Announcement ID: SUSE-SU-2024:1536-1
Rating: important
References:

* bsc#1223110

Cross-References:

* CVE-2024-32462

CVSS scores:

* CVE-2024-32462 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Affected Products:

* Desktop Applications Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for flatpak fixes the following issues:

* CVE-2024-32462: Fixed arbitrary code execution outside sandbox via malicious
app due to insufficient 'command' argument sanitization (bsc#1223110)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-1536=1 openSUSE-SLE-15.5-2024-1536=1

* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-1536=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1
* flatpak-debugsource-1.14.5-150500.3.9.1
* libflatpak0-debuginfo-1.14.5-150500.3.9.1
* flatpak-devel-1.14.5-150500.3.9.1
* flatpak-1.14.5-150500.3.9.1
* flatpak-debuginfo-1.14.5-150500.3.9.1
* libflatpak0-1.14.5-150500.3.9.1
* openSUSE Leap 15.5 (noarch)
* system-user-flatpak-1.14.5-150500.3.9.1
* flatpak-remote-flathub-1.14.5-150500.3.9.1
* flatpak-zsh-completion-1.14.5-150500.3.9.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* typelib-1_0-Flatpak-1_0-1.14.5-150500.3.9.1
* flatpak-debugsource-1.14.5-150500.3.9.1
* libflatpak0-debuginfo-1.14.5-150500.3.9.1
* flatpak-devel-1.14.5-150500.3.9.1
* flatpak-1.14.5-150500.3.9.1
* flatpak-debuginfo-1.14.5-150500.3.9.1
* libflatpak0-1.14.5-150500.3.9.1
* Desktop Applications Module 15-SP5 (noarch)
* system-user-flatpak-1.14.5-150500.3.9.1
* flatpak-remote-flathub-1.14.5-150500.3.9.1
* flatpak-zsh-completion-1.14.5-150500.3.9.1

## References:

* https://www.suse.com/security/cve/CVE-2024-32462.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223110