SUSE 5180 Published by

The following security updates have been released for openSUSE Leap and SUSE Linux Enterprise:

SUSE-SU-2024:3095-1: important: Security update for ucode-intel
SUSE-SU-2024:3104-1: important: Security update for bubblewrap and flatpak
SUSE-SU-2024:3091-1: important: Security update for webkit2gtk3
SUSE-SU-2024:3097-1: important: Security update for kubernetes1.28
SUSE-SU-2024:3089-1: important: Security update for go1.21-openssl
SUSE-SU-2024:3090-1: important: Security update for frr
SUSE-SU-2024:3094-1: important: Security update for kubernetes1.26
SUSE-SU-2024:3098-1: important: Security update for kubernetes1.27
SUSE-SU-2024:3105-1: moderate: Security update for openssl-3
SUSE-SU-2024:3108-1: important: Security update for frr
SUSE-SU-2024:3110-1: moderate: Security update for python-aiohttp
SUSE-SU-2024:3106-1: moderate: Security update for openssl-3
SUSE-SU-2024:3107-1: moderate: Security update for openssl-3
SUSE-SU-2024:3119-1: moderate: Security update for openssl-1_0_0
SUSE-SU-2024:3113-1: important: Security update for xen
SUSE-SU-2024:3109-1: important: Security update for webkit2gtk3
SUSE-SU-2024:3112-1: important: Security update for MozillaThunderbird
SUSE-SU-2024:3111-1: low: Security update for unbound
SUSE-SU-2024:3115-1: moderate: Security update for tiff
SUSE-SU-2024:3114-1: moderate: Security update for ffmpeg
SUSE-SU-2024:3117-1: moderate: Security update for tiff
SUSE-SU-2024:3116-1: moderate: Security update for python-WebOb
SUSE-SU-2024:3120-1: critical: Security update for buildah, docker
SUSE-SU-2024:3118-1: important: Security update for dovecot23




SUSE-SU-2024:3095-1: important: Security update for ucode-intel


# Security update for ucode-intel

Announcement ID: SUSE-SU-2024:3095-1
Rating: important
References:

* bsc#1229129

Cross-References:

* CVE-2023-42667
* CVE-2023-49141
* CVE-2024-24853
* CVE-2024-24980
* CVE-2024-25939

CVSS scores:

* CVE-2023-42667 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-42667 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-49141 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2023-49141 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2024-24853 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2024-24853 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-24980 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N
* CVE-2024-24980 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N
* CVE-2024-25939 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-25939 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP5
* Basesystem Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* openSUSE Leap Micro 5.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves five vulnerabilities can now be installed.

## Description:

This update for ucode-intel fixes the following issues:

* Intel CPU Microcode was updated to the 20240813 release (bsc#1229129)
* CVE-2024-24853: Security updates for INTEL-SA-01083
* CVE-2024-25939: Security updates for INTEL-SA-01118
* CVE-2024-24980: Security updates for INTEL-SA-01100
* CVE-2023-42667: Security updates for INTEL-SA-01038
* CVE-2023-49141: Security updates for INTEL-SA-01046 Other issues fixed:
* Update for functional issues. Refer to Intel Core Ultra Processor for
details.
* Update for functional issues. Refer to 3rd Generation Intel Xeon Processor
Scalable Family Specification Update for details.
* Update for functional issues. Refer to 3rd Generation Intel Xeon Scalable
Processors Specification Update for details.
* Update for functional issues. Refer to 2nd Generation Intel Xeon Processor
Scalable Family Specification Update for details
* Update for functional issues. Refer to Intel Xeon D-2700 Processor
Specification Update for details.
* Update for functional issues. Refer to Intel Xeon E-2300 Processor
Specification Update for details.
* Update for functional issues. Refer to 13th Generation Intel Core Processor
Specification Update for details.
* Update for functional issues. Refer to 12th Generation Intel Core Processor
Family for details.
* Update for functional issues. Refer to 11th Gen Intel Core Processor
Specification Update for details.
* Update for functional issues. Refer to 10th Gen Intel Core Processor
Families Specification Update for details.
* Update for functional issues. Refer to 10th Generation Intel Core Processor
Specification Update for details.
* Update for functional issues. Refer to 8th and 9th Generation Intel Core
Processor Family Spec Update for details.
* Update for functional issues. Refer to 8th Generation Intel Core Processor
Families Specification Update for details.
* Update for functional issues. Refer to 7th and 8th Generation Intel Core
Processor Specification Update for details.
* Update for functional issues. Refer to Intel Processors and Intel Core i3
N-Series for details.
* Update for functional issues. Refer to Intel Atom x6000E Series, and Intel
Pentium and Celeron N and J Series Processors for Internet of Things (IoT)
Applications for details. Updated Platforms: | Processor | Stepping |
F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| AML-Y22 | H0 | 06-8e-09/10 | 000000f4 | 000000f6 | Core Gen8 Mobile |
AML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CFL-H
| R0 | 06-9e-0d/22 | 000000fc | 00000100 | Core Gen9 Mobile | CFL-H/S | P0 |
06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 | CFL-H/S/E3 | U0 |
06-9e-0a/22 | 000000f6 | 000000f8 | Core Gen8 Desktop, Mobile, Xeon E |
CFL-S | B0 | 06-9e-0b/02 | 000000f4 | 000000f6 | Core Gen8 | CFL-S | P0 |
06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Desktop | CFL-U43e | D0 |
06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile | CLX-SP | B1 |
06-55-07/bf | 05003605 | 05003707 | Xeon Scalable Gen2 | CML-H | R1 |
06-a5-02/20 | 000000fa | 000000fc | Core Gen10 Mobile | CML-S102 | Q0 |
06-a5-05/22 | 000000fa | 000000fc | Core Gen10 | CML-S62 | G1 | 06-a5-03/22
| 000000fa | 000000fc | Core Gen10 | CML-U42 | V0 | 06-8e-0c/94 | 000000fa |
000000fc | Core Gen10 Mobile | CML-U62 V1 | A0 | 06-a6-00/80 | 000000fa |
000000fe | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000fa |
000000fc | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000fa |
000000fc | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002802 |
07002904 | Xeon Scalable Gen3 | EHL | B1 | 06-96-01/01 | 00000019 | 0000001a
| Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E | ICL-D
| B0 | 06-6c-01/10 | 01000290 | 010002b0 | Xeon D-17xx, D-27xx | ICL-U/Y |
D1 | 06-7e-05/80 | 000000c4 | 000000c6 | Core Gen10 Mobile | ICX-SP | Dx/M1
| 06-6a-06/87 | 0d0003d1 | 0d0003e7 | Xeon Scalable Gen3 | KBL-R U | Y0 |
06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile | KBL-U23e | J1 |
06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile | KBL-U/Y | H0 |
06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile | MTL | C-0 |
06-aa-04/e6 | 0000001c | 0000001e | Core Ultra Processor | RKL-S | B0 |
06-a7-01/02 | 0000005e | 00000062 | Core Gen11 | TGL | B0/B1 | 06-8c-01/80 |
000000b6 | 000000b8 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 |
00000050 | 00000052 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 |
00000036 | 00000038 | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 |
000000fa | 000000fc | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000f4
| 000000f6 | Core Gen8 Mobile

* update to 20240531:

* Update for functional issues. Refer to Intel Pentium Silver and Intel
Celeron Processor Specification Update
* Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver |
Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| GLK | B0 | 06-7a-01/01 | 00000040 | 00000042 | Pentium Silver N/J5xxx,
Celeron N/J4xxx

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap Micro 5.5
zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3095=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3095=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3095=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3095=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3095=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3095=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3095=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-3095=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3095=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3095=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3095=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3095=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3095=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3095=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3095=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3095=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3095=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3095=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3095=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3095=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3095=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3095=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-3095=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3095=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-3095=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-3095=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3095=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3095=1

## Package List:

* openSUSE Leap Micro 5.5 (x86_64)
* ucode-intel-20240813-150200.44.1
* openSUSE Leap 15.5 (x86_64)
* ucode-intel-20240813-150200.44.1
* openSUSE Leap 15.6 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise Micro 5.4 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* ucode-intel-20240813-150200.44.1
* Basesystem Module 15-SP5 (x86_64)
* ucode-intel-20240813-150200.44.1
* Basesystem Module 15-SP6 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Manager Proxy 4.3 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Manager Server 4.3 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Enterprise Storage 7.1 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise Micro 5.1 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise Micro 5.2 (x86_64)
* ucode-intel-20240813-150200.44.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)
* ucode-intel-20240813-150200.44.1

## References:

* https://www.suse.com/security/cve/CVE-2023-42667.html
* https://www.suse.com/security/cve/CVE-2023-49141.html
* https://www.suse.com/security/cve/CVE-2024-24853.html
* https://www.suse.com/security/cve/CVE-2024-24980.html
* https://www.suse.com/security/cve/CVE-2024-25939.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229129



SUSE-SU-2024:3104-1: important: Security update for bubblewrap and flatpak


# Security update for bubblewrap and flatpak

Announcement ID: SUSE-SU-2024:3104-1
Rating: important
References:

* bsc#1229157

Cross-References:

* CVE-2024-42472

CVSS scores:

* CVE-2024-42472 ( SUSE ): 9.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
* CVE-2024-42472 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Affected Products:

* Basesystem Module 15-SP5
* Basesystem Module 15-SP6
* Desktop Applications Module 15-SP5
* Desktop Applications Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for bubblewrap and flatpak fixes the following issues:

* CVE-2024-42472: Fixed access to files outside sandbox for apps using
persistent (bsc#1229157)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3104=1 openSUSE-SLE-15.5-2024-3104=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3104=1 openSUSE-SLE-15.6-2024-3104=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3104=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3104=1

* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-3104=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-3104=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* flatpak-1.14.5-150500.3.12.1
* flatpak-debuginfo-1.14.5-150500.3.12.1
* bubblewrap-0.8.0-150500.3.6.1
* bubblewrap-zsh-completion-0.8.0-150500.3.6.1
* flatpak-debugsource-1.14.5-150500.3.12.1
* bubblewrap-debugsource-0.8.0-150500.3.6.1
* libflatpak0-debuginfo-1.14.5-150500.3.12.1
* flatpak-devel-1.14.5-150500.3.12.1
* typelib-1_0-Flatpak-1_0-1.14.5-150500.3.12.1
* bubblewrap-debuginfo-0.8.0-150500.3.6.1
* libflatpak0-1.14.5-150500.3.12.1
* openSUSE Leap 15.5 (noarch)
* system-user-flatpak-1.14.5-150500.3.12.1
* flatpak-remote-flathub-1.14.5-150500.3.12.1
* flatpak-zsh-completion-1.14.5-150500.3.12.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* flatpak-devel-1.14.6-150600.3.3.1
* typelib-1_0-Flatpak-1_0-1.14.6-150600.3.3.1
* flatpak-1.14.6-150600.3.3.1
* libflatpak0-debuginfo-1.14.6-150600.3.3.1
* flatpak-debuginfo-1.14.6-150600.3.3.1
* libflatpak0-1.14.6-150600.3.3.1
* flatpak-debugsource-1.14.6-150600.3.3.1
* openSUSE Leap 15.6 (noarch)
* flatpak-zsh-completion-1.14.6-150600.3.3.1
* flatpak-remote-flathub-1.14.6-150600.3.3.1
* system-user-flatpak-1.14.6-150600.3.3.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* bubblewrap-debugsource-0.8.0-150500.3.6.1
* bubblewrap-0.8.0-150500.3.6.1
* bubblewrap-debuginfo-0.8.0-150500.3.6.1
* bubblewrap-zsh-completion-0.8.0-150500.3.6.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* bubblewrap-debugsource-0.8.0-150500.3.6.1
* bubblewrap-0.8.0-150500.3.6.1
* bubblewrap-debuginfo-0.8.0-150500.3.6.1
* bubblewrap-zsh-completion-0.8.0-150500.3.6.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* bubblewrap-debugsource-0.8.0-150500.3.6.1
* bubblewrap-0.8.0-150500.3.6.1
* bubblewrap-debuginfo-0.8.0-150500.3.6.1
* bubblewrap-zsh-completion-0.8.0-150500.3.6.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* flatpak-1.14.5-150500.3.12.1
* flatpak-debuginfo-1.14.5-150500.3.12.1
* flatpak-debugsource-1.14.5-150500.3.12.1
* libflatpak0-debuginfo-1.14.5-150500.3.12.1
* flatpak-devel-1.14.5-150500.3.12.1
* typelib-1_0-Flatpak-1_0-1.14.5-150500.3.12.1
* libflatpak0-1.14.5-150500.3.12.1
* Desktop Applications Module 15-SP5 (noarch)
* system-user-flatpak-1.14.5-150500.3.12.1
* flatpak-remote-flathub-1.14.5-150500.3.12.1
* flatpak-zsh-completion-1.14.5-150500.3.12.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* flatpak-devel-1.14.6-150600.3.3.1
* typelib-1_0-Flatpak-1_0-1.14.6-150600.3.3.1
* flatpak-1.14.6-150600.3.3.1
* libflatpak0-debuginfo-1.14.6-150600.3.3.1
* flatpak-debuginfo-1.14.6-150600.3.3.1
* libflatpak0-1.14.6-150600.3.3.1
* flatpak-debugsource-1.14.6-150600.3.3.1
* Desktop Applications Module 15-SP6 (noarch)
* flatpak-zsh-completion-1.14.6-150600.3.3.1
* flatpak-remote-flathub-1.14.6-150600.3.3.1
* system-user-flatpak-1.14.6-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-42472.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229157



SUSE-SU-2024:3091-1: important: Security update for webkit2gtk3


# Security update for webkit2gtk3

Announcement ID: SUSE-SU-2024:3091-1
Rating: important
References:

* bsc#1228613
* bsc#1228693
* bsc#1228694
* bsc#1228695
* bsc#1228696
* bsc#1228697
* bsc#1228698

Cross-References:

* CVE-2024-40776
* CVE-2024-40779
* CVE-2024-40780
* CVE-2024-40782
* CVE-2024-40785
* CVE-2024-40789
* CVE-2024-40794
* CVE-2024-4558

CVSS scores:

* CVE-2024-40776 ( SUSE ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
* CVE-2024-40776 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-40776 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2024-40779 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-40779 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-40780 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-40780 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-40782 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-40785 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-40785 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2024-40789 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-40789 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-40794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-40794 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* Basesystem Module 15-SP5
* Desktop Applications Module 15-SP5
* Development Tools Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for webkit2gtk3 fixes the following issues:

Update to version 2.44.3 (bsc#1228696 bsc#1228697 bsc#1228698):

* Fix web process cache suspend/resume when sandbox is enabled.
* Fix accelerated images dissapearing after scrolling.
* Fix video flickering with DMA-BUF sink.
* Fix pointer lock on X11.
* Fix movement delta on mouse events in GTK3.
* Undeprecate console message API and make it available in 2022 API.
* Fix several crashes and rendering issues.
* Security fixes: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780,
CVE-2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794,
CVE-2024-4558.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3091=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3091=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3091=1

* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-3091=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3091=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3091=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3091=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3091=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3091=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3091=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3091=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-3091=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3091=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* WebKitGTK-6.0-lang-2.44.3-150400.4.88.1
* WebKitGTK-4.1-lang-2.44.3-150400.4.88.1
* WebKitGTK-4.0-lang-2.44.3-150400.4.88.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* webkit-jsc-4-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-6_0-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-WebKit-6_0-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-150400.4.88.1
* webkit-jsc-6.0-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk4-minibrowser-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_0-2.44.3-150400.4.88.1
* libjavascriptcoregtk-6_0-1-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk3-devel-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_0-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* webkit-jsc-4.1-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-minibrowser-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* webkit-jsc-4.1-2.44.3-150400.4.88.1
* webkit-jsc-4-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk3-minibrowser-2.44.3-150400.4.88.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_1-2.44.3-150400.4.88.1
* webkit2gtk3-minibrowser-debuginfo-2.44.3-150400.4.88.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_0-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-debugsource-2.44.3-150400.4.88.1
* webkit2gtk4-minibrowser-2.44.3-150400.4.88.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_1-2.44.3-150400.4.88.1
* webkit2gtk3-debugsource-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-devel-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_1-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-2.44.3-150400.4.88.1
* webkit-jsc-6.0-2.44.3-150400.4.88.1
* webkitgtk-6_0-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk4-devel-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-minibrowser-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk4-debugsource-2.44.3-150400.4.88.1
* openSUSE Leap 15.4 (x86_64)
* libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-32bit-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-32bit-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-32bit-debuginfo-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-32bit-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-32bit-debuginfo-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-32bit-2.44.3-150400.4.88.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-64bit-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-64bit-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-64bit-debuginfo-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-64bit-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-64bit-debuginfo-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-64bit-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.44.3-150400.4.88.1
* openSUSE Leap 15.5 (noarch)
* WebKitGTK-6.0-lang-2.44.3-150400.4.88.1
* WebKitGTK-4.1-lang-2.44.3-150400.4.88.1
* WebKitGTK-4.0-lang-2.44.3-150400.4.88.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* typelib-1_0-JavaScriptCore-6_0-2.44.3-150400.4.88.1
* webkit-jsc-4-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-WebKit-6_0-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-150400.4.88.1
* webkit-jsc-6.0-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk4-minibrowser-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_0-2.44.3-150400.4.88.1
* libjavascriptcoregtk-6_0-1-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk3-devel-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_0-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* webkit-jsc-4.1-debuginfo-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-minibrowser-2.44.3-150400.4.88.1
* webkit-jsc-4.1-2.44.3-150400.4.88.1
* webkit-jsc-4-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk3-minibrowser-2.44.3-150400.4.88.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_1-2.44.3-150400.4.88.1
* webkit2gtk3-minibrowser-debuginfo-2.44.3-150400.4.88.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-debugsource-2.44.3-150400.4.88.1
* webkit2gtk4-minibrowser-2.44.3-150400.4.88.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_1-2.44.3-150400.4.88.1
* webkit2gtk3-debugsource-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-devel-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_1-2.44.3-150400.4.88.1
* webkit-jsc-6.0-2.44.3-150400.4.88.1
* webkitgtk-6_0-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk4-devel-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-minibrowser-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk4-debugsource-2.44.3-150400.4.88.1
* openSUSE Leap 15.5 (x86_64)
* libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-32bit-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-32bit-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-32bit-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-32bit-debuginfo-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-32bit-debuginfo-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-32bit-2.44.3-150400.4.88.1
* Basesystem Module 15-SP5 (noarch)
* WebKitGTK-4.0-lang-2.44.3-150400.4.88.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libwebkit2gtk-4_0-37-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-devel-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_0-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_0-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-debugsource-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-debuginfo-2.44.3-150400.4.88.1
* Desktop Applications Module 15-SP5 (noarch)
* WebKitGTK-4.1-lang-2.44.3-150400.4.88.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libwebkit2gtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_1-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_1-2.44.3-150400.4.88.1
* webkit2gtk3-debugsource-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_1-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-2.44.3-150400.4.88.1
* webkit2gtk3-devel-2.44.3-150400.4.88.1
* Development Tools Module 15-SP5 (noarch)
* WebKitGTK-6.0-lang-2.44.3-150400.4.88.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libjavascriptcoregtk-6_0-1-debuginfo-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-2.44.3-150400.4.88.1
* webkitgtk-6_0-injected-bundles-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-debuginfo-2.44.3-150400.4.88.1
* libjavascriptcoregtk-6_0-1-2.44.3-150400.4.88.1
* webkit2gtk4-debugsource-2.44.3-150400.4.88.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* WebKitGTK-6.0-lang-2.44.3-150400.4.88.1
* WebKitGTK-4.1-lang-2.44.3-150400.4.88.1
* WebKitGTK-4.0-lang-2.44.3-150400.4.88.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* webkit2gtk-4_0-injected-bundles-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_0-2.44.3-150400.4.88.1
* libjavascriptcoregtk-6_0-1-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk3-devel-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_0-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_1-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-debugsource-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_1-2.44.3-150400.4.88.1
* webkit2gtk3-debugsource-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-devel-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_1-2.44.3-150400.4.88.1
* webkitgtk-6_0-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk4-debugsource-2.44.3-150400.4.88.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* WebKitGTK-6.0-lang-2.44.3-150400.4.88.1
* WebKitGTK-4.1-lang-2.44.3-150400.4.88.1
* WebKitGTK-4.0-lang-2.44.3-150400.4.88.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* webkit2gtk-4_0-injected-bundles-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_0-2.44.3-150400.4.88.1
* libjavascriptcoregtk-6_0-1-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk3-devel-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_0-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_1-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-debugsource-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_1-2.44.3-150400.4.88.1
* webkit2gtk3-debugsource-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-devel-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_1-2.44.3-150400.4.88.1
* webkitgtk-6_0-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk4-debugsource-2.44.3-150400.4.88.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
* WebKitGTK-6.0-lang-2.44.3-150400.4.88.1
* WebKitGTK-4.1-lang-2.44.3-150400.4.88.1
* WebKitGTK-4.0-lang-2.44.3-150400.4.88.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* webkit2gtk-4_0-injected-bundles-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_0-2.44.3-150400.4.88.1
* libjavascriptcoregtk-6_0-1-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk3-devel-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_0-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_1-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-debugsource-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_1-2.44.3-150400.4.88.1
* webkit2gtk3-debugsource-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-devel-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_1-2.44.3-150400.4.88.1
* webkitgtk-6_0-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk4-debugsource-2.44.3-150400.4.88.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* WebKitGTK-6.0-lang-2.44.3-150400.4.88.1
* WebKitGTK-4.1-lang-2.44.3-150400.4.88.1
* WebKitGTK-4.0-lang-2.44.3-150400.4.88.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* webkit2gtk-4_0-injected-bundles-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_0-2.44.3-150400.4.88.1
* libjavascriptcoregtk-6_0-1-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk3-devel-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_0-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_1-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-debugsource-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_1-2.44.3-150400.4.88.1
* webkit2gtk3-debugsource-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-devel-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_1-2.44.3-150400.4.88.1
* webkitgtk-6_0-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk4-debugsource-2.44.3-150400.4.88.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* WebKitGTK-6.0-lang-2.44.3-150400.4.88.1
* WebKitGTK-4.1-lang-2.44.3-150400.4.88.1
* WebKitGTK-4.0-lang-2.44.3-150400.4.88.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* webkit2gtk-4_0-injected-bundles-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_0-2.44.3-150400.4.88.1
* libjavascriptcoregtk-6_0-1-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk3-devel-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_0-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.44.3-150400.4.88.1
* libwebkitgtk-6_0-4-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_1-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-2.44.3-150400.4.88.1
* webkit2gtk-4_1-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-debugsource-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_1-0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-2.44.3-150400.4.88.1
* libwebkit2gtk-4_1-0-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_1-2.44.3-150400.4.88.1
* webkit2gtk3-debugsource-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-devel-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_1-2.44.3-150400.4.88.1
* webkitgtk-6_0-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk4-debugsource-2.44.3-150400.4.88.1
* SUSE Manager Proxy 4.3 (noarch)
* WebKitGTK-4.0-lang-2.44.3-150400.4.88.1
* SUSE Manager Proxy 4.3 (x86_64)
* libwebkit2gtk-4_0-37-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-devel-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_0-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_0-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-debugsource-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-debuginfo-2.44.3-150400.4.88.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* WebKitGTK-4.0-lang-2.44.3-150400.4.88.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libwebkit2gtk-4_0-37-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-devel-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_0-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_0-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-debugsource-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-debuginfo-2.44.3-150400.4.88.1
* SUSE Manager Server 4.3 (noarch)
* WebKitGTK-4.0-lang-2.44.3-150400.4.88.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libwebkit2gtk-4_0-37-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-devel-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2-4_0-2.44.3-150400.4.88.1
* typelib-1_0-JavaScriptCore-4_0-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-2.44.3-150400.4.88.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-150400.4.88.1
* webkit2gtk3-soup2-debugsource-2.44.3-150400.4.88.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-150400.4.88.1
* typelib-1_0-WebKit2WebExtension-4_0-2.44.3-150400.4.88.1
* libwebkit2gtk-4_0-37-debuginfo-2.44.3-150400.4.88.1

## References:

* https://www.suse.com/security/cve/CVE-2024-40776.html
* https://www.suse.com/security/cve/CVE-2024-40779.html
* https://www.suse.com/security/cve/CVE-2024-40780.html
* https://www.suse.com/security/cve/CVE-2024-40782.html
* https://www.suse.com/security/cve/CVE-2024-40785.html
* https://www.suse.com/security/cve/CVE-2024-40789.html
* https://www.suse.com/security/cve/CVE-2024-40794.html
* https://www.suse.com/security/cve/CVE-2024-4558.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228613
* https://bugzilla.suse.com/show_bug.cgi?id=1228693
* https://bugzilla.suse.com/show_bug.cgi?id=1228694
* https://bugzilla.suse.com/show_bug.cgi?id=1228695
* https://bugzilla.suse.com/show_bug.cgi?id=1228696
* https://bugzilla.suse.com/show_bug.cgi?id=1228697
* https://bugzilla.suse.com/show_bug.cgi?id=1228698



SUSE-SU-2024:3097-1: important: Security update for kubernetes1.28


# Security update for kubernetes1.28

Announcement ID: SUSE-SU-2024:3097-1
Rating: important
References:

* bsc#1229858
* bsc#1229867
* bsc#1229869

Cross-References:

* CVE-2023-39325
* CVE-2023-44487
* CVE-2023-45288
* CVE-2024-24786

CVSS scores:

* CVE-2023-39325 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39325 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45288 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24786 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Containers Module 15-SP5
* Containers Module 15-SP6
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves four vulnerabilities can now be installed.

## Description:

This update for kubernetes1.28 fixes the following issues:

Update kubernetes to version 1.28.13: \- CVE-2024-24786: Fixed infinite loop in
protojson.Unmarshal in golang-protobuf (bsc#1229867) \- CVE-2023-39325: Fixed a
flaw that can lead to a DoS due to a rapid stream resets causing excessive work.
This is also known as CVE-2023-44487. (bsc#1229869) \- CVE-2023-45288: Fixed
denial of service due to close connections when receiving too many headers in
net/http and x/net/http2 (bsc#1229869) \- CVE-2023-44487: Fixed HTTP/2 Rapid
Reset attack in net/http (bsc#1229869)

Other fixes: \- Update go to version v1.22.5 (bsc#1229858)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3097=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3097=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3097=1

* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-3097=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-3097=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3097=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3097=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3097=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3097=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kubernetes1.28-proxy-1.28.13-150400.9.8.1
* kubernetes1.28-controller-manager-1.28.13-150400.9.8.1
* kubernetes1.28-scheduler-1.28.13-150400.9.8.1
* kubernetes1.28-client-common-1.28.13-150400.9.8.1
* kubernetes1.28-client-1.28.13-150400.9.8.1
* kubernetes1.28-kubelet-common-1.28.13-150400.9.8.1
* kubernetes1.28-apiserver-1.28.13-150400.9.8.1
* kubernetes1.28-kubeadm-1.28.13-150400.9.8.1
* kubernetes1.28-kubelet-1.28.13-150400.9.8.1
* openSUSE Leap 15.4 (noarch)
* kubernetes1.28-client-bash-completion-1.28.13-150400.9.8.1
* kubernetes1.28-client-fish-completion-1.28.13-150400.9.8.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.28-client-common-1.28.13-150400.9.8.1
* kubernetes1.28-client-1.28.13-150400.9.8.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.28-proxy-1.28.13-150400.9.8.1
* kubernetes1.28-controller-manager-1.28.13-150400.9.8.1
* kubernetes1.28-scheduler-1.28.13-150400.9.8.1
* kubernetes1.28-client-common-1.28.13-150400.9.8.1
* kubernetes1.28-client-1.28.13-150400.9.8.1
* kubernetes1.28-kubelet-common-1.28.13-150400.9.8.1
* kubernetes1.28-apiserver-1.28.13-150400.9.8.1
* kubernetes1.28-kubeadm-1.28.13-150400.9.8.1
* kubernetes1.28-kubelet-1.28.13-150400.9.8.1
* openSUSE Leap 15.6 (noarch)
* kubernetes1.28-client-bash-completion-1.28.13-150400.9.8.1
* kubernetes1.28-client-fish-completion-1.28.13-150400.9.8.1
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.28-client-common-1.28.13-150400.9.8.1
* kubernetes1.28-client-1.28.13-150400.9.8.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.28-client-common-1.28.13-150400.9.8.1
* kubernetes1.28-client-1.28.13-150400.9.8.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* kubernetes1.28-client-common-1.28.13-150400.9.8.1
* kubernetes1.28-client-1.28.13-150400.9.8.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* kubernetes1.28-client-common-1.28.13-150400.9.8.1
* kubernetes1.28-client-1.28.13-150400.9.8.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* kubernetes1.28-client-common-1.28.13-150400.9.8.1
* kubernetes1.28-client-1.28.13-150400.9.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* kubernetes1.28-client-common-1.28.13-150400.9.8.1
* kubernetes1.28-client-1.28.13-150400.9.8.1

## References:

* https://www.suse.com/security/cve/CVE-2023-39325.html
* https://www.suse.com/security/cve/CVE-2023-44487.html
* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2024-24786.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229858
* https://bugzilla.suse.com/show_bug.cgi?id=1229867
* https://bugzilla.suse.com/show_bug.cgi?id=1229869



SUSE-SU-2024:3089-1: important: Security update for go1.21-openssl


# Security update for go1.21-openssl

Announcement ID: SUSE-SU-2024:3089-1
Rating: important
References:

* bsc#1212475
* bsc#1219988
* bsc#1220999
* bsc#1221000
* bsc#1221001
* bsc#1221002
* bsc#1221003
* bsc#1221400
* bsc#1224017
* bsc#1225973
* bsc#1225974
* bsc#1227314
* jsc#PED-1962
* jsc#SLE-18320

Cross-References:

* CVE-2023-45288
* CVE-2023-45289
* CVE-2023-45290
* CVE-2024-24783
* CVE-2024-24784
* CVE-2024-24785
* CVE-2024-24787
* CVE-2024-24789
* CVE-2024-24790
* CVE-2024-24791

CVSS scores:

* CVE-2023-45288 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45289 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-45290 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24783 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24784 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-24785 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-24787 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-24789 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-24789 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-24790 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
* CVE-2024-24790 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-24791 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Development Tools Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 10 vulnerabilities, contains two features and has two
security fixes can now be installed.

## Description:

This update for go1.21-openssl fixes the following issues:

* CVE-2024-24791: Fixed denial of service due to improper 100-continue
handling (bsc#1227314)
* CVE-2024-24789: Fixed mishandling of corrupt central directory record in
archive/zip (bsc#1225973)
* CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped
IPv6 addresses in net/netip (bsc#1225974)
* CVE-2024-24787: Fixed arbitrary code execution during build on darwin in
cmd/go (bsc#1224017)
* CVE-2023-45288: Fixed denial of service due to close connections when
receiving too many headers in net/http and x/net/http2 (bsc#1221400)
* CVE-2023-45289: Fixed incorrect forwarding of sensitive headers and cookies
on HTTP redirect in net/http and net/http/cookiejar (bsc#1221000)
* CVE-2023-45290: Fixed memory exhaustion in Request.ParseMultipartForm in
net/http (bsc#1221001)
* CVE-2024-24783: Fixed denial of service on certificates with an unknown
public key algorithm in crypto/x509 (bsc#1220999)
* CVE-2024-24784: Fixed comments in display names are incorrectly handled in
net/mail (bsc#1221002)
* CVE-2024-24785: Fixed errors returned from MarshalJSON methods may break
template escaping in html/template (bsc#1221003)

Other fixes: \- Update to version 1.21.13.1 cut from the go1.21-fips-release
(jsc#SLE-18320) \- Update to version 1.21.13 (bsc#1212475) \- Remove subpackage
go1.x-openssl-libstd for compiled shared object libstd.so. (jsc#PED-1962) \-
Ensure VERSION file is present in GOROOT as required by go tool dist and go tool
distpack (bsc#1219988)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3089=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-3089=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3089=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3089=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3089=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3089=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3089=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* go1.21-openssl-1.21.13.1-150000.1.11.1
* go1.21-openssl-race-1.21.13.1-150000.1.11.1
* go1.21-openssl-doc-1.21.13.1-150000.1.11.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* go1.21-openssl-1.21.13.1-150000.1.11.1
* go1.21-openssl-race-1.21.13.1-150000.1.11.1
* go1.21-openssl-doc-1.21.13.1-150000.1.11.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* go1.21-openssl-1.21.13.1-150000.1.11.1
* go1.21-openssl-race-1.21.13.1-150000.1.11.1
* go1.21-openssl-doc-1.21.13.1-150000.1.11.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* go1.21-openssl-1.21.13.1-150000.1.11.1
* go1.21-openssl-race-1.21.13.1-150000.1.11.1
* go1.21-openssl-doc-1.21.13.1-150000.1.11.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* go1.21-openssl-1.21.13.1-150000.1.11.1
* go1.21-openssl-race-1.21.13.1-150000.1.11.1
* go1.21-openssl-doc-1.21.13.1-150000.1.11.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* go1.21-openssl-1.21.13.1-150000.1.11.1
* go1.21-openssl-race-1.21.13.1-150000.1.11.1
* go1.21-openssl-doc-1.21.13.1-150000.1.11.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* go1.21-openssl-1.21.13.1-150000.1.11.1
* go1.21-openssl-race-1.21.13.1-150000.1.11.1
* go1.21-openssl-doc-1.21.13.1-150000.1.11.1

## References:

* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2023-45289.html
* https://www.suse.com/security/cve/CVE-2023-45290.html
* https://www.suse.com/security/cve/CVE-2024-24783.html
* https://www.suse.com/security/cve/CVE-2024-24784.html
* https://www.suse.com/security/cve/CVE-2024-24785.html
* https://www.suse.com/security/cve/CVE-2024-24787.html
* https://www.suse.com/security/cve/CVE-2024-24789.html
* https://www.suse.com/security/cve/CVE-2024-24790.html
* https://www.suse.com/security/cve/CVE-2024-24791.html
* https://bugzilla.suse.com/show_bug.cgi?id=1212475
* https://bugzilla.suse.com/show_bug.cgi?id=1219988
* https://bugzilla.suse.com/show_bug.cgi?id=1220999
* https://bugzilla.suse.com/show_bug.cgi?id=1221000
* https://bugzilla.suse.com/show_bug.cgi?id=1221001
* https://bugzilla.suse.com/show_bug.cgi?id=1221002
* https://bugzilla.suse.com/show_bug.cgi?id=1221003
* https://bugzilla.suse.com/show_bug.cgi?id=1221400
* https://bugzilla.suse.com/show_bug.cgi?id=1224017
* https://bugzilla.suse.com/show_bug.cgi?id=1225973
* https://bugzilla.suse.com/show_bug.cgi?id=1225974
* https://bugzilla.suse.com/show_bug.cgi?id=1227314
* https://jira.suse.com/browse/PED-1962
* https://jira.suse.com/browse/SLE-18320



SUSE-SU-2024:3090-1: important: Security update for frr


# Security update for frr

Announcement ID: SUSE-SU-2024:3090-1
Rating: important
References:

* bsc#1229438

Cross-References:

* CVE-2024-44070

CVSS scores:

* CVE-2024-44070 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-44070 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-44070 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for frr fixes the following issues:

* CVE-2024-44070: Fixed missing stream length check before TLV value is taken
in bgp_attr_encap (bsc#1229438)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3090=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3090=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3090=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3090=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3090=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-3090=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3090=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-3090=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-3090=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3090=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3090=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3090=1

## Package List:

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* libfrr0-7.4-150300.4.29.1
* libfrrospfapiclient0-7.4-150300.4.29.1
* frr-devel-7.4-150300.4.29.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.29.1
* libfrrsnmp0-debuginfo-7.4-150300.4.29.1
* libfrrzmq0-7.4-150300.4.29.1
* libfrrsnmp0-7.4-150300.4.29.1
* libmlag_pb0-7.4-150300.4.29.1
* libfrr_pb0-debuginfo-7.4-150300.4.29.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-7.4-150300.4.29.1
* libfrr_pb0-7.4-150300.4.29.1
* frr-debugsource-7.4-150300.4.29.1
* libfrrzmq0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-debuginfo-7.4-150300.4.29.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.29.1
* libfrr0-debuginfo-7.4-150300.4.29.1
* frr-debuginfo-7.4-150300.4.29.1
* frr-7.4-150300.4.29.1
* libmlag_pb0-debuginfo-7.4-150300.4.29.1
* libfrrfpm_pb0-7.4-150300.4.29.1
* libfrrgrpc_pb0-7.4-150300.4.29.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* libfrr0-7.4-150300.4.29.1
* libfrrospfapiclient0-7.4-150300.4.29.1
* frr-devel-7.4-150300.4.29.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.29.1
* libfrrsnmp0-debuginfo-7.4-150300.4.29.1
* libfrrzmq0-7.4-150300.4.29.1
* libfrrsnmp0-7.4-150300.4.29.1
* libmlag_pb0-7.4-150300.4.29.1
* libfrr_pb0-debuginfo-7.4-150300.4.29.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-7.4-150300.4.29.1
* libfrr_pb0-7.4-150300.4.29.1
* frr-debugsource-7.4-150300.4.29.1
* libfrrzmq0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-debuginfo-7.4-150300.4.29.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.29.1
* libfrr0-debuginfo-7.4-150300.4.29.1
* frr-debuginfo-7.4-150300.4.29.1
* frr-7.4-150300.4.29.1
* libmlag_pb0-debuginfo-7.4-150300.4.29.1
* libfrrfpm_pb0-7.4-150300.4.29.1
* libfrrgrpc_pb0-7.4-150300.4.29.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* libfrr0-7.4-150300.4.29.1
* libfrrospfapiclient0-7.4-150300.4.29.1
* frr-devel-7.4-150300.4.29.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.29.1
* libfrrsnmp0-debuginfo-7.4-150300.4.29.1
* libfrrzmq0-7.4-150300.4.29.1
* libfrrsnmp0-7.4-150300.4.29.1
* libmlag_pb0-7.4-150300.4.29.1
* libfrr_pb0-debuginfo-7.4-150300.4.29.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-7.4-150300.4.29.1
* libfrr_pb0-7.4-150300.4.29.1
* frr-debugsource-7.4-150300.4.29.1
* libfrrzmq0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-debuginfo-7.4-150300.4.29.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.29.1
* libfrr0-debuginfo-7.4-150300.4.29.1
* frr-debuginfo-7.4-150300.4.29.1
* frr-7.4-150300.4.29.1
* libmlag_pb0-debuginfo-7.4-150300.4.29.1
* libfrrfpm_pb0-7.4-150300.4.29.1
* libfrrgrpc_pb0-7.4-150300.4.29.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libfrr0-7.4-150300.4.29.1
* libfrrospfapiclient0-7.4-150300.4.29.1
* frr-devel-7.4-150300.4.29.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.29.1
* libfrrsnmp0-debuginfo-7.4-150300.4.29.1
* libfrrzmq0-7.4-150300.4.29.1
* libfrrsnmp0-7.4-150300.4.29.1
* libmlag_pb0-7.4-150300.4.29.1
* libfrr_pb0-debuginfo-7.4-150300.4.29.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-7.4-150300.4.29.1
* libfrr_pb0-7.4-150300.4.29.1
* frr-debugsource-7.4-150300.4.29.1
* libfrrzmq0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-debuginfo-7.4-150300.4.29.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.29.1
* libfrr0-debuginfo-7.4-150300.4.29.1
* frr-debuginfo-7.4-150300.4.29.1
* frr-7.4-150300.4.29.1
* libmlag_pb0-debuginfo-7.4-150300.4.29.1
* libfrrfpm_pb0-7.4-150300.4.29.1
* libfrrgrpc_pb0-7.4-150300.4.29.1
* SUSE Manager Proxy 4.3 (x86_64)
* libfrr0-7.4-150300.4.29.1
* libfrrospfapiclient0-7.4-150300.4.29.1
* frr-devel-7.4-150300.4.29.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.29.1
* libfrrsnmp0-debuginfo-7.4-150300.4.29.1
* libfrrzmq0-7.4-150300.4.29.1
* libfrrsnmp0-7.4-150300.4.29.1
* libmlag_pb0-7.4-150300.4.29.1
* libfrr_pb0-debuginfo-7.4-150300.4.29.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-7.4-150300.4.29.1
* libfrr_pb0-7.4-150300.4.29.1
* frr-debugsource-7.4-150300.4.29.1
* libfrrzmq0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-debuginfo-7.4-150300.4.29.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.29.1
* libfrr0-debuginfo-7.4-150300.4.29.1
* frr-debuginfo-7.4-150300.4.29.1
* frr-7.4-150300.4.29.1
* libmlag_pb0-debuginfo-7.4-150300.4.29.1
* libfrrfpm_pb0-7.4-150300.4.29.1
* libfrrgrpc_pb0-7.4-150300.4.29.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libfrr0-7.4-150300.4.29.1
* libfrrospfapiclient0-7.4-150300.4.29.1
* frr-devel-7.4-150300.4.29.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.29.1
* libfrrsnmp0-debuginfo-7.4-150300.4.29.1
* libfrrzmq0-7.4-150300.4.29.1
* libfrrsnmp0-7.4-150300.4.29.1
* libmlag_pb0-7.4-150300.4.29.1
* libfrr_pb0-debuginfo-7.4-150300.4.29.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-7.4-150300.4.29.1
* libfrr_pb0-7.4-150300.4.29.1
* frr-debugsource-7.4-150300.4.29.1
* libfrrzmq0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-debuginfo-7.4-150300.4.29.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.29.1
* libfrr0-debuginfo-7.4-150300.4.29.1
* frr-debuginfo-7.4-150300.4.29.1
* frr-7.4-150300.4.29.1
* libmlag_pb0-debuginfo-7.4-150300.4.29.1
* libfrrfpm_pb0-7.4-150300.4.29.1
* libfrrgrpc_pb0-7.4-150300.4.29.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libfrr0-7.4-150300.4.29.1
* libfrrospfapiclient0-7.4-150300.4.29.1
* frr-devel-7.4-150300.4.29.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.29.1
* libfrrsnmp0-debuginfo-7.4-150300.4.29.1
* libfrrzmq0-7.4-150300.4.29.1
* libfrrsnmp0-7.4-150300.4.29.1
* libmlag_pb0-7.4-150300.4.29.1
* libfrr_pb0-debuginfo-7.4-150300.4.29.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-7.4-150300.4.29.1
* libfrr_pb0-7.4-150300.4.29.1
* frr-debugsource-7.4-150300.4.29.1
* libfrrzmq0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-debuginfo-7.4-150300.4.29.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.29.1
* libfrr0-debuginfo-7.4-150300.4.29.1
* frr-debuginfo-7.4-150300.4.29.1
* frr-7.4-150300.4.29.1
* libmlag_pb0-debuginfo-7.4-150300.4.29.1
* libfrrfpm_pb0-7.4-150300.4.29.1
* libfrrgrpc_pb0-7.4-150300.4.29.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* libfrr0-7.4-150300.4.29.1
* libfrrospfapiclient0-7.4-150300.4.29.1
* frr-devel-7.4-150300.4.29.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.29.1
* libfrrsnmp0-debuginfo-7.4-150300.4.29.1
* libfrrzmq0-7.4-150300.4.29.1
* libfrrsnmp0-7.4-150300.4.29.1
* libmlag_pb0-7.4-150300.4.29.1
* libfrr_pb0-debuginfo-7.4-150300.4.29.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-7.4-150300.4.29.1
* libfrr_pb0-7.4-150300.4.29.1
* frr-debugsource-7.4-150300.4.29.1
* libfrrzmq0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-debuginfo-7.4-150300.4.29.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.29.1
* libfrr0-debuginfo-7.4-150300.4.29.1
* frr-debuginfo-7.4-150300.4.29.1
* frr-7.4-150300.4.29.1
* libmlag_pb0-debuginfo-7.4-150300.4.29.1
* libfrrfpm_pb0-7.4-150300.4.29.1
* libfrrgrpc_pb0-7.4-150300.4.29.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* libfrr0-7.4-150300.4.29.1
* libfrrospfapiclient0-7.4-150300.4.29.1
* frr-devel-7.4-150300.4.29.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.29.1
* libfrrsnmp0-debuginfo-7.4-150300.4.29.1
* libfrrzmq0-7.4-150300.4.29.1
* libfrrsnmp0-7.4-150300.4.29.1
* libmlag_pb0-7.4-150300.4.29.1
* libfrr_pb0-debuginfo-7.4-150300.4.29.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-7.4-150300.4.29.1
* libfrr_pb0-7.4-150300.4.29.1
* frr-debugsource-7.4-150300.4.29.1
* libfrrzmq0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-debuginfo-7.4-150300.4.29.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.29.1
* libfrr0-debuginfo-7.4-150300.4.29.1
* frr-debuginfo-7.4-150300.4.29.1
* frr-7.4-150300.4.29.1
* libmlag_pb0-debuginfo-7.4-150300.4.29.1
* libfrrfpm_pb0-7.4-150300.4.29.1
* libfrrgrpc_pb0-7.4-150300.4.29.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* libfrr0-7.4-150300.4.29.1
* libfrrospfapiclient0-7.4-150300.4.29.1
* frr-devel-7.4-150300.4.29.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.29.1
* libfrrsnmp0-debuginfo-7.4-150300.4.29.1
* libfrrzmq0-7.4-150300.4.29.1
* libfrrsnmp0-7.4-150300.4.29.1
* libmlag_pb0-7.4-150300.4.29.1
* libfrr_pb0-debuginfo-7.4-150300.4.29.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-7.4-150300.4.29.1
* libfrr_pb0-7.4-150300.4.29.1
* frr-debugsource-7.4-150300.4.29.1
* libfrrzmq0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-debuginfo-7.4-150300.4.29.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.29.1
* libfrr0-debuginfo-7.4-150300.4.29.1
* frr-debuginfo-7.4-150300.4.29.1
* frr-7.4-150300.4.29.1
* libmlag_pb0-debuginfo-7.4-150300.4.29.1
* libfrrfpm_pb0-7.4-150300.4.29.1
* libfrrgrpc_pb0-7.4-150300.4.29.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libfrr0-7.4-150300.4.29.1
* libfrrospfapiclient0-7.4-150300.4.29.1
* frr-devel-7.4-150300.4.29.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.29.1
* libfrrsnmp0-debuginfo-7.4-150300.4.29.1
* libfrrzmq0-7.4-150300.4.29.1
* libfrrsnmp0-7.4-150300.4.29.1
* libmlag_pb0-7.4-150300.4.29.1
* libfrr_pb0-debuginfo-7.4-150300.4.29.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-7.4-150300.4.29.1
* libfrr_pb0-7.4-150300.4.29.1
* frr-debugsource-7.4-150300.4.29.1
* libfrrzmq0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-debuginfo-7.4-150300.4.29.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.29.1
* libfrr0-debuginfo-7.4-150300.4.29.1
* frr-debuginfo-7.4-150300.4.29.1
* frr-7.4-150300.4.29.1
* libmlag_pb0-debuginfo-7.4-150300.4.29.1
* libfrrfpm_pb0-7.4-150300.4.29.1
* libfrrgrpc_pb0-7.4-150300.4.29.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libfrr0-7.4-150300.4.29.1
* libfrrospfapiclient0-7.4-150300.4.29.1
* frr-devel-7.4-150300.4.29.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.29.1
* libfrrsnmp0-debuginfo-7.4-150300.4.29.1
* libfrrzmq0-7.4-150300.4.29.1
* libfrrsnmp0-7.4-150300.4.29.1
* libmlag_pb0-7.4-150300.4.29.1
* libfrr_pb0-debuginfo-7.4-150300.4.29.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-7.4-150300.4.29.1
* libfrr_pb0-7.4-150300.4.29.1
* frr-debugsource-7.4-150300.4.29.1
* libfrrzmq0-debuginfo-7.4-150300.4.29.1
* libfrrcares0-debuginfo-7.4-150300.4.29.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.29.1
* libfrr0-debuginfo-7.4-150300.4.29.1
* frr-debuginfo-7.4-150300.4.29.1
* frr-7.4-150300.4.29.1
* libmlag_pb0-debuginfo-7.4-150300.4.29.1
* libfrrfpm_pb0-7.4-150300.4.29.1
* libfrrgrpc_pb0-7.4-150300.4.29.1

## References:

* https://www.suse.com/security/cve/CVE-2024-44070.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229438



SUSE-SU-2024:3094-1: important: Security update for kubernetes1.26


# Security update for kubernetes1.26

Announcement ID: SUSE-SU-2024:3094-1
Rating: important
References:

* bsc#1062303
* bsc#1229008
* bsc#1229858
* bsc#1229867
* bsc#1229869

Cross-References:

* CVE-2023-39325
* CVE-2023-44487
* CVE-2024-24786

CVSS scores:

* CVE-2023-39325 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39325 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24786 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Containers Module 15-SP5
* Containers Module 15-SP6
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities and has two security fixes can now
be installed.

## Description:

This update for kubernetes1.26 fixes the following issues:

Update kubernetes to version 1.26.15: \- CVE-2024-24786: Fixed infinite loop in
protojson.Unmarshal in golang-protobuf (bsc#1229867) \- CVE-2023-39325: Fixed a
flaw that can lead to a DoS due to a rapid stream resets causing excessive work.
This is also known as CVE-2023-44487. (bsc#1229869) \- CVE-2023-44487: Fixed
HTTP/2 Rapid Reset attack in net/http (bsc#1229869)

Other fixes:
\- Fixed packages required by kubernetes1.26-client installation (bsc#1229008)
\- Update go to version v1.22.5 (bsc#1229858) \- Add upstream patch for
reproducible builds (bsc#1062303)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-3094=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-3094=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3094=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3094=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3094=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3094=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3094=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3094=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3094=1

## Package List:

* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-client-1.26.15-150400.9.11.1
* kubernetes1.26-client-common-1.26.15-150400.9.11.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-client-1.26.15-150400.9.11.1
* kubernetes1.26-client-common-1.26.15-150400.9.11.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* kubernetes1.26-client-1.26.15-150400.9.11.1
* kubernetes1.26-client-common-1.26.15-150400.9.11.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* kubernetes1.26-client-1.26.15-150400.9.11.1
* kubernetes1.26-client-common-1.26.15-150400.9.11.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* kubernetes1.26-client-1.26.15-150400.9.11.1
* kubernetes1.26-client-common-1.26.15-150400.9.11.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* kubernetes1.26-client-1.26.15-150400.9.11.1
* kubernetes1.26-client-common-1.26.15-150400.9.11.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-kubelet-1.26.15-150400.9.11.1
* kubernetes1.26-kubeadm-1.26.15-150400.9.11.1
* kubernetes1.26-apiserver-1.26.15-150400.9.11.1
* kubernetes1.26-client-1.26.15-150400.9.11.1
* kubernetes1.26-client-common-1.26.15-150400.9.11.1
* kubernetes1.26-controller-manager-1.26.15-150400.9.11.1
* kubernetes1.26-proxy-1.26.15-150400.9.11.1
* kubernetes1.26-kubelet-common-1.26.15-150400.9.11.1
* kubernetes1.26-scheduler-1.26.15-150400.9.11.1
* openSUSE Leap 15.4 (noarch)
* kubernetes1.26-client-bash-completion-1.26.15-150400.9.11.1
* kubernetes1.26-client-fish-completion-1.26.15-150400.9.11.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-client-1.26.15-150400.9.11.1
* kubernetes1.26-client-common-1.26.15-150400.9.11.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.26-kubelet-1.26.15-150400.9.11.1
* kubernetes1.26-kubeadm-1.26.15-150400.9.11.1
* kubernetes1.26-apiserver-1.26.15-150400.9.11.1
* kubernetes1.26-client-1.26.15-150400.9.11.1
* kubernetes1.26-client-common-1.26.15-150400.9.11.1
* kubernetes1.26-controller-manager-1.26.15-150400.9.11.1
* kubernetes1.26-proxy-1.26.15-150400.9.11.1
* kubernetes1.26-kubelet-common-1.26.15-150400.9.11.1
* kubernetes1.26-scheduler-1.26.15-150400.9.11.1
* openSUSE Leap 15.6 (noarch)
* kubernetes1.26-client-bash-completion-1.26.15-150400.9.11.1
* kubernetes1.26-client-fish-completion-1.26.15-150400.9.11.1

## References:

* https://www.suse.com/security/cve/CVE-2023-39325.html
* https://www.suse.com/security/cve/CVE-2023-44487.html
* https://www.suse.com/security/cve/CVE-2024-24786.html
* https://bugzilla.suse.com/show_bug.cgi?id=1062303
* https://bugzilla.suse.com/show_bug.cgi?id=1229008
* https://bugzilla.suse.com/show_bug.cgi?id=1229858
* https://bugzilla.suse.com/show_bug.cgi?id=1229867
* https://bugzilla.suse.com/show_bug.cgi?id=1229869



SUSE-SU-2024:3098-1: important: Security update for kubernetes1.27


# Security update for kubernetes1.27

Announcement ID: SUSE-SU-2024:3098-1
Rating: important
References:

* bsc#1229858
* bsc#1229867
* bsc#1229869

Cross-References:

* CVE-2023-39325
* CVE-2023-44487
* CVE-2023-45288
* CVE-2024-24786

CVSS scores:

* CVE-2023-39325 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39325 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-45288 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-24786 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Containers Module 15-SP5
* Containers Module 15-SP6
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves four vulnerabilities can now be installed.

## Description:

This update for kubernetes1.27 fixes the following issues:

Update kubernetes to version 1.27.16 \- CVE-2024-24786: Fixed infinite loop in
protojson.Unmarshal in golang-protobuf (bsc#1229867) \- CVE-2023-39325: Fixed a
flaw that can lead to a DoS due to a rapid stream resets causing excessive work.
This is also known as CVE-2023-44487. (bsc#1229869) \- CVE-2023-45288: Fixed
denial of service due to close connections when receiving too many headers in
net/http and x/net/http2 (bsc#1229869) \- CVE-2023-44487: Fixed HTTP/2 Rapid
Reset attack in net/http (bsc#1229869)

Other fixes: \- Update go to version v1.22.5 (bsc#1229858)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3098=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3098=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3098=1

* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-3098=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-3098=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3098=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3098=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3098=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3098=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kubernetes1.27-kubelet-1.27.16-150400.9.10.1
* kubernetes1.27-apiserver-1.27.16-150400.9.10.1
* kubernetes1.27-kubeadm-1.27.16-150400.9.10.1
* kubernetes1.27-client-1.27.16-150400.9.10.1
* kubernetes1.27-scheduler-1.27.16-150400.9.10.1
* kubernetes1.27-kubelet-common-1.27.16-150400.9.10.1
* kubernetes1.27-controller-manager-1.27.16-150400.9.10.1
* kubernetes1.27-proxy-1.27.16-150400.9.10.1
* kubernetes1.27-client-common-1.27.16-150400.9.10.1
* openSUSE Leap 15.4 (noarch)
* kubernetes1.27-client-fish-completion-1.27.16-150400.9.10.1
* kubernetes1.27-client-bash-completion-1.27.16-150400.9.10.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.27-client-1.27.16-150400.9.10.1
* kubernetes1.27-client-common-1.27.16-150400.9.10.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.27-kubelet-1.27.16-150400.9.10.1
* kubernetes1.27-apiserver-1.27.16-150400.9.10.1
* kubernetes1.27-kubeadm-1.27.16-150400.9.10.1
* kubernetes1.27-client-1.27.16-150400.9.10.1
* kubernetes1.27-scheduler-1.27.16-150400.9.10.1
* kubernetes1.27-kubelet-common-1.27.16-150400.9.10.1
* kubernetes1.27-controller-manager-1.27.16-150400.9.10.1
* kubernetes1.27-proxy-1.27.16-150400.9.10.1
* kubernetes1.27-client-common-1.27.16-150400.9.10.1
* openSUSE Leap 15.6 (noarch)
* kubernetes1.27-client-fish-completion-1.27.16-150400.9.10.1
* kubernetes1.27-client-bash-completion-1.27.16-150400.9.10.1
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kubernetes1.27-client-1.27.16-150400.9.10.1
* kubernetes1.27-client-common-1.27.16-150400.9.10.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.27-client-1.27.16-150400.9.10.1
* kubernetes1.27-client-common-1.27.16-150400.9.10.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* kubernetes1.27-client-1.27.16-150400.9.10.1
* kubernetes1.27-client-common-1.27.16-150400.9.10.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* kubernetes1.27-client-1.27.16-150400.9.10.1
* kubernetes1.27-client-common-1.27.16-150400.9.10.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* kubernetes1.27-client-1.27.16-150400.9.10.1
* kubernetes1.27-client-common-1.27.16-150400.9.10.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* kubernetes1.27-client-1.27.16-150400.9.10.1
* kubernetes1.27-client-common-1.27.16-150400.9.10.1

## References:

* https://www.suse.com/security/cve/CVE-2023-39325.html
* https://www.suse.com/security/cve/CVE-2023-44487.html
* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2024-24786.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229858
* https://bugzilla.suse.com/show_bug.cgi?id=1229867
* https://bugzilla.suse.com/show_bug.cgi?id=1229869



SUSE-SU-2024:3105-1: moderate: Security update for openssl-3


# Security update for openssl-3

Announcement ID: SUSE-SU-2024:3105-1
Rating: moderate
References:

* bsc#1229465

Cross-References:

* CVE-2024-6119

CVSS scores:

* CVE-2024-6119 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-6119 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for openssl-3 fixes the following issues:

* CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3105=1 openSUSE-SLE-15.5-2024-3105=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3105=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* libopenssl-3-devel-3.0.8-150500.5.42.1
* openssl-3-3.0.8-150500.5.42.1
* openssl-3-debugsource-3.0.8-150500.5.42.1
* openssl-3-debuginfo-3.0.8-150500.5.42.1
* libopenssl3-debuginfo-3.0.8-150500.5.42.1
* libopenssl3-3.0.8-150500.5.42.1
* openSUSE Leap 15.5 (x86_64)
* libopenssl3-32bit-3.0.8-150500.5.42.1
* libopenssl3-32bit-debuginfo-3.0.8-150500.5.42.1
* libopenssl-3-devel-32bit-3.0.8-150500.5.42.1
* openSUSE Leap 15.5 (noarch)
* openssl-3-doc-3.0.8-150500.5.42.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libopenssl3-64bit-3.0.8-150500.5.42.1
* libopenssl-3-devel-64bit-3.0.8-150500.5.42.1
* libopenssl3-64bit-debuginfo-3.0.8-150500.5.42.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libopenssl-3-devel-3.0.8-150500.5.42.1
* openssl-3-3.0.8-150500.5.42.1
* openssl-3-debugsource-3.0.8-150500.5.42.1
* openssl-3-debuginfo-3.0.8-150500.5.42.1
* libopenssl3-debuginfo-3.0.8-150500.5.42.1
* libopenssl3-3.0.8-150500.5.42.1

## References:

* https://www.suse.com/security/cve/CVE-2024-6119.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229465



SUSE-SU-2024:3108-1: important: Security update for frr


# Security update for frr

Announcement ID: SUSE-SU-2024:3108-1
Rating: important
References:

* bsc#1229438

Cross-References:

* CVE-2024-44070

CVSS scores:

* CVE-2024-44070 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-44070 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-44070 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6
* Server Applications Module 15-SP5
* Server Applications Module 15-SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for frr fixes the following issues:

* CVE-2024-44070: Fixed missing stream length check before TLV value is taken
in bgp_attr_encap (bsc#1229438)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-3108=1 openSUSE-SLE-15.5-2024-3108=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3108=1

* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-3108=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-3108=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* libfrrfpm_pb0-debuginfo-8.4-150500.4.26.1
* libfrrzmq0-8.4-150500.4.26.1
* libfrrfpm_pb0-8.4-150500.4.26.1
* libmlag_pb0-8.4-150500.4.26.1
* frr-8.4-150500.4.26.1
* libfrrospfapiclient0-debuginfo-8.4-150500.4.26.1
* libfrr0-debuginfo-8.4-150500.4.26.1
* frr-devel-8.4-150500.4.26.1
* libfrrzmq0-debuginfo-8.4-150500.4.26.1
* libfrr_pb0-debuginfo-8.4-150500.4.26.1
* libfrrcares0-debuginfo-8.4-150500.4.26.1
* libmlag_pb0-debuginfo-8.4-150500.4.26.1
* libfrrsnmp0-debuginfo-8.4-150500.4.26.1
* libfrr0-8.4-150500.4.26.1
* libfrrsnmp0-8.4-150500.4.26.1
* libfrr_pb0-8.4-150500.4.26.1
* libfrrcares0-8.4-150500.4.26.1
* frr-debuginfo-8.4-150500.4.26.1
* libfrrospfapiclient0-8.4-150500.4.26.1
* frr-debugsource-8.4-150500.4.26.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libfrrfpm_pb0-debuginfo-8.4-150500.4.26.1
* libfrrzmq0-8.4-150500.4.26.1
* libfrrfpm_pb0-8.4-150500.4.26.1
* libmlag_pb0-8.4-150500.4.26.1
* frr-8.4-150500.4.26.1
* libfrrospfapiclient0-debuginfo-8.4-150500.4.26.1
* libfrr0-debuginfo-8.4-150500.4.26.1
* frr-devel-8.4-150500.4.26.1
* libfrrzmq0-debuginfo-8.4-150500.4.26.1
* libfrr_pb0-debuginfo-8.4-150500.4.26.1
* libfrrcares0-debuginfo-8.4-150500.4.26.1
* libmlag_pb0-debuginfo-8.4-150500.4.26.1
* libfrrsnmp0-debuginfo-8.4-150500.4.26.1
* libfrr0-8.4-150500.4.26.1
* libfrrsnmp0-8.4-150500.4.26.1
* libfrr_pb0-8.4-150500.4.26.1
* libfrrcares0-8.4-150500.4.26.1
* frr-debuginfo-8.4-150500.4.26.1
* libfrrospfapiclient0-8.4-150500.4.26.1
* frr-debugsource-8.4-150500.4.26.1
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libfrrfpm_pb0-debuginfo-8.4-150500.4.26.1
* libfrrzmq0-8.4-150500.4.26.1
* libfrrfpm_pb0-8.4-150500.4.26.1
* libmlag_pb0-8.4-150500.4.26.1
* frr-8.4-150500.4.26.1
* libfrrospfapiclient0-debuginfo-8.4-150500.4.26.1
* libfrr0-debuginfo-8.4-150500.4.26.1
* frr-devel-8.4-150500.4.26.1
* libfrrzmq0-debuginfo-8.4-150500.4.26.1
* libfrr_pb0-debuginfo-8.4-150500.4.26.1
* libfrrcares0-debuginfo-8.4-150500.4.26.1
* libmlag_pb0-debuginfo-8.4-150500.4.26.1
* libfrrsnmp0-debuginfo-8.4-150500.4.26.1
* libfrr0-8.4-150500.4.26.1
* libfrrsnmp0-8.4-150500.4.26.1
* libfrr_pb0-8.4-150500.4.26.1
* libfrrcares0-8.4-150500.4.26.1
* frr-debuginfo-8.4-150500.4.26.1
* libfrrospfapiclient0-8.4-150500.4.26.1
* frr-debugsource-8.4-150500.4.26.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libfrrfpm_pb0-debuginfo-8.4-150500.4.26.1
* libfrrzmq0-8.4-150500.4.26.1
* libfrrfpm_pb0-8.4-150500.4.26.1
* libmlag_pb0-8.4-150500.4.26.1
* frr-8.4-150500.4.26.1
* libfrrospfapiclient0-debuginfo-8.4-150500.4.26.1
* libfrr0-debuginfo-8.4-150500.4.26.1
* frr-devel-8.4-150500.4.26.1
* libfrrzmq0-debuginfo-8.4-150500.4.26.1
* libfrr_pb0-debuginfo-8.4-150500.4.26.1
* libfrrcares0-debuginfo-8.4-150500.4.26.1
* libmlag_pb0-debuginfo-8.4-150500.4.26.1
* libfrrsnmp0-debuginfo-8.4-150500.4.26.1
* libfrr0-8.4-150500.4.26.1
* libfrrsnmp0-8.4-150500.4.26.1
* libfrr_pb0-8.4-150500.4.26.1
* libfrrcares0-8.4-150500.4.26.1
* frr-debuginfo-8.4-150500.4.26.1
* libfrrospfapiclient0-8.4-150500.4.26.1
* frr-debugsource-8.4-150500.4.26.1

## References:

* https://www.suse.com/security/cve/CVE-2024-44070.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229438



SUSE-SU-2024:3110-1: moderate: Security update for python-aiohttp


# Security update for python-aiohttp

Announcement ID: SUSE-SU-2024:3110-1
Rating: moderate
References:

* bsc#1229226

Cross-References:

* CVE-2024-42367

CVSS scores:

* CVE-2024-42367 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-42367 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* Public Cloud Module 15-SP4
* Python 3 Module 15-SP5
* Python 3 Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for python-aiohttp fixes the following issues:

* CVE-2024-42367: Fixed path traversal outside the root directory when
requests involve compressed files as symbolic links (bsc#1229226)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3110=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3110=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3110=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-3110=1

* Python 3 Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-3110=1

* Python 3 Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-3110=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python-aiohttp-debugsource-3.9.3-150400.10.24.1
* python311-aiohttp-3.9.3-150400.10.24.1
* python311-aiohttp-debuginfo-3.9.3-150400.10.24.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python-aiohttp-debugsource-3.9.3-150400.10.24.1
* python311-aiohttp-3.9.3-150400.10.24.1
* python311-aiohttp-debuginfo-3.9.3-150400.10.24.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python-aiohttp-debugsource-3.9.3-150400.10.24.1
* python311-aiohttp-3.9.3-150400.10.24.1
* python311-aiohttp-debuginfo-3.9.3-150400.10.24.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* python311-aiohttp-3.9.3-150400.10.24.1
* Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* python-aiohttp-debugsource-3.9.3-150400.10.24.1
* python311-aiohttp-3.9.3-150400.10.24.1
* python311-aiohttp-debuginfo-3.9.3-150400.10.24.1
* Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* python-aiohttp-debugsource-3.9.3-150400.10.24.1
* python311-aiohttp-3.9.3-150400.10.24.1
* python311-aiohttp-debuginfo-3.9.3-150400.10.24.1

## References:

* https://www.suse.com/security/cve/CVE-2024-42367.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229226



SUSE-SU-2024:3106-1: moderate: Security update for openssl-3


# Security update for openssl-3

Announcement ID: SUSE-SU-2024:3106-1
Rating: moderate
References:

* bsc#1220523
* bsc#1220690
* bsc#1220693
* bsc#1220696
* bsc#1221365
* bsc#1221751
* bsc#1221752
* bsc#1221753
* bsc#1221760
* bsc#1221786
* bsc#1221787
* bsc#1221821
* bsc#1221822
* bsc#1221824
* bsc#1221827
* bsc#1229465

Cross-References:

* CVE-2024-6119

CVSS scores:

* CVE-2024-6119 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-6119 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability and has 15 security fixes can now be
installed.

## Description:

This update for openssl-3 fixes the following issues:

* CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)

Other fixes:

* FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365).
* FIPS: RSA keygen PCT requirements.
* FIPS: Check that the fips provider is available before setting it as the
default provider in FIPS mode (bsc#1220523).
* FIPS: Port openssl to use jitterentropy (bsc#1220523).
* FIPS: Block non-Approved Elliptic Curves (bsc#1221786).
* FIPS: Service Level Indicator (bsc#1221365).
* FIPS: Output the FIPS-validation name and module version which uniquely
identify the FIPS validated module (bsc#1221751).
* FIPS: Add required selftests: (bsc#1221760).
* FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821).
* FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827).
* FIPS: Zero initialization required (bsc#1221752).
* FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696).
* FIPS: NIST SP 800-56Brev2 (bsc#1221824).
* FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4
(bsc#1221787).
* FIPS: Port openssl to use jitterentropy (bsc#1220523).
* FIPS: NIST SP 800-56Arev3 (bsc#1221822).
* FIPS: Error state has to be enforced (bsc#1221753).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3106=1 openSUSE-SLE-15.6-2024-3106=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3106=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libopenssl-3-devel-3.1.4-150600.5.15.1
* libopenssl3-debuginfo-3.1.4-150600.5.15.1
* openssl-3-debugsource-3.1.4-150600.5.15.1
* openssl-3-debuginfo-3.1.4-150600.5.15.1
* libopenssl-3-fips-provider-3.1.4-150600.5.15.1
* libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.15.1
* libopenssl3-3.1.4-150600.5.15.1
* openssl-3-3.1.4-150600.5.15.1
* openSUSE Leap 15.6 (x86_64)
* libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.15.1
* libopenssl-3-fips-provider-32bit-3.1.4-150600.5.15.1
* libopenssl3-32bit-debuginfo-3.1.4-150600.5.15.1
* libopenssl-3-devel-32bit-3.1.4-150600.5.15.1
* libopenssl3-32bit-3.1.4-150600.5.15.1
* openSUSE Leap 15.6 (noarch)
* openssl-3-doc-3.1.4-150600.5.15.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libopenssl-3-fips-provider-64bit-3.1.4-150600.5.15.1
* libopenssl-3-fips-provider-64bit-debuginfo-3.1.4-150600.5.15.1
* libopenssl3-64bit-3.1.4-150600.5.15.1
* libopenssl3-64bit-debuginfo-3.1.4-150600.5.15.1
* libopenssl-3-devel-64bit-3.1.4-150600.5.15.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libopenssl-3-devel-3.1.4-150600.5.15.1
* libopenssl3-debuginfo-3.1.4-150600.5.15.1
* openssl-3-debugsource-3.1.4-150600.5.15.1
* openssl-3-debuginfo-3.1.4-150600.5.15.1
* libopenssl-3-fips-provider-3.1.4-150600.5.15.1
* libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.15.1
* libopenssl3-3.1.4-150600.5.15.1
* openssl-3-3.1.4-150600.5.15.1
* Basesystem Module 15-SP6 (x86_64)
* libopenssl3-32bit-3.1.4-150600.5.15.1
* libopenssl3-32bit-debuginfo-3.1.4-150600.5.15.1
* libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.15.1
* libopenssl-3-fips-provider-32bit-3.1.4-150600.5.15.1

## References:

* https://www.suse.com/security/cve/CVE-2024-6119.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220523
* https://bugzilla.suse.com/show_bug.cgi?id=1220690
* https://bugzilla.suse.com/show_bug.cgi?id=1220693
* https://bugzilla.suse.com/show_bug.cgi?id=1220696
* https://bugzilla.suse.com/show_bug.cgi?id=1221365
* https://bugzilla.suse.com/show_bug.cgi?id=1221751
* https://bugzilla.suse.com/show_bug.cgi?id=1221752
* https://bugzilla.suse.com/show_bug.cgi?id=1221753
* https://bugzilla.suse.com/show_bug.cgi?id=1221760
* https://bugzilla.suse.com/show_bug.cgi?id=1221786
* https://bugzilla.suse.com/show_bug.cgi?id=1221787
* https://bugzilla.suse.com/show_bug.cgi?id=1221821
* https://bugzilla.suse.com/show_bug.cgi?id=1221822
* https://bugzilla.suse.com/show_bug.cgi?id=1221824
* https://bugzilla.suse.com/show_bug.cgi?id=1221827
* https://bugzilla.suse.com/show_bug.cgi?id=1229465



SUSE-SU-2024:3107-1: moderate: Security update for openssl-3


# Security update for openssl-3

Announcement ID: SUSE-SU-2024:3107-1
Rating: moderate
References:

* bsc#1229465

Cross-References:

* CVE-2024-6119

CVSS scores:

* CVE-2024-6119 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-6119 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for openssl-3 fixes the following issues:

* CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3107=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3107=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3107=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3107=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3107=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3107=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3107=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3107=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-3107=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3107=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3107=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3107=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3107=1

## Package List:

* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.63.1
* libopenssl3-debuginfo-3.0.8-150400.4.63.1
* libopenssl3-3.0.8-150400.4.63.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.63.1
* libopenssl3-debuginfo-3.0.8-150400.4.63.1
* libopenssl3-3.0.8-150400.4.63.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* openssl-3-3.0.8-150400.4.63.1
* libopenssl-3-devel-3.0.8-150400.4.63.1
* libopenssl3-debuginfo-3.0.8-150400.4.63.1
* libopenssl3-3.0.8-150400.4.63.1
* openssl-3-debugsource-3.0.8-150400.4.63.1
* openssl-3-debuginfo-3.0.8-150400.4.63.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* openssl-3-3.0.8-150400.4.63.1
* libopenssl-3-devel-3.0.8-150400.4.63.1
* libopenssl3-debuginfo-3.0.8-150400.4.63.1
* libopenssl3-3.0.8-150400.4.63.1
* openssl-3-debugsource-3.0.8-150400.4.63.1
* openssl-3-debuginfo-3.0.8-150400.4.63.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* openssl-3-3.0.8-150400.4.63.1
* libopenssl-3-devel-3.0.8-150400.4.63.1
* libopenssl3-debuginfo-3.0.8-150400.4.63.1
* libopenssl3-3.0.8-150400.4.63.1
* openssl-3-debugsource-3.0.8-150400.4.63.1
* openssl-3-debuginfo-3.0.8-150400.4.63.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* openssl-3-3.0.8-150400.4.63.1
* libopenssl-3-devel-3.0.8-150400.4.63.1
* libopenssl3-debuginfo-3.0.8-150400.4.63.1
* libopenssl3-3.0.8-150400.4.63.1
* openssl-3-debugsource-3.0.8-150400.4.63.1
* openssl-3-debuginfo-3.0.8-150400.4.63.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* openssl-3-3.0.8-150400.4.63.1
* libopenssl-3-devel-3.0.8-150400.4.63.1
* libopenssl3-debuginfo-3.0.8-150400.4.63.1
* libopenssl3-3.0.8-150400.4.63.1
* openssl-3-debugsource-3.0.8-150400.4.63.1
* openssl-3-debuginfo-3.0.8-150400.4.63.1
* SUSE Manager Proxy 4.3 (x86_64)
* openssl-3-3.0.8-150400.4.63.1
* libopenssl-3-devel-3.0.8-150400.4.63.1
* libopenssl3-debuginfo-3.0.8-150400.4.63.1
* libopenssl3-3.0.8-150400.4.63.1
* openssl-3-debugsource-3.0.8-150400.4.63.1
* openssl-3-debuginfo-3.0.8-150400.4.63.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* openssl-3-3.0.8-150400.4.63.1
* libopenssl-3-devel-3.0.8-150400.4.63.1
* libopenssl3-debuginfo-3.0.8-150400.4.63.1
* libopenssl3-3.0.8-150400.4.63.1
* openssl-3-debugsource-3.0.8-150400.4.63.1
* openssl-3-debuginfo-3.0.8-150400.4.63.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* openssl-3-3.0.8-150400.4.63.1
* libopenssl-3-devel-3.0.8-150400.4.63.1
* libopenssl3-debuginfo-3.0.8-150400.4.63.1
* libopenssl3-3.0.8-150400.4.63.1
* openssl-3-debugsource-3.0.8-150400.4.63.1
* openssl-3-debuginfo-3.0.8-150400.4.63.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* openssl-3-3.0.8-150400.4.63.1
* libopenssl-3-devel-3.0.8-150400.4.63.1
* libopenssl3-debuginfo-3.0.8-150400.4.63.1
* libopenssl3-3.0.8-150400.4.63.1
* openssl-3-debugsource-3.0.8-150400.4.63.1
* openssl-3-debuginfo-3.0.8-150400.4.63.1
* openSUSE Leap 15.4 (x86_64)
* libopenssl-3-devel-32bit-3.0.8-150400.4.63.1
* libopenssl3-32bit-3.0.8-150400.4.63.1
* libopenssl3-32bit-debuginfo-3.0.8-150400.4.63.1
* openSUSE Leap 15.4 (noarch)
* openssl-3-doc-3.0.8-150400.4.63.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libopenssl3-64bit-3.0.8-150400.4.63.1
* libopenssl3-64bit-debuginfo-3.0.8-150400.4.63.1
* libopenssl-3-devel-64bit-3.0.8-150400.4.63.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.63.1
* libopenssl3-debuginfo-3.0.8-150400.4.63.1
* libopenssl3-3.0.8-150400.4.63.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.63.1
* libopenssl3-debuginfo-3.0.8-150400.4.63.1
* libopenssl3-3.0.8-150400.4.63.1

## References:

* https://www.suse.com/security/cve/CVE-2024-6119.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229465



SUSE-SU-2024:3119-1: moderate: Security update for openssl-1_0_0


# Security update for openssl-1_0_0

Announcement ID: SUSE-SU-2024:3119-1
Rating: moderate
References:

* bsc#1227138
* bsc#1227227

Cross-References:

* CVE-2024-5535

CVSS scores:

* CVE-2024-5535 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Legacy Module 15-SP5
* Legacy Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for openssl-1_0_0 fixes the following issues:

* CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto()
with an empty supported client protocols buffer (bsc#1227138, bsc#1227227)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3119=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3119=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3119=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-3119=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3119=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3119=1

* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-3119=1

* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-3119=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3119=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3119=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3119=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3119=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3119=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3119=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* openssl-1_0_0-1.0.2p-150000.3.94.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.94.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1
* libopenssl1_0_0-1.0.2p-150000.3.94.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* openssl-1_0_0-1.0.2p-150000.3.94.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl10-1.0.2p-150000.3.94.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1
* libopenssl10-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-1.0.2p-150000.3.94.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* openssl-1_0_0-1.0.2p-150000.3.94.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.94.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl10-1.0.2p-150000.3.94.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1
* libopenssl10-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-1.0.2p-150000.3.94.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* openssl-1_0_0-1.0.2p-150000.3.94.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl10-1.0.2p-150000.3.94.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1
* libopenssl10-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-1.0.2p-150000.3.94.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* openssl-1_0_0-1.0.2p-150000.3.94.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.94.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl10-1.0.2p-150000.3.94.1
* libopenssl1_0_0-steam-1.0.2p-150000.3.94.1
* openssl-1_0_0-cavs-1.0.2p-150000.3.94.1
* openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.94.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1
* libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.94.1
* libopenssl10-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-1.0.2p-150000.3.94.1
* openSUSE Leap 15.5 (x86_64)
* libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.94.1
* libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.94.1
* libopenssl1_0_0-32bit-1.0.2p-150000.3.94.1
* libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.94.1
* openSUSE Leap 15.5 (noarch)
* openssl-1_0_0-doc-1.0.2p-150000.3.94.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* openssl-1_0_0-1.0.2p-150000.3.94.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.94.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl10-1.0.2p-150000.3.94.1
* libopenssl1_0_0-steam-1.0.2p-150000.3.94.1
* openssl-1_0_0-cavs-1.0.2p-150000.3.94.1
* openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.94.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1
* libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.94.1
* libopenssl10-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-1.0.2p-150000.3.94.1
* openSUSE Leap 15.6 (x86_64)
* libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.94.1
* libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.94.1
* libopenssl1_0_0-32bit-1.0.2p-150000.3.94.1
* libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.94.1
* openSUSE Leap 15.6 (noarch)
* openssl-1_0_0-doc-1.0.2p-150000.3.94.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* openssl-1_0_0-1.0.2p-150000.3.94.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.94.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl10-1.0.2p-150000.3.94.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1
* libopenssl10-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-1.0.2p-150000.3.94.1
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* openssl-1_0_0-1.0.2p-150000.3.94.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.94.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl10-1.0.2p-150000.3.94.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1
* libopenssl10-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-1.0.2p-150000.3.94.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* openssl-1_0_0-1.0.2p-150000.3.94.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl10-1.0.2p-150000.3.94.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1
* libopenssl10-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-1.0.2p-150000.3.94.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* openssl-1_0_0-1.0.2p-150000.3.94.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.94.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl10-1.0.2p-150000.3.94.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1
* libopenssl10-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-1.0.2p-150000.3.94.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* openssl-1_0_0-1.0.2p-150000.3.94.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.94.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl10-1.0.2p-150000.3.94.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1
* libopenssl10-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-1.0.2p-150000.3.94.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* openssl-1_0_0-1.0.2p-150000.3.94.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.94.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1
* libopenssl1_0_0-1.0.2p-150000.3.94.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* openssl-1_0_0-1.0.2p-150000.3.94.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl10-1.0.2p-150000.3.94.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1
* libopenssl10-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-1.0.2p-150000.3.94.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* openssl-1_0_0-1.0.2p-150000.3.94.1
* openssl-1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-hmac-1.0.2p-150000.3.94.1
* libopenssl1_0_0-debuginfo-1.0.2p-150000.3.94.1
* libopenssl10-1.0.2p-150000.3.94.1
* openssl-1_0_0-debugsource-1.0.2p-150000.3.94.1
* libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1
* libopenssl10-debuginfo-1.0.2p-150000.3.94.1
* libopenssl1_0_0-1.0.2p-150000.3.94.1

## References:

* https://www.suse.com/security/cve/CVE-2024-5535.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227138
* https://bugzilla.suse.com/show_bug.cgi?id=1227227



SUSE-SU-2024:3113-1: important: Security update for xen


# Security update for xen

Announcement ID: SUSE-SU-2024:3113-1
Rating: important
References:

* bsc#1027519
* bsc#1228574
* bsc#1228575

Cross-References:

* CVE-2024-31145
* CVE-2024-31146

CVSS scores:

* CVE-2024-31145 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2024-31146 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities and has one security fix can now be
installed.

## Description:

This update for xen fixes the following issues:

* CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460,
bsc#1228574)
* CVE-2024-31146: Fixed PCI device pass-through with shared resources
(XSA-461, bsc#1228575)

Other fixes: \- Update to Xen 4.18.3 security bug fix release (bsc#1027519)

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3113=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-3113=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3113=1 openSUSE-SLE-15.6-2024-3113=1

## Package List:

* Basesystem Module 15-SP6 (x86_64)
* xen-tools-domU-4.18.3_02-150600.3.6.1
* xen-libs-debuginfo-4.18.3_02-150600.3.6.1
* xen-libs-4.18.3_02-150600.3.6.1
* xen-tools-domU-debuginfo-4.18.3_02-150600.3.6.1
* xen-debugsource-4.18.3_02-150600.3.6.1
* Server Applications Module 15-SP6 (x86_64)
* xen-4.18.3_02-150600.3.6.1
* xen-tools-debuginfo-4.18.3_02-150600.3.6.1
* xen-tools-4.18.3_02-150600.3.6.1
* xen-devel-4.18.3_02-150600.3.6.1
* xen-debugsource-4.18.3_02-150600.3.6.1
* Server Applications Module 15-SP6 (noarch)
* xen-tools-xendomains-wait-disk-4.18.3_02-150600.3.6.1
* openSUSE Leap 15.6 (aarch64 x86_64 i586)
* xen-tools-domU-4.18.3_02-150600.3.6.1
* xen-libs-debuginfo-4.18.3_02-150600.3.6.1
* xen-libs-4.18.3_02-150600.3.6.1
* xen-tools-domU-debuginfo-4.18.3_02-150600.3.6.1
* xen-devel-4.18.3_02-150600.3.6.1
* xen-debugsource-4.18.3_02-150600.3.6.1
* openSUSE Leap 15.6 (x86_64)
* xen-libs-32bit-debuginfo-4.18.3_02-150600.3.6.1
* xen-libs-32bit-4.18.3_02-150600.3.6.1
* openSUSE Leap 15.6 (aarch64 x86_64)
* xen-4.18.3_02-150600.3.6.1
* xen-tools-debuginfo-4.18.3_02-150600.3.6.1
* xen-tools-4.18.3_02-150600.3.6.1
* xen-doc-html-4.18.3_02-150600.3.6.1
* openSUSE Leap 15.6 (noarch)
* xen-tools-xendomains-wait-disk-4.18.3_02-150600.3.6.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* xen-libs-64bit-4.18.3_02-150600.3.6.1
* xen-libs-64bit-debuginfo-4.18.3_02-150600.3.6.1

## References:

* https://www.suse.com/security/cve/CVE-2024-31145.html
* https://www.suse.com/security/cve/CVE-2024-31146.html
* https://bugzilla.suse.com/show_bug.cgi?id=1027519
* https://bugzilla.suse.com/show_bug.cgi?id=1228574
* https://bugzilla.suse.com/show_bug.cgi?id=1228575



SUSE-SU-2024:3109-1: important: Security update for webkit2gtk3


# Security update for webkit2gtk3

Announcement ID: SUSE-SU-2024:3109-1
Rating: important
References:

* bsc#1228696
* bsc#1228697
* bsc#1228698

Cross-References:

* CVE-2024-40776
* CVE-2024-40779
* CVE-2024-40780
* CVE-2024-40782
* CVE-2024-40785
* CVE-2024-40789
* CVE-2024-40794
* CVE-2024-4558

CVSS scores:

* CVE-2024-40776 ( SUSE ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
* CVE-2024-40776 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-40776 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2024-40779 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-40779 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-40780 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-40780 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-40782 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-40785 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-40785 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2024-40789 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-40789 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-40794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-40794 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* Basesystem Module 15-SP6
* Desktop Applications Module 15-SP6
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for webkit2gtk3 fixes the following issues:

Update to version 2.44.3 (bsc#1228696 bsc#1228697 bsc#1228698):

* Fix web process cache suspend/resume when sandbox is enabled.
* Fix accelerated images dissapearing after scrolling.
* Fix video flickering with DMA-BUF sink.
* Fix pointer lock on X11.
* Fix movement delta on mouse events in GTK3.
* Undeprecate console message API and make it available in 2022 API.
* Fix several crashes and rendering issues.
* Security fixes: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780,
CVE-2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794,
CVE-2024-4558.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3109=1 openSUSE-SLE-15.6-2024-3109=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3109=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-3109=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3109=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* WebKitGTK-6.0-lang-2.44.3-150600.12.9.1
* WebKitGTK-4.0-lang-2.44.3-150600.12.9.1
* WebKitGTK-4.1-lang-2.44.3-150600.12.9.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* typelib-1_0-WebKit2-4_0-2.44.3-150600.12.9.1
* libjavascriptcoregtk-4_1-0-2.44.3-150600.12.9.1
* webkit2gtk4-minibrowser-debuginfo-2.44.3-150600.12.9.1
* webkit2gtk-4_0-injected-bundles-2.44.3-150600.12.9.1
* libjavascriptcoregtk-4_0-18-2.44.3-150600.12.9.1
* webkit2gtk3-soup2-devel-2.44.3-150600.12.9.1
* webkit2gtk-4_1-injected-bundles-2.44.3-150600.12.9.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.44.3-150600.12.9.1
* webkit2gtk3-soup2-minibrowser-debuginfo-2.44.3-150600.12.9.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.44.3-150600.12.9.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.44.3-150600.12.9.1
* webkit2gtk3-soup2-debugsource-2.44.3-150600.12.9.1
* libwebkit2gtk-4_0-37-2.44.3-150600.12.9.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-150600.12.9.1
* typelib-1_0-WebKit2WebExtension-4_0-2.44.3-150600.12.9.1
* typelib-1_0-JavaScriptCore-4_0-2.44.3-150600.12.9.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-150600.12.9.1
* webkit2gtk4-devel-2.44.3-150600.12.9.1
* webkitgtk-6_0-injected-bundles-2.44.3-150600.12.9.1
* webkit2gtk3-soup2-minibrowser-2.44.3-150600.12.9.1
* typelib-1_0-WebKit-6_0-2.44.3-150600.12.9.1
* libwebkit2gtk-4_0-37-debuginfo-2.44.3-150600.12.9.1
* webkit-jsc-6.0-debuginfo-2.44.3-150600.12.9.1
* webkit2gtk4-debugsource-2.44.3-150600.12.9.1
* libwebkitgtk-6_0-4-debuginfo-2.44.3-150600.12.9.1
* webkit2gtk3-debugsource-2.44.3-150600.12.9.1
* webkit2gtk3-minibrowser-2.44.3-150600.12.9.1
* typelib-1_0-JavaScriptCore-4_1-2.44.3-150600.12.9.1
* webkit2gtk3-devel-2.44.3-150600.12.9.1
* libwebkit2gtk-4_1-0-2.44.3-150600.12.9.1
* webkit2gtk4-minibrowser-2.44.3-150600.12.9.1
* libwebkit2gtk-4_1-0-debuginfo-2.44.3-150600.12.9.1
* webkit-jsc-4-debuginfo-2.44.3-150600.12.9.1
* typelib-1_0-WebKit2-4_1-2.44.3-150600.12.9.1
* libwebkitgtk-6_0-4-2.44.3-150600.12.9.1
* libjavascriptcoregtk-6_0-1-2.44.3-150600.12.9.1
* webkit-jsc-4.1-debuginfo-2.44.3-150600.12.9.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.44.3-150600.12.9.1
* typelib-1_0-JavaScriptCore-6_0-2.44.3-150600.12.9.1
* webkit-jsc-6.0-2.44.3-150600.12.9.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.44.3-150600.12.9.1
* typelib-1_0-WebKit2WebExtension-4_1-2.44.3-150600.12.9.1
* webkit-jsc-4.1-2.44.3-150600.12.9.1
* webkit2gtk3-minibrowser-debuginfo-2.44.3-150600.12.9.1
* webkit-jsc-4-2.44.3-150600.12.9.1
* openSUSE Leap 15.6 (x86_64)
* libjavascriptcoregtk-4_1-0-32bit-2.44.3-150600.12.9.1
* libwebkit2gtk-4_1-0-32bit-2.44.3-150600.12.9.1
* libwebkit2gtk-4_0-37-32bit-debuginfo-2.44.3-150600.12.9.1
* libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.44.3-150600.12.9.1
* libwebkit2gtk-4_0-37-32bit-2.44.3-150600.12.9.1
* libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.44.3-150600.12.9.1
* libwebkit2gtk-4_1-0-32bit-debuginfo-2.44.3-150600.12.9.1
* libjavascriptcoregtk-4_0-18-32bit-2.44.3-150600.12.9.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.44.3-150600.12.9.1
* libwebkit2gtk-4_1-0-64bit-debuginfo-2.44.3-150600.12.9.1
* libjavascriptcoregtk-4_1-0-64bit-2.44.3-150600.12.9.1
* libwebkit2gtk-4_0-37-64bit-debuginfo-2.44.3-150600.12.9.1
* libwebkit2gtk-4_1-0-64bit-2.44.3-150600.12.9.1
* libwebkit2gtk-4_0-37-64bit-2.44.3-150600.12.9.1
* libjavascriptcoregtk-4_0-18-64bit-2.44.3-150600.12.9.1
* libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.44.3-150600.12.9.1
* Basesystem Module 15-SP6 (noarch)
* WebKitGTK-6.0-lang-2.44.3-150600.12.9.1
* WebKitGTK-4.0-lang-2.44.3-150600.12.9.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libjavascriptcoregtk-6_0-1-2.44.3-150600.12.9.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.44.3-150600.12.9.1
* libwebkit2gtk-4_0-37-debuginfo-2.44.3-150600.12.9.1
* typelib-1_0-WebKit2-4_0-2.44.3-150600.12.9.1
* webkit2gtk4-debugsource-2.44.3-150600.12.9.1
* libwebkitgtk-6_0-4-debuginfo-2.44.3-150600.12.9.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.44.3-150600.12.9.1
* libwebkitgtk-6_0-4-2.44.3-150600.12.9.1
* webkit2gtk-4_0-injected-bundles-2.44.3-150600.12.9.1
* webkit2gtk3-soup2-debugsource-2.44.3-150600.12.9.1
* libwebkit2gtk-4_0-37-2.44.3-150600.12.9.1
* webkit2gtk3-soup2-devel-2.44.3-150600.12.9.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-150600.12.9.1
* typelib-1_0-WebKit2WebExtension-4_0-2.44.3-150600.12.9.1
* typelib-1_0-JavaScriptCore-4_0-2.44.3-150600.12.9.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-150600.12.9.1
* webkitgtk-6_0-injected-bundles-2.44.3-150600.12.9.1
* libjavascriptcoregtk-4_0-18-2.44.3-150600.12.9.1
* Desktop Applications Module 15-SP6 (noarch)
* WebKitGTK-4.1-lang-2.44.3-150600.12.9.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libjavascriptcoregtk-4_1-0-2.44.3-150600.12.9.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.44.3-150600.12.9.1
* webkit2gtk3-debugsource-2.44.3-150600.12.9.1
* typelib-1_0-JavaScriptCore-4_1-2.44.3-150600.12.9.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.44.3-150600.12.9.1
* typelib-1_0-WebKit2WebExtension-4_1-2.44.3-150600.12.9.1
* libwebkit2gtk-4_1-0-2.44.3-150600.12.9.1
* webkit2gtk3-devel-2.44.3-150600.12.9.1
* libwebkit2gtk-4_1-0-debuginfo-2.44.3-150600.12.9.1
* webkit2gtk-4_1-injected-bundles-2.44.3-150600.12.9.1
* typelib-1_0-WebKit2-4_1-2.44.3-150600.12.9.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* typelib-1_0-WebKit-6_0-2.44.3-150600.12.9.1
* webkit2gtk4-debugsource-2.44.3-150600.12.9.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.44.3-150600.12.9.1
* typelib-1_0-JavaScriptCore-6_0-2.44.3-150600.12.9.1
* webkit2gtk4-devel-2.44.3-150600.12.9.1

## References:

* https://www.suse.com/security/cve/CVE-2024-40776.html
* https://www.suse.com/security/cve/CVE-2024-40779.html
* https://www.suse.com/security/cve/CVE-2024-40780.html
* https://www.suse.com/security/cve/CVE-2024-40782.html
* https://www.suse.com/security/cve/CVE-2024-40785.html
* https://www.suse.com/security/cve/CVE-2024-40789.html
* https://www.suse.com/security/cve/CVE-2024-40794.html
* https://www.suse.com/security/cve/CVE-2024-4558.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228696
* https://bugzilla.suse.com/show_bug.cgi?id=1228697
* https://bugzilla.suse.com/show_bug.cgi?id=1228698



SUSE-SU-2024:3112-1: important: Security update for MozillaThunderbird


# Security update for MozillaThunderbird

Announcement ID: SUSE-SU-2024:3112-1
Rating: important
References:

* bsc#1228648

Cross-References:

* CVE-2024-7519
* CVE-2024-7521
* CVE-2024-7522
* CVE-2024-7525
* CVE-2024-7526
* CVE-2024-7527
* CVE-2024-7529

CVSS scores:

* CVE-2024-7519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-7519 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-7521 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-7521 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-7522 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
* CVE-2024-7522 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-7525 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-7525 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2024-7526 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
* CVE-2024-7526 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2024-7527 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-7527 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-7529 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2024-7529 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP6
* SUSE Package Hub 15 15-SP5
* SUSE Package Hub 15 15-SP6

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for MozillaThunderbird fixes the following issues:

* Mozilla Thunderbird 115.14
* fixed: When using an external installation of GnuPG, Thunderbird
occassionally sent/received corrupted messages
* fixed: Users of external GnuPG were unable to decrypt incorrectly encoded
messages (bmo#1906903)
* fixed: Flatpak install of 128.0esr was incorrectly downgraded to 115.13.0esr
(bmo#1908299)
* fixed: Security fixes MFSA 2024-38 (bsc#1228648)
* CVE-2024-7519: Out of bounds memory access in graphics shared memory
handling
* CVE-2024-7521: Incomplete WebAssembly exception handing
* CVE-2024-7522: Out of bounds read in editor component
* CVE-2024-7525: Missing permission check when creating a StreamFilter
* CVE-2024-7526: Uninitialized memory used by WebGL
* CVE-2024-7527: Use-after-free in JavaScript garbage collection
* CVE-2024-7529: Document content could partially obscure security prompts

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3112=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3112=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3112=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3112=1

* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-3112=1

* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-3112=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3112=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* MozillaThunderbird-115.14.0-150200.8.174.1
* MozillaThunderbird-translations-other-115.14.0-150200.8.174.1
* MozillaThunderbird-translations-common-115.14.0-150200.8.174.1
* MozillaThunderbird-debugsource-115.14.0-150200.8.174.1
* MozillaThunderbird-debuginfo-115.14.0-150200.8.174.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x)
* MozillaThunderbird-115.14.0-150200.8.174.1
* MozillaThunderbird-translations-other-115.14.0-150200.8.174.1
* MozillaThunderbird-translations-common-115.14.0-150200.8.174.1
* MozillaThunderbird-debugsource-115.14.0-150200.8.174.1
* MozillaThunderbird-debuginfo-115.14.0-150200.8.174.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x)
* MozillaThunderbird-115.14.0-150200.8.174.1
* MozillaThunderbird-translations-other-115.14.0-150200.8.174.1
* MozillaThunderbird-translations-common-115.14.0-150200.8.174.1
* MozillaThunderbird-debugsource-115.14.0-150200.8.174.1
* MozillaThunderbird-debuginfo-115.14.0-150200.8.174.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* MozillaThunderbird-115.14.0-150200.8.174.1
* MozillaThunderbird-translations-other-115.14.0-150200.8.174.1
* MozillaThunderbird-translations-common-115.14.0-150200.8.174.1
* MozillaThunderbird-debugsource-115.14.0-150200.8.174.1
* MozillaThunderbird-debuginfo-115.14.0-150200.8.174.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* MozillaThunderbird-115.14.0-150200.8.174.1
* MozillaThunderbird-translations-other-115.14.0-150200.8.174.1
* MozillaThunderbird-translations-common-115.14.0-150200.8.174.1
* MozillaThunderbird-debugsource-115.14.0-150200.8.174.1
* MozillaThunderbird-debuginfo-115.14.0-150200.8.174.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* MozillaThunderbird-115.14.0-150200.8.174.1
* MozillaThunderbird-translations-other-115.14.0-150200.8.174.1
* MozillaThunderbird-translations-common-115.14.0-150200.8.174.1
* MozillaThunderbird-debugsource-115.14.0-150200.8.174.1
* MozillaThunderbird-debuginfo-115.14.0-150200.8.174.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* MozillaThunderbird-115.14.0-150200.8.174.1
* MozillaThunderbird-translations-other-115.14.0-150200.8.174.1
* MozillaThunderbird-translations-common-115.14.0-150200.8.174.1
* MozillaThunderbird-debugsource-115.14.0-150200.8.174.1
* MozillaThunderbird-debuginfo-115.14.0-150200.8.174.1

## References:

* https://www.suse.com/security/cve/CVE-2024-7519.html
* https://www.suse.com/security/cve/CVE-2024-7521.html
* https://www.suse.com/security/cve/CVE-2024-7522.html
* https://www.suse.com/security/cve/CVE-2024-7525.html
* https://www.suse.com/security/cve/CVE-2024-7526.html
* https://www.suse.com/security/cve/CVE-2024-7527.html
* https://www.suse.com/security/cve/CVE-2024-7529.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228648



SUSE-SU-2024:3111-1: low: Security update for unbound


# Security update for unbound

Announcement ID: SUSE-SU-2024:3111-1
Rating: low
References:

* bsc#1229068

Cross-References:

* CVE-2024-43167

CVSS scores:

* CVE-2024-43167 ( SUSE ): 2.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-43167 ( SUSE ): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for unbound fixes the following issues:

* CVE-2024-43167: Fix null pointer dereference issue in function
ub_ctx_set_fwd (bsc#1229068)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3111=1 openSUSE-SLE-15.6-2024-3111=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3111=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3111=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libunbound8-debuginfo-1.20.0-150600.23.6.1
* libunbound-devel-mini-debugsource-1.20.0-150600.23.6.1
* unbound-python-debuginfo-1.20.0-150600.23.6.1
* libunbound8-1.20.0-150600.23.6.1
* unbound-anchor-debuginfo-1.20.0-150600.23.6.1
* unbound-python-1.20.0-150600.23.6.1
* libunbound-devel-mini-debuginfo-1.20.0-150600.23.6.1
* unbound-debuginfo-1.20.0-150600.23.6.1
* unbound-devel-1.20.0-150600.23.6.1
* unbound-anchor-1.20.0-150600.23.6.1
* unbound-1.20.0-150600.23.6.1
* libunbound-devel-mini-1.20.0-150600.23.6.1
* unbound-debugsource-1.20.0-150600.23.6.1
* openSUSE Leap 15.6 (noarch)
* unbound-munin-1.20.0-150600.23.6.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libunbound8-debuginfo-1.20.0-150600.23.6.1
* unbound-anchor-debuginfo-1.20.0-150600.23.6.1
* libunbound8-1.20.0-150600.23.6.1
* unbound-debuginfo-1.20.0-150600.23.6.1
* unbound-devel-1.20.0-150600.23.6.1
* unbound-anchor-1.20.0-150600.23.6.1
* unbound-debugsource-1.20.0-150600.23.6.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* unbound-python-debuginfo-1.20.0-150600.23.6.1
* unbound-python-1.20.0-150600.23.6.1
* unbound-debuginfo-1.20.0-150600.23.6.1
* unbound-1.20.0-150600.23.6.1
* unbound-debugsource-1.20.0-150600.23.6.1

## References:

* https://www.suse.com/security/cve/CVE-2024-43167.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229068



SUSE-SU-2024:3115-1: moderate: Security update for tiff


# Security update for tiff

Announcement ID: SUSE-SU-2024:3115-1
Rating: moderate
References:

* bsc#1228924

Cross-References:

* CVE-2024-7006

CVSS scores:

* CVE-2024-7006 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-7006 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-7006 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP5
* Basesystem Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for tiff fixes the following issues:

* CVE-2024-7006: Fixed null pointer dereference in tif_dirinfo.c (bsc#1228924)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap Micro 5.5
zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3115=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3115=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3115=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3115=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3115=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3115=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-3115=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3115=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3115=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3115=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3115=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3115=1

## Package List:

* openSUSE Leap Micro 5.5 (aarch64 s390x x86_64)
* tiff-debuginfo-4.0.9-150000.45.47.1
* tiff-debugsource-4.0.9-150000.45.47.1
* libtiff5-debuginfo-4.0.9-150000.45.47.1
* libtiff5-4.0.9-150000.45.47.1
* openSUSE Leap 15.5 (x86_64)
* libtiff-devel-32bit-4.0.9-150000.45.47.1
* libtiff5-32bit-debuginfo-4.0.9-150000.45.47.1
* libtiff5-32bit-4.0.9-150000.45.47.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.47.1
* libtiff5-4.0.9-150000.45.47.1
* tiff-debugsource-4.0.9-150000.45.47.1
* tiff-debuginfo-4.0.9-150000.45.47.1
* libtiff-devel-4.0.9-150000.45.47.1
* tiff-4.0.9-150000.45.47.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* tiff-debuginfo-4.0.9-150000.45.47.1
* tiff-debugsource-4.0.9-150000.45.47.1
* libtiff5-debuginfo-4.0.9-150000.45.47.1
* libtiff5-4.0.9-150000.45.47.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* tiff-debuginfo-4.0.9-150000.45.47.1
* tiff-debugsource-4.0.9-150000.45.47.1
* libtiff5-debuginfo-4.0.9-150000.45.47.1
* libtiff5-4.0.9-150000.45.47.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* tiff-debuginfo-4.0.9-150000.45.47.1
* tiff-debugsource-4.0.9-150000.45.47.1
* libtiff5-debuginfo-4.0.9-150000.45.47.1
* libtiff5-4.0.9-150000.45.47.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* tiff-debuginfo-4.0.9-150000.45.47.1
* tiff-debugsource-4.0.9-150000.45.47.1
* libtiff5-debuginfo-4.0.9-150000.45.47.1
* libtiff5-4.0.9-150000.45.47.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* tiff-debuginfo-4.0.9-150000.45.47.1
* tiff-debugsource-4.0.9-150000.45.47.1
* libtiff5-debuginfo-4.0.9-150000.45.47.1
* libtiff5-4.0.9-150000.45.47.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libtiff5-debuginfo-4.0.9-150000.45.47.1
* tiff-debugsource-4.0.9-150000.45.47.1
* libtiff5-4.0.9-150000.45.47.1
* tiff-debuginfo-4.0.9-150000.45.47.1
* libtiff-devel-4.0.9-150000.45.47.1
* Basesystem Module 15-SP5 (x86_64)
* libtiff5-32bit-debuginfo-4.0.9-150000.45.47.1
* libtiff5-32bit-4.0.9-150000.45.47.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* tiff-debuginfo-4.0.9-150000.45.47.1
* tiff-debugsource-4.0.9-150000.45.47.1
* libtiff5-debuginfo-4.0.9-150000.45.47.1
* libtiff5-4.0.9-150000.45.47.1
* Basesystem Module 15-SP6 (x86_64)
* libtiff5-32bit-debuginfo-4.0.9-150000.45.47.1
* libtiff5-32bit-4.0.9-150000.45.47.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* tiff-debuginfo-4.0.9-150000.45.47.1
* tiff-debugsource-4.0.9-150000.45.47.1
* tiff-4.0.9-150000.45.47.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* tiff-debuginfo-4.0.9-150000.45.47.1
* tiff-debugsource-4.0.9-150000.45.47.1
* libtiff5-debuginfo-4.0.9-150000.45.47.1
* libtiff5-4.0.9-150000.45.47.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* tiff-debuginfo-4.0.9-150000.45.47.1
* tiff-debugsource-4.0.9-150000.45.47.1
* libtiff5-debuginfo-4.0.9-150000.45.47.1
* libtiff5-4.0.9-150000.45.47.1

## References:

* https://www.suse.com/security/cve/CVE-2024-7006.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228924



SUSE-SU-2024:3114-1: moderate: Security update for ffmpeg


# Security update for ffmpeg

Announcement ID: SUSE-SU-2024:3114-1
Rating: moderate
References:

* bsc#1186607
* bsc#1189428
* bsc#1223304

Cross-References:

* CVE-2020-22027
* CVE-2021-38291
* CVE-2023-51798

CVSS scores:

* CVE-2020-22027 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2020-22027 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2021-38291 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2021-38291 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-51798 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* Desktop Applications Module 15-SP5
* Desktop Applications Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP6
* SUSE Package Hub 15 15-SP5
* SUSE Package Hub 15 15-SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for ffmpeg fixes the following issues:

* CVE-2020-22027: Fixed heap-based Buffer Overflow vulnerability exits in
deflate16 at libavfilter/vf_neighbor.c (bsc#1186607)
* CVE-2021-38291: Fixed an assertion failure at src/libavutil/mathematics.c
(bsc#1189428)
* CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate
function (bsc#1223304)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3114=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3114=1

* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-3114=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-3114=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3114=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3114=1

* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-3114=1

* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-3114=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* libavcodec57-3.4.2-150200.11.57.1
* libswscale-devel-3.4.2-150200.11.57.1
* libavformat-devel-3.4.2-150200.11.57.1
* libavcodec-devel-3.4.2-150200.11.57.1
* ffmpeg-private-devel-3.4.2-150200.11.57.1
* libswresample2-debuginfo-3.4.2-150200.11.57.1
* libpostproc54-3.4.2-150200.11.57.1
* libavresample3-3.4.2-150200.11.57.1
* libavformat57-debuginfo-3.4.2-150200.11.57.1
* libavformat57-3.4.2-150200.11.57.1
* libavfilter6-3.4.2-150200.11.57.1
* libswresample2-3.4.2-150200.11.57.1
* ffmpeg-debugsource-3.4.2-150200.11.57.1
* libavutil-devel-3.4.2-150200.11.57.1
* libavcodec57-debuginfo-3.4.2-150200.11.57.1
* libavdevice57-debuginfo-3.4.2-150200.11.57.1
* libavresample-devel-3.4.2-150200.11.57.1
* libpostproc54-debuginfo-3.4.2-150200.11.57.1
* libavdevice57-3.4.2-150200.11.57.1
* libavresample3-debuginfo-3.4.2-150200.11.57.1
* libpostproc-devel-3.4.2-150200.11.57.1
* libswresample-devel-3.4.2-150200.11.57.1
* libavdevice-devel-3.4.2-150200.11.57.1
* libavutil55-debuginfo-3.4.2-150200.11.57.1
* libswscale4-3.4.2-150200.11.57.1
* libavfilter-devel-3.4.2-150200.11.57.1
* ffmpeg-debuginfo-3.4.2-150200.11.57.1
* ffmpeg-3.4.2-150200.11.57.1
* libavfilter6-debuginfo-3.4.2-150200.11.57.1
* libavutil55-3.4.2-150200.11.57.1
* libswscale4-debuginfo-3.4.2-150200.11.57.1
* openSUSE Leap 15.5 (x86_64)
* libavformat57-32bit-debuginfo-3.4.2-150200.11.57.1
* libavresample3-32bit-debuginfo-3.4.2-150200.11.57.1
* libswscale4-32bit-3.4.2-150200.11.57.1
* libpostproc54-32bit-3.4.2-150200.11.57.1
* libavcodec57-32bit-debuginfo-3.4.2-150200.11.57.1
* libavfilter6-32bit-debuginfo-3.4.2-150200.11.57.1
* libswresample2-32bit-debuginfo-3.4.2-150200.11.57.1
* libavutil55-32bit-debuginfo-3.4.2-150200.11.57.1
* libswresample2-32bit-3.4.2-150200.11.57.1
* libpostproc54-32bit-debuginfo-3.4.2-150200.11.57.1
* libavdevice57-32bit-3.4.2-150200.11.57.1
* libavutil55-32bit-3.4.2-150200.11.57.1
* libavcodec57-32bit-3.4.2-150200.11.57.1
* libavresample3-32bit-3.4.2-150200.11.57.1
* libavfilter6-32bit-3.4.2-150200.11.57.1
* libavdevice57-32bit-debuginfo-3.4.2-150200.11.57.1
* libavformat57-32bit-3.4.2-150200.11.57.1
* libswscale4-32bit-debuginfo-3.4.2-150200.11.57.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libavcodec57-3.4.2-150200.11.57.1
* libswscale-devel-3.4.2-150200.11.57.1
* libavformat-devel-3.4.2-150200.11.57.1
* libavcodec-devel-3.4.2-150200.11.57.1
* ffmpeg-private-devel-3.4.2-150200.11.57.1
* libswresample2-debuginfo-3.4.2-150200.11.57.1
* libpostproc54-3.4.2-150200.11.57.1
* libavresample3-3.4.2-150200.11.57.1
* libavformat57-debuginfo-3.4.2-150200.11.57.1
* libavformat57-3.4.2-150200.11.57.1
* libavfilter6-3.4.2-150200.11.57.1
* libswresample2-3.4.2-150200.11.57.1
* ffmpeg-debugsource-3.4.2-150200.11.57.1
* libavutil-devel-3.4.2-150200.11.57.1
* libavcodec57-debuginfo-3.4.2-150200.11.57.1
* libavdevice57-debuginfo-3.4.2-150200.11.57.1
* libavresample-devel-3.4.2-150200.11.57.1
* libpostproc54-debuginfo-3.4.2-150200.11.57.1
* libavdevice57-3.4.2-150200.11.57.1
* libavresample3-debuginfo-3.4.2-150200.11.57.1
* libpostproc-devel-3.4.2-150200.11.57.1
* libswresample-devel-3.4.2-150200.11.57.1
* libavdevice-devel-3.4.2-150200.11.57.1
* libavutil55-debuginfo-3.4.2-150200.11.57.1
* libswscale4-3.4.2-150200.11.57.1
* libavfilter-devel-3.4.2-150200.11.57.1
* ffmpeg-debuginfo-3.4.2-150200.11.57.1
* ffmpeg-3.4.2-150200.11.57.1
* libavfilter6-debuginfo-3.4.2-150200.11.57.1
* libavutil55-3.4.2-150200.11.57.1
* libswscale4-debuginfo-3.4.2-150200.11.57.1
* openSUSE Leap 15.6 (x86_64)
* libavformat57-32bit-debuginfo-3.4.2-150200.11.57.1
* libavresample3-32bit-debuginfo-3.4.2-150200.11.57.1
* libswscale4-32bit-3.4.2-150200.11.57.1
* libpostproc54-32bit-3.4.2-150200.11.57.1
* libavcodec57-32bit-debuginfo-3.4.2-150200.11.57.1
* libavfilter6-32bit-debuginfo-3.4.2-150200.11.57.1
* libswresample2-32bit-debuginfo-3.4.2-150200.11.57.1
* libavutil55-32bit-debuginfo-3.4.2-150200.11.57.1
* libswresample2-32bit-3.4.2-150200.11.57.1
* libpostproc54-32bit-debuginfo-3.4.2-150200.11.57.1
* libavdevice57-32bit-3.4.2-150200.11.57.1
* libavutil55-32bit-3.4.2-150200.11.57.1
* libavcodec57-32bit-3.4.2-150200.11.57.1
* libavresample3-32bit-3.4.2-150200.11.57.1
* libavfilter6-32bit-3.4.2-150200.11.57.1
* libavdevice57-32bit-debuginfo-3.4.2-150200.11.57.1
* libavformat57-32bit-3.4.2-150200.11.57.1
* libswscale4-32bit-debuginfo-3.4.2-150200.11.57.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libavcodec57-3.4.2-150200.11.57.1
* libavcodec57-debuginfo-3.4.2-150200.11.57.1
* libswscale-devel-3.4.2-150200.11.57.1
* libavutil55-debuginfo-3.4.2-150200.11.57.1
* libswscale4-debuginfo-3.4.2-150200.11.57.1
* libswresample2-3.4.2-150200.11.57.1
* libswscale4-3.4.2-150200.11.57.1
* libpostproc54-debuginfo-3.4.2-150200.11.57.1
* ffmpeg-debuginfo-3.4.2-150200.11.57.1
* libswresample2-debuginfo-3.4.2-150200.11.57.1
* libpostproc-devel-3.4.2-150200.11.57.1
* libpostproc54-3.4.2-150200.11.57.1
* libavutil55-3.4.2-150200.11.57.1
* ffmpeg-debugsource-3.4.2-150200.11.57.1
* libavutil-devel-3.4.2-150200.11.57.1
* libswresample-devel-3.4.2-150200.11.57.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libavcodec57-3.4.2-150200.11.57.1
* libavcodec57-debuginfo-3.4.2-150200.11.57.1
* libswscale-devel-3.4.2-150200.11.57.1
* libavutil55-debuginfo-3.4.2-150200.11.57.1
* libswscale4-debuginfo-3.4.2-150200.11.57.1
* libswresample2-3.4.2-150200.11.57.1
* libswscale4-3.4.2-150200.11.57.1
* libpostproc54-debuginfo-3.4.2-150200.11.57.1
* ffmpeg-debuginfo-3.4.2-150200.11.57.1
* libswresample2-debuginfo-3.4.2-150200.11.57.1
* libpostproc-devel-3.4.2-150200.11.57.1
* libpostproc54-3.4.2-150200.11.57.1
* libavutil55-3.4.2-150200.11.57.1
* ffmpeg-debugsource-3.4.2-150200.11.57.1
* libavutil-devel-3.4.2-150200.11.57.1
* libswresample-devel-3.4.2-150200.11.57.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* libavformat57-debuginfo-3.4.2-150200.11.57.1
* libavformat57-3.4.2-150200.11.57.1
* libavfilter6-3.4.2-150200.11.57.1
* libavdevice57-debuginfo-3.4.2-150200.11.57.1
* ffmpeg-debuginfo-3.4.2-150200.11.57.1
* ffmpeg-3.4.2-150200.11.57.1
* libavdevice57-3.4.2-150200.11.57.1
* libavresample3-debuginfo-3.4.2-150200.11.57.1
* libavfilter6-debuginfo-3.4.2-150200.11.57.1
* libavresample3-3.4.2-150200.11.57.1
* ffmpeg-debugsource-3.4.2-150200.11.57.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* libavformat57-debuginfo-3.4.2-150200.11.57.1
* libavformat57-3.4.2-150200.11.57.1
* libavfilter6-3.4.2-150200.11.57.1
* libavdevice57-debuginfo-3.4.2-150200.11.57.1
* ffmpeg-debuginfo-3.4.2-150200.11.57.1
* ffmpeg-3.4.2-150200.11.57.1
* libavdevice57-3.4.2-150200.11.57.1
* libavresample3-debuginfo-3.4.2-150200.11.57.1
* libavfilter6-debuginfo-3.4.2-150200.11.57.1
* libavresample3-3.4.2-150200.11.57.1
* ffmpeg-debugsource-3.4.2-150200.11.57.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* libavformat57-debuginfo-3.4.2-150200.11.57.1
* libavformat57-3.4.2-150200.11.57.1
* libavformat-devel-3.4.2-150200.11.57.1
* libavresample-devel-3.4.2-150200.11.57.1
* libavcodec-devel-3.4.2-150200.11.57.1
* ffmpeg-debuginfo-3.4.2-150200.11.57.1
* libavresample3-debuginfo-3.4.2-150200.11.57.1
* libavresample3-3.4.2-150200.11.57.1
* ffmpeg-debugsource-3.4.2-150200.11.57.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* libavformat57-debuginfo-3.4.2-150200.11.57.1
* libavformat57-3.4.2-150200.11.57.1
* libavformat-devel-3.4.2-150200.11.57.1
* libavresample-devel-3.4.2-150200.11.57.1
* libavcodec-devel-3.4.2-150200.11.57.1
* ffmpeg-debuginfo-3.4.2-150200.11.57.1
* libavresample3-debuginfo-3.4.2-150200.11.57.1
* libavresample3-3.4.2-150200.11.57.1
* ffmpeg-debugsource-3.4.2-150200.11.57.1

## References:

* https://www.suse.com/security/cve/CVE-2020-22027.html
* https://www.suse.com/security/cve/CVE-2021-38291.html
* https://www.suse.com/security/cve/CVE-2023-51798.html
* https://bugzilla.suse.com/show_bug.cgi?id=1186607
* https://bugzilla.suse.com/show_bug.cgi?id=1189428
* https://bugzilla.suse.com/show_bug.cgi?id=1223304



SUSE-SU-2024:3117-1: moderate: Security update for tiff


# Security update for tiff

Announcement ID: SUSE-SU-2024:3117-1
Rating: moderate
References:

* bsc#1228924

Cross-References:

* CVE-2024-7006

CVSS scores:

* CVE-2024-7006 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-7006 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-7006 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for tiff fixes the following issues:

* CVE-2024-7006: Fixed null pointer dereference in tif_dirinfo.c (bsc#1228924)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3117=1 openSUSE-SLE-15.6-2024-3117=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3117=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3117=1

## Package List:

* openSUSE Leap 15.6 (x86_64)
* libtiff-devel-32bit-4.6.0-150600.3.3.1
* libtiff6-32bit-4.6.0-150600.3.3.1
* libtiff6-32bit-debuginfo-4.6.0-150600.3.3.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libtiff-devel-4.6.0-150600.3.3.1
* libtiff6-4.6.0-150600.3.3.1
* tiff-4.6.0-150600.3.3.1
* tiff-debuginfo-4.6.0-150600.3.3.1
* libtiff6-debuginfo-4.6.0-150600.3.3.1
* tiff-debugsource-4.6.0-150600.3.3.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libtiff-devel-64bit-4.6.0-150600.3.3.1
* libtiff6-64bit-4.6.0-150600.3.3.1
* libtiff6-64bit-debuginfo-4.6.0-150600.3.3.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libtiff-devel-4.6.0-150600.3.3.1
* libtiff6-4.6.0-150600.3.3.1
* tiff-debuginfo-4.6.0-150600.3.3.1
* libtiff6-debuginfo-4.6.0-150600.3.3.1
* tiff-debugsource-4.6.0-150600.3.3.1
* Basesystem Module 15-SP6 (x86_64)
* libtiff6-32bit-4.6.0-150600.3.3.1
* libtiff6-32bit-debuginfo-4.6.0-150600.3.3.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* tiff-debugsource-4.6.0-150600.3.3.1
* tiff-4.6.0-150600.3.3.1
* tiff-debuginfo-4.6.0-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-7006.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228924



SUSE-SU-2024:3116-1: moderate: Security update for python-WebOb


# Security update for python-WebOb

Announcement ID: SUSE-SU-2024:3116-1
Rating: moderate
References:

* bsc#1229221

Cross-References:

* CVE-2024-42353

CVSS scores:

* CVE-2024-42353 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2024-42353 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products:

* Basesystem Module 15-SP5
* Basesystem Module 15-SP6
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP5
* SUSE Package Hub 15 15-SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for python-WebOb fixes the following issues:

* CVE-2024-42353: Fixed open redirect via WebOb's Response object in Location
header (bsc#1229221)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3116=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3116=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3116=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3116=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3116=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* python-WebOb-doc-1.7.4-150000.3.3.1
* python3-WebOb-1.7.4-150000.3.3.1
* Basesystem Module 15-SP5 (noarch)
* python3-WebOb-1.7.4-150000.3.3.1
* Basesystem Module 15-SP6 (noarch)
* python3-WebOb-1.7.4-150000.3.3.1
* SUSE Package Hub 15 15-SP5 (noarch)
* python2-WebOb-1.7.4-150000.3.3.1
* SUSE Package Hub 15 15-SP6 (noarch)
* python2-WebOb-1.7.4-150000.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-42353.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229221



SUSE-SU-2024:3120-1: critical: Security update for buildah, docker


# Security update for buildah, docker

Announcement ID: SUSE-SU-2024:3120-1
Rating: critical
References:

* bsc#1214855
* bsc#1219267
* bsc#1219268
* bsc#1219438
* bsc#1221243
* bsc#1221677
* bsc#1221916
* bsc#1223409
* bsc#1224117
* bsc#1228324

Cross-References:

* CVE-2024-1753
* CVE-2024-23651
* CVE-2024-23652
* CVE-2024-23653
* CVE-2024-24786
* CVE-2024-28180
* CVE-2024-3727
* CVE-2024-41110

CVSS scores:

* CVE-2024-1753 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-23651 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23651 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-23652 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-23652 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-23653 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-23653 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-24786 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-3727 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2024-41110 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* Containers Module 15-SP5
* Containers Module 15-SP6
* openSUSE Leap 15.3
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* openSUSE Leap Micro 5.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves eight vulnerabilities and has two security fixes can now
be installed.

## Description:

This update for buildah, docker fixes the following issues:

Changes in docker: \- CVE-2024-23651: Fixed arbitrary files write due to race
condition on mounts (bsc#1219267) \- CVE-2024-23652: Fixed insufficient
validation of parent directory on mount (bsc#1219268) \- CVE-2024-23653: Fixed
insufficient validation on entitlement on container creation via buildkit
(bsc#1219438) \- CVE-2024-41110: A Authz zero length regression that could lead
to authentication bypass was fixed (bsc#1228324)

Other fixes:

* Update to Docker 25.0.6-ce. See upstream changelog online at
( https://docs.docker.com/engine/release-notes/25.0/#2506)
* Update to Docker 25.0.5-ce (bsc#1223409)

* Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. (bsc#1221916)

* Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. (bsc#1214855)

Changes in buildah: \- Update to version 1.35.4: * [release-1.35] Bump to
Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) *
integration test: handle new labels in "bud and test --unsetlabel" *
[release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and
go-jose CVE-2024-28180

* Update to version 1.35.3:
* [release-1.35] Bump to Buildah v1.35.3
* [release-1.35] correctly configure /etc/hosts and resolv.conf
* [release-1.35] buildah: refactor resolv/hosts setup.
* [release-1.35] rename the hostFile var to reflect
* [release-1.35] Bump c/common to v0.58.1
* [release-1.35] Bump Buildah to v1.35.2
* [release-1.35] CVE-2024-24786 protobuf to 1.33
* [release-1.35] Bump to v1.35.2-dev

* Update to version 1.35.1:

* [release-1.35] Bump to v1.35.1
* [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677)

* Buildah dropped cni support, require netavark instead (bsc#1221243)

* Remove obsolete requires libcontainers-image & libcontainers-storage

* Require passt for rootless networking (poo#156955) Buildah moved to
passt/pasta for rootless networking from slirp4netns
( https://github.com/containers/common/pull/1846)

* Update to version 1.35.0:

* Bump v1.35.0
* Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0
* conformance tests: don't break on trailing zeroes in layer blobs
* Add a conformance test for copying to a mounted prior stage
* fix(deps): update module github.com/stretchr/testify to v1.9.0
* cgroups: reuse version check from c/common
* Update vendor of containers/(common,image)
* fix(deps): update github.com/containers/storage digest to eadc620
* fix(deps): update github.com/containers/luksy digest to ceb12d4
* fix(deps): update github.com/containers/image/v5 digest to cdc6802
* manifest add: complain if we get artifact flags without --artifact
* Use retry logic from containers/common
* Vendor in containers/(storage,image,common)
* Update module golang.org/x/crypto to v0.20.0
* Add comment re: Total Success task name
* tests: skip_if_no_unshare(): check for --setuid
* Properly handle build --pull=false
* [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
* Update module go.etcd.io/bbolt to v1.3.9
* Revert "Reduce official image size"
* Update module github.com/opencontainers/image-spec to v1.1.0
* Reduce official image size
* Build with CNI support on FreeBSD
* build --all-platforms: skip some base "image" platforms
* Bump main to v1.35.0-dev
* Vendor in latest containers/(storage,image,common)
* Split up error messages for missing --sbom related flags
* `buildah manifest`: add artifact-related options
* cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
* cmd/buildah/manifest.go: don't make struct declarations aliases
* Use golang.org/x/exp/slices.Contains
* Disable loong64 again
* Fix a couple of typos in one-line comments
* egrep is obsolescent; use grep -E
* Try Cirrus with a newer VM version
* Set CONTAINERS_CONF in the chroot-mount-flags integration test
* Update to match dependency API update
* Update github.com/openshift/imagebuilder and containers/common
* docs: correct default authfile path
* fix(deps): update module github.com/containerd/containerd to v1.7.13
* tests: retrofit test for heredoc summary
* build, heredoc: show heredoc summary in build output
* manifest, push: add support for --retry and --retry-delay
* fix(deps): update github.com/openshift/imagebuilder digest to b767bc3
* imagebuildah: fix crash with empty RUN
* fix(deps): update github.com/containers/luksy digest to b62d551
* fix(deps): update module github.com/opencontainers/runc to v1.1.12
[security]
* fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]
* Make buildah match podman for handling of ulimits
* docs: move footnotes to where they're applicable
* Allow users to specify no-dereference
* Run codespell on code
* Fix FreeBSD version parsing
* Fix a build break on FreeBSD
* Remove a bad FROM line
* fix(deps): update module github.com/onsi/gomega to v1.31.1
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6
* docs: use reversed logo for dark theme in README
* build,commit: add --sbom to scan and produce SBOMs when committing
* commit: force omitHistory if the parent has layers but no history
* docs: fix a couple of typos
* internal/mkcw.Archive(): handle extra image content
* stage_executor,heredoc: honor interpreter in heredoc
* stage_executor,layers: burst cache if heredoc content is changed
* fix(deps): update module golang.org/x/crypto to v0.18.0
* Replace map[K]bool with map[K]struct{} where it makes sense
* fix(deps): update module golang.org/x/sync to v0.6.0
* fix(deps): update module golang.org/x/term to v0.16.0
* Bump CI VMs
* Replace strings.SplitN with strings.Cut
* fix(deps): update github.com/containers/storage digest to ef81e9b
* fix(deps): update github.com/containers/image/v5 digest to 1b221d4
* fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1
* Document use of containers-transports values in buildah
* fix(deps): update module golang.org/x/crypto to v0.17.0 [security]
* chore(deps): update dependency containers/automation_images to v20231208
* manifest: addCompression use default from containers.conf
* commit: add a --add-file flag
* mkcw: populate the rootfs using an overlay
* chore(deps): update dependency containers/automation_images to v20230517
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containernetworking/plugins to v1.4.0
* fix(deps): update github.com/containers/image/v5 digest to 7a40fee
* Bump to v1.34.1-dev
* Ignore errors if label.Relabel returns ENOSUP

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-3120=1

* openSUSE Leap Micro 5.5
zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3120=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3120=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3120=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3120=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3120=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3120=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3120=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-3120=1

* Containers Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2024-3120=1

* Containers Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2024-3120=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3120=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3120=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3120=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3120=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3120=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3120=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3120=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3120=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3120=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3120=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-3120=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-3120=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3120=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3120=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* buildah-1.35.4-150300.8.25.1
* openSUSE Leap Micro 5.5 (aarch64 s390x x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* openSUSE Leap 15.5 (noarch)
* docker-rootless-extras-25.0.6_ce-150000.207.1
* docker-zsh-completion-25.0.6_ce-150000.207.1
* docker-bash-completion-25.0.6_ce-150000.207.1
* docker-fish-completion-25.0.6_ce-150000.207.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* openSUSE Leap 15.6 (noarch)
* docker-rootless-extras-25.0.6_ce-150000.207.1
* docker-zsh-completion-25.0.6_ce-150000.207.1
* docker-bash-completion-25.0.6_ce-150000.207.1
* docker-fish-completion-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* Containers Module 15-SP5 (noarch)
* docker-rootless-extras-25.0.6_ce-150000.207.1
* docker-bash-completion-25.0.6_ce-150000.207.1
* Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* Containers Module 15-SP6 (noarch)
* docker-rootless-extras-25.0.6_ce-150000.207.1
* docker-bash-completion-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* docker-bash-completion-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* docker-25.0.6_ce-150000.207.1
* buildah-1.35.4-150300.8.25.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* docker-bash-completion-25.0.6_ce-150000.207.1
* docker-fish-completion-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* docker-rootless-extras-25.0.6_ce-150000.207.1
* docker-bash-completion-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* docker-rootless-extras-25.0.6_ce-150000.207.1
* docker-bash-completion-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* docker-bash-completion-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* docker-25.0.6_ce-150000.207.1
* buildah-1.35.4-150300.8.25.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* docker-bash-completion-25.0.6_ce-150000.207.1
* docker-fish-completion-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* docker-rootless-extras-25.0.6_ce-150000.207.1
* docker-bash-completion-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* docker-bash-completion-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* docker-25.0.6_ce-150000.207.1
* buildah-1.35.4-150300.8.25.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* docker-bash-completion-25.0.6_ce-150000.207.1
* docker-fish-completion-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* docker-rootless-extras-25.0.6_ce-150000.207.1
* docker-bash-completion-25.0.6_ce-150000.207.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* docker-25.0.6_ce-150000.207.1
* buildah-1.35.4-150300.8.25.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Enterprise Storage 7.1 (noarch)
* docker-bash-completion-25.0.6_ce-150000.207.1
* docker-fish-completion-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* docker-25.0.6_ce-150000.207.1
* docker-debuginfo-25.0.6_ce-150000.207.1

## References:

* https://www.suse.com/security/cve/CVE-2024-1753.html
* https://www.suse.com/security/cve/CVE-2024-23651.html
* https://www.suse.com/security/cve/CVE-2024-23652.html
* https://www.suse.com/security/cve/CVE-2024-23653.html
* https://www.suse.com/security/cve/CVE-2024-24786.html
* https://www.suse.com/security/cve/CVE-2024-28180.html
* https://www.suse.com/security/cve/CVE-2024-3727.html
* https://www.suse.com/security/cve/CVE-2024-41110.html
* https://bugzilla.suse.com/show_bug.cgi?id=1214855
* https://bugzilla.suse.com/show_bug.cgi?id=1219267
* https://bugzilla.suse.com/show_bug.cgi?id=1219268
* https://bugzilla.suse.com/show_bug.cgi?id=1219438
* https://bugzilla.suse.com/show_bug.cgi?id=1221243
* https://bugzilla.suse.com/show_bug.cgi?id=1221677
* https://bugzilla.suse.com/show_bug.cgi?id=1221916
* https://bugzilla.suse.com/show_bug.cgi?id=1223409
* https://bugzilla.suse.com/show_bug.cgi?id=1224117
* https://bugzilla.suse.com/show_bug.cgi?id=1228324



SUSE-SU-2024:3118-1: important: Security update for dovecot23


# Security update for dovecot23

Announcement ID: SUSE-SU-2024:3118-1
Rating: important
References:

* bsc#1229183
* bsc#1229184

Cross-References:

* CVE-2024-23184
* CVE-2024-23185

CVSS scores:

* CVE-2024-23184 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
* CVE-2024-23184 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
* CVE-2024-23185 ( SUSE ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
* CVE-2024-23185 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6
* Server Applications Module 15-SP5
* Server Applications Module 15-SP6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves two vulnerabilities can now be installed.

## Description:

This update for dovecot23 fixes the following issues:

* CVE-2024-23185: Fixed a denial of service with large headers (bsc#1229183)
* CVE-2024-23184: Fixed a denial of service parsing messages containing many
address headers (bsc#1229184)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3118=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3118=1

* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-3118=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-3118=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3118=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3118=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3118=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3118=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3118=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3118=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3118=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3118=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3118=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3118=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3118=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-3118=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3118=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-3118=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* SUSE Manager Proxy 4.3 (x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* dovecot23-fts-squat-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-solr-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-pgsql-debuginfo-2.3.15-150200.65.1
* dovecot23-fts-lucene-2.3.15-150200.65.1
* dovecot23-backend-mysql-debuginfo-2.3.15-150200.65.1
* dovecot23-devel-2.3.15-150200.65.1
* dovecot23-debuginfo-2.3.15-150200.65.1
* dovecot23-debugsource-2.3.15-150200.65.1
* dovecot23-backend-mysql-2.3.15-150200.65.1
* dovecot23-fts-squat-2.3.15-150200.65.1
* dovecot23-fts-solr-2.3.15-150200.65.1
* dovecot23-backend-sqlite-debuginfo-2.3.15-150200.65.1
* dovecot23-2.3.15-150200.65.1
* dovecot23-fts-debuginfo-2.3.15-150200.65.1
* dovecot23-backend-sqlite-2.3.15-150200.65.1
* dovecot23-backend-pgsql-2.3.15-150200.65.1
* dovecot23-fts-2.3.15-150200.65.1

## References:

* https://www.suse.com/security/cve/CVE-2024-23184.html
* https://www.suse.com/security/cve/CVE-2024-23185.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229183
* https://bugzilla.suse.com/show_bug.cgi?id=1229184