SUSE-IU-2022:1204-1 SUSE Image security@suse.de SUSE Security Team SUSE Image SUSE-IU-2022:1204-1 Interim 1 1 2024-06-08T09:08:58Z current 2022-11-08T01:00:00Z 2022-11-08T01:00:00Z cve-database/bin/generate-cvrf-publiccloud.pl 2021-02-18T01:00:00Z Image update for SUSE-IU-2022:1204-1 / google/sles-15-sp1-sap-byos-v20221108-x86-64 This image update for google/sles-15-sp1-sap-byos-v20221108-x86-64 contains the following changes: Package SAPHanaSR was updated: - SAPHanaSR-monitor not reporting correctly (bsc#1192963) add patch: 0001-bsc-1192963.patch - Version bump to 0.161.1_BF - add the required 'xmllint' to the package (bsc#1201945) - changes to the demote_clone function of the resource agent: if the role is '1:P' (topology agent run into timeouts) the function fail with rc=1, to get the managed resource stopped changes to the stop_clone function of the topology agent: call landscapeHostConfiguration.py and set the roles as they were reported. If the command timed out, set the role to '1:P' and return 1 to get the node fenced. The used timeout for the landscapeHostConfiguration.py call can be configured by the cluster action timeout, if needed. It will be 50% of the action timeout or the minimum of 300s. (bsc#1198127) - add new HA/DR provider hook susChkSrv (jsc#PED-1241, jsc#PED-1240) - add new tool SAPHanaSR-manageProvider to show, add and delete HA/DR provider sections in the global.ini of SAP HANA. - update suse icon to new branding - Version bump to 0.160.1 - fix HANA_CALL function to support MCOS environments again (bsc#1198780) - fix SAPHanaSR-replay-archive to handle hb_report archives again (bsc#1198897) - add HANA_CALL_TIMEOUT parameter back to the resource agents and read the setting from the cluster configuration, if available. Defaults to '60'. Related to github issue#36 - add new HA/DR provider hook susTkOver (jsc#SLE-16347) - add new hook script for SAP HANA System Replication Scale-Up Cost Optimized Scenario. (jsc#SLE-18613) - add a new instance parameter 'REMOVE_SAP_SOCKETS'. It is an optional parameter and defaults to 'true'. Now you can control, if the RA should remove the unix domain sockets related to sapstartsrv before (re-)start sapstartsrv or if it should try to adjust the permissions and ownership of these files instead. Package aaa_base was updated: - Drop patches (bsc#1199926 and bsc#1199927) git-34-9a1bc15517d6da56d75182338c0f1bc4518b2b75.patch git-35-91f496b1f65af29832192bad949685a7bc25da0a.patch git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch ping broke in sle15 and sle15sp1 when adding the sysctl setting for ping_group_range - Add patch git-46-78b2a0b29381c16bec6b2a8fc7eabaa9925782d7.patch * The wrapper rootsh is not a restricted shell (bsc#1199492) Package bind was updated: - Security Fixes: * Previously, there was no limit to the number of database lookups performed while processing large delegations, which could be abused to severely impact the performance of named running as a recursive resolver. This has been fixed. [bsc#1203614, CVE-2022-2795, bind-CVE-2022-2795.patch] * A memory leak was fixed that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm. [bsc#1203619, CVE-2022-38177, bind-CVE-2022-38177.patch] * Memory leaks were fixed that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm. [bsc#1203620, CVE-2022-38178, bind-CVE-2022-38178.patch] Package ca-certificates-mozilla was updated: - Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 Removed: - Hellenic Academic and Research Institutions RootCA 2011 - Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added CAs: + HARICA Client ECC Root CA 2021 + HARICA Client RSA Root CA 2021 + HARICA TLS ECC Root CA 2021 + HARICA TLS RSA Root CA 2021 + TunTrust Root CA - Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CA: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 Package cifs-utils was updated: - CVE-2022-29869: mount.cifs: fix verbose messages on option parsing (bsc#1198976, CVE-2022-29869) * add cifs-utils-CVE-2022-29869.patch Package cloud-regionsrv-client was updated: - Follow up fix to 10.0.4 (bsc#1202706) - While the source code was updated to support SLE Micro the spec file was not updated for the new locations of the cache and the certs. Update the spec file to be consistent with the code implementation. - Update to version 10.0.5 (bsc#1201612) - Handle exception when trying to deregister a system form the server - Update to version 10.0.4 (bsc#1199668) - Store the update server certs in the /etc path instead of /usr to accomodate read only setup of SLE-Micro Package cups was updated: - cups-branch-2.2-commit-3e4dd41459dabc5d18edbe06eb5b81291885204b.diff is 'git show 3e4dd41459dabc5d18edbe06eb5b81291885204b' for https://github.com/apple/cups/commit/3e4dd41459dabc5d18edbe06eb5b81291885204b (except the not needed hunk for patching CHANGES.md which fails) that fixes handling of MaxJobTime 0 (Issue #5438) in the CUPS 2.2 branch bsc#1201511: Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0 Package curl was updated: - Security Fix: [bsc#1204383, CVE-2022-32221] * POST following PUT confusion * Add curl-CVE-2022-32221.patch - Security fix: [bsc#1202593, CVE-2022-35252] * Control codes in cookie denial of service * Add curl-CVE-2022-35252.patch - Security fix: [bsc#1200735, CVE-2022-32206] * HTTP compression denial of service * Add curl-CVE-2022-32206.patch - Security fix: [bsc#1200737, CVE-2022-32208] * FTP-KRB bad message verification * Add curl-CVE-2022-32208.patch - Securiy fix: [bsc#1199224, CVE-2022-27782] * TLS and SSH connection too eager reuse * Add curl-CVE-2022-27782.patch - Securiy fix: [bsc#1199223, CVE-2022-27781] * CERTINFO never-ending busy-loop * Add curl-CVE-2022-27781.patch Package cyrus-sasl was updated: - bsc#1159635 VUL-0: CVE-2019-19906: cyrus-sasl: cyrus-sasl has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet o apply upstream patch - 0001-Fix-587.patch Package cyrus-sasl-saslauthd was updated: - bsc#1159635 VUL-0: CVE-2019-19906: cyrus-sasl: cyrus-sasl has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet o apply upstream patch - 0001-Fix-587.patch Package dbus-1 was updated: - Fix a potential crash that could be triggered by an invalid signature. (CVE-2022-42010, bsc#1204111) * fix-upstream-CVE-2022-42010.patch - Fix an out of bounds read caused by a fixed length array (CVE-2022-42011, bsc#1204112) * fix-upstream-CVE-2022-42011.patch - A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption CVE-2022-42012, bsc#1204113) * fix-upstream-CVE-2022-42012.patch - Disable asserts (bsc#1087072) - Refreshed patches * fix-upstream-CVE-2020-35512.patch Package docker was updated: - Backport &lt;https://github.com/containerd/fifo/pull/32&gt; to fix a crash-on-start issue with dockerd. bsc#1200022 + 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch Package expat was updated: - Security fix: * (CVE-2022-43680, bsc#1204708) use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations - Added patch expat-CVE-2022-43680.patch - Security fix: * (CVE-2022-40674, bsc#1203438) use-after-free in the doContent function in xmlparse.c - Added patch expat-CVE-2022-40674.patch Package fence-agents was updated: - Azure fence agent doesn’t work correctly on SLES15 SP3 - fence_azure_arm fails with error 'MSIAuthentication' object has no attribute 'get_token' - SFSC00334437 (bsc#1195891) - Apply proposed patch 0001-fix_support_for_sovereign_clouds_and_MSI-439.patch Package freetype2 was updated: - disable brotli linkage / WOFF2 support for now to keep dependencies as before. - Added patches: * CVE-2022-27404.patch + fixes bsc#1198830, CVE-2022-27404: Buffer Overflow * CVE-2022-27405.patch + fixes bsc#1198832, CVE-2022-27405: Segmentation Fault * CVE-2022-27406.patch + fixes bsc#1198823, CVE-2022-27406: Segmentation violation - Update to version 2.10.4 * Fix a heap buffer overflow has been found in the handling of embedded PNG bitmaps, introduced in FreeType version 2.6 (CVE-2020-15999 bsc#1177914) * Minor improvements to the B/W rasterizer. * Auto-hinter support for Medefaidrin script. * Fix various memory leaks (mainly for CFF) and other issues that might cause crashes in rare circumstances. - Update to version 2.10.2 * Support for WOFF2 fonts, add BR on pkgconfig(libbrotlidec) * Function `FT_Get_Var_Axis_Flags' returned random data for Type 1 MM fonts. * Type 1 fonts with non-integer metrics are now supported by the new (CFF) engine introduced in FreeType 2.9. * Drop support for Python 2 in Freetype's API reference generator * Auto-hinter support for Hanifi Rohingya * Document the `FT2_KEEP_ALIVE' debugging environment variable. Package gnutls was updated: - Security fix: [bsc#1202020, CVE-2022-2509] * Fixed double free during verification of pkcs7 signatures * Add gnutls-CVE-2022-2509.patch - Security fix: [bsc#1196167, CVE-2021-4209] * Null pointer dereference in MD_UPDATE * Add gnutls-CVE-2021-4209.patch Package google-guest-agent was updated: - Update to version 20220713.00 (bsc#1202100, bsc#1202101) * try restoring module mode (#172) * update for golang 1.16 (#171) - from version 20220614.00 * Remove log that can break startup scripts (#170) - from version 20220603.00 * repeat fix for arm (#169) * no authorized keys on debian (#168) - from version 20220527.00 * Add authorized keys command to the Windows agent package. (#167) * Support for Windows SSH (#164) - from version 20220523.00 * restore double slash metadata url (#166) - from version 20220520.00 * Support .exe as an option for scripts and refactor runScript (#165) - Update to version 20220429.00 * Move some functionality to a utils module (#162) - Update to version 20220412.00 * enable goproxy during build (#163) - from version 20220321.00 * enable routes for ipv6 (#160) Package google-guest-oslogin was updated: - Update to version 20220721.00 (bsc#1202100, bsc#1202101) * prune outdated info from readme (#86) - from version 20220714.00 * strip json-c version symbol (#84) - from version 20220622.00 * pam login: split conditions for logging (#83) - use pam_moduledir (boo#1191036) * Support UsrMerge project - Update to version 20220411.00 * pam login: split conditions for logging (#83) Package google-osconfig-agent was updated: - Use install command in %post section to create state file (bsc#1202826)- Remove useless creation of state file directory in /var/lib - avoid bashim in post install scripts (bsc#1195391) - Update to version 20220801.00 (bsc#1202100, bsc#1202101) * update OWNERS (#438) * Close client when RegisterAgent fails. (#436) - from version 20220714.00 * Add timeouts for pip/gem updates. (#433) - from version 20220623.00 * upgrade to golang 1.16 and override deb build settings for compatibility (#432) - from version 20220606.00 * new example policy to ensure sshd is running on windows VMs (#430) - from version 20220531.00 * Add default timeout for pip and gem list commands (#429) - Don't restart daemon on package upgrade, create a state file instead (bsc#1194319) - Update to version 20220314.01 * Support COS on arm64 (#426) - from version 20220314.00 * Fix previous PR: exec.CommandContext cannot be reused (#425) - from version 20220304.00 * Update the error message when an exec task is run on Windows without an interpreter (#423) * Fix string that apt-get returns when requiring downgrade (#422) * e2e_tests: fix patch test rerun (#421) * Add --allow-downgrades flag to apt-get calls when it fails because of wanting to downgrade a package (#418) * Create e2e test that runs apt-get in a state that makes it downgrade a package (#420) * e2e_tests: update OS targets, adjust retries (#419) * Create change_group.yaml (#416) - from version 20220215.00 * Add regex support to package exclusion in OS Patch (#415) Package gpg2 was updated: - Security fix [CVE-2022-34903, bsc#1201225] - Vulnerable to status injection - Added patch gnupg-CVE-2022-34903.patch Package icu was updated: - Backport icu-CVE-2020-21913.patch: backport commit 727505bdd from upstream, use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). Package iputils was updated: - Add fix for ICMP datagram socket ping6-Fix-device-binding.patch (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927). Package java-1_8_0-ibm was updated: - Update to Java 8.0 Service Refresh 7 Fix Pack 11 [bsc#1202427] [bsc#1201684, CVE-2022-34169] [bsc#1201692, CVE-2022-21541] [bsc#1201685, CVE-2022-21549] [bsc#1201694, CVE-2022-21540] * Defect Fixes: - Java Virtual Machine: Long dely in AttachAPI - Update to Java 8.0 Service Refresh 7 Fix Pack 10 [bsc#1201643] [bsc#1198671, CVE-2022-21476] [bsc#1198670, CVE-2022-21449] [bsc#1198673, CVE-2022-21496] [bsc#1198674, CVE-2022-21434] [bsc#1198672, CVE-2022-21426] [bsc#1198675, CVE-2022-21443] [bsc#1191912, CVE-2021-35561] [bsc#1194931, CVE-2022-21299] * Class Libraries: - BigDecimal gives incorrect arithmetic results for the add and subtract operations on the result of a divide * Java Virtual Machine: - jstacktrace sub-option of xtrace doesn't print java stack while doing method trace * Security: - 8217633: Configurable Extensions with system properties - 8241248: NullPointerException in com.ibm.jsse2.ssl.HKDF.extract - 8270344: Session resumption errors - 8277967: Validate the SSLLogger object in KeyShareExtension - JVM crashes computing Diffie-Hellman shared secrets and JNI errors while creating elliptic curve public key using IBMJCEPlus - Key Certificate Manager authority key identifier value incorrect - SSLv2Hello property value is ignored if specified in jdk.tls.disabledAlgorithms and SSLv2Hello is set by setEnabledProtocols() - There is a memory growth observed during digest operations using IBMJCEPlus as the provider. - Update to Java 8.0 Service Refresh 7 Fix Pack 6 * Java Virtual Machine: Crash while generating javacore, or javacore contains 'Unable to walk in-flight data on call stack' instead of java stack * JIT Compiler: - Java JIT, bad field reference from a tenured object into the nursery - JIT compiler crash with vmstate=0x0005ff04 * XML: Fix security vulnerability CVE-2022-21299 Package kernel-default was updated: - char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops (CVE-2022-41848 bsc#1203987). - commit 4b5f9dc - net: mana: Add rmb after checking owner bits (git-fixes). - commit ff59700 - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - commit 7299efc - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (CVE-2022-3303 bsc#1203769). - Refresh patches.kabi/ALSA-pcm-oss-rw_ref-kabi-fix.patch. - commit accf4df - media: dvb-core: Fix UAF due to refcount races at releasing (CVE-2022-41218 bsc#1202960). - commit 231362a - media: em28xx: initialize refcount before kref_get (CVE-2022-3239 bsc#1203552). - commit 477c587 - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who don't use the return thunks but IBRS. - Update patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch (bsc#1199657 CVE-2022-29900 CVE-2022-29901 bsc#1203271). - Update patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch (bsc#1199657 CVE-2022-29900 CVE-2022-29901 bsc#1203271). - commit 86274ff - dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503, bsc#1202677). - commit b644c0f - Update references: - patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch - patches.suse/secure_seq-use-the-64-bits-of-the-siphash-for-port-o.patch - patches.suse/tcp-add-small-random-increments-to-the-source-port.patch - patches.suse/tcp-drop-the-hash_32-part-from-the-index-calculation.patch - patches.suse/tcp-dynamically-allocate-the-perturb-table-used-by-s.patch - patches.suse/tcp-increase-source-port-perturb-table-to-2-16.patch - patches.suse/tcp-resalt-the-secret-every-10-seconds.patch - patches.suse/tcp-use-different-parts-of-the-port_offset-for-index.patch (add CVE-2022-32296 bsc#1200288) - commit 579fd9c - mmc: block: fix read single on recovery logic (CVE-2022-20008 bsc#1199564). - commit 33bc9c9 - mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() (CVE-2022-39188, bsc#1203107). - commit 7df6276 - netfilter: nf_conntrack_irc: Tighten matching on DCC message (CVE-2022-2663 bsc#1202097). - netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663 bsc#1202097). - commit 7253cd6 - objtool: Track original function across branches (bsc#1202396). - Refresh patches.suse/objtool-clean-instruction-state-before-each-function-validation.patch. - Refresh patches.suse/objtool-make-bp-scratch-register-warning-more-robust.patch. - commit 605a5ad - objtool: Don't use ignore flag for fake jumps (bsc#1202396). - Refresh patches.suse/objtool-add-is_static_jump-helper.patch. - commit 12eddc4 - objtool: Add --backtrace support (bsc#1202396). - Refresh patches.suse/objtool-clean-instruction-state-before-each-function-validation.patch. - commit effa706 - objtool: Set insn-&gt;func for alternatives (bsc#1202396). - Refresh patches.suse/objtool-add-is_static_jump-helper.patch. - Refresh patches.suse/objtool-add-relocation-check-for-alternative-sections.patch. - commit 95cdf2a - mm/rmap: Fix anon_vma-&gt;degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). kABI: Fix kABI after &quot;/mm/rmap: Fix anon_vma-&gt;degree ambiguity leading to double-reuse&quot;/ (git-fixes, bsc#1203098). - commit 9b79372 - mm/rmap.c: don't reuse anon_vma if we just want a copy (git-fixes, bsc#1203098). - commit d3fffdb - Update patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch. - Update patches.suse/x86-speculation-change-fill_return_buffer-to-work-with-objtool.patch. Add missing objtool annotations from upstream commits to fix bsc#1202396. - commit 295ff2a - objtool: Allow no-op CFI ops in alternatives (bsc#1202396). - commit d671632 - objtool: Add support for intra-function calls (bsc#1202396). - commit af5ea4a - objtool: Remove INSN_STACK (bsc#1202396). - commit 33aa32e - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - commit 6582ceb - objtool: Rework allocating stack_ops on decode (bsc#1202396). - commit 613c1d4 - objtool: Fix ORC vs alternatives (bsc#1202396). - commit 1510f8a - objtool: Uniquely identify alternative instruction groups (bsc#1202396). - commit 55eebf6 - objtool: Remove check preventing branches within alternative (bsc#1202396). - commit b9fa125 - objtool: Fix !CFI insn_state propagation (bsc#1202396). - commit f547c3d - objtool: Rename struct cfi_state (bsc#1202396). - commit 5f74a63 - objtool: Support multiple stack_op per instruction (bsc#1202396). - commit 9cac986 - objtool: Support conditional retpolines (bsc#1202396). - commit 2278221 - objtool: Convert insn type to enum (bsc#1202396). - commit dd14429 - objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (bsc#1202396). - commit 5ae25e4 - objtool: Use Elf_Scn typedef instead of assuming struct name (bsc#1202396). - commit c52e4de - rpm/kernel-source.spec.in: simplify finding of broken symlinks &quot;/find -xtype l&quot;/ will report them, so use that to make the search a bit faster (without using shell). - commit 13bbc51 - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - commit 403d89f - kernel-source: include the kernel signature file We assume that the upstream tarball is used for released kernels. Then we can also include the signature file and keyring in the kernel-source src.rpm. Because of mkspec code limitation exclude the signature and keyring from binary packages always - mkspec does not parse spec conditionals. - commit e76c4ca - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages - commit 4b42fb2 - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - commit 1bd288c - objtool: Fix sibling call detection (bsc#1202396). - commit cd4d674 - objtool: Rewrite alt-&gt;skip_orig (bsc#1202396). - commit 69eca79 - af_key: Do not call xfrm_probe_algs in parallel (bsc#1202898 CVE-2022-3028). - commit e68eb5b - Update patch reference for net rds fix (CVE-2022-21385 bsc#1202897) - commit c9ac9a2 - Update patch reference for net rds fix (CVE-2022-21385 bsc#1202897) - commit d995183 - cifs: fix error paths in cifs_tree_connect() (bsc#1177440). - commit 4e1c426 - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - commit d980344 - Backport causes crashes on all arches so revert the patch until I find the root cause - commit 83c44b2 - check sk_peer_cred pointer before put_cred() call - commit 78087f4 - tpm: fix reference counting for struct tpm_chip (CVE-2022-2977 bsc#1202672). - commit 743f12e - net: handle kABI change in struct sock (bsc#1194535 CVE-2021-4203). - commit c37013b - Drop the unused function after porting on 4.12 - commit a8cf8a3 - fuse: handle kABI change in struct sock (bsc#1194535 CVE-2021-4203). - commit cb0be42 - af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (bsc#1194535 CVE-2021-4203). - commit cfbed38 - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1188944). - commit a2cd44e - cifs: skip trailing separators of prefix paths (bsc#1188944). - commit 080c5db - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - commit 8e65d52 - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - net_sched: cls_route: remove from list when handle is 0 (CVE-2022-2588 bsc#1202096). - commit 05c19f7 - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - commit 30cd9be - ext4: make sure ext4_append() always allocates new block (bsc#1198577 CVE-2022-1184). - commit bc8c541 - ext4: check if directory block is within i_size (bsc#1198577 CVE-2022-1184). - commit b9efa04 - ext4: Fix check for block being out of directory size (bsc#1198577 CVE-2022-1184). - commit be40637 - kabi: return type change of secure_ipv_port_ephemeral() (CVE-2022-1012 bsc#1199482 bsc#1202335). - tcp: drop the hash_32() part from the index calculation (CVE-2022-1012 bsc#1199482 bsc#1202335). - tcp: increase source port perturb table to 2^16 (CVE-2022-1012 bsc#1199482 bsc#1202335). - tcp: dynamically allocate the perturb table used by source ports (CVE-2022-1012 bsc#1199482 bsc#1202335). - tcp: add small random increments to the source port (CVE-2022-1012 bsc#1199482 bsc#1202335). - tcp: resalt the secret every 10 seconds (CVE-2022-1012 bsc#1199482 bsc#1202335). - tcp: use different parts of the port_offset for index and offset (CVE-2022-1012 bsc#1199482 bsc#1202335). - secure_seq: use the 64 bits of the siphash for port offset calculation (CVE-2022-1012 bsc#1199482 bsc#1202335). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153 bsc#1202335). - tcp: change source port randomizarion at connect() time (bsc#1180153 bsc#1202335). - commit aef5879 - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) We do the move only on 15.5+. - commit 9c7ade3 - rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and print line are the same for both cases. The usrmerged case only ignores more, so refactor it to make it more obvious. - commit 583c9be - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (bsc#1201948 CVE-2022-36879). - commit 6a240fe - net/packet: fix slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368 bsc#1202346). - commit bcc8988 - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (bsc#1202347 CVE-2022-20369). - commit 0cf8c8f - md/bitmap: don't set sb values if can't pass sanity check (bsc#1197158). - commit 23dc403 - x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726 CVE-2022-26373). - commit f0dc9a3 - x86/speculation: Add RSB VM Exit protections (bsc#1201726 CVE-2022-26373). - commit fdf6cad - x86/speculation: Fill RSB on vmexit for IBRS (bsc#1201726 CVE-2022-26373). - commit 730dc3a - x86/speculation: Change FILL_RETURN_BUFFER to work with objtool (bsc#1201726 CVE-2022-26373). - commit 0637fb7 - net/sched: cls_u32: fix netns refcount changes in u32_change() (CVE-2022-29581 bsc#1199665). - commit ad4e35c - openvswitch: fix OOB access in reserve_sfa_size() (CVE-2022-2639 bsc#1202154). - commit 0d36370 - ipv4: avoid using shared IP generator for connected sockets (CVE-2020-36516 bsc#1196616). - ipv4: tcp: send zero IPID in SYNACK messages (CVE-2020-36516 bsc#1196616). - commit df5e606 - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - commit 9816878 - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926). - commit 3d2ce6d - cifs: To match file servers, make sure the server hostname matches (bsc#1201926). - commit 6a5bd2a - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - commit 34cfe0a - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - Refresh patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch. - commit 73546bb - netfilter: nf_queue: do not allow packet truncation below transport header offset (bsc#1201940 CVE-2022-36946). - commit 06aa700 - cifs: set a minimum of 120s for next dns resolution (bsc#1201926). - commit 726509e - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926). - commit 5137045 - cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926). - commit 8b80115 - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926). - commit a15e604 - Refresh patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch. - commit 5cd8e8f - Remove homegrown IBRS implementation ... and replace with the upstream one. - Refresh patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch. - Refresh patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch. - Refresh patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch. - Refresh patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch. - Delete patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch. - Delete patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch. - Delete patches.suse/0003-x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch. - Delete patches.suse/0004-x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch. - Delete patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch. - Delete patches.suse/IBRS-forbid-shooting-in-foot.patch. - commit 4b0356c - kABI workaround for including mm.h in fs/sysfs/file.c (bsc#1200598 CVE-2022-20166). - commit fe1fe6b - mm: and drivers core: Convert hugetlb_report_node_meminfo to sysfs_emit (bsc#1200598 CVE-2022-20166). - commit 3d23964 - drivers core: Miscellaneous changes for sysfs_emit (bsc#1200598 CVE-2022-20166). - commit c8e2e5b - drivers core: Remove strcat uses around sysfs_emit and neaten (bsc#1200598 CVE-2022-20166). - commit 5cd9512 - drivers core: Use sysfs_emit and sysfs_emit_at for show(device * ...) functions (bsc#1200598 CVE-2022-20166). - commit 7554520 - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (bsc#1200598 CVE-2022-20166). - commit c5a70d7 - Refresh patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch. - commit af9c97a - x86/entry: Remove skip_r11rcx (bsc#1201644). - Refresh patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch. - commit c154137 - Sort in RETbleed backport into the sorted section Now that it is upstream... - blacklist.conf: - Refresh patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch. - Refresh patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch. - Refresh patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch. - Refresh patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch. - Refresh patches.suse/documentation-hw-vuln-update-spectre-doc.patch. - Refresh patches.suse/edac-amd64-cache-secondary-chip-select-registers.patch. - Refresh patches.suse/edac-amd64-find-chip-select-memory-size-using-address-mask.patch. - Refresh patches.suse/edac-amd64-initialize-dimm-info-for-systems-with-more-than-two-channels.patch. - Refresh patches.suse/edac-amd64-recognize-dram-device-type-ecc-capability.patch. - Refresh patches.suse/edac-amd64-support-asymmetric-dual-rank-dimms.patch. - Refresh patches.suse/edac-amd64-support-more-than-two-controllers-for-chip-selects-handling.patch. - Refresh patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch. - Refresh patches.suse/sched-topology-Improve-load-balancing-on-AMD-EPYC.patch. - Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch. - Refresh patches.suse/x86-Undo-return-thunk-damage.patch. - Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch. - Refresh patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch. - Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch. - Refresh patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch. - Refresh patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch. - Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch. - Refresh patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch. - Refresh patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch. - Refresh patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch. - Refresh patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch. - Refresh patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch. - Refresh patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch. - Refresh patches.suse/x86-common-Stamp-out-the-stepping-madness.patch. - Refresh patches.suse/x86-cpu-add-a-steppings-field-to-struct-x86_cpu_id.patch. - Refresh patches.suse/x86-cpu-add-table-argument-to-cpu_matches.patch. - Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch. - Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch. - Refresh patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch. - Refresh patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch. - Refresh patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch. - Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch. - Refresh patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch. - Refresh patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch. - Refresh patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch. - Refresh patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch. - Refresh patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch. - Refresh patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch. - Refresh patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch. - Refresh patches.suse/x86-speculation-add-eibrs-retpoline-options.patch. - Refresh patches.suse/x86-speculation-add-special-register-buffer-data-sampling-srbds-mitigation.patch. - Refresh patches.suse/x86-speculation-add-srbds-vulnerability-and-mitigation-documentation.patch. - Refresh patches.suse/x86-speculation-include-unprivileged-ebpf-status-in-spectre-v2-mitigation-reporting.patch. - Refresh patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch. - Refresh patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch. - Refresh patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch. - Refresh patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch. - Refresh patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch. - Refresh patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch. - Refresh patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch. - Refresh patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch. - Refresh patches.suse/x86-speculation-use-generic-retpoline-by-default-on-amd.patch. - Refresh patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch. - commit bc36bfa - vt: vt_ioctl: fix race in VT_RESIZEX (bsc#1200910 CVE-2020-36558). - commit 3c76a1f - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (bsc#1201429 CVE-2020-36557). - commit f15e18d - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - commit e2263d4 - vt: drop old FONT ioctls (bsc#1201636 CVE-2021-33656). - commit 704434f - Refresh patches.suse/fbcon-Prevent-that-screen-size-is-smaller-than-font-.patch Fix the build error due to missing is_console_locked() - commit 39e2064 - fbmem: Check virtual screen sizes in fb_set_var() (CVE-2021-33655 bsc#1201635). - fbcon: Prevent that screen size is smaller than font size (CVE-2021-33655 bsc#1201635). - fbcon: Disallow setting font bigger than screen size (CVE-2021-33655 bsc#1201635). - commit c1a0922 - rpm/kernel-binary.spec.in: Require dwarves &gt;= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules. - commit ee19e9d - pty: do tty_flip_buffer_push without port-&gt;lock in pty_write (bsc#1198829 CVE-2022-1462). - commit c0b9f34 - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (bsc#1198829 CVE-2022-1462). - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462). - commit 1b70eb4 - Refresh patches.suse/msft-hv-2588-PCI-hv-Do-not-set-PCI_COMMAND_MEMORY-to-reduce-VM-bo.patch. Fix a build warning. - commit 837f0e2 - rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS Upstream commit f0be87c42cbd (gcc-12: disable '-Warray-bounds' universally for now) added two new compiler-dependent configs: * CC_NO_ARRAY_BOUNDS * GCC12_NO_ARRAY_BOUNDS Ignore them -- they are unset by dummy tools (they depend on gcc version == 12), but set as needed during real compilation. - commit a14607c - kernel-binary.spec: check s390x vmlinux location As a side effect of mainline commit edd4a8667355 (&quot;/s390/boot: get rid of startup archive&quot;/), vmlinux on s390x moved from &quot;/compressed&quot;/ subdirectory directly into arch/s390/boot. As the specfile is shared among branches, check both locations and let objcopy use one that exists. - commit cd15543 - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - commit 93b1375 - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - commit 43b5dd3 - Add dtb-starfive - commit 85335b1 - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - commit 5d4e32c - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - commit 364f54b - use jobs not processors in the constraints jobs is the number of vcpus available to the build, while processors is the total processor count of the machine the VM is running on. - commit a6e141d - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - commit e84694f - rpm/*.spec.in: remove backtick usage - commit 87ca1fb - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - commit d9a821b - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) Let's iron out the reduced initrd optimisation in Tumbleweed. Build full blown dracut initrd with systemd for SLE15 SP4. - commit ea76821 - Add dtb-microchip - commit c797107 - rpm/kernel-source.spec.in: temporary workaround for a build failure Upstream c6x architecture removal left a dangling link behind which triggers openSUSE post-build check in kernel-source, failing kernel-source build. A fix deleting the danglink link has been submitted but it did not make it into 5.12-rc1. Unfortunately we cannot add it as a patch as patch utility does not handle symlink removal. Add a temporary band-aid which deletes all dangling symlinks after unpacking the kernel source tarball. [jslaby] It's not that temporary as we are dragging this for quite some time in master. The reason is that this can happen any time again, so let's have this in packaging instead. - commit 52a1ad7 Package libassuan was updated: - update to 2.5.5: * Fix a crash in the logging code * Upgrade autoconf - update to 2.5.4: * Fix some minor build annoyances - Update to 2.5.3: * Add a timeout for writing to a SOCKS5 proxy. * Add workaround for a problem with LD_LIBRARY_PATH on newer systems. - qemu-disable-fdpassing-test.patch: remove -Update to 2.5.2: * configure.ac: Bump LT version to C8/A8/R2 * include libassuan.pc in the spec file Package libcroco was updated: - Add libcroco-CVE-2020-12825.patch: limit recursion in block and any productions (boo#1171685 CVE-2020-12825). Package libjpeg-turbo was updated: fix CVE-2020-35538 [bsc#1202915], Null pointer dereference in jcopy_sample_rows() function + libjpeg-turbo-CVE-2020-35538.patch - security update - added patches Package libjpeg62-turbo was updated: fix CVE-2020-35538 [bsc#1202915], Null pointer dereference in jcopy_sample_rows() function + libjpeg-turbo-CVE-2020-35538.patch - security update - added patches Package libksba was updated: - Security fix: [bsc#1204357, CVE-2022-3515] * Detect a possible overflow directly in the TLV parser. * Add libksba-CVE-2022-3515.patch Package libtasn1 was updated: - Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690). Package libtirpc was updated: - fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of connections (bsc#1201680) - backport 0001-Fix-DoS-vulnerability-in-libtirpc.patch - exclude ipv6 addresses in client protocol 2 code (bsc#1200800) - update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch - fix memory leak in params.r_addr assignement (bsc#1198752) - add 0001-fix-parms.r_addr-memory-leak.patch Package libxml2 was updated: - Security fixes: * [CVE-2022-40303, bsc#1204366] Fix integer overflows with XML_PARSE_HUGE + Added patch libxml2-CVE-2022-40303.patch * [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by entity reference cycles + Added patch libxml2-CVE-2022-40304.patch - Security fix: [bsc#1201978, CVE-2016-3709] * Cross-site scripting vulnerability after commit 960f0e2 * Add libxml2-CVE-2016-3709.patch Package libyajl was updated: Package libzypp was updated: - Resolver: Fix missing --[no]-recommends initialization in update (fixes #openSUSE/zypper#459, bsc#1201972) - Log ONLY_NAMESPACE_RECOMMENDED because this is what corresponds to --[no]-recommends. - version 17.31.2 (22) - UsrEtc: Store logrotate files in %{_distconfdir} if defined (fixes #402) - Log backtrace on SIGABRT too. - Need to explicitly enable building experimental code. Otherwise an old Notcurses++ package which happens to be present in the buildenv breaks the build (fixes #412). - Work around libyui/libyui#78 on code 15.4 and older. - Stop using std::*ary_function; deprecated and removed in c++17. - Don't expose header files which use types not available in c++11. In 15.3 and older, YAST and PK compile with -std=c++11. - Remove no longer needed %post code (bsc#1203649) - Enable zck support for SLE15-SP4 and newer. On Leap it is enabled since 15.1 (bsc#1189282) - version 17.31.1 (22) - Add PoolItem::statusReinit to reset the status it's initial state in the ResPool (might help bsc#1199895) This may either be 'KEEP_STATE bySOLVER' or 'LOCKED byUSER' if the PoolItem matched a hard lock defined in /etc/zypp/locks. - Fix building with GCC 13 on i586 (fixes #407, fixes #396) - Be prepared to receive exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and dependend code. This commit removes the MediaNetwork tech preview and all related code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloader and second: since the Provide API is going to completely replace the current media backend it would be extra work to ensure that changes on the Downloader do not break MediaNetwork. - version 17.31.0 (22) - Fix building with GCC 12.x release (#396) - version 17.30.3 (22) - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag. - version 17.30.2 (22) - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh. - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived. (bsc#1199042) - singletrans: no dry-run commit if doing just download-only. - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER (fixes #388) - version 17.30.1 (22) Package logrotate was updated: - Security fix: (bsc#1192449) related to (bsc#1191281, CVE-2021-3864) * enforce stricter parsing to avoid CVE-2021-3864 * Added patch logrotate-enforce-stricter-parsing-and-extra-tests.patch - Fix &quot;/logrotate emits unintended warning: keyword size not properly separated, found 0x3d&quot;/ (bsc#1200278, bsc#1200802): * Added patch logrotate-dont_warn_on_size=_syntax.patch Package mozilla-nspr was updated: - update to version 4.34.1 * add file descriptor sanity checks in the NSPR poll function. - update to version 4.34 * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. - update to 4.33: * fixes to build system and export of private symbols Package mozilla-nss was updated: - Require libjitter only for SLE15-SP4 and greater- update to NSS 3.79.2 (bsc#1204729) * bmo#1785846 - Bump minimum NSPR version to 4.34.1. * bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. - Add nss-allow-slow-tests.patch, which allows a timed test to run longer than 1s. This avoids turning slow builds into broken builds. - Update nss-fips-approved-crypto-non-ec.patch to allow the use of DSA keys (verification only) (bsc#1201298). - Update nss-fips-constructor-self-tests.patch to add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - Update nss-fips-approved-crypto-non-ec.patch to allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - Update nss-fips-constructor-self-tests.patch to hopefully export sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980). - Update nss-fips-approved-crypto-non-ec.patch to prevent sessions from getting flagged as non-FIPS (bsc#1191546). - Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - Enable nss-fips-drbg-libjitter.patch now that we have a patched libjitter to build with (bsc#1202870). - Update nss-fips-approved-crypto-non-ec.patch to prevent keys from getting flagged as non-FIPS and add remaining TLS mechanisms. - Add nss-fips-drbg-libjitter.patch to use libjitterentropy for entropy. This is disabled until we can avoid the inline assembler in the latter's header file that relies on GNU extensions. - Update nss-fips-constructor-self-tests.patch to fix an abort() when both NSS_FIPS and /proc FIPS mode are enabled. - update to NSS 3.79.1 (bsc#1202645) * bmo#1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier. * bmo#1771498 - Uninitialized value in cert_ComputeCertType. * bmo#1759794 - protect SFTKSlot needLogin with slotLock. * bmo#1760998 - avoid data race on primary password change. * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state. - Update nss-fips-approved-crypto-non-ec.patch to unapprove the rest of the DSA ciphers, keeping signature verification only (bsc#1201298). - Update nss-fips-constructor-self-tests.patch to fix compiler warning. - Update nss-fips-constructor-self-tests.patch to add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - Update nss-fips-approved-crypto-non-ec.patch to mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - Update nss-fips-approved-crypto-non-ec.patch to remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need the workaround in FIPS mode (bsc#1200325). - Remove nss-fips-tests-skip.patch. This is no longer needed since we removed the code to short-circuit broken hashes and moved to using the SLI. - Remove upstreamed patches: * nss-fips-version-indicators.patch * nss-fips-tests-pin-paypalee-cert.patch - update to NSS 3.79 - bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - bmo#1766907 - Update mercurial in clang-format docker image. - bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail. - bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots. - bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - bmo#1765753 - Added RFC8422 compliant TLS &lt;= 1.2 undefined/compressed ECPointFormat extension alerts. - bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - bmo#1764788 - Correct invalid record inner and outer content type alerts. - bmo#1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle. - bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - bmo#1769302 - NSS 3.79 should depend on NSPR 4.34 - update to NSS 3.78.1 * bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple - update to NSS 3.78 bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. bmo#1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries. bmo#1763120 - Add ECH Grease Support to tstclnt bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname. bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. bmo#1760813 - Make SEC_PKCS12EnableCipher succeed bmo#1762489 - Update zlib in NSS to 1.2.12. - update to NSS 3.77 * Bug 1762244 - resolve mpitests build failure on Windows. * bmo#1761779 - Fix link to TLS page on wireshark wiki * bmo#1754890 - Add two D-TRUST 2020 root certificates. * bmo#1751298 - Add Telia Root CA v2 root certificate. * bmo#1751305 - Remove expired explicitly distrusted certificates from certdata.txt. * bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix * bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. * bmo#1756271 - Remove token member from NSSSlot struct. * bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime. * bmo#1757279 - Support UTF-8 library path in the module spec string. * bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. * bmo#1760827 - Add a CI Target for gcc-11. * bmo#1760828 - Change to makefiles for gcc-4.8. * bmo#1741688 - Update googletest to 1.11.0 * bmo#1759525 - Add SetTls13GreaseEchSize to experimental API. * bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts. * bmo#1755904 - Fix calculation of ECH HRR Transcript. * bmo#1758741 - Allow ld path to be set as environment variable. * bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests. * bmo#1758478 - Fix DataBuffer Move Assignment. * bmo#1552254 - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 * bmo#1755092 - rework signature verification in mozilla::pkix - Require nss-util in nss.pc and subsequently remove -lnssutil3 - update to NSS 3.76.1 NSS 3.76.1 * bmo#1756271 - Remove token member from NSSSlot struct. NSS 3.76 * bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. * bmo#1370866 - Check return value of PK11Slot_GetNSSToken. * bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS * bmo#1679803 - Add SHA256 fingerprint comments to old certdata.txt entries. * bmo#1753505 - Avoid truncating files in nss-release-helper.py. * bmo#1751157 - Throw illegal_parameter alert for illegal extensions in handshake message. - Add nss-util pkgconfig and config files (copied from RH/Fedora) - update to NSS 3.75 * bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI. * bmo#1749794 - Make DottedOIDToCode.py compatible with python3. * bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing. * bmo#1748386 - Remove redundant key type check. * bmo#1749869 - Update ABI expectations to match ECH changes. * bmo#1748386 - Enable CKM_CHACHA20. * bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown. * bmo#1747310 - real move assignment operator. * bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests. * bmo#1743302 - Add ECDSA test vectors to the bltest command line tool. * bmo#1747772 - Allow to build using clang's integrated assembler. * bmo#1321398 - Allow to override python for the build. * bmo#1747317 - test HKDF output rather than input. * bmo#1747316 - Use ASSERT macros to end failed tests early. * bmo#1747310 - move assignment operator for DataBuffer. * bmo#1712879 - Add test cases for ECH compression and unexpected extensions in SH. * bmo#1725938 - Update tests for ECH-13. * bmo#1725938 - Tidy up error handling. * bmo#1728281 - Add tests for ECH HRR Changes. * bmo#1728281 - Server only sends GREASE HRR extension if enabled by preference. * bmo#1725938 - Update generation of the Associated Data for ECH-13. * bmo#1712879 - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. * bmo#1712879 - Allow for compressed, non-contiguous, extensions. * bmo#1712879 - Scramble the PSK extension in CHOuter. * bmo#1712647 - Split custom extension handling for ECH. * bmo#1728281 - Add ECH-13 HRR Handling. * bmo#1677181 - Client side ECH padding. * bmo#1725938 - Stricter ClientHelloInner Decompression. * bmo#1725938 - Remove ECH_inner extension, use new enum format. * bmo#1725938 - Update the version number for ECH-13 and adjust the ECHConfig size. - update to NSS 3.74 * bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses * bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR * bmo#1721426 - NSS does not properly restrict server keys based on policy * bmo#1733003 - Set nssckbi version number to 2.54 * bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate * bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate * bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate * bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate * bmo#1735407 - Replace GlobalSign ECC Root CA R4 * bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3 * bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates * bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate * bmo#1740095 - Add iTrusChina ECC root certificate * bmo#1740095 - Add iTrusChina RSA root certificate * bmo#1738805 - Add ISRG Root X2 root certificate * bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate * bmo#1738028 - Avoid a clang 13 unused variable warning in opt build * bmo#1735028 - Check for missing signedData field * bmo#1737470 - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) - update to NSS 3.73.1: * Add SHA-2 support to mozilla::pkix's OSCP implementation - update to NSS 3.73 * bmo#1735028 - check for missing signedData field. * bmo#1737470 - Ensure DER encoded signatures are within size limits. * bmo#1729550 - NSS needs FiPS 140-3 version indicators. * bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs * bmo#1738600 - sunset Coverity from NSS MFSA 2021-51 (bsc#1193170) * CVE-2021-43527 (bmo#1737470) Memory corruption via DER-encoded DSA and RSA-PSS signatures - update to NSS 3.72 * Remove newline at the end of coreconf.dep * bmo#1731911 - Fix nsinstall parallel failure. * bmo#1729930 - Increase KDF cache size to mitigate perf regression in about:logins - update to NSS 3.71 * bmo#1717716 - Set nssckbi version number to 2.52. * bmo#1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py * bmo#1373716 - Import of PKCS#12 files with Camellia encryption is not supported * bmo#1717707 - Add HARICA Client ECC Root CA 2021. * bmo#1717707 - Add HARICA Client RSA Root CA 2021. * bmo#1717707 - Add HARICA TLS ECC Root CA 2021. * bmo#1717707 - Add HARICA TLS RSA Root CA 2021. * bmo#1728394 - Add TunTrust Root CA certificate to NSS. - update to NSS 3.70 * bmo#1726022 - Update test case to verify fix. * bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max * bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback * bmo#1681975 - Avoid using a lookup table in nssb64d. * bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian. * bmo#1714579 - Change default value of enableHelloDowngradeCheck to true. * bmo#1726022 - Cache additional PBE entries. * bmo#1709750 - Read HPKE vectors from official JSON. - Update to NSS 3.69.1 * bmo#1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default * bmo#1720226 (Backout) - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69 * bmo#1722613 - Disable DTLS 1.0 and 1.1 by default (backed out again) * bmo#1720226 - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) * bmo#1720235 - SSL handling of signature algorithms ignores environmental invalid algorithms. * bmo#1721476 - sqlite 3.34 changed it's open semantics, causing nss failures. (removed obsolete nss-btrfs-sqlite.patch) * bmo#1720230 - Gtest update changed the gtest reports, losing gtest details in all.sh reports. * bmo#1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode * bmo#1720232 - SQLite calls could timeout in starvation situations. * bmo#1720225 - Coverity/cpp scanner errors found in nss 3.67 * bmo#1709817 - Import the NSS documentation from MDN in nss/doc. * bmo#1720227 - NSS using a tempdir to measure sql performance not active - add nss-fips-stricter-dh.patch - updated existing patches with latest SLE - Mozilla NSS 3.68.4 (bsc#1200027) * Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) - Update nss-fips-constructor-self-tests.patch to scan LD_LIBRARY_PATH for external libraries to be checksummed. - Run test suite at build time, and make it pass (bsc#1198486). Based on work by Marcus Meissner. - Add nss-fips-tests-skip.patch to skip algorithms that are hard disabled in FIPS mode. - Add nss-fips-tests-pin-paypalee-cert.patch to prevent expired PayPalEE cert from failing the tests. - Add nss-fips-tests-enable-fips.patch, which enables FIPS during test certificate creation and disables the library checksum validation during same. - Update nss-fips-constructor-self-tests.patch to allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This makes the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - Update nss-fips-approved-crypto-non-ec.patch to remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - Update nss-fips-approved-crypto-non-ec.patch to claim 3DES unapproved in FIPS mode (bsc#1192080). - Update nss-fips-constructor-self-tests.patch to allow testing of unapproved algorithms (bsc#1192228). - Add nss-fips-version-indicators.patch (bmo#1729550, bsc#1192086). This adds FIPS version indicators. - Add nss-fips-180-3-csp-clearing.patch (bmo#1697303, bsc#1192087). Most of the relevant changes are already upstream since NSS 3.60. Package ncurses was updated: - Add patch ncurses-bnc1198627.patch * Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read Package openldap2 was updated: - bsc#1198341 - Prevent memory reuse which may lead to instability * 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch Package openssl-1_1 was updated: - Added openssl-1_1-paramgen-default_to_rfc7919.patch * bsc#1180995 * Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode. Package pacemaker was updated: - scheduler: do not enforce resource stop if any new probe/monitor indicates the resource was not running on the target of a failed migrate_to (bsc#1196340) * bsc#1196340-0009-Test-scheduler-do-not-enforce-resource-stop-if-any-n.patch - scheduler: do not enforce resource stop on a rejoined node that was the target of a failed migrate_to (bsc#1196340) * bsc#1196340-0008-Test-scheduler-do-not-enforce-resource-stop-on-a-rej.patch - scheduler: do not enforce resource stop if any new probe/monitor indicates the resource was not running on the target of a failed migrate_to (bsc#1196340) * bsc#1196340-0007-Fix-scheduler-do-not-enforce-resource-stop-if-any-ne.patch - scheduler: find_lrm_op() to be able to check against a specified target_rc (bsc#1196340) * bsc#1196340-0006-Refactor-scheduler-find_lrm_op-to-be-able-to-check-a.patch - cts-scheduler: fix on_node attribute of lrm_rsc_op entries in the tests (bsc#1196340) * bsc#1196340-0005-Test-cts-scheduler-fix-on_node-attribute-of-lrm_rsc_.patch - scheduler: is_newer_op() to be able to compare lrm_rsc_op entries from different nodes (bsc#1196340) * bsc#1196340-0004-Refactor-scheduler-is_newer_op-to-be-able-to-compare.patch - scheduler: compare ids of lrm_rsc_op entries case-sensitively (bsc#1196340) * bsc#1196340-0003-Fix-scheduler-compare-ids-of-lrm_rsc_op-entries-case.patch - scheduler: functionize comparing which lrm_rsc_op is newer (bsc#1196340) * bsc#1196340-0002-Refactor-scheduler-functionize-comparing-which-lrm_r.patch - scheduler: do not enforce resource stop on a rejoined node that was the target of a failed migrate_to (bsc#1196340) * bsc#1196340-0001-Fix-scheduler-do-not-enforce-resource-stop-on-a-rejo.patch - OCF: controld: Give warning when no-quorum-policy not set as freeze while using DLM (bsc#1129707) * bsc#1129707-0001-OCF-controld-Give-warning-when-no-quorum-policy-not-.patch - Pacemaker high resolution timestamps (bsc#1197668) * 0001-Log-all-use-high-resolution-timestamps-in-detail-log.patch Package pam was updated: - Update pam_motd to the most current version. This fixes various issues and adds support for mot.d directories [jsc#PED-1712]. * Added: pam-ped1712-pam_motd-directory-feature.patch Package pciutils was updated: - Add &quot;/pciutils-Add-PCIe-5.0-data-rate-32-GT-s-support.patch&quot;/ and &quot;/pciutils-Add-PCIe-6.0-data-rate-64-GT-s-support.patch&quot;/ to fix LnkCap speed recognition in lspci for multi PCIe ports such as the ML110 Gen11. [bsc#1192862] Package pcre2 was updated: - Added pcre2-bsc1199235-CVE-2022-1587.patch * CVE-2022-1587 / bsc#1199235 * Fix out-of-bounds read due to bug in recursions * Sourced from: - https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 - Added pcre2-Fix_crash_when_X_is_used_without_UTF_in_JIT.patch * CVE-2019-20454 / bsc#1164384 * Fix crash when X is used in non-UTF mode on certain inputs. * Sourced from: - https://github.com/PCRE2Project/pcre2/commit/342c16ecd31bd12fc350ee31d2dcc041832ebb3f - https://github.com/PCRE2Project/pcre2/commit/e118e60a68f03f38dd2ff3d16ca2e2e0d800e1d9 Package perl-HTTP-Daemon was updated: - Fix request smuggling in HTTP::Daemon (CVE-2022-31081, bsc#1201157) * CVE-2022-31081.patch * CVE-2022-31081-2.patch * CVE-2022-31081-Add-new-test-for-Content-Length-issues.patch Package procps was updated: - Add the patches * procps-3.3.17-library-bsc1181475.patch * procps-3.3.17-top-bsc1181475.patch which are backports of current newlib tree to solve bug bsc#1181475 * 'free' command reports misleading &quot;/used&quot;/ value Package python-Babel was updated: - Add CVE-2021-42771-rel-path-traversal.patch fixing CVE-2021-42771 by cleaning locale identifiers before loading from file (bsc#1185768). Package python-M2Crypto was updated: - Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657, bsc#1178829), which mitigates the Bleichenbacher timing attacks in the RSA decryption API. - Add python-M2Crypto.keyring to verify GPG signature of tarball. Package python-lxml was updated: - add CVE-2022-2309.patch (bsc#1201253, CVE-2022-2309)- With the new update to 4.7.1, the old Bugzilla entries are also fixed: - bsc#1118088 (related to CVE-2018-19787) - bsc#1184177 (related to CVE-2021-28957) - Update to 4.7.1 (officially released 2021-12-13) Features added - Chunked Unicode string parsing via parser.feed() now encodes the input data to the native UTF-8 encoding directly, instead of going through Py_UNICODE / wchar_t encoding first, which previously required duplicate recoding in most cases. Bugs fixed - The standard namespace prefixes were mishandled during &quot;/C14N2&quot;/ serialisation on Python 3. See https://mail.python.org/archives/list/lxml@python.org/thread/ 6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/ - lxml.objectify previously accepted non-XML numbers with underscores (like &quot;/1_000&quot;/) as integers or float values in Python 3.6 and later. It now adheres to the number format of the XML spec again. - LP#1939031: Static wheels of lxml now contain the header files of zlib and libiconv (in addition to the already provided headers of libxml2/libxslt/libexslt). Other changes - Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows). - Update to 4.7.0 (2021-12-13) - Release retracted due to missing files in lxml/includes/. - UPdate to 4.6.5 (2021-12-12) Bugs fixed - A vulnerability (GHSL-2021-1038) in the HTML cleaner - allowed sneaking script content through SVG images - (bnc#1193752, CVE-2021-43818). - A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed - sneaking script content through CSS imports and other crafted - constructs (CVE-2021-43818). - Update 4.6.4 (2021-11-01) Features added - GH#317: A new property system_url was added to DTD entities. - Patch by Thirdegree. - GH#314: The STATIC_* variables in setup.py can now be passed - via env vars. - Patch by Isaac Jurado. - Update 4.6.3 (2021-03-21) Bugs fixed - A vulnerability (CVE-2021-28957) was discovered in the HTML - Cleaner by Kevin Chung, which allowed JavaScript to pass through. - The cleaner now removes the HTML5 formaction attribute. - Update 4.6.2 (2020-11-26) Bugs fixed - A vulnerability (bnc#1179534, CVE-2020-27783) was discovered in the HTML Cleaner - by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner - now removes more sneaky &quot;/style&quot;/ content. - Update 4.6.1 (2020-10-18) Bugs fixed - A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, - which allowed JavaScript to pass through. The cleaner now removes - more sneaky &quot;/style&quot;/ content. - Update 4.6.0 (2020-10-17) Features added - GH#310: lxml.html.InputGetter supports __len__() to count the number - of input fields. Patch by Aidan Woolley. - lxml.html.InputGetter has a new .items() method to ease processing - all input fields. - lxml.html.InputGetter.keys() now returns the field names in document - order. - GH-309: The API documentation is now generated using sphinx-apidoc. - Patch by Chris Mayo. Bugs fixed - LP#1869455: C14N 2.0 serialisation failed for unprefixed attributes - when a default namespace was defined. - TreeBuilder.close() raised AssertionError in some error cases where - it should have raised XMLSyntaxError. It now raises a combined - exception to keep up backwards compatibility, while switching to - XMLSyntaxError as an interface. - Update 4.5.2 (2020-07-09) Bugs fixed - Cleaner() now validates that only known configuration options - can be set. - LP#1882606: Cleaner.clean_html() discarded comments and PIs - regardless of the corresponding configuration option, if - remove_unknown_tags was set. - LP#1880251: Instead of globally overwriting the document loader - in libxml2, lxml now sets it per parser run, which improves the - interoperability with other users of libxml2 such as libxmlsec. - LP#1881960: Fix build in CPython 3.10 by using Cython 0.29.21. - The setup options &quot;/--with-xml2-config&quot;/ and &quot;/--with-xslt-config&quot;/ - were accidentally renamed to &quot;/--xml2-config&quot;/ and &quot;/--xslt-config&quot;/ - in 4.5.1 and are now available again. - Update 4.5.1 (2020-05-19) Bugs fixed - LP#1570388: Fix failures when serialising documents larger than - 2GB in some cases. - LP#1865141, GH#298: QName values were not accepted by the - el.iter() method. Patch by xmo-odoo. - LP#1863413, GH#297: The build failed to detect libraries on Linux - that are only configured via pkg-config. Patch by Hugh McMaster. - Update 4.5.0 (2020-01-29) Features added - A new function indent() was added to insert tail whitespace for - pretty-printing an XML tree. Bugs fixed - LP#1857794: Tail text of nodes that get removed from a document using item deletion disappeared silently instead of sticking with the node that was removed. Other changes - MacOS builds are 64-bit-only by default. Set CFLAGS and LDFLAGS explicitly to override it. - Linux/MacOS Binary wheels now use libxml2 2.9.10 and libxslt 1.1.34. - LP#1840234: The package version number is now available as lxml.__version__. - Update 4.4.3 (2020-01-28) Bugs fixed - LP#1844674: itertext() was missing tail text of comments and PIs since 4.4.0. - Update to 4.4.2: * LP#1835708: ElementInclude incorrectly rejected repeated non-recursive includes as recursive. * Remove patch lxml-libxml-2.9.10.patch which is now upstream - Add lxml-libxml-2.9.10.patch: Fix build against libxml 2.9.10. - Update to 4.4.1: * LP#1838252: The order of an OrderedDict was lost in 4.4.0 when passing it as attrib mapping during element creation. * LP#1838521: The package metadata now lists the supported Python versions. - version update to 4.4.0 * ``Element.clear()`` accepts a new keyword argument ``keep_tail=True`` to clear everything but the tail text. This is helpful in some document-style use cases. * When creating attributes or namespaces from a dict in Python 3.6+, lxml now preserves the original insertion order of that dict, instead of always sorting the items by name. A similar change was made for ElementTree in CPython 3.8. See https://bugs.python.org/issue34160 * Integer elements in ``lxml.objectify`` implement the ``__index__()`` special method. * GH#269: Read-only elements in XSLT were missing the ``nsmap`` property. Original patch by Jan Pazdziora. * ElementInclude can now restrict the maximum inclusion depth via a ``max_depth`` argument to prevent content explosion. It is limited to 6 by default. * The ``target`` object of the XMLParser can have ``start_ns()`` and ``end_ns()`` callback methods to listen to namespace declarations. * The ``TreeBuilder`` has new arguments ``comment_factory`` and ``pi_factory`` to pass factories for creating comments and processing instructions, as well as flag arguments ``insert_comments`` and ``insert_pis`` to discard them from the tree when set to false. * A `C14N 2.0 &lt;https://www.w3.org/TR/xml-c14n2/&gt;`_ implementation was added as ``etree.canonicalize()``, a corresponding ``C14NWriterTarget`` class, and a ``c14n2`` serialisation method. * bugfixes, see CHANGES.txt - deleted sources - lxmldoc-4.3.3.pdf (renamed) - added sources + lxmldoc-4.4.0.pdf + world.txt - Update to 4.3.4 * Rebuilt with Cython 0.29.10 to support Python 3.8. Note: documentation is not updated - Remove generated files - Update to 4.3.3: * Fix leak of output buffer and unclosed files in ``_XSLTResultTree.write_output()``. - Update to 4.3.2: * Crash in 4.3.1 when appending a child subtree with certain text nodes. - Update to v4.3.1 * Fixed crash when appending a child subtree that contains unsubstituted entity references - from v4.3.0 * Features + The module ``lxml.sax`` is compiled using Cython in order to speed it up. + lxml.sax.ElementTreeProducer now preserves the namespace prefixes. If two prefixes point to the same URI, the first prefix in alphabetical order is used. + Updated ISO-Schematron implementation to 2013 version (now MIT licensed) and the corresponding schema to the 2016 version (with optional &quot;/properties&quot;/). * Other + Support for Python 2.6 and 3.3 was removed. + The minimum dependency versions were raised to libxml2 2.9.2 and libxslt 1.1.27, which were released in 2014 and 2012 respectively. - from v4.2.6 * Fix a DeprecationWarning in Py3.7+. * Import warnings in Python 3.6+ were resolved. - Remove no longer needed 0001-Make-test-more-resilient-against-changes-in-latest-l.patch - Remove superfluous devel dependency for noarch package - Update to 4.2.5 * Javascript URLs that used URL escaping were not removed by the HTML cleaner. Security problem found by Omar Eissa. - Fix threading tests patch for 42.3 * Add 0001-Make-test-more-resilient-against-changes-in-latest-l.patch * Remove python-lxml-assert.patch - Update to 4.2.4 (2018-08-03) + Features added * GH#259: Allow using ``pkg-config`` for build configuration. Patch by Patrick Griffis. + Bugs fixed * LP#1773749, GH#268: Crash when moving an element to another document with ``Element.insert()``. Patch by Alexander Weggerle. - Update to 4.2.3 + Bugs fixed * Reverted GH#265: lxml links against zlib as a shared library again. - Update to 4.2.2 + Bugs fixed * GH#266: Fix sporadic crash during GC when parse-time schema validation is used and the parser participates in a reference cycle. Original patch by Julien Greard. * GH#265: lxml no longer links against zlib as a shared library, only on static builds. Patch by Nehal J Wani. - Version update to 4.2.1: * LP#1755825: iterwalk() failed to return the 'start' event for the initial element if a tag selector is used. * LP#1756314: Failure to import 4.2.0 into PyPy due to a missing library symbol. * LP#1727864, GH#258: Add &quot;/-isysroot&quot;/ linker option on MacOS as needed by XCode 9. - Version update to 4.2.0: * GH#255: ``SelectElement.value`` returns more standard-compliant and browser-like defaults for non-multi-selects. If no option is selected, the value of the first option is returned (instead of None). If multiple options are selected, the value of the last one is returned (instead of that of the first one). If no options are present (not standard-compliant) ``SelectElement.value`` still returns ``None``. * GH#261: The ``HTMLParser()`` now supports the ``huge_tree`` option. Patch by stranac. * LP#1551797: Some XSLT messages were not captured by the transform error log. * LP#1737825: Crash at shutdown after an interrupted iterparse run with XMLSchema validation. - Add patch python-lxml-assert.patch to pass test fail on threading - update to 4.1.1 - ElementPath supports text predicates for current node, like &quot;/[.='text']&quot;/. - ElementPath allows spaces in predicates. - Custom Element classes and XPath functions can now be registered with a decorator rather than explicit dict assignments. - LP#1722776: Requesting non-Element objects like comments from a document with PythonElementClassLookup could fail with a TypeError. Package python-psutil was updated: - Add patch mem-used-bsc1181475.patch (bsc#1181475) * Adopt change of used memory calculation from upstream of procps Package python-py was updated: - Update in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972)- Drop CVE-2020-29651.patch, issue fixed upstream in 1.10.0 - Update to 1.10.0 * Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651) - Devendor apipkg and iniconfig - Add pr_222.patch to activate test suite - Update to 1.9.0 * Add type annotation stubs Package python3 was updated: - Add patch CVE-2021-28861-double-slash-path.patch: * http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. (bsc#1202624, CVE-2021-28861) Package regionServiceClientConfigGCE was updated: - Update to version 4.0.0 (bsc#1199668) + Move the cert location to /usr for compatibility with ro setup of SLE-Micro + Fix url in spec file to pint to the proper location of the source Package resource-agents was updated: - ECO: Maint: Azure Events RA can not handle AV Zones (jsc#PED-2000) Add upstream patch: 0001-azure-events-az-new-resource-agent-1774.patch - RA aws-vpc-move-ip is lacking the possibility to assign a label to an interface. (bsc#1199766) Include upsteam patch: 0001-aws-vpc-move-ip-Allow-to-set-the-interface-label.patch Package rsync was updated: - Add support for --trust-sender parameter (patch by Jie Gong in bsc#1202970). (related to CVE-2022-29154, bsc#1201840) * Added patch rsync-CVE-2022-29154-trust-sender-1.patch * Added patch rsync-CVE-2022-29154-trust-sender-2.patch - Apply &quot;/rsync-CVE-2022-29154.patch&quot;/ to fix a security vulnerability in the do_server_recv() function. [bsc#1201840, CVE-2022-29154] Package ruby2 was updated: - Update suse.patch to 41adc98ad1: - Cookie Prefix Spoofing in CGI::Cookie.parse (boo#1193081 CVE-2021-41819) - add back some lost chunks to the suse.patch Package rubygem-activesupport-5_1 was updated: - Add patch to fix CVE-2022-27777 (bsc#1199060) CVE-2022-27777.patch Package rubygem-kramdown was updated: - security update- added patches fix CVE-2020-14001 [bsc#1174297], processing template options inside documents allows unintended read access or embedded Ruby code execution + rubygem-kramdown-CVE-2020-14001.patch Package rubygem-loofah was updated: Package rubygem-puma was updated: - updated to version 4.3.12 * fix bsc#1197818, CVE-2022-24790 rubygem-puma: HTTP request smuggling if proxy is not RFC7230 compliant Package rubygem-rack was updated: fix CVE-2020-8184 [bsc#1173351], percent-encoded cookies can be used to overwrite existing prefixed cookie names + rubygem-rack-CVE-2020-8184.patch fix CVE-2020-8161 [bsc#1172037], directory traversal in Rack:Directory + rubygem-rack-CVE-2020-8161.patch - security update - added patches Package rubygem-rails-html-sanitizer was updated: - Add patch 0001_CVE-2022-32209.patch This patch fixes CVE-2022-32209 (bsc#1201183) Package rubygem-tzinfo was updated: - security update- added patches fix CVE-2022-31163 [bsc#1201835], Relative path traversal vulnerability allows TZInfo::Timezone.get to load arbitrary files + rubygem-tzinfo-CVE-2022-31163.patch Package runc was updated: - Update to runc v1.1.4. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.4. * Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. * Switch kill() in libcontainer/nsenter to sane_kill(). * Fix &quot;/permission denied&quot;/ error from runc run on noexec fs. * Fix failed exec after systemctl daemon-reload. Due to a regression in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded. (boo#1202821) Package salt was updated: - Handle non-UTF-8 bytes in core grains generation (bsc#1202165)- Fix Syndic authentication errors (bsc#1199562) - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Fix test_ipc unit test - Added: * change-the-delimeters-to-prevent-possible-tracebacks.patch * add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch * fix-state.apply-in-test-mode-with-file-state-module-.patch * fix-the-regression-in-schedule-module-releasded-in-3.patch * retry-if-rpm-lock-is-temporarily-unavailable-547.patch * fix-test_ipc-unit-tests.patch * backport-syndic-auth-fixes.patch * ignore-non-utf8-characters-while-reading-files-with-.patch - Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja &gt;= and &lt;= 3.1.0 (bsc#1198744) - Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372) - Make Salt 3004 compatible with pyzmq &gt;= 23.0.0 (bsc#1201082) - Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489) - Fix ownership of salt thin directory when using the Salt Bundle - Set default target for pip from VENV_PIP_TARGET environment variable - Normalize package names once with pkg.installed/removed using yum (bsc#1195895) - Save log to logfile with docker.build - Use Salt Bundle in dockermod - Ignore erros on reading license files with dpkg_lowpkg (bsc#1197288) - Added: * fix-salt.states.file.managed-for-follow_symlinks-tru.patch * fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch * add-support-for-gpgautoimport-539.patch * ignore-erros-on-reading-license-files-with-dpkg_lowp.patch * set-default-target-for-pip-from-venv_pip_target-envi.patch * fix-ownership-of-salt-thin-directory-when-using-the-.patch * normalize-package-names-once-with-pkg.installed-remo.patch * save-log-to-logfile-with-docker.build.patch * add-support-for-name-pkgs-and-diff_attr-parameters-t.patch * use-salt-bundle-in-dockermod.patch * fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch - Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566) Package samba was updated: - CVE-2022-32742:SMB1 code does not correct verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085); (bsc#1201496). Package sqlite3 was updated: - update to 3.39.3: * Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. * Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are decremented and documented as not being threadsafe. - update to 3.39.2: * Fix a performance regression in the query planner associated with rearranging the order of FROM clause terms in the presences of a LEFT JOIN. * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum post 3607259d3c, and other minor problems discovered by internal testing. [boo#1201783] - update to 3.39.1: * Fix an incorrect result from a query that uses a view that contains a compound SELECT in which only one arm contains a RIGHT JOIN and where the view is not the first FROM clause term of the query that contains the view * Fix a long-standing problem with ALTER TABLE RENAME that can only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a very small value. * Fix a long-standing problem in FTS3 that can only arise when compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time option. * Fix the initial-prefix optimization for the REGEXP extension so that it works correctly even if the prefix contains characters that require a 3-byte UTF8 encoding. * Enhance the sqlite_stmt virtual table so that it buffers all of its output. - update to 3.39.0: * Add (long overdue) support for RIGHT and FULL OUTER JOIN * Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards * Add a new return code (value &quot;/3&quot;/) from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses * Added the sqlite3_db_name() interface * The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened * Defer materializing views until the materialization is actually needed, thus avoiding unnecessary work if the materialization turns out to never be used * The HAVING clause of a SELECT statement is now allowed on any aggregate query, even queries that do not have a GROUP BY clause * Many microoptimizations collectively reduce CPU cycles by about 2.3%. - drop sqlite-src-3380100-atof1.patch, included upstream - add sqlite-src-3390000-func7-pg-181.patch to skip float precision related test failures on 32 bit - update to 3.38.5: * Fix a blunder in the CLI of the 3.38.4 release - includes changes from 3.38.4: * fix a byte-code problem in the Bloom filter pull-down optimization added by release 3.38.0 in which an error in the byte code causes the byte code engine to enter an infinite loop when the pull-down optimization encounters a NULL key - update to 3.38.3: * Fix a case of the query planner be overly aggressive with optimizing automatic-index and Bloom-filter construction, using inappropriate ON clause terms to restrict the size of the automatic-index or Bloom filter, and resulting in missing rows in the output. * Other minor patches. See the timeline for details. - update to 3.38.2: * Fix a problem with the Bloom filter optimization that might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause constraint that says that one of the columns on the right table of the LEFT JOIN is NULL. * Other minor patches. - Remove obsolete configure flags - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). - update to 3.38.1: * Fix problems with the new Bloom filter optimization that might cause some obscure queries to get an incorrect answer. * Fix the localtime modifier of the date and time functions so that it preserves fractional seconds. * Fix the sqlite_offset SQL function so that it works correctly even in corner cases such as when the argument is a virtual column or the column of a view. * Fix row value IN operator constraints on virtual tables so that they work correctly even if the virtual table implementation relies on bytecode to filter rows that do not satisfy the constraint. * Other minor fixes to assert() statements, test cases, and documentation. See the source code timeline for details. - add upstream patch to run atof1 tests only on x86_64 sqlite-src-3380100-atof1.patch - update to 3.38.0 * Add the -&gt; and -&gt;&gt; operators for easier processing of JSON * The JSON functions are now built-ins * Enhancements to date and time functions * Rename the printf() SQL function to format() for better compatibility, with alias for backwards compatibility. * Add the sqlite3_error_offset() interface for helping localize an SQL error to a specific character in the input SQL text * Enhance the interface to virtual tables * CLI columnar output modes are enhanced to correctly handle tabs and newlines embedded in text, and add options like &quot;/--wrap N&quot;/, &quot;/--wordwrap on&quot;/, and &quot;/--quote&quot;/ to the columnar output modes. * Query planner enhancements using a Bloom filter to speed up large analytic queries, and a balanced merge tree to evaluate UNION or UNION ALL compound SELECT statements that have an ORDER BY clause. * The ALTER TABLE statement is changed to silently ignores entries in the sqlite_schema table that do not parse when PRAGMA writable_schema=ON - update to 3.37.2: * Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other changes are made, and then the outer transaction commits * Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a cache of the bytecode used to implement the cascading change was not being reset following a local DDL change - update to 3.37.1: * Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL- pointer dereference. * Fix an OOB read that can occur in FTS5 when reading corrupt database files. * Improved robustness of the --safe option in the CLI. * Other minor fixes to assert() statements and test cases. - SQLite3 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter (&quot;/START&quot;/) is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema. * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert extension when a column has no collating sequence. Package sudo was updated: - Added sudo-1-8-27-bsc1201462-ignore-no-sudohost.patch * Ignore entries when converting LDAP to sudoers. Prevents empty host list being treated as &quot;/ALL&quot;/ wildcard. * bsc#1201462 * Sourced from https://www.sudo.ws/repos/sudo/rev/484d0d3b892e Package supportutils-plugin-ha-sap was updated: - Update to version 0.0.4+git.1663748456.ad13e75: * fix basic support for saptune add saptune version 3 awareness and add a hint for the new saptune supportconfig plugin delivered within the saptune package &gt;= 3.x (bsc#1203202) - Update to version 0.0.3+git.1659022100.39bfcd6: * Update README.md * Replace spaces to tabs. * Search for other groups too. * Include /etc/group in plugin-ha_sap.txt (bsc#1201831) * Update ha_sap * Update pacemaker.log location change * suppress link path in Readme.md * add section 'Additional information' to the Readme.md * change release status of the project * Update README.md * Update ha_sap Package systemd was updated: - Import commit 5183646e041a0ac78107bc4e5b06594e3a27657f 8187a5e5f6 Allow control characters in environment variable values (bsc#1200170) da394cc0b0 test-env-util: Verify that r is disallowed in env var values da0120492d test-env-util: print function headers 0702ce5b4e basic/env-util: Allow newlines in values of environment variables 6fda9a8c7b udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) 52174bfc1a man: tweak description of auto/noauto (bsc#1191502) 8a57b62f90 shared/install: ignore failures for auxiliary files 86079f3522 systemctl: supress enable/disable messages when -q is given (#7067) aa4b7b7925 shared/install: fix error codes returned by install_context_apply() ce671cf6e3 shared/install: avoid overwriting 'r' counter with a partial result (bsc#1148309) Package systemd-presets-common-SUSE was updated: - enable ignition-delete-config by default (bsc#1199524)- Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter &quot;/user&quot;/, the save/apply-changes commands now work with user services instead of system ones (boo#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (boo#1200485) Package tar was updated: - bsc1200657.patch was previously incomplete leading to deadlocks * bsc#1202436 * bsc1200657.patch updated - Fix race condition while creating intermediate subdirectories, bsc#1200657 * bsc1200657.patch Package telnet was updated: - Fix CVE-2022-39028, NULL pointer dereference in telnetd (CVE-2022-39028, bsc#1203759) CVE-2022-39028.patch Package tiff was updated: - security update: * CVE-2022-2519 [bsc#1202968] * CVE-2022-2520 [bsc#1202973] * CVE-2022-2521 [bsc#1202971] + tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch * CVE-2022-2867 [bsc#1202466] * CVE-2022-2868 [bsc#1202467] * CVE-2022-2869 [bsc#1202468] + tiff-CVE-2022-2867,CVE-2022-2868,CVE-2022-2869.patch - CVE-2022-34266 [bsc#1201971] and [bsc#1201723]: Rename tiff-CVE-2022-0561.patch to tiff-CVE-2022-0561,CVE-2022-34266.patch This CVE is actually a duplicate. - security update: * CVE-2022-34526 [bsc#1202026] + tiff-CVE-2022-34526.patch - security update * CVE-2022-2056 [bsc#1201176] * CVE-2022-2057 [bsc#1201175] * CVE-2022-2058 [bsc#1201174] + tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch Package tigervnc was updated: - U_Handle-pending-data-in-TLS-buffers.patch * Vncclient wasn't refreshing screen correctly due to an issue on TLS stream buffers. * bsc#1199477 Package timezone was updated: - Update to reflect new Chile DST change, bsc#1202310 * bsc1202310.patch Package unzip was updated: - Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string to a local string (CVE-2022-0530, bsc#1196177) * CVE-2022-0530.patch - Fix CVE-2022-0529, Heap out-of-bound writes and reads during conversion of wide string to local string (CVE-2022-0529, bsc#1196180) * CVE-2022-0529.patch Package util-linux was updated: - su: Change owner and mode for pty (bsc#1200842, util-linux-login-move-generic-setting-to-ttyutils.patch, util-linux-su-change-owner-and-mode-for-pty.patch). - mesg: use only stat() to get the current terminal status (bsc#1200842, util-linux-mesg-use-only-stat.patch). - agetty: Resolve tty name even if stdin is specified (bsc#1197178, util-linux-agetty-resolve-tty-if-stdin-is-specified.patch). - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731, util-linux-libmount-moving-mount-point-sub-mounts.patch, util-linux-libmount-fix-and-improve-utab-on-ms_move.patch). Package util-linux-systemd was updated: - su: Change owner and mode for pty (bsc#1200842, util-linux-login-move-generic-setting-to-ttyutils.patch, util-linux-su-change-owner-and-mode-for-pty.patch). - mesg: use only stat() to get the current terminal status (bsc#1200842, util-linux-mesg-use-only-stat.patch). - agetty: Resolve tty name even if stdin is specified (bsc#1197178, util-linux-agetty-resolve-tty-if-stdin-is-specified.patch). - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731, util-linux-libmount-moving-mount-point-sub-mounts.patch, util-linux-libmount-fix-and-improve-utab-on-ms_move.patch). Package vim was updated: - Updated to version 9.0 with patch level 0313, fixes the following problems * Fixing bsc#1200884 Vim: Error on startup * Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32 * Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37 * Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37 * Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl() * Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044 * Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045 * Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046. * Fixing bsc#1201620 PUBLIC SUSE Linux Enterprise Server 15 SP4 Basesystem zbalogh@suse.com NEW --- SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue * Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock() * Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar() * Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char * Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote() * Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent() * Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk() * Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both() * Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name() * Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc() * Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len() * Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow * Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes() * Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk() * Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite() * Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int() * Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check() * Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs() * Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special() * Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr() * Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand * Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line() * Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string() * Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr() * Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() * Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails() * Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet() * Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function() * Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len() * Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar() * Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c * Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240 * Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval * Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00 Package yast2-sap-ha was updated: - YaST2 sap_ha tool does not allow digits at the beginning of site names (bsc#1200427) - 1.0.15 - Introduce a new function refresh_all_proposals. This reads the proposal for the modules watchdog and fence. This is neccessary when reading an earlier configuration. - Use .gsub instead of File.basename to find all modules files. Replace tab with spaces. (bsc#1197290) - 1.0.14 - system/watchdog.rb searches watchdog modules with .ko extension but we ship .ko.xz (bsc#1197290) - 1.0.13 - softdog missing in Yast while configuring HA for SAP Products (bsc#1199029) - 1.0.12 - kmod-compat has broken dependencies (bsc#1186618) Update requirement - 1.0.11 - &quot;/SUSE SAP HA Yast wizard for HANA doesn´t configure the HANA hooks. (bsc#1190774) Add SAPHanaSR via global.ini as proposed in https://documentation.suse.com/sbp/all/html/SLES4SAP-hana-sr-guide-PerfOpt-15/index.html#id-1.10.6.6&quot;/ - 1.0.10 - bsc#1158843 hana-*: Broken gettext support - 1.0.9 Package zlib was updated: - Fix heap-based buffer over-read or buffer overflow in inflate via large gzip header extra field (bsc#1202175, CVE-2022-37434, CVE-2022-37434-extra-header-1.patch, CVE-2022-37434-extra-header-2.patch). Package zypper was updated: - BuildRequires: libzypp-devel &gt;= 17.31.2.- Fix --[no]-allow-vendor-change feedback in install command (bsc#1201972) - version 1.14.57 - UsrEtc: Store logrotate files in %{_distconfdir} if defined (fixes #441, fixes #444) - Remove unneeded code to compute the PPP status. Since libzypp 17.23.0 the PPP status is auto established. No extra solver run is needed. - Make sure 'up' respects solver related CLI options (bsc#1201972) - Fix tests to use locale &quot;/C.UTF-8&quot;/ rather than &quot;/en_US&quot;/. - Fix man page (fixes #451) - version 1.14.56 - lr: Allow shortening the Name column if table is wider than the terminal (bsc#1201638) - Don't accepts install/remove modifier without argument (bsc#1201576) - zypper-download: Set correct ExitInfoCode when failing to resolve argument. - zypper-download: Handle unresolvable arguments as error. This commit changes zypper-download such that it behaves more consistent to zypper-install when an argument can't be resolved. - version 1.14.55 - Fix building with GCC 13 (fixes #448) - Put signing key supplying repository name in quotes. - version 1.14.54 - Basic JobReport for &quot;/cmdout/monitor&quot;/. - versioncmp: if verbose, also print the edition 'parts' which are compared. - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally (fixes #433) - Honor the NO_COLOR environment variable when auto-detecting whether to use color (fixes #432) - Define table columns which should be sorted natural [case insensitive] (fixes #391, closes #396, fixes #424) - lr/ls: Use highlight color on name and alias as well. - version 1.14.53 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://publiccloudimagechangeinfo.suse.com/google/sles-15-sp1-sap-byos-v20221108-x86-64/ Public Cloud Image Info https://www.suse.com/support/security/rating/ SUSE Security Ratings Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 SAPHanaSR-0.161.1_BF-150000.4.25.1 SAPHanaSR-doc-0.161.1_BF-150000.4.25.1 aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 bind-utils-9.16.6-150000.12.63.1 ca-certificates-mozilla-2.56-150000.4.35.1 cifs-utils-6.9-150100.5.18.1 cloud-regionsrv-client-10.0.5-150000.6.76.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.76.1 cluster-md-kmp-default-4.12.14-150100.197.126.1 ctdb-4.9.5+git.490.e80cf669f50-150100.3.70.1 cups-config-2.2.7-150000.3.35.1 curl-7.60.0-150000.38.1 cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 dbus-1-1.12.2-150100.8.14.1 dlm-kmp-default-4.12.14-150100.197.126.1 docker-20.10.17_ce-150000.169.1 expat-2.2.5-150000.3.25.1 fence-agents-4.9.0+git.1624456340.8d746be9-150100.7.38.1 gfs2-kmp-default-4.12.14-150100.197.126.1 gnutls-3.6.7-150000.6.45.2 google-guest-agent-20220713.0-150000.1.29.1 google-guest-oslogin-20220721.0-150000.1.30.1 google-osconfig-agent-20220801.0-150000.1.22.1 gpg2-2.2.5-150000.4.22.1 iputils-s20161105-150000.8.6.1 java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 kernel-default-4.12.14-150100.197.126.1 ldirectord-4.3.0184.6ee15eb2-150100.4.72.1 libXvnc1-1.9.0-150100.19.20.1 libassuan0-2.5.5-150000.4.3.1 libbind9-1600-9.16.6-150000.12.63.1 libblkid1-2.33.2-150100.4.24.1 libcroco-0_6-3-0.6.12-150000.4.6.2 libcups2-2.2.7-150000.3.35.1 libcurl4-7.60.0-150000.38.1 libdbus-1-3-1.12.2-150100.8.14.1 libdcerpc-binding0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdns1605-9.16.6-150000.12.63.1 libexpat1-2.2.5-150000.3.25.1 libfdisk1-2.33.2-150100.4.24.1 libfreebl3-3.79.2-150000.3.82.1 libfreetype6-2.10.4-150000.4.12.1 libgcc_s1-11.3.0+git1637-150000.1.11.2 libgnutls30-3.6.7-150000.6.45.2 libicu60_2-60.2-150000.3.12.1 libicu60_2-ledata-60.2-150000.3.12.1 libirs1601-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libjpeg62-62.2.0-150000.32.5.1 libjpeg8-8.1.2-150000.32.5.1 libksba8-1.3.5-150000.4.3.1 libldap-2_4-2-2.4.46-150000.9.74.3 libldap-data-2.4.46-150000.9.74.3 libmount1-2.33.2-150100.4.24.1 libncurses6-6.1-150000.5.12.1 libndr-krb5pac0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libns1604-9.16.6-150000.12.63.1 libopenssl1_1-1.1.0i-150100.14.39.1 libpacemaker3-2.0.1+20190417.13d370ca9-150100.3.27.1 libpci3-3.5.6-150000.3.6.1 libpcre2-8-0-10.31-150000.3.12.1 libprocps7-3.3.15-150000.7.25.1 libpython3_6m1_0-3.6.15-150000.3.109.1 libruby2_5-2_5-2.5.9-150000.4.26.1 libsamba-credentials0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsasl2-3-2.1.26-150000.5.13.1 libsmartcols1-2.33.2-150100.4.24.1 libsmbconf0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsoftokn3-3.79.2-150000.3.82.1 libsqlite3-0-3.39.3-150000.3.17.1 libstdc++6-11.3.0+git1637-150000.1.11.2 libsystemd0-234-150000.24.111.1 libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtevent-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtiff5-4.0.9-150000.45.16.1 libtirpc-netconfig-1.0.2-150000.3.18.1 libtirpc3-1.0.2-150000.3.18.1 libudev1-234-150000.24.111.1 libusb-1_0-0-1.0.21-150000.3.5.1 libuuid1-2.33.2-150100.4.24.1 libwbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwebp6-0.5.0-150000.3.7.1 libxcb-glx0-1.13-150000.3.9.1 libxcb-randr0-1.13-150000.3.9.1 libxcb-render0-1.13-150000.3.9.1 libxcb-shape0-1.13-150000.3.9.1 libxcb-shm0-1.13-150000.3.9.1 libxcb-sync1-1.13-150000.3.9.1 libxcb-xfixes0-1.13-150000.3.9.1 libxcb-xinerama0-1.13-150000.3.9.1 libxcb-xkb1-1.13-150000.3.9.1 libxcb1-1.13-150000.3.9.1 libxml2-2-2.9.7-150000.3.51.1 libyajl2-2.1.0-150000.4.3.1 libz1-1.2.11-150000.3.33.1 libzypp-17.31.2-150100.3.87.1 logrotate-3.13.0-150000.4.7.1 mozilla-nspr-4.34.1-150000.3.26.1 mozilla-nss-3.79.2-150000.3.82.1 mozilla-nss-certs-3.79.2-150000.3.82.1 mozilla-nss-tools-3.79.2-150000.3.82.1 ncurses-utils-6.1-150000.5.12.1 ocfs2-kmp-default-4.12.14-150100.197.126.1 openldap2-client-2.4.46-150000.9.74.3 openssl-1_1-1.1.0i-150100.14.39.1 pacemaker-2.0.1+20190417.13d370ca9-150100.3.27.1 pacemaker-cli-2.0.1+20190417.13d370ca9-150100.3.27.1 pam-1.3.0-150000.6.61.1 pciutils-3.5.6-150000.3.6.1 perl-HTTP-Daemon-6.01-150000.3.5.1 procps-3.3.15-150000.7.25.1 python3-3.6.15-150000.3.109.1 python3-Babel-2.5.1-150000.3.3.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-base-3.6.15-150000.3.109.1 python3-bind-9.16.6-150000.12.63.1 python3-cssselect-1.0.3-150000.3.3.1 python3-curses-3.6.15-150000.3.109.1 python3-lxml-4.7.1-150100.6.6.1 python3-psutil-5.4.8-150100.6.3.2 python3-py-1.10.0-150000.5.9.2 python3-salt-3004-150100.77.1 regionServiceClientConfigGCE-4.0.0-150000.4.9.1 resource-agents-4.3.0184.6ee15eb2-150100.4.72.1 rsync-3.1.3-150000.4.18.1 ruby2.5-2.5.9-150000.4.26.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1 ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 ruby2.5-rubygem-puma-4.3.12-150000.3.9.1 ruby2.5-rubygem-rack-2.0.8-150000.3.9.1 ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.3.1 ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 ruby2.5-stdlib-2.5.9-150000.4.26.1 runc-1.1.4-150000.33.4 salt-3004-150100.77.1 salt-minion-3004-150100.77.1 samba-libs-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 sqlite3-3.39.3-150000.3.17.1 sudo-1.8.27-150000.4.27.1 supportutils-plugin-ha-sap-0.0.4+git.1663763480.2bbd713-150000.1.12.1 systemd-234-150000.24.111.1 systemd-presets-common-SUSE-15-150100.8.17.1 systemd-sysvinit-234-150000.24.111.1 tar-1.34-150000.3.18.1 telnet-1.2-150000.3.6.1 terminfo-6.1-150000.5.12.1 terminfo-base-6.1-150000.5.12.1 timezone-2022a-150000.75.10.1 udev-234-150000.24.111.1 unzip-6.0-150000.4.11.1 util-linux-2.33.2-150100.4.24.1 util-linux-systemd-2.33.2-150100.4.24.1 uuidd-2.33.2-150100.4.24.1 vim-9.0.0313-150000.5.25.1 vim-data-common-9.0.0313-150000.5.25.1 xorg-x11-Xvnc-1.9.0-150100.19.20.1 yast2-sap-ha-1.0.15-150000.3.11.1 zypper-1.14.57-150100.3.64.1 SAPHanaSR-0.161.1_BF-150000.4.25.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 SAPHanaSR-doc-0.161.1_BF-150000.4.25.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 aaa_base-extras-84.87+git20180409.04c9dae-150000.3.60.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 bind-utils-9.16.6-150000.12.63.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 ca-certificates-mozilla-2.56-150000.4.35.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 cifs-utils-6.9-150100.5.18.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 cloud-regionsrv-client-10.0.5-150000.6.76.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.76.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 cluster-md-kmp-default-4.12.14-150100.197.126.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 ctdb-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 cups-config-2.2.7-150000.3.35.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 curl-7.60.0-150000.38.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 cyrus-sasl-2.1.26-150000.5.13.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 cyrus-sasl-plain-2.1.26-150000.5.13.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 dbus-1-1.12.2-150100.8.14.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 dlm-kmp-default-4.12.14-150100.197.126.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 docker-20.10.17_ce-150000.169.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 expat-2.2.5-150000.3.25.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 fence-agents-4.9.0+git.1624456340.8d746be9-150100.7.38.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 gfs2-kmp-default-4.12.14-150100.197.126.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 gnutls-3.6.7-150000.6.45.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 google-guest-agent-20220713.0-150000.1.29.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 google-guest-oslogin-20220721.0-150000.1.30.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 google-osconfig-agent-20220801.0-150000.1.22.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 gpg2-2.2.5-150000.4.22.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 iputils-s20161105-150000.8.6.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 kernel-default-4.12.14-150100.197.126.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 ldirectord-4.3.0184.6ee15eb2-150100.4.72.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libXvnc1-1.9.0-150100.19.20.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libassuan0-2.5.5-150000.4.3.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libbind9-1600-9.16.6-150000.12.63.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libblkid1-2.33.2-150100.4.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libcroco-0_6-3-0.6.12-150000.4.6.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libcups2-2.2.7-150000.3.35.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libcurl4-7.60.0-150000.38.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libdbus-1-3-1.12.2-150100.8.14.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libdcerpc-binding0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libdcerpc0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libdns1605-9.16.6-150000.12.63.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libexpat1-2.2.5-150000.3.25.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libfdisk1-2.33.2-150100.4.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libfreebl3-3.79.2-150000.3.82.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libfreetype6-2.10.4-150000.4.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libgcc_s1-11.3.0+git1637-150000.1.11.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libgnutls30-3.6.7-150000.6.45.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libicu60_2-60.2-150000.3.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libicu60_2-ledata-60.2-150000.3.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libirs1601-9.16.6-150000.12.63.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libisc1606-9.16.6-150000.12.63.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libisccc1600-9.16.6-150000.12.63.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libisccfg1600-9.16.6-150000.12.63.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libjpeg62-62.2.0-150000.32.5.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libjpeg8-8.1.2-150000.32.5.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libksba8-1.3.5-150000.4.3.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libldap-2_4-2-2.4.46-150000.9.74.3 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libldap-data-2.4.46-150000.9.74.3 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libmount1-2.33.2-150100.4.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libncurses6-6.1-150000.5.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libndr-krb5pac0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libndr-nbt0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libndr-standard0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libndr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libnetapi0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libns1604-9.16.6-150000.12.63.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libopenssl1_1-1.1.0i-150100.14.39.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libpacemaker3-2.0.1+20190417.13d370ca9-150100.3.27.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libpci3-3.5.6-150000.3.6.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libpcre2-8-0-10.31-150000.3.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libprocps7-3.3.15-150000.7.25.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libpython3_6m1_0-3.6.15-150000.3.109.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libruby2_5-2_5-2.5.9-150000.4.26.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libsamba-credentials0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libsamba-errors0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libsamba-hostconfig0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libsamba-passdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libsamba-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libsamdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libsasl2-3-2.1.26-150000.5.13.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libsmartcols1-2.33.2-150100.4.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libsmbconf0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libsmbldap2-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libsoftokn3-3.79.2-150000.3.82.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libsqlite3-0-3.39.3-150000.3.17.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libstdc++6-11.3.0+git1637-150000.1.11.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libsystemd0-234-150000.24.111.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libtasn1-4.13-150000.4.8.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libtasn1-6-4.13-150000.4.8.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libtevent-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libtiff5-4.0.9-150000.45.16.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libtirpc-netconfig-1.0.2-150000.3.18.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libtirpc3-1.0.2-150000.3.18.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libudev1-234-150000.24.111.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libusb-1_0-0-1.0.21-150000.3.5.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libuuid1-2.33.2-150100.4.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libwbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libwebp6-0.5.0-150000.3.7.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libxcb-glx0-1.13-150000.3.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libxcb-randr0-1.13-150000.3.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libxcb-render0-1.13-150000.3.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libxcb-shape0-1.13-150000.3.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libxcb-shm0-1.13-150000.3.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libxcb-sync1-1.13-150000.3.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libxcb-xfixes0-1.13-150000.3.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libxcb-xinerama0-1.13-150000.3.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libxcb-xkb1-1.13-150000.3.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libxcb1-1.13-150000.3.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libxml2-2-2.9.7-150000.3.51.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libyajl2-2.1.0-150000.4.3.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libz1-1.2.11-150000.3.33.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 libzypp-17.31.2-150100.3.87.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 logrotate-3.13.0-150000.4.7.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 mozilla-nspr-4.34.1-150000.3.26.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 mozilla-nss-3.79.2-150000.3.82.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 mozilla-nss-certs-3.79.2-150000.3.82.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 mozilla-nss-tools-3.79.2-150000.3.82.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 ncurses-utils-6.1-150000.5.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 ocfs2-kmp-default-4.12.14-150100.197.126.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 openldap2-client-2.4.46-150000.9.74.3 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 openssl-1_1-1.1.0i-150100.14.39.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 pacemaker-2.0.1+20190417.13d370ca9-150100.3.27.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 pacemaker-cli-2.0.1+20190417.13d370ca9-150100.3.27.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 pam-1.3.0-150000.6.61.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 pciutils-3.5.6-150000.3.6.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 perl-HTTP-Daemon-6.01-150000.3.5.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 procps-3.3.15-150000.7.25.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 python3-3.6.15-150000.3.109.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 python3-Babel-2.5.1-150000.3.3.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 python3-M2Crypto-0.35.2-150000.3.14.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 python3-base-3.6.15-150000.3.109.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 python3-bind-9.16.6-150000.12.63.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 python3-cssselect-1.0.3-150000.3.3.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 python3-curses-3.6.15-150000.3.109.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 python3-lxml-4.7.1-150100.6.6.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 python3-psutil-5.4.8-150100.6.3.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 python3-py-1.10.0-150000.5.9.2 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 python3-salt-3004-150100.77.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 regionServiceClientConfigGCE-4.0.0-150000.4.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 resource-agents-4.3.0184.6ee15eb2-150100.4.72.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 rsync-3.1.3-150000.4.18.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 ruby2.5-2.5.9-150000.4.26.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 ruby2.5-rubygem-puma-4.3.12-150000.3.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 ruby2.5-rubygem-rack-2.0.8-150000.3.9.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.3.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 ruby2.5-stdlib-2.5.9-150000.4.26.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 runc-1.1.4-150000.33.4 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 salt-3004-150100.77.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 salt-minion-3004-150100.77.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 samba-libs-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 samba-libs-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 sqlite3-3.39.3-150000.3.17.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 sudo-1.8.27-150000.4.27.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 supportutils-plugin-ha-sap-0.0.4+git.1663763480.2bbd713-150000.1.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 systemd-234-150000.24.111.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 systemd-presets-common-SUSE-15-150100.8.17.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 systemd-sysvinit-234-150000.24.111.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 tar-1.34-150000.3.18.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 telnet-1.2-150000.3.6.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 terminfo-6.1-150000.5.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 terminfo-base-6.1-150000.5.12.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 timezone-2022a-150000.75.10.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 udev-234-150000.24.111.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 unzip-6.0-150000.4.11.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 util-linux-2.33.2-150100.4.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 util-linux-systemd-2.33.2-150100.4.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 uuidd-2.33.2-150100.4.24.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 vim-9.0.0313-150000.5.25.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 vim-data-common-9.0.0313-150000.5.25.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 xorg-x11-Xvnc-1.9.0-150100.19.20.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 yast2-sap-ha-1.0.15-150000.3.11.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 zypper-1.14.57-150100.3.64.1 as a component of Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64 Possible cross-site scripting vulnerability in libxml after commit 960f0e2. CVE-2016-3709 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libxml2-2-2.9.7-150000.3.51.1 moderate An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146. CVE-2018-19787 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:python3-lxml-4.7.1-150100.6.6.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. CVE-2019-15587 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ruby2.5-rubygem-loofah-2.2.2-150000.4.6.1 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. CVE-2019-19906 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cyrus-sasl-2.1.26-150000.5.13.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cyrus-sasl-gssapi-2.1.26-150000.5.13.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cyrus-sasl-plain-2.1.26-150000.5.13.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libsasl2-3-2.1.26-150000.5.13.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. CVE-2019-20454 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libpcre2-8-0-10.31-150000.3.12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. CVE-2020-12825 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libcroco-0_6-3-0.6.12-150000.4.6.2 important 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum. CVE-2020-14001 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libfreetype6-2.10.4-150000.4.12.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp. CVE-2020-21913 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libicu60_2-60.2-150000.3.12.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libicu60_2-ledata-60.2-150000.3.12.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality. CVE-2020-25657 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:python3-M2Crypto-0.35.2-150000.3.14.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. CVE-2020-27783 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:python3-lxml-4.7.1-150100.6.6.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. CVE-2020-29651 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:python3-py-1.10.0-150000.5.9.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors CVE-2020-35512 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dbus-1-1.12.2-150100.8.14.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libdbus-1-3-1.12.2-150100.8.14.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. CVE-2020-35538 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libjpeg62-62.2.0-150000.32.5.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libjpeg8-8.1.2-150000.32.5.1 moderate An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. CVE-2020-36516 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 important 4.9 AV:N/AC:M/Au:S/C:N/I:P/A:P A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. CVE-2020-36557 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 important A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. CVE-2020-36558 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 important A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. CVE-2020-8161 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ruby2.5-rubygem-rack-2.0.8-150000.3.9.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. CVE-2020-8184 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ruby2.5-rubygem-rack-2.0.8-150000.3.9.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N ** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." CVE-2021-28861 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:python3-3.6.15-150000.3.109.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:python3-curses-3.6.15-150000.3.109.1 important An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3. CVE-2021-28957 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:python3-lxml-4.7.1-150100.6.6.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. CVE-2021-33655 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 important When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. CVE-2021-33656 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2021-35561 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library. CVE-2021-36690 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libsqlite3-0-3.39.3-150000.3.17.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:sqlite3-3.39.3-150000.3.17.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. CVE-2021-3864 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:logrotate-3.13.0-150000.4.7.1 important CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. CVE-2021-41819 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. CVE-2021-4203 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate 4.9 AV:N/AC:M/Au:S/C:P/I:N/A:P A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. CVE-2021-4209 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gnutls-3.6.7-150000.6.45.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libgnutls30-3.6.7-150000.6.45.2 moderate Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. CVE-2021-42771 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:python3-Babel-2.5.1-150000.3.3.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. CVE-2021-43527 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libfreebl3-3.79.2-150000.3.82.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libsoftokn3-3.79.2-150000.3.82.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:mozilla-nss-3.79.2-150000.3.82.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:mozilla-nss-certs-3.79.2-150000.3.82.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:mozilla-nss-tools-3.79.2-150000.3.82.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. CVE-2021-43818 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:python3-lxml-4.7.1-150100.6.6.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. CVE-2021-46828 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtirpc-netconfig-1.0.2-150000.3.18.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtirpc3-1.0.2-150000.3.18.1 important GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. CVE-2021-46848 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtasn1-4.13-150000.4.8.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtasn1-6-4.13-150000.4.8.1 critical A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. CVE-2022-0529 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:unzip-6.0-150000.4.11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. CVE-2022-0530 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:unzip-6.0-150000.4.11.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. CVE-2022-0561 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtiff5-4.0.9-150000.45.16.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. CVE-2022-1012 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. CVE-2022-1184 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. CVE-2022-1462 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate 3.3 AV:L/AC:M/Au:N/C:P/I:N/A:P An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. CVE-2022-1587 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libpcre2-8-0-10.31-150000.3.12.1 important 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. CVE-2022-1720 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Use After Free in GitHub repository vim/vim prior to 8.2. CVE-2022-1968 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel CVE-2022-20008 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel CVE-2022-20166 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel CVE-2022-20368 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel CVE-2022-20369 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. CVE-2022-2056 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtiff5-4.0.9-150000.45.16.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. CVE-2022-2057 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtiff5-4.0.9-150000.45.16.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. CVE-2022-2058 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtiff5-4.0.9-150000.45.16.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVE-2022-2124 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-2125 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVE-2022-2126 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVE-2022-2129 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2022-21299 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVE-2022-21385 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2022-21426 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). CVE-2022-21476 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2022-21496 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2022-21549 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 moderate Buffer Over-read in GitHub repository vim/vim prior to 8.2. CVE-2022-2175 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-2182 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVE-2022-2183 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. CVE-2022-2206 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-2207 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. CVE-2022-2208 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. CVE-2022-2210 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. CVE-2022-2231 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. CVE-2022-2257 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. CVE-2022-2264 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. CVE-2022-2284 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. CVE-2022-2285 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. CVE-2022-2286 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. CVE-2022-2287 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth. CVE-2022-22967 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:python3-salt-3004-150100.77.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:salt-3004-150100.77.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:salt-minion-3004-150100.77.1 important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. CVE-2022-2304 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. CVE-2022-2309 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:python3-lxml-4.7.1-150100.6.6.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. CVE-2022-2343 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. CVE-2022-2344 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Use After Free in GitHub repository vim/vim prior to 9.0.0046. CVE-2022-2345 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard. CVE-2022-24790 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL. CVE-2022-24795 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libyajl2-2.1.0-150000.4.3.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 CVE-2022-2503 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. CVE-2022-2509 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gnutls-3.6.7-150000.6.45.2 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libgnutls30-3.6.7-150000.6.45.2 important There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1 CVE-2022-2519 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtiff5-4.0.9-150000.45.16.1 important A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. CVE-2022-2520 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtiff5-4.0.9-150000.45.16.1 moderate It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. CVE-2022-2521 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtiff5-4.0.9-150000.45.16.1 important Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. CVE-2022-2522 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. CVE-2022-2571 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. CVE-2022-2580 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. CVE-2022-2581 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. CVE-2022-2588 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 important Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. CVE-2022-2598 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2022-26373 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-2639 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. CVE-2022-2663 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. CVE-2022-27404 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libfreetype6-2.10.4-150000.4.12.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. CVE-2022-27405 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libfreetype6-2.10.4-150000.4.12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. CVE-2022-27406 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libfreetype6-2.10.4-150000.4.12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. CVE-2022-27777 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. CVE-2022-27781 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:curl-7.60.0-150000.38.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libcurl4-7.60.0-150000.38.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. CVE-2022-27782 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:curl-7.60.0-150000.38.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libcurl4-7.60.0-150000.38.1 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. CVE-2022-2795 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:bind-utils-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libbind9-1600-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libdns1605-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libirs1601-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libisc1606-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libisccc1600-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libisccfg1600-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libns1604-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:python3-bind-9.16.6-150000.12.63.1 moderate Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. CVE-2022-2816 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low Use After Free in GitHub repository vim/vim prior to 9.0.0213. CVE-2022-2817 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. CVE-2022-2819 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. CVE-2022-2845 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. CVE-2022-2849 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low Use After Free in GitHub repository vim/vim prior to 9.0.0221. CVE-2022-2862 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. CVE-2022-2867 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtiff5-4.0.9-150000.45.16.1 low libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. CVE-2022-2868 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtiff5-4.0.9-150000.45.16.1 low libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. CVE-2022-2869 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtiff5-4.0.9-150000.45.16.1 low NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. CVE-2022-2874 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low Use After Free in GitHub repository vim/vim prior to 9.0.0225. CVE-2022-2889 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). CVE-2022-29154 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:rsync-3.1.3-150000.4.18.1 important NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. CVE-2022-2923 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. CVE-2022-29458 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libncurses6-6.1-150000.5.12.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ncurses-utils-6.1-150000.5.12.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:terminfo-6.1-150000.5.12.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:terminfo-base-6.1-150000.5.12.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P Use After Free in GitHub repository vim/vim prior to 9.0.0246. CVE-2022-2946 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 moderate Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. CVE-2022-29581 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system. CVE-2022-2977 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. CVE-2022-29869 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cifs-utils-6.9-150100.5.18.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. CVE-2022-29900 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Use After Free in GitHub repository vim/vim prior to 9.0.0286. CVE-2022-3016 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-9.0.0313-150000.5.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:vim-data-common-9.0.0313-150000.5.25.1 low A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. CVE-2022-3028 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my $rqst = $conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the 'Content-Length' (`my $cl = $rqst->header('Content-Length')`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of 'Content-Length' SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected. CVE-2022-31081 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:perl-HTTP-Daemon-6.01-150000.3.5.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression `\A[A-Za-z0-9+\-_]+(?:\/[A-Za-z0-9+\-_]+)*\z`. CVE-2022-31163 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 important curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. CVE-2022-32206 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:curl-7.60.0-150000.38.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libcurl4-7.60.0-150000.38.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. CVE-2022-32208 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:curl-7.60.0-150000.38.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libcurl4-7.60.0-150000.38.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user). CVE-2022-32209 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. CVE-2022-32221 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:curl-7.60.0-150000.38.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libcurl4-7.60.0-150000.38.1 important The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. CVE-2022-32296 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. CVE-2022-3239 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). CVE-2022-32742 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ctdb-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libdcerpc-binding0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libdcerpc0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libndr-krb5pac0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libndr-nbt0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libndr-standard0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libndr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libnetapi0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libsamba-credentials0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libsamba-errors0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libsamba-hostconfig0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libsamba-passdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libsamba-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libsamdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libsmbconf0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libsmbldap2-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtevent-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libwbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:samba-libs-4.9.5+git.490.e80cf669f50-150100.3.70.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:samba-libs-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 moderate A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition CVE-2022-3303 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. CVE-2022-34169 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 important The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 allows attackers to cause a denial of service (application crash), a different vulnerability than CVE-2022-0562. When processing a malicious TIFF file, an invalid range may be passed as an argument to the memset() function within TIFFFetchStripThing() in tif_dirread.c. This will cause TIFFFetchStripThing() to segfault after use of an uninitialized resource. CVE-2022-34266 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtiff5-4.0.9-150000.45.16.1 important A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities. CVE-2022-34526 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libtiff5-4.0.9-150000.45.16.1 important GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. CVE-2022-34903 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gpg2-2.2.5-150000.4.22.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. CVE-2022-3515 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libksba8-1.3.5-150000.4.3.1 critical When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. CVE-2022-35252 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:curl-7.60.0-150000.38.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libcurl4-7.60.0-150000.38.1 low SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. CVE-2022-35737 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libsqlite3-0-3.39.3-150000.3.17.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:sqlite3-3.39.3-150000.3.17.1 moderate An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. CVE-2022-36879 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. CVE-2022-36946 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 important zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). CVE-2022-37434 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libz1-1.2.11-150000.3.33.1 important By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. CVE-2022-38177 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:bind-utils-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libbind9-1600-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libdns1605-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libirs1601-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libisc1606-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libisccc1600-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libisccfg1600-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libns1604-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:python3-bind-9.16.6-150000.12.63.1 important By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. CVE-2022-38178 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:bind-utils-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libbind9-1600-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libdns1605-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libirs1601-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libisc1606-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libisccc1600-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libisccfg1600-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libns1604-9.16.6-150000.12.63.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:python3-bind-9.16.6-150000.12.63.1 important telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. CVE-2022-39028 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:telnet-1.2-150000.3.6.1 important An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. CVE-2022-39188 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. CVE-2022-40303 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libxml2-2-2.9.7-150000.3.51.1 important An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. CVE-2022-40304 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libxml2-2-2.9.7-150000.3.51.1 important libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:expat-2.2.5-150000.3.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libexpat1-2.2.5-150000.3.25.1 important In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. CVE-2022-41218 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 important drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. CVE-2022-41848 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:cluster-md-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dlm-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:gfs2-kmp-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:kernel-default-4.12.14-150100.197.126.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:ocfs2-kmp-default-4.12.14-150100.197.126.1 moderate An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. CVE-2022-42010 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dbus-1-1.12.2-150100.8.14.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libdbus-1-3-1.12.2-150100.8.14.1 low An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. CVE-2022-42011 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dbus-1-1.12.2-150100.8.14.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libdbus-1-3-1.12.2-150100.8.14.1 moderate An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. CVE-2022-42012 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:dbus-1-1.12.2-150100.8.14.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libdbus-1-3-1.12.2-150100.8.14.1 moderate In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. CVE-2022-43680 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:expat-2.2.5-150000.3.25.1 Public Cloud Image google/sles-15-sp1-sap-byos-v20221108-x86-64:libexpat1-2.2.5-150000.3.25.1 important