openSUSE-SLE-15.5-2022-2956 moderate SUSE Updates openSUSE-SLE 15.5 This update for post-build-checks is a test update for openSUSE Leap 15.5. post-build-checks-84.87+git20220325.f46ef3c-150500.3.2.1.noarch.rpm post-build-checks-84.87+git20220325.f46ef3c-150500.3.2.1.src.rpm openSUSE-SLE-15.5-2022-4205 moderate SUSE Updates openSUSE-SLE 15.5 This update for net-snmp fixes the following issues: Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203): - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access. - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference. - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. net-snmp-5.9.3-150300.15.3.1.src.rpm net-snmp-5.9.3-150300.15.3.1.x86_64.rpm net-snmp-devel-32bit-5.9.3-150300.15.3.1.x86_64.rpm net-snmp-devel-5.9.3-150300.15.3.1.x86_64.rpm perl-SNMP-5.9.3-150300.15.3.1.x86_64.rpm python3-net-snmp-5.9.3-150300.15.3.1.x86_64.rpm snmp-mibs-5.9.3-150300.15.3.1.x86_64.rpm net-snmp-5.9.3-150300.15.3.1.s390x.rpm net-snmp-devel-5.9.3-150300.15.3.1.s390x.rpm perl-SNMP-5.9.3-150300.15.3.1.s390x.rpm python3-net-snmp-5.9.3-150300.15.3.1.s390x.rpm snmp-mibs-5.9.3-150300.15.3.1.s390x.rpm net-snmp-5.9.3-150300.15.3.1.ppc64le.rpm net-snmp-devel-5.9.3-150300.15.3.1.ppc64le.rpm perl-SNMP-5.9.3-150300.15.3.1.ppc64le.rpm python3-net-snmp-5.9.3-150300.15.3.1.ppc64le.rpm snmp-mibs-5.9.3-150300.15.3.1.ppc64le.rpm net-snmp-5.9.3-150300.15.3.1.aarch64.rpm net-snmp-devel-5.9.3-150300.15.3.1.aarch64.rpm perl-SNMP-5.9.3-150300.15.3.1.aarch64.rpm python3-net-snmp-5.9.3-150300.15.3.1.aarch64.rpm snmp-mibs-5.9.3-150300.15.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-419 moderate SUSE Updates openSUSE-SLE 15.5 This update for nodejs18 fixes the following issues: This update ships nodejs18 (jsc#PED-2097) Update to NodejJS 18.13.0 LTS: * build: disable v8 snapshot compression by default * crypto: update root certificates * deps: update ICU to 72.1 * doc: + add doc-only deprecation for headers/trailers setters + add Rafael to the tsc + deprecate use of invalid ports in url.parse + deprecate url.parse() * lib: drop fetch experimental warning * net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options * src: + add uvwasi version + add initial shadow realm support * test_runner: + add t.after() hook + don't use a symbol for runHook() * tls: + add "ca" property to certificate object * util: + add fast path for utf8 encoding + improve textdecoder decode performance + add MIME utilities - Fixes compatibility with ICU 72.1 (bsc#1205236) - Fix migration to openssl-3 (bsc#1205042) Update to NodeJS 18.12.1 LTS: * inspector: DNS rebinding in --inspect via invalid octal IP (bsc#1205119, CVE-2022-43548) Update to NodeJS 18.12.0 LTS: * Running in 'watch' mode using node --watch restarts the process when an imported file is changed. * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * util: add default value option to parsearg Update to NodeJS 18.11.0: * added experimental watch mode -- running in 'watch' mode using node --watch restarts the process when an imported file is changed * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * lib: refactor transferable AbortSignal * src: add detailed embedder process initialization API * util: add default value option to parsearg Update to NodeJS 18.10.0: * deps: upgrade npm to 8.19.2 * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() Update to Nodejs 18.9.1: * deps: llhttp updated to 6.0.10 + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325) + Incorrect Parsing of Multi-line Transfer-Encoding (CVE-2022-32215, bsc#1201327) + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832) * crypto: fix weak randomness in WebCrypto keygen (CVE-2022-35255, bsc#1203831) Update to Nodejs 18.9.0: * lib - add diagnostics channel for process and worker * os - add machine method * report - expose report public native apis * src - expose environment RequestInterrupt api * vm - include vm context in the embedded snapshot Changes in 18.8.0: * bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob. See * crypto: + allow zero-length IKM in HKDF and in webcrypto PBKDF2 + allow zero-length secret KeyObject * deps: upgrade npm to 8.18.0 * http: make idle http parser count configurable * net: add local family * src: print source map error source on demand * tls: pass a valid socket on tlsClientError Update to Nodejs 18.7.0: * events: add CustomEvent * http: add drop request event for http server * lib: improved diagnostics_channel subscribe/unsubscribe * util: add tokens to parseArgs - enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303) Update to Nodejs 18.6.0: * Experimental ESM Loader Hooks API. For details see, https://nodejs.org/api/esm.html * dns: export error code constants from dns/promises * esm: add chaining to loaders * http: add diagnostics channel for http client * http: add perf_hooks detail for http request and client * module: add isBuiltIn method * net: add drop event for net server * test_runner: expose describe and it * v8: add v8.startupSnapshot utils For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.6.0 Update to Nodejs 18.5.0: * http: stricter Transfer-Encoding and header separator parsing (bsc#1201325, bsc#1201326, bsc#1201327, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) * src: fix IPv4 validation in inspector_socket (bsc#1201328, CVE-2022-32212) For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.5.0 Update to Nodejs 18.4.0. For detailed changes see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.4.0 Initial packaging of Nodejs 18.2.0. For detailed changes since previous versions, see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.2.0 corepack18-18.13.0-150400.9.3.1.x86_64.rpm nodejs18-18.13.0-150400.9.3.1.src.rpm nodejs18-18.13.0-150400.9.3.1.x86_64.rpm nodejs18-devel-18.13.0-150400.9.3.1.x86_64.rpm nodejs18-docs-18.13.0-150400.9.3.1.noarch.rpm npm18-18.13.0-150400.9.3.1.x86_64.rpm corepack18-18.13.0-150400.9.3.1.s390x.rpm nodejs18-18.13.0-150400.9.3.1.s390x.rpm nodejs18-devel-18.13.0-150400.9.3.1.s390x.rpm npm18-18.13.0-150400.9.3.1.s390x.rpm corepack18-18.13.0-150400.9.3.1.aarch64.rpm nodejs18-18.13.0-150400.9.3.1.aarch64.rpm nodejs18-devel-18.13.0-150400.9.3.1.aarch64.rpm npm18-18.13.0-150400.9.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-1954 low SUSE Updates openSUSE-SLE 15.5 This update for xmlsec1 fixes the following issue: - Ship missing xmlsec1 to synchronize its version across different products (bsc#1201617) libxmlsec1-1-1.2.28-150100.7.13.4.x86_64.rpm libxmlsec1-gcrypt1-1.2.28-150100.7.13.4.x86_64.rpm libxmlsec1-gnutls1-1.2.28-150100.7.13.4.x86_64.rpm libxmlsec1-nss1-1.2.28-150100.7.13.4.x86_64.rpm libxmlsec1-openssl1-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-1.2.28-150100.7.13.4.src.rpm xmlsec1-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-devel-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-gnutls-devel-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-nss-devel-1.2.28-150100.7.13.4.x86_64.rpm xmlsec1-openssl-devel-1.2.28-150100.7.13.4.x86_64.rpm libxmlsec1-1-1.2.28-150100.7.13.4.s390x.rpm libxmlsec1-gcrypt1-1.2.28-150100.7.13.4.s390x.rpm libxmlsec1-gnutls1-1.2.28-150100.7.13.4.s390x.rpm libxmlsec1-nss1-1.2.28-150100.7.13.4.s390x.rpm libxmlsec1-openssl1-1.2.28-150100.7.13.4.s390x.rpm xmlsec1-1.2.28-150100.7.13.4.s390x.rpm xmlsec1-devel-1.2.28-150100.7.13.4.s390x.rpm xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4.s390x.rpm xmlsec1-gnutls-devel-1.2.28-150100.7.13.4.s390x.rpm xmlsec1-nss-devel-1.2.28-150100.7.13.4.s390x.rpm xmlsec1-openssl-devel-1.2.28-150100.7.13.4.s390x.rpm libxmlsec1-1-1.2.28-150100.7.13.4.ppc64le.rpm libxmlsec1-gcrypt1-1.2.28-150100.7.13.4.ppc64le.rpm libxmlsec1-gnutls1-1.2.28-150100.7.13.4.ppc64le.rpm libxmlsec1-nss1-1.2.28-150100.7.13.4.ppc64le.rpm libxmlsec1-openssl1-1.2.28-150100.7.13.4.ppc64le.rpm xmlsec1-1.2.28-150100.7.13.4.ppc64le.rpm xmlsec1-devel-1.2.28-150100.7.13.4.ppc64le.rpm xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4.ppc64le.rpm xmlsec1-gnutls-devel-1.2.28-150100.7.13.4.ppc64le.rpm xmlsec1-nss-devel-1.2.28-150100.7.13.4.ppc64le.rpm xmlsec1-openssl-devel-1.2.28-150100.7.13.4.ppc64le.rpm libxmlsec1-1-1.2.28-150100.7.13.4.aarch64.rpm libxmlsec1-gcrypt1-1.2.28-150100.7.13.4.aarch64.rpm libxmlsec1-gnutls1-1.2.28-150100.7.13.4.aarch64.rpm libxmlsec1-nss1-1.2.28-150100.7.13.4.aarch64.rpm libxmlsec1-openssl1-1.2.28-150100.7.13.4.aarch64.rpm xmlsec1-1.2.28-150100.7.13.4.aarch64.rpm xmlsec1-devel-1.2.28-150100.7.13.4.aarch64.rpm xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4.aarch64.rpm xmlsec1-gnutls-devel-1.2.28-150100.7.13.4.aarch64.rpm xmlsec1-nss-devel-1.2.28-150100.7.13.4.aarch64.rpm xmlsec1-openssl-devel-1.2.28-150100.7.13.4.aarch64.rpm openSUSE-SLE-15.5-2023-2434 moderate SUSE Updates openSUSE-SLE 15.5 This update for junit5, mojo-executor and mojo-parent fixes the following issues: mojo-executor: - Version update from 2.3.1 to 2.4.0 (jsc#SLE-23217): * Dependencies provided by Maven have been moved to the provided scope where possible * The plexus-utils dependency must remain in the compile scope due to MNG-6965. It has been updated to version 3.0.24 to avoid spurious security vulnerability notifications due to this dependency. mojo-parent: - Version update from 60 to 70 (jsc#SLE-23217): * Improvement checkstyle configuration * Add modello-maven-plugin to pluginManagement * Remove Google search box due to privacy * Put version for mrm-maven-plugin in property * Add streamLogsOnFailures to m-invoker-p * Add property for maven-fluido-skin version * Setup Apache Matomo analytics * Downgrade Checkstyle to 9.3. 10.x requires Java 11 * remove requirement to use ssh for github scm devCon * Require Maven 3.2.5 * Add SHA-512 hashes * Extract plugin version as variable so child pom can override if needed * remove issue-tracking as do not exists anymore * remove cim report as it do not exists anymore junit5: - Deliver junit5-bom to openSUSE Leap 15.4 as it is a required dependency for mojo-parent (no source changes) junit5-5.8.2-150200.3.6.1.noarch.rpm junit5-5.8.2-150200.3.6.1.src.rpm junit5-bom-5.8.2-150200.3.6.1.noarch.rpm junit5-guide-5.8.2-150200.3.6.1.noarch.rpm junit5-javadoc-5.8.2-150200.3.6.1.noarch.rpm mojo-executor-2.4.0-150200.3.3.12.noarch.rpm mojo-executor-2.4.0-150200.3.3.12.src.rpm mojo-executor-javadoc-2.4.0-150200.3.3.12.noarch.rpm mojo-parent-70-150200.3.7.1.noarch.rpm mojo-parent-70-150200.3.7.1.src.rpm openSUSE-SLE-15.5-2023-2096 important SUSE Updates openSUSE-SLE 15.5 This update for netty, netty-tcnative fixes the following issues: netty: - Security fixes included in this version update from 4.1.75 to 4.1.90: * CVE-2022-24823: Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files for Java 6 and lower in io.netty:netty-codec-http (bsc#1199338) * CVE-2022-41881: HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360) * CVE-2022-41915: HTTP Response splitting from assigning header value iterator (bsc#1206379) - Other non-security bug fixes included in this version update from 4.1.75 to 4.1.90: * Build with Java 11 on ix86 architecture in order to avoid build failures * Fix `HttpHeaders.names` for non-String headers * Fix `FlowControlHandler` behaviour to pass read events when auto-reading is turned off * Fix brotli compression * Fix a bug in FlowControlHandler that broke auto-read * Fix a potential memory leak bug has been in the pooled allocator * Fix a scalability issue caused by instanceof and check-cast checks that lead to false-sharing on the `Klass::secondary_super_cache` field in the JVM * Fix a bug in our `PEMParser` when PEM files have multiple objects, and `BouncyCastle` is on the classpath * Fix several `NullPointerException` bugs * Fix a regression `SslContext` private key loading * Fix a bug in `SslContext` private key reading fall-back path * Fix a buffer leak regression in `HttpClientCodec` * Fix a bug where some `HttpMessage` implementations, that also implement `HttpContent`, were not handled correctly * Fix epoll bug when receiving zero-sized datagrams * Fix a bug in `SslHandler` so `handlerRemoved` works properly even if `handlerAdded` throws an exception * Fix an issue that allowed the multicast methods on `EpollDatagramChannel` to be called outside of an event-loop thread * Fix a bug where an OPT record was added to DNS queries that already had such a record * Fix a bug that caused an error when files uploaded with HTTP POST contained a backslash in their name * Fix an issue in the `BlockHound` integration that could occasionally cause NetUtil to be reported as performing blocking operation. A similar `BlockHound` issue was fixed for the `JdkSslContext` * Fix a bug that prevented preface or settings frames from being flushed, when an HTTP2 connection was established with prior-knowledge * Fix a bug where Netty fails to load a shaded native library * Fix and relax overly strict HTTP/2 header validation check that was rejecting requests from Chrome and Firefox * Fix OpenSSL and BoringSSL implementations to respect the `jdk.tls.client.protocols` and `jdk.tls.server.protocols` system properties, making them react to these in the same way the JDK SSL provider does * Fix inconsitencies in how `epoll`, `kqueue`, and `NIO` handle RDHUP * For a more detailed list of changes please consult the official release notes: + Changes from 4.1.90: https://netty.io/news/2023/03/14/4-1-90-Final.html + Changes from 4.1.89: https://netty.io/news/2023/02/13/4-1-89-Final.html + Changes from 4.1.88: https://netty.io/news/2023/02/12/4-1-88-Final.html + Changes from 4.1.87: https://netty.io/news/2023/01/12/4-1-87-Final.html + Changes from 4.1.86: https://netty.io/news/2022/12/12/4-1-86-Final.html + Changes from 4.1.85: https://netty.io/news/2022/11/09/4-1-85-Final.html + Changes from 4.1.84: https://netty.io/news/2022/10/11/4-1-84-Final.html + Changes from 4.1.82: https://netty.io/news/2022/09/13/4-1-82-Final.html + Changes from 4.1.81: https://netty.io/news/2022/09/08/4-1-81-Final.html + Changes from 4.1.80: https://netty.io/news/2022/08/26/4-1-80-Final.html + Changes from 4.1.79: https://netty.io/news/2022/07/11/4-1-79-Final.html + Changes from 4.1.78: https://netty.io/news/2022/06/14/4-1-78-Final.html + Changes from 4.1.77: https://netty.io/news/2022/05/06/2-1-77-Final.html + Changes from 4.1.76: https://netty.io/news/2022/04/12/4-1-76-Final.html netty-tcnative: - New artifact named `netty-tcnative-classes`, provided by this update is required by netty 4.1.90 which contains important security updates - No formal changelog present. This artifact is closely bound to the netty releases netty-4.1.90-150200.4.14.1.src.rpm netty-4.1.90-150200.4.14.1.x86_64.rpm netty-javadoc-4.1.90-150200.4.14.1.noarch.rpm netty-poms-4.1.90-150200.4.14.1.noarch.rpm netty-tcnative-2.0.59-150200.3.10.1.src.rpm netty-tcnative-2.0.59-150200.3.10.1.x86_64.rpm netty-tcnative-javadoc-2.0.59-150200.3.10.1.noarch.rpm netty-4.1.90-150200.4.14.1.s390x.rpm netty-tcnative-2.0.59-150200.3.10.1.s390x.rpm netty-4.1.90-150200.4.14.1.ppc64le.rpm netty-tcnative-2.0.59-150200.3.10.1.ppc64le.rpm netty-4.1.90-150200.4.14.1.aarch64.rpm netty-tcnative-2.0.59-150200.3.10.1.aarch64.rpm openSUSE-SLE-15.5-2023-2271 moderate SUSE Updates openSUSE-SLE 15.5 This update for xz-java fixes the following issues: - Version update from 1.8 to 1.9: * For the list of fixes and changes see the release notes at /usr/share/doc/packages/xz-java/NEWS xz-java-1.9-150200.3.7.1.noarch.rpm xz-java-1.9-150200.3.7.1.src.rpm xz-java-javadoc-1.9-150200.3.7.1.noarch.rpm openSUSE-SLE-15.5-2023-2266 moderate SUSE Updates openSUSE-SLE 15.5 This update for apache-parent fixes the following issues: Version update from 21 to 28 (jsc#SLE-23217): - Respect property assembly.tarLongFileMode - Allow custom Release Distribution Repository - Upgrade fluido skin to 1.11.0 - Add ASF Data Privacy - Drop outdated maven-docck-plugin from pluginManagement - Upgrade fluido skin to 1.11.1 - Set minimum enforced Maven version to 3.2.5 - Update m-plugin-p to 3.6.4 - Disable m2e warning for m-remote-resource-p:process - Corrected Jira URL - Update minimum version to 3.1.1 - Assume Maven 3 - Remove outdated clirr-maven-plugin - Simplify m-javadoc-p configuration - Configure release profile with dedicated parameter - Upload SHA-512 only for source-release to staging repository - Enforce minimum Java build version 8 apache-parent-28-150200.3.9.1.noarch.rpm apache-parent-28-150200.3.9.1.src.rpm openSUSE-SLE-15.5-2023-2267 moderate SUSE Updates openSUSE-SLE 15.5 This update for glassfish-jax-rs-api and glassfish-jsp-api fixes the following issues: glassfish-jax-rs-api: - Version update from 2.1.5 to 2.1.6 (jsc#SLE-23217): * Fixed spec version and updated template to include Final Release if <status> is empty. * Added Eclipse copyright notice. * Set copyright footer to 2019 Eclipse Foundation. * Use Jakarta instead of Java. * Include link to license in footer as well. glassfish-jsp-api: - Add alias to javax.servlet.jsp:jsp-api (jsc#SLE-23217) glassfish-jax-rs-api-2.1.6-150200.3.7.11.noarch.rpm glassfish-jax-rs-api-2.1.6-150200.3.7.11.src.rpm glassfish-jax-rs-api-javadoc-2.1.6-150200.3.7.11.noarch.rpm glassfish-jsp-api-2.3.3-150200.3.3.1.noarch.rpm glassfish-jsp-api-2.3.3-150200.3.3.1.src.rpm glassfish-jsp-api-javadoc-2.3.3-150200.3.3.1.noarch.rpm openSUSE-SLE-15.5-2023-2628 important SUSE Updates openSUSE-SLE 15.5 This update for cloud-init fixes the following issues: - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277) - CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. (bsc#1210652) - Update to version 23.1 + Support transactional-updates for SUSE based distros + Set ownership for new folders in Write Files Module + add OpenCloudOS and TencentOS support + lxd: Retry if the server isn't ready + test: switch pycloudlib source to pypi + test: Fix integration test deprecation message + Recognize opensuse-microos, dev tooling fixes + sources/azure: refactor imds handler into own module + docs: deprecation generation support + add function is_virtual to distro/FreeBSD + cc_ssh: support multiple hostcertificates + Fix minor schema validation regression and fixup typing + doc: Reword user data debug section + cli: schema also validate vendordata*. + ci: sort and add checks for cla signers file + Add "ederst" as contributor + readme: add reference to packages dir + docs: update downstream package list + docs: add google search verification + docs: fix 404 render use default notfound_urls_prefix in RTD conf + Fix OpenStack datasource detection on bare metal + docs: add themed RTD 404 page and pointer to readthedocs-hosted + schema: fix gpt labels, use type string for GUID + cc_disk_setup: code cleanup + netplan: keep custom strict perms when 50-cloud-init.yaml exists + cloud-id: better handling of change in datasource files + Warn on empty network key + Fix Vultr cloud_interfaces usage + cc_puppet: Update puppet service name + docs: Clarify networking docs + lint: remove httpretty + cc_set_passwords: Prevent traceback when restarting ssh + tests: fix lp1912844 + tests: Skip ansible test on bionic + Wait for NetworkManager + docs: minor polishing + CI: migrate integration-test to GH actions + Fix permission of SSH host keys + Fix default route rendering on v2 ipv6 + doc: fix path in net_convert command + docs: update net_convert docs + doc: fix dead link + cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty + distros/rhel.py: _read_hostname() missing strip on "hostname" + integration tests: add IBM VPC support + machine-id: set to uninitialized to trigger regeneration on clones + sources/azure: retry on connection error when fetching metdata + Ensure ssh state accurately obtained + bddeb: drop dh-systemd dependency on newer deb-based releases + doc: fix `config formats` link in cloudsigma.rst + Fix wrong subp syntax in cc_set_passwords.py + docs: update the PR template link to readthedocs + ci: switch unittests to gh actions + Add mount_default_fields for PhotonOS. + sources/azure: minor refactor for metadata source detection logic + add "CalvoM" as contributor + ci: doc to gh actions + lxd: handle 404 from missing devices route for LXD 4.0 + docs: Diataxis overhaul + vultr: Fix issue regarding cache and region codes + cc_set_passwords: Move ssh status checking later + Improve Wireguard module idempotency + network/netplan: add gateways as on-link when necessary + tests: test_lxd assert features.networks.zones when present + Use btrfs enquque when available (#1926) [Robert Schweikert] + sources/azure: fix device driver matching for net config (#1914) + BSD: fix duplicate macs in Ifconfig parser + pycloudlib: add lunar support for integration tests + nocloud: add support for dmi variable expansion for seedfrom URL + tools: read-version drop extra call to git describe --long + doc: improve cc_write_files doc + read-version: When insufficient tags, use cloudinit.version.get_version + mounts: document weird prefix in schema + Ensure network ready before cloud-init service runs on RHEL + docs: add copy button to code blocks + netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag + azure: fix support for systems without az command installed + Fix the distro.osfamily output problem in the openEuler system. + pycloudlib: bump commit dropping azure api smoke test + net: netplan config root read-only as wifi config can contain creds + autoinstall: clarify docs for users + sources/azure: encode health report as utf-8 + Add back gateway4/6 deprecation to docs + networkd: Add support for multiple [Route] sections + doc: add qemu tutorial + lint: fix tip-flake8 and tip-mypy + Add support for setting uid when creating users on FreeBSD + Fix exception in BSD networking code-path + Append derivatives to is_rhel list in cloud.cfg.tmpl + FreeBSD init: use cloudinit_enable as only rcvar + feat: add support aliyun metadata security harden mode + docs: uprate analyze to performance page + test: fix lxd preseed managed network config + Add support for static IPv6 addresses for FreeBSD + Make 3.12 failures not fail the build + Docs: adding relative links + Fix setup.py to align with PEP 440 versioning replacing trailing + Add "nkukard" as contributor + doc: add how to render new module doc + doc: improve module creation explanation + Add Support for IPv6 metadata to OpenStack + add xiaoge1001 to .github-cla-signers + network: Deprecate gateway{4,6} keys in network config v2 + VMware: Move Guest Customization transport from OVF to VMware + doc: home page links added + net: skip duplicate mac check for netvsc nic and its VF This update for python-responses fixes the following issues: - update to 0.21.0: * Add `threading.Lock()` to allow `responses` working with `threading` module. * Add `urllib3` `Retry` mechanism. See #135 * Removed internal `_cookies_from_headers` function * Now `add`, `upsert`, `replace` methods return registered response. `remove` method returns list of removed responses. * Added null value support in `urlencoded_params_matcher` via `allow_blank` keyword argument * Added strict version of decorator. Now you can apply `@responses.activate(assert_all_requests_are_fired=True)` to your function to validate that all requests were executed in the wrapped function. See #183 cloud-init-23.1-150100.8.63.5.src.rpm cloud-init-23.1-150100.8.63.5.x86_64.rpm cloud-init-config-suse-23.1-150100.8.63.5.x86_64.rpm cloud-init-doc-23.1-150100.8.63.5.x86_64.rpm cloud-init-23.1-150100.8.63.5.s390x.rpm cloud-init-config-suse-23.1-150100.8.63.5.s390x.rpm cloud-init-doc-23.1-150100.8.63.5.s390x.rpm cloud-init-23.1-150100.8.63.5.ppc64le.rpm cloud-init-config-suse-23.1-150100.8.63.5.ppc64le.rpm cloud-init-doc-23.1-150100.8.63.5.ppc64le.rpm cloud-init-23.1-150100.8.63.5.aarch64.rpm cloud-init-config-suse-23.1-150100.8.63.5.aarch64.rpm cloud-init-doc-23.1-150100.8.63.5.aarch64.rpm openSUSE-SLE-15.5-2023-2245 moderate SUSE Updates openSUSE-SLE 15.5 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority libsolv-0.7.24-150400.3.6.4.src.rpm True libsolv-demo-0.7.24-150400.3.6.4.x86_64.rpm True libsolv-devel-0.7.24-150400.3.6.4.x86_64.rpm True libsolv-tools-0.7.24-150400.3.6.4.x86_64.rpm True libzypp-17.31.11-150400.3.25.2.src.rpm True libzypp-17.31.11-150400.3.25.2.x86_64.rpm True libzypp-devel-17.31.11-150400.3.25.2.x86_64.rpm True libzypp-devel-doc-17.31.11-150400.3.25.2.x86_64.rpm True perl-solv-0.7.24-150400.3.6.4.x86_64.rpm True python-solv-0.7.24-150400.3.6.4.x86_64.rpm True python3-solv-0.7.24-150400.3.6.4.x86_64.rpm True ruby-solv-0.7.24-150400.3.6.4.x86_64.rpm True zypper-1.14.60-150400.3.21.2.src.rpm True zypper-1.14.60-150400.3.21.2.x86_64.rpm True zypper-aptitude-1.14.60-150400.3.21.2.noarch.rpm True zypper-log-1.14.60-150400.3.21.2.noarch.rpm True zypper-needs-restarting-1.14.60-150400.3.21.2.noarch.rpm True libsolv-demo-0.7.24-150400.3.6.4.s390x.rpm True libsolv-devel-0.7.24-150400.3.6.4.s390x.rpm True libsolv-tools-0.7.24-150400.3.6.4.s390x.rpm True libzypp-17.31.11-150400.3.25.2.s390x.rpm True libzypp-devel-17.31.11-150400.3.25.2.s390x.rpm True libzypp-devel-doc-17.31.11-150400.3.25.2.s390x.rpm True perl-solv-0.7.24-150400.3.6.4.s390x.rpm True python-solv-0.7.24-150400.3.6.4.s390x.rpm True python3-solv-0.7.24-150400.3.6.4.s390x.rpm True ruby-solv-0.7.24-150400.3.6.4.s390x.rpm True zypper-1.14.60-150400.3.21.2.s390x.rpm True libsolv-demo-0.7.24-150400.3.6.4.ppc64le.rpm True libsolv-devel-0.7.24-150400.3.6.4.ppc64le.rpm True libsolv-tools-0.7.24-150400.3.6.4.ppc64le.rpm True libzypp-17.31.11-150400.3.25.2.ppc64le.rpm True libzypp-devel-17.31.11-150400.3.25.2.ppc64le.rpm True libzypp-devel-doc-17.31.11-150400.3.25.2.ppc64le.rpm True perl-solv-0.7.24-150400.3.6.4.ppc64le.rpm True python-solv-0.7.24-150400.3.6.4.ppc64le.rpm True python3-solv-0.7.24-150400.3.6.4.ppc64le.rpm True ruby-solv-0.7.24-150400.3.6.4.ppc64le.rpm True zypper-1.14.60-150400.3.21.2.ppc64le.rpm True libsolv-demo-0.7.24-150400.3.6.4.aarch64.rpm True libsolv-devel-0.7.24-150400.3.6.4.aarch64.rpm True libsolv-tools-0.7.24-150400.3.6.4.aarch64.rpm True libzypp-17.31.11-150400.3.25.2.aarch64.rpm True libzypp-devel-17.31.11-150400.3.25.2.aarch64.rpm True libzypp-devel-doc-17.31.11-150400.3.25.2.aarch64.rpm True perl-solv-0.7.24-150400.3.6.4.aarch64.rpm True python-solv-0.7.24-150400.3.6.4.aarch64.rpm True python3-solv-0.7.24-150400.3.6.4.aarch64.rpm True ruby-solv-0.7.24-150400.3.6.4.aarch64.rpm True zypper-1.14.60-150400.3.21.2.aarch64.rpm True openSUSE-SLE-15.5-2023-2239 low SUSE Updates openSUSE-SLE 15.5 This update for zram-generator fixes the following issues: - Fixed typo in the description (bsc#1200961) zram-generator-1.1.1~git5.8612dbb-150400.3.3.2.src.rpm zram-generator-1.1.1~git5.8612dbb-150400.3.3.2.x86_64.rpm zram-generator-1.1.1~git5.8612dbb-150400.3.3.2.s390x.rpm zram-generator-1.1.1~git5.8612dbb-150400.3.3.2.ppc64le.rpm zram-generator-1.1.1~git5.8612dbb-150400.3.3.2.aarch64.rpm openSUSE-SLE-15.5-2023-2240 moderate SUSE Updates openSUSE-SLE 15.5 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) libsystemd0-249.16-150400.8.28.3.x86_64.rpm libsystemd0-32bit-249.16-150400.8.28.3.x86_64.rpm libudev1-249.16-150400.8.28.3.x86_64.rpm libudev1-32bit-249.16-150400.8.28.3.x86_64.rpm nss-myhostname-249.16-150400.8.28.3.x86_64.rpm nss-myhostname-32bit-249.16-150400.8.28.3.x86_64.rpm nss-systemd-249.16-150400.8.28.3.x86_64.rpm systemd-249.16-150400.8.28.3.src.rpm systemd-249.16-150400.8.28.3.x86_64.rpm systemd-32bit-249.16-150400.8.28.3.x86_64.rpm systemd-container-249.16-150400.8.28.3.x86_64.rpm systemd-coredump-249.16-150400.8.28.3.x86_64.rpm systemd-devel-249.16-150400.8.28.3.x86_64.rpm systemd-doc-249.16-150400.8.28.3.x86_64.rpm systemd-experimental-249.16-150400.8.28.3.x86_64.rpm systemd-journal-remote-249.16-150400.8.28.3.x86_64.rpm systemd-lang-249.16-150400.8.28.3.noarch.rpm systemd-network-249.16-150400.8.28.3.x86_64.rpm systemd-portable-249.16-150400.8.28.3.x86_64.rpm systemd-sysvinit-249.16-150400.8.28.3.x86_64.rpm systemd-testsuite-249.16-150400.8.28.3.x86_64.rpm udev-249.16-150400.8.28.3.x86_64.rpm libsystemd0-249.16-150400.8.28.3.s390x.rpm libudev1-249.16-150400.8.28.3.s390x.rpm nss-myhostname-249.16-150400.8.28.3.s390x.rpm nss-systemd-249.16-150400.8.28.3.s390x.rpm systemd-249.16-150400.8.28.3.s390x.rpm systemd-container-249.16-150400.8.28.3.s390x.rpm systemd-coredump-249.16-150400.8.28.3.s390x.rpm systemd-devel-249.16-150400.8.28.3.s390x.rpm systemd-doc-249.16-150400.8.28.3.s390x.rpm systemd-experimental-249.16-150400.8.28.3.s390x.rpm systemd-journal-remote-249.16-150400.8.28.3.s390x.rpm systemd-network-249.16-150400.8.28.3.s390x.rpm systemd-portable-249.16-150400.8.28.3.s390x.rpm systemd-sysvinit-249.16-150400.8.28.3.s390x.rpm systemd-testsuite-249.16-150400.8.28.3.s390x.rpm udev-249.16-150400.8.28.3.s390x.rpm libsystemd0-249.16-150400.8.28.3.ppc64le.rpm libudev1-249.16-150400.8.28.3.ppc64le.rpm nss-myhostname-249.16-150400.8.28.3.ppc64le.rpm nss-systemd-249.16-150400.8.28.3.ppc64le.rpm systemd-249.16-150400.8.28.3.ppc64le.rpm systemd-container-249.16-150400.8.28.3.ppc64le.rpm systemd-coredump-249.16-150400.8.28.3.ppc64le.rpm systemd-devel-249.16-150400.8.28.3.ppc64le.rpm systemd-doc-249.16-150400.8.28.3.ppc64le.rpm systemd-experimental-249.16-150400.8.28.3.ppc64le.rpm systemd-journal-remote-249.16-150400.8.28.3.ppc64le.rpm systemd-network-249.16-150400.8.28.3.ppc64le.rpm systemd-portable-249.16-150400.8.28.3.ppc64le.rpm systemd-sysvinit-249.16-150400.8.28.3.ppc64le.rpm systemd-testsuite-249.16-150400.8.28.3.ppc64le.rpm udev-249.16-150400.8.28.3.ppc64le.rpm libsystemd0-249.16-150400.8.28.3.aarch64.rpm libudev1-249.16-150400.8.28.3.aarch64.rpm nss-myhostname-249.16-150400.8.28.3.aarch64.rpm nss-systemd-249.16-150400.8.28.3.aarch64.rpm systemd-249.16-150400.8.28.3.aarch64.rpm systemd-container-249.16-150400.8.28.3.aarch64.rpm systemd-coredump-249.16-150400.8.28.3.aarch64.rpm systemd-devel-249.16-150400.8.28.3.aarch64.rpm systemd-doc-249.16-150400.8.28.3.aarch64.rpm systemd-experimental-249.16-150400.8.28.3.aarch64.rpm systemd-journal-remote-249.16-150400.8.28.3.aarch64.rpm systemd-network-249.16-150400.8.28.3.aarch64.rpm systemd-portable-249.16-150400.8.28.3.aarch64.rpm systemd-sysvinit-249.16-150400.8.28.3.aarch64.rpm systemd-testsuite-249.16-150400.8.28.3.aarch64.rpm udev-249.16-150400.8.28.3.aarch64.rpm openSUSE-SLE-15.5-2023-2336 moderate SUSE Updates openSUSE-SLE 15.5 This update for lsvpd fixes the following issues: - Fix NVMe information parsing with newer firmware (bsc#1208122) lsvpd-1.7.14-150400.3.10.1.ppc64le.rpm lsvpd-1.7.14-150400.3.10.1.src.rpm openSUSE-SLE-15.5-2023-2272 moderate SUSE Updates openSUSE-SLE 15.5 This update for go fixes the following issues: Switch default go compiler to go1.20. (bsc#1206346) Packaging improvements: * Re-enable debuginfo bsc#1210938 remove spec comment "# nodebug" * Use Group: Development/Languages/Go instead of Other go-1.20-150000.3.29.1.src.rpm go-1.20-150000.3.29.1.x86_64.rpm go-doc-1.20-150000.3.29.1.x86_64.rpm go-race-1.20-150000.3.29.1.x86_64.rpm go-1.20-150000.3.29.1.s390x.rpm go-doc-1.20-150000.3.29.1.s390x.rpm go-race-1.20-150000.3.29.1.s390x.rpm go-1.20-150000.3.29.1.ppc64le.rpm go-doc-1.20-150000.3.29.1.ppc64le.rpm go-race-1.20-150000.3.29.1.ppc64le.rpm go-1.20-150000.3.29.1.aarch64.rpm go-doc-1.20-150000.3.29.1.aarch64.rpm go-race-1.20-150000.3.29.1.aarch64.rpm openSUSE-SLE-15.5-2023-2355 moderate SUSE Updates openSUSE-SLE 15.5 This update for librelp fixes the following issues: - update to librelp 1.11.0 (bsc#1210649) librelp-1.11.0-150000.3.3.1.src.rpm librelp-devel-1.11.0-150000.3.3.1.x86_64.rpm librelp0-1.11.0-150000.3.3.1.x86_64.rpm librelp-devel-1.11.0-150000.3.3.1.s390x.rpm librelp0-1.11.0-150000.3.3.1.s390x.rpm librelp-devel-1.11.0-150000.3.3.1.ppc64le.rpm librelp0-1.11.0-150000.3.3.1.ppc64le.rpm librelp-devel-1.11.0-150000.3.3.1.aarch64.rpm librelp0-1.11.0-150000.3.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-2224 important SUSE Updates openSUSE-SLE 15.5 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). curl-8.0.1-150400.5.23.1.src.rpm curl-8.0.1-150400.5.23.1.x86_64.rpm libcurl-devel-32bit-8.0.1-150400.5.23.1.x86_64.rpm libcurl-devel-8.0.1-150400.5.23.1.x86_64.rpm libcurl4-32bit-8.0.1-150400.5.23.1.x86_64.rpm libcurl4-8.0.1-150400.5.23.1.x86_64.rpm curl-8.0.1-150400.5.23.1.s390x.rpm libcurl-devel-8.0.1-150400.5.23.1.s390x.rpm libcurl4-8.0.1-150400.5.23.1.s390x.rpm curl-8.0.1-150400.5.23.1.ppc64le.rpm libcurl-devel-8.0.1-150400.5.23.1.ppc64le.rpm libcurl4-8.0.1-150400.5.23.1.ppc64le.rpm curl-8.0.1-150400.5.23.1.aarch64.rpm libcurl-devel-8.0.1-150400.5.23.1.aarch64.rpm libcurl4-8.0.1-150400.5.23.1.aarch64.rpm openSUSE-SLE-15.5-2023-2242 important SUSE Updates openSUSE-SLE 15.5 This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u372 (icedtea-3.27.0): - CVE-2023-21930: Fixed an issue in the JSSE component that could allow an attacker to access critical data without authorization (bsc#1210628). - CVE-2023-21937: Fixed an issue in the Networking component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210631). - CVE-2023-21938: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210632). - CVE-2023-21939: Fixed an issue in the Swing component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210634). - CVE-2023-21954: Fixed an issue in the Hotspot component that could allow an attacker to access critical data without authorization (bsc#1210635). - CVE-2023-21967: Fixed an issue in the JSSE component that could allow an attacker to cause a hang or frequently repeatable crash without authorization (bsc#1210636). - CVE-2023-21968: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210637). java-1_8_0-openjdk-1.8.0.372-150000.3.79.1.src.rpm java-1_8_0-openjdk-1.8.0.372-150000.3.79.1.x86_64.rpm java-1_8_0-openjdk-accessibility-1.8.0.372-150000.3.79.1.x86_64.rpm java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1.x86_64.rpm java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1.x86_64.rpm java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1.x86_64.rpm java-1_8_0-openjdk-javadoc-1.8.0.372-150000.3.79.1.noarch.rpm java-1_8_0-openjdk-src-1.8.0.372-150000.3.79.1.x86_64.rpm java-1_8_0-openjdk-1.8.0.372-150000.3.79.1.s390x.rpm java-1_8_0-openjdk-accessibility-1.8.0.372-150000.3.79.1.s390x.rpm java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1.s390x.rpm java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1.s390x.rpm java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1.s390x.rpm java-1_8_0-openjdk-src-1.8.0.372-150000.3.79.1.s390x.rpm java-1_8_0-openjdk-1.8.0.372-150000.3.79.1.ppc64le.rpm java-1_8_0-openjdk-accessibility-1.8.0.372-150000.3.79.1.ppc64le.rpm java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1.ppc64le.rpm java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1.ppc64le.rpm java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1.ppc64le.rpm java-1_8_0-openjdk-src-1.8.0.372-150000.3.79.1.ppc64le.rpm java-1_8_0-openjdk-1.8.0.372-150000.3.79.1.aarch64.rpm java-1_8_0-openjdk-accessibility-1.8.0.372-150000.3.79.1.aarch64.rpm java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1.aarch64.rpm java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1.aarch64.rpm java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1.aarch64.rpm java-1_8_0-openjdk-src-1.8.0.372-150000.3.79.1.aarch64.rpm openSUSE-SLE-15.5-2023-2301 moderate SUSE Updates openSUSE-SLE 15.5 This update for cosign fixes the following issues: cosign was updated to 2.0.1 (jsc#SLE-23879) - Enhancements - Add environment variable token provider (#2864) - Remove cosign policy command (#2846) - Allow customising 'go' executable with GOEXE var (#2841) - Consistent tlog warnings during verification (#2840) - Add riscv64 arch (#2821) - Default generated PEM labels to SIGSTORE (#2735) - Update privacy statement and confirmation (#2797) - Add exit codes for verify errors (#2766) - Add Buildkite provider (#2779) - verify-blob-attestation: Loosen arg requirements if --check-claims=false (#2746) - Bug Fixes - PKCS11 sessions are now opened read only (#2853) - Makefile: date format of log should not show signatures (#2835) - Add missing flags to cosign verify dockerfile/manifest (#2830) - Add a warning to remember how to configure a custom Gitlab host (#2816) - Remove tag warning message from save/copy commands (#2799) - Mark keyless pem files with b64 (#2671) - build against a maintained golang version (upstream uses go1.20) cosign was updated to 2.0.0 (jsc#SLE-23879) - Breaking Changes: - insecure-skip-tlog-verify: rename and adapt the cert expiration check (#2620) - Deprecate --certificate-email flag. Make --certificate-identity and -… (#2411) - Enhancements: - Change go module name to github.com/sigstore/cosign/v2 for Cosign 2.0 (#2544) - Allow users to pass in a path for the --identity-token flag (#2538) - Breaking change: Respect tlog-upload=false, default to true (#2505) - Support outputing a certificate without uploading to the tlog (#2506) - Attestation/Blob signing and verification using a RFC3161 time-stamping server (#2464) - respect tlog-upload flag with TSA (#2474) - Better feedback if specifying incompatible argument on cosign sign --attachment (#2449) - Support TSA and Rekor verifications (#2463) - add support for tsa signing and verification of images (#2460) - cosign policy sign: remove experimental flag and make keyless signing default (#2459) - Remove experimental mode from cosign attest and verify-attestation (#2458) - Remove experimental mode from sign-blob and verify-blob (#2457) - Add --offline flag to force offline verification (#2427) - Air gap support (#2299) - Breaking change: Change SCT verification behavior to default to enforcement (#2400) - Breaking change: remove --force flag from sign and attest and rely on --yes flag to skip confirmation (#2399) - Breaking change: replace --no-tlog-upload flag with --tlog-upload flag (#2397) - Remove experimental flag from cosign sign and cosign verify (#2387) - verify: remove SIGSTORE_TRUST_REKOR_API_PUBLIC_KEY test env var for using a key from rekor's API (#2362) - Add warning to use digest instead of tags to other cosign commands (#2650) - Fix up UI messages (#2629) - Remove hardcoded Fulcio from output (#2621) - Fix missing privacy statement, print in multiple locations (#2622) - feat: allows custom key names for import-key-pair (#2587) - feat: support keyless verification for verify-blob-attestation (#2525) - attest-blob: add functionality for keyless signing (#2515) - Rego: add support for custom error/warning messages when evaluating rego rules (#2577) - feat: add debug information to cert validation error (#2579) - Support non-Sigstore TSA requests (#2708) - Add COSIGN_OCI_EXPERIMENTAL, push .sig/.sbom using OCI 1.1+ digest tag (#2684) - Output certificate in bundle when entry is not uploaded to Rekor (#2715) - attach signature and attach sbom must use STDIN to upload raw string (#2637) - add generate-key-pair GitHub Enterprise server support (#2676) - add in format string for warning (#2699) - Support for fetching Fulcio certs with self-managed key (#2532) - 2476 predicate type download (#2484) - Bug Fixes: - Fix the file existence check. (#2552) - Fix timestamp verification, add verify-blob tests (#2527) - Fix(verify): Consolidate certificate expiry logic (#2504) - Updates to Timestamp signing and verification (#2499) - Fix: removes attestation payload from attest-blob's output & no base64 encoding (#2498) - Fix path for e2e-tests badge (#2490) - Fix spdx json media type (#2479) - Fix sct verificaction (#2426) - Fix: panic with unsigned local image (#2656) - Make sure a cert passed in via --cert matches the bundle cert (#2652) - Fix: fix github oidc post submit test (#2594) - Fix: add enhanced error messages for failing verification with TUF targets (#2589) - Fix: Add missing schemes to cosign predicate types. (#2717) - Fix: Drop the CosignPredicate wrapper around SBOM attestations. (#2718) - Fix prompts with Windows line endings (#2674) cosing was update to 1.13.1: - verify-blob-attestation: allow multiple subjects in in_toto attestation (#2341) - Nits for #2337 (#2342) - Add verify-blob-attestation command and tests (#2337) - Update warning when users sign images by tag. (#2313) - Remove experimental flags from attest-blob and refactor (#2338) - Add --output-attestation flag to attest-blob and remove experimental signing (#2332) - Add attest-blob command (#2286) - Add '--cert-identity' flag to support subject alternate names for ver… (#2278) - Update Dockerfile section of README (#2323) - Fix option description: "sign" --> "verify" (#2306) cosign was updated to 1.13.0: - feat: use stdin as an input for predicate by @developer-guy in https://github.com/sigstore/cosign/pull/2269 - feat: improve the verification message by @developer-guy in https://github.com/sigstore/cosign/pull/2268 - use scaffolding 0.4.8 for tests. by @vaikas in https://github.com/sigstore/cosign/pull/2280 - fix pivtool generate key touch policy by @cpanato in https://github.com/sigstore/cosign/pull/2282 - Check error on chain verification failure by @haydentherapper in https://github.com/sigstore/cosign/pull/2284 - Fix: Remove an extra registry request from verification path. by @mattmoor in https://github.com/sigstore/cosign/pull/2285 - Fix: Create a static copy of signatures as part of verification. by @mattmoor in https://github.com/sigstore/cosign/pull/2287 - Data race in FetchSignaturesForReference by @RTann in https://github.com/sigstore/cosign/pull/2283 - Add support for Fulcio username identity in SAN by @haydentherapper in https://github.com/sigstore/cosign/pull/2291 - fix: make tlog entry lookups for online verification shard-aware by @asraa in https://github.com/sigstore/cosign/pull/2297 - Better help text to sign and verify SBOM by @ChristianCiach in https://github.com/sigstore/cosign/pull/2308 - Adding warning to pin to digest by @ChaosInTheCRD in https://github.com/sigstore/cosign/pull/2311 - Add annotations for upload blob. by @cldmnky in https://github.com/sigstore/cosign/pull/2188 - replace deprecate package by @cpanato in https://github.com/sigstore/cosign/pull/2314 - update release images to use go1.19.2 and cosign v1.12.1 by @cpanato in https://github.com/sigstore/cosign/pull/2315 cosign was updated to 1.12.1: - fix: Pulls Fulcio root and intermediate when --certificate-chain is not passed into verify-blob command. The v1.12.0 release introduced a regression: when COSIGN_EXPERIMENTAL was not set, cosign verify-blob would check a --certificate (without a --certificate-chain provided) against the operating system root CA bundle. In this release, Cosign checks the certificate against Fulcio's CA root instead (restoring the earlier behavior). - fix: fix cert chain validation for verify-blob in non-experimental mode - fix: add COSIGN_EXPERIMENTAL=1 for verify-bloba - Fix BYO-root with intermediate to fetch intermediates from annotation - fix: fixing breaking changes in rekor v1.12.0 upgrade cosign-2.0.1-150400.3.9.1.src.rpm cosign-2.0.1-150400.3.9.1.x86_64.rpm cosign-2.0.1-150400.3.9.1.s390x.rpm cosign-2.0.1-150400.3.9.1.ppc64le.rpm cosign-2.0.1-150400.3.9.1.aarch64.rpm openSUSE-SLE-15.5-2023-2445 important SUSE Updates openSUSE-SLE 15.5 This update of google-cloud-sap-agent fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441). - Update to version 1.5.1 (bsc#1210464) - Raise golang API version to 1.20 google-cloud-sap-agent-1.5.1-150100.3.7.1.src.rpm google-cloud-sap-agent-1.5.1-150100.3.7.1.x86_64.rpm google-cloud-sap-agent-1.5.1-150100.3.7.1.s390x.rpm google-cloud-sap-agent-1.5.1-150100.3.7.1.ppc64le.rpm google-cloud-sap-agent-1.5.1-150100.3.7.1.aarch64.rpm openSUSE-SLE-15.5-2023-2578 important SUSE Updates openSUSE-SLE 15.5 This update fixes the following issues: bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source changes dracut-saltboot: - Update to version 0.1.1681904360.84ef141 * Load network configuration even when missing protocol version (bsc#1210640) grafana: - Version update from 8.5.22 to 9.5.1 (jsc#PED-3694): * Security fixes: - CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645) - CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request parameter in proxy requests (bnc#1210907) - CVE-2022-36062: grafana: Fix RBAC folders/dashboards privilege escalation (bsc#1203596) - CVE-2022-35957: grafana: Escalation from admin to server admin when auth proxy is used (bsc#1203597) - CVE-2022-32149: Upgrade x/text to version unaffected by CVE-2022-32149 (bsc#1204501) - CVE-2022-31107: grafana: OAuth account takeover (bsc#1201539) - CVE-2022-31097: grafana: stored XSS vulnerability (bsc#1201535) - CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY (bsc#1203185) - CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor - CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method(bsc#1200480) - CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (bsc#1192696) - CVE-2021-3807: node-ansi-regex: Inefficient Regular Expression Complexity in chalk/ansi-regex (bsc#1192154) - CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function * Important changes: - Default named retention policies won't be used to query. Users who have a default named retention policy in their influxdb database, have to rename it to something else. To change the hardcoded retention policy in the dashboard.json, users must then select the right retention policy from dropdown and save the panel/dashboard. - Grafana Alerting rules with NoDataState configuration set to Alerting will now respect "For" duration. - Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it will default to false. - The InfluxDB backend migration feature toggle (influxdbBackendMigration) has been reintroduced in this version as issues were discovered with backend processing of InfluxDB data. Unless this feature toggle is enabled, all InfluxDB data will be parsed in the frontend. This frontend processing is the default behavior. In Grafana 9.4.4, InfluxDB data parsing started to be handled in the backend. If you have upgraded to 9.4.4 and then added new transformations on InfluxDB data, those panels will fail to render. To resolve this either: Remove the affected panel and re-create it or edit the `time` field as `Time` in `panel.json` or `dashboard.json` - The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function in your tests please update your code accordingly. - Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` configuration. Previously this value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3. - Removed the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and `getMappedValue` function from grafana-data. See the documentation for the migration. This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the database, or error in querying the database would cause all alert rules to be unscheduled in Grafana. Following this change scheduled alert rules are not updated unless the query is successful. - The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds` - Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0 won't be decryptable from any previous version (by default) because the way encrypted secrets are stored into the database has changed. Although secrets created or modified with previous versions will still be decryptable by Grafana v9.0. - If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to keep envelope encryption disabled once updating to Grafana - In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable). - As a final attempt to deal with issues related with the aforementioned situations, the `grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to disable envelope encryption and/or roll back to a previous version of Grafana. Alternatively or complementarily to all the points above, backing up the Grafana database before updating could be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those updates/created with after updating to Grafana v9.0). - In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode please switch to server access mode on the datasource configuration page. - Environment variables passed from Grafana to external Azure plugins have been renamed: `AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`, `AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`, `AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`. There are no known plugins which were relying on these variables. Moving forward plugins should read Azure settings only via Grafana Azure SDK which properly handles old and new environment variables. - Removes support for for ElasticSearch versions after their end-of-life, currently versions < 7.10.0. To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+. - Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally removed in 9.0. Deprecated queries will no longer be executed. - grafana/ui: Button now specifies a default type="button". The `Button` component provided by @grafana/ui now specifies a default `type="button"` when no type is provided. In previous versions, if the attribute was not specified for buttons associated with a `<form>` the default value was `submit` per the specification. You can preserve the old behavior by explicitly setting the type attribute: `<Button type="submit" />` - The `Rename by regex` transformation has been improved to allow global patterns of the form `/<stringToReplace>/g`. Depending on the regex match used, this may cause some transformations to behave slightly differently. You can guarantee the same behaviour as before by wrapping the `match` string in forward slashes (`/`), e.g. `(.*)` would become `/(.*)/` - `<Select />` menus will now portal to the document body by default. This is to give more consistent behaviour when positioning and overlaying. If you were setting`menuShouldPortal={true}` before you can safely remove that prop and behaviour will be the same. If you weren't explicitly setting that prop, there should be no visible changes in behaviour but your tests may need updating. If you were setting `menuShouldPortal={false}` this will continue to prevent the menu from portalling. - Grafana alerting endpoint prefixed with `api/v1/rule/test` that tests a rule against a Corte/Loki data source now expects the data source UID as a path parameter instead of the data source numeric identifier. - Grafana alerting endpoints prefixed with `api/prometheus/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data source numeric identifier. - Grafana alerting endpoints prefixed with `api/ruler/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data - Grafana alerting endpoints prefixed with `api/alertmanager/` that proxy requests to an Alertmanager now expect the data source UID as a path parameter instead of the data source numeric identifier. - The format of log messages have been updated, `lvl` is now `level` and `eror`and `dbug` has been replaced with `error` and `debug`. The precision of timestamps has been increased. To smooth the transition, it is possible to opt-out of the new log format by enabling the feature toggle `oldlog`. This option will be removed in a future minor release. - In the Loki data source, the dataframe format used to represent Loki logs-data has been changed to a more efficient format. The query-result is represented by a single dataframe with a "labels" column, instead of the separate dataframes for every labels-value. When displaying such data in explore, or in a logs-panel in the dashboard will continue to work without changes, but if the data was loaded into a different dashboard-panel, or Transforms were used, adjustments may be necessary. For example, if you used the "labels to fields" transformation with the logs data, please switch to the "extract fields" transformation. * Deprecations: - The `grafana_database_conn_*` metrics are deprecated, and will be removed in a future version of Grafana. Use the `go_sql_stats_*` metrics instead. - Support for compact Explore URLs is deprecated and will be removed in a future release. Until then, when navigating to Explore using the deprecated format the URLs are automatically converted. If you have existing links pointing to Explore update them using the format generated by Explore upon navigation. You can identify a compact URL by its format. Compact URLs have the left (and optionally right) url parameter as an array of strings, for example `&left=["now-1h","now"...]`. The standard explore URLs follow a key/value pattern, for example `&left={"datasource":"test"...}`. Please be sure to check your dashboards for any hardcoded links to Explore and update them to the standard URL pattern. - Chore: Remove deprecated DataSourceAPI methods. - Data: Remove deprecated types and functions from valueMappings. - Elasticsearch: Remove browser access mode. - Elasticsearch: Remove support for versions after their end of the life (<7.10.0). - Explore: Remove support for legacy, compact format URLs. - Graph: Deprecate Graph (old) and make it no longer a visualization option for new panels. - `setExploreQueryField`, `setExploreMetricsQueryField` and `setExploreLogsQueryField` are now deprecated and will be removed in a future release. If you need to set a different query editor for Explore, conditionally render based on `props.app` in your regular query editor. * Changes: - User: Fix externalUserId not being populated. If you used any of these components please use them from grafana/experimental from now on: - AccessoryButton - EditorFieldGroup - EditorHeader - EditorField - EditorRow - EditorList - EditorRows - EditorSwitch - FlexItem - Stack - InlineSelect - InputGroup - Space - Starting with 9.1.0, existing heatmap panels will start using a new implementation. This can be disabled by setting the `useLegacyHeatmapPanel` feature flag to true. It can be tested on a single dashbobard by adding `?__feature.useLegacyHeatmapPanel=true` to any dashboard URL. - Logger: Enable new logging format by default. - Loki: Enable new visual query builder by default. - Plugins: Remove plugin list panel. - Install wrapper scripts under /usr/sbin - Install actual binaries under /usr/libexec/grafana (or /usr/lib under older distributions) and create a simlink for wrapper scripts and the service (which expect the binary to be under /usr/share/grafana/bin) - Chore: Upgrade typescript to 4.6.4. mgr-daemon: - Version 4.3.7-1 * Update translation strings spacecmd: - Version 4.3.21-1 * fix argument parsing of distribution_update (bsc#1210458) - Version 4.3.20-1 * Display activation key details after executing the corresponding command (bsc#1208719) * Show targetted packages before actually removing them (bsc#1207830) uyuni-common-libs: - Version 4.3.8-1 * Allow default component for context manager zypp-plugin-spacewalk: - 1.0.14 * SPEC cleanup dracut-saltboot-0.1.1681904360.84ef141-150000.1.50.1.noarch.rpm dracut-saltboot-0.1.1681904360.84ef141-150000.1.50.1.src.rpm spacecmd-4.3.21-150000.3.98.1.noarch.rpm spacecmd-4.3.21-150000.3.98.1.src.rpm wire-0.5.0-150000.1.12.3.src.rpm wire-0.5.0-150000.1.12.3.x86_64.rpm wire-0.5.0-150000.1.12.3.s390x.rpm wire-0.5.0-150000.1.12.3.ppc64le.rpm wire-0.5.0-150000.1.12.3.aarch64.rpm openSUSE-SLE-15.5-2023-2575 important SUSE Updates openSUSE-SLE 15.5 This update fixes the following issues: grafana: - Version update from 8.5.22 to 9.5.1 (jsc#PED-3694): * Security fixes: - CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645) - CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request parameter in proxy requests (bnc#1210907) - CVE-2022-36062: grafana: Fix RBAC folders/dashboards privilege escalation (bsc#1203596) - CVE-2022-35957: grafana: Escalation from admin to server admin when auth proxy is used (bsc#1203597) - CVE-2022-32149: Upgrade x/text to version unaffected by CVE-2022-32149 (bsc#1204501) - CVE-2022-31107: grafana: OAuth account takeover (bsc#1201539) - CVE-2022-31097: grafana: stored XSS vulnerability (bsc#1201535) - CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY (bsc#1203185) - CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor - CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method(bsc#1200480) - CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (bsc#1192696) - CVE-2021-3807: node-ansi-regex: Inefficient Regular Expression Complexity in chalk/ansi-regex (bsc#1192154) - CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function * Important changes: - Default named retention policies won't be used to query. Users who have a default named retention policy in their influxdb database, have to rename it to something else. To change the hardcoded retention policy in the dashboard.json, users must then select the right retention policy from dropdown and save the panel/dashboard. - Grafana Alerting rules with NoDataState configuration set to Alerting will now respect "For" duration. - Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it will default to false. - The InfluxDB backend migration feature toggle (influxdbBackendMigration) has been reintroduced in this version as issues were discovered with backend processing of InfluxDB data. Unless this feature toggle is enabled, all InfluxDB data will be parsed in the frontend. This frontend processing is the default behavior. In Grafana 9.4.4, InfluxDB data parsing started to be handled in the backend. If you have upgraded to 9.4.4 and then added new transformations on InfluxDB data, those panels will fail to render. To resolve this either: Remove the affected panel and re-create it or edit the `time` field as `Time` in `panel.json` or `dashboard.json` - The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function in your tests please update your code accordingly. - Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` configuration. Previously this value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3. - Removed the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and `getMappedValue` function from grafana-data. See the documentation for the migration. This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the database, or error in querying the database would cause all alert rules to be unscheduled in Grafana. Following this change scheduled alert rules are not updated unless the query is successful. - The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds` - Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0 won't be decryptable from any previous version (by default) because the way encrypted secrets are stored into the database has changed. Although secrets created or modified with previous versions will still be decryptable by Grafana v9.0. - If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to keep envelope encryption disabled once updating to Grafana - In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable). - As a final attempt to deal with issues related with the aforementioned situations, the `grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to disable envelope encryption and/or roll back to a previous version of Grafana. Alternatively or complementarily to all the points above, backing up the Grafana database before updating could be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those updates/created with after updating to Grafana v9.0). - In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode please switch to server access mode on the datasource configuration page. - Environment variables passed from Grafana to external Azure plugins have been renamed: `AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`, `AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`, `AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`. There are no known plugins which were relying on these variables. Moving forward plugins should read Azure settings only via Grafana Azure SDK which properly handles old and new environment variables. - Removes support for for ElasticSearch versions after their end-of-life, currently versions < 7.10.0. To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+. - Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally removed in 9.0. Deprecated queries will no longer be executed. - grafana/ui: Button now specifies a default type="button". The `Button` component provided by @grafana/ui now specifies a default `type="button"` when no type is provided. In previous versions, if the attribute was not specified for buttons associated with a `<form>` the default value was `submit` per the specification. You can preserve the old behavior by explicitly setting the type attribute: `<Button type="submit" />` - The `Rename by regex` transformation has been improved to allow global patterns of the form `/<stringToReplace>/g`. Depending on the regex match used, this may cause some transformations to behave slightly differently. You can guarantee the same behaviour as before by wrapping the `match` string in forward slashes (`/`), e.g. `(.*)` would become `/(.*)/` - `<Select />` menus will now portal to the document body by default. This is to give more consistent behaviour when positioning and overlaying. If you were setting`menuShouldPortal={true}` before you can safely remove that prop and behaviour will be the same. If you weren't explicitly setting that prop, there should be no visible changes in behaviour but your tests may need updating. If you were setting `menuShouldPortal={false}` this will continue to prevent the menu from portalling. - Grafana alerting endpoint prefixed with `api/v1/rule/test` that tests a rule against a Corte/Loki data source now expects the data source UID as a path parameter instead of the data source numeric identifier. - Grafana alerting endpoints prefixed with `api/prometheus/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data source numeric identifier. - Grafana alerting endpoints prefixed with `api/ruler/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data - Grafana alerting endpoints prefixed with `api/alertmanager/` that proxy requests to an Alertmanager now expect the data source UID as a path parameter instead of the data source numeric identifier. - The format of log messages have been updated, `lvl` is now `level` and `eror`and `dbug` has been replaced with `error` and `debug`. The precision of timestamps has been increased. To smooth the transition, it is possible to opt-out of the new log format by enabling the feature toggle `oldlog`. This option will be removed in a future minor release. - In the Loki data source, the dataframe format used to represent Loki logs-data has been changed to a more efficient format. The query-result is represented by a single dataframe with a "labels" column, instead of the separate dataframes for every labels-value. When displaying such data in explore, or in a logs-panel in the dashboard will continue to work without changes, but if the data was loaded into a different dashboard-panel, or Transforms were used, adjustments may be necessary. For example, if you used the "labels to fields" transformation with the logs data, please switch to the "extract fields" transformation. * Deprecations: - The `grafana_database_conn_*` metrics are deprecated, and will be removed in a future version of Grafana. Use the `go_sql_stats_*` metrics instead. - Support for compact Explore URLs is deprecated and will be removed in a future release. Until then, when navigating to Explore using the deprecated format the URLs are automatically converted. If you have existing links pointing to Explore update them using the format generated by Explore upon navigation. You can identify a compact URL by its format. Compact URLs have the left (and optionally right) url parameter as an array of strings, for example `&left=["now-1h","now"...]`. The standard explore URLs follow a key/value pattern, for example `&left={"datasource":"test"...}`. Please be sure to check your dashboards for any hardcoded links to Explore and update them to the standard URL pattern. - Chore: Remove deprecated DataSourceAPI methods. - Data: Remove deprecated types and functions from valueMappings. - Elasticsearch: Remove browser access mode. - Elasticsearch: Remove support for versions after their end of the life (<7.10.0). - Explore: Remove support for legacy, compact format URLs. - Graph: Deprecate Graph (old) and make it no longer a visualization option for new panels. - `setExploreQueryField`, `setExploreMetricsQueryField` and `setExploreLogsQueryField` are now deprecated and will be removed in a future release. If you need to set a different query editor for Explore, conditionally render based on `props.app` in your regular query editor. * Changes: - User: Fix externalUserId not being populated. If you used any of these components please use them from grafana/experimental from now on: - AccessoryButton - EditorFieldGroup - EditorHeader - EditorField - EditorRow - EditorList - EditorRows - EditorSwitch - FlexItem - Stack - InlineSelect - InputGroup - Space - Starting with 9.1.0, existing heatmap panels will start using a new implementation. This can be disabled by setting the `useLegacyHeatmapPanel` feature flag to true. It can be tested on a single dashbobard by adding `?__feature.useLegacyHeatmapPanel=true` to any dashboard URL. - Logger: Enable new logging format by default. - Loki: Enable new visual query builder by default. - Plugins: Remove plugin list panel. - Install wrapper scripts under /usr/sbin - Install actual binaries under /usr/libexec/grafana (or /usr/lib under older distributions) and create a simlink for wrapper scripts and the service (which expect the binary to be under /usr/share/grafana/bin) - Chore: Upgrade typescript to 4.6.4. grafana-9.5.1-150200.3.41.3.src.rpm grafana-9.5.1-150200.3.41.3.x86_64.rpm grafana-9.5.1-150200.3.41.3.s390x.rpm grafana-9.5.1-150200.3.41.3.ppc64le.rpm grafana-9.5.1-150200.3.41.3.aarch64.rpm openSUSE-SLE-15.5-2023-2253 important SUSE Updates openSUSE-SLE 15.5 This update of terraform-provider-aws fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). terraform-provider-aws-3.11.0-150200.6.5.1.src.rpm terraform-provider-aws-3.11.0-150200.6.5.1.x86_64.rpm terraform-provider-aws-3.11.0-150200.6.5.1.s390x.rpm terraform-provider-aws-3.11.0-150200.6.5.1.ppc64le.rpm terraform-provider-aws-3.11.0-150200.6.5.1.aarch64.rpm openSUSE-SLE-15.5-2023-2261 important SUSE Updates openSUSE-SLE 15.5 This update of terraform-provider-null fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). terraform-provider-null-3.0.0-150200.6.5.1.src.rpm terraform-provider-null-3.0.0-150200.6.5.1.x86_64.rpm terraform-provider-null-3.0.0-150200.6.5.1.s390x.rpm terraform-provider-null-3.0.0-150200.6.5.1.ppc64le.rpm terraform-provider-null-3.0.0-150200.6.5.1.aarch64.rpm openSUSE-SLE-15.5-2023-2273 important SUSE Updates openSUSE-SLE 15.5 This update of geoipupdate fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). geoipupdate-4.2.2-150000.1.10.1.src.rpm geoipupdate-4.2.2-150000.1.10.1.x86_64.rpm geoipupdate-legacy-4.2.2-150000.1.10.1.x86_64.rpm geoipupdate-4.2.2-150000.1.10.1.s390x.rpm geoipupdate-legacy-4.2.2-150000.1.10.1.s390x.rpm geoipupdate-4.2.2-150000.1.10.1.ppc64le.rpm geoipupdate-legacy-4.2.2-150000.1.10.1.ppc64le.rpm geoipupdate-4.2.2-150000.1.10.1.aarch64.rpm geoipupdate-legacy-4.2.2-150000.1.10.1.aarch64.rpm openSUSE-SLE-15.5-2023-2297 important SUSE Updates openSUSE-SLE 15.5 This update of golang-github-vpenso-prometheus_slurm_exporter fixes the following issues: - rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). golang-github-vpenso-prometheus_slurm_exporter-0.19-150300.3.5.1.src.rpm golang-github-vpenso-prometheus_slurm_exporter-0.19-150300.3.5.1.x86_64.rpm golang-github-vpenso-prometheus_slurm_exporter-0.19-150300.3.5.1.s390x.rpm golang-github-vpenso-prometheus_slurm_exporter-0.19-150300.3.5.1.ppc64le.rpm golang-github-vpenso-prometheus_slurm_exporter-0.19-150300.3.5.1.aarch64.rpm openSUSE-SLE-15.5-2023-2585 moderate SUSE Updates openSUSE-SLE 15.5 This update for salt and python-pyzmq fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-pyzmq: - Update python-pyzmq to version 17.1.2 in LTSS products (bsc#1186945) python-pyzmq-17.1.2-150000.3.5.2.src.rpm True python3-pyzmq-17.1.2-150000.3.5.2.x86_64.rpm True python3-pyzmq-devel-17.1.2-150000.3.5.2.x86_64.rpm True python3-pyzmq-17.1.2-150000.3.5.2.s390x.rpm True python3-pyzmq-devel-17.1.2-150000.3.5.2.s390x.rpm True python3-pyzmq-17.1.2-150000.3.5.2.ppc64le.rpm True python3-pyzmq-devel-17.1.2-150000.3.5.2.ppc64le.rpm True python3-pyzmq-17.1.2-150000.3.5.2.aarch64.rpm True python3-pyzmq-devel-17.1.2-150000.3.5.2.aarch64.rpm True openSUSE-SLE-15.5-2023-2571 moderate SUSE Updates openSUSE-SLE 15.5 This update for salt fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: - Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: - Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) python-jmespath-0.9.3-150000.3.3.4.src.rpm True python-ply-3.10-150000.3.3.4.src.rpm True python-ply-doc-3.10-150000.3.3.4.noarch.rpm True python-simplejson-3.17.2-150300.3.2.3.src.rpm True python3-jmespath-0.9.3-150000.3.3.4.noarch.rpm True python3-ply-3.10-150000.3.3.4.noarch.rpm True python3-simplejson-3.17.2-150300.3.2.3.x86_64.rpm True python3-simplejson-3.17.2-150300.3.2.3.s390x.rpm True python3-simplejson-3.17.2-150300.3.2.3.ppc64le.rpm True python3-simplejson-3.17.2-150300.3.2.3.aarch64.rpm True openSUSE-SLE-15.5-2023-2236 critical SUSE Updates openSUSE-SLE 15.5 This update for python-looseversion fixes the following issues: - Provide python-looseversion version 1.0.2 as new Salt 3006 dependency. (jsc#PED-4360) python-looseversion-1.0.2-150100.3.3.1.src.rpm python3-looseversion-1.0.2-150100.3.3.1.noarch.rpm openSUSE-SLE-15.5-2023-2298 important SUSE Updates openSUSE-SLE 15.5 This update for distribution fixes the following issues: Update to verison 2.8.2: - Revert registry/client: set `Accept: identity` header when getting layers - Parse `http` forbidden as denied - Fix CVE-2023-2253 runaway allocation on /v2/_catalog (bsc#1207705) - Fix panic in inmemory driver - update to go1.19.9 - Add code to handle pagination of parts. Fixes max layer size of 10GB bug - Dockerfile: fix filenames of artifacts distribution-2.8.2-150400.9.21.1.src.rpm distribution-registry-2.8.2-150400.9.21.1.x86_64.rpm distribution-registry-2.8.2-150400.9.21.1.s390x.rpm distribution-registry-2.8.2-150400.9.21.1.ppc64le.rpm distribution-registry-2.8.2-150400.9.21.1.aarch64.rpm openSUSE-SLE-15.5-2023-2518 important SUSE Updates openSUSE-SLE 15.5 This update for frr fixes the following issues: - CVE-2023-31489: Fixed a remote denial of service via a malformed BGP packet (bsc#1211248). - CVE-2023-31490: Fixed a remote denial of service via a malformed BGP packet (bsc#1211249). frr-8.4-150500.4.3.1.src.rpm frr-8.4-150500.4.3.1.x86_64.rpm frr-devel-8.4-150500.4.3.1.x86_64.rpm libfrr0-8.4-150500.4.3.1.x86_64.rpm libfrr_pb0-8.4-150500.4.3.1.x86_64.rpm libfrrcares0-8.4-150500.4.3.1.x86_64.rpm libfrrfpm_pb0-8.4-150500.4.3.1.x86_64.rpm libfrrospfapiclient0-8.4-150500.4.3.1.x86_64.rpm libfrrsnmp0-8.4-150500.4.3.1.x86_64.rpm libfrrzmq0-8.4-150500.4.3.1.x86_64.rpm libmlag_pb0-8.4-150500.4.3.1.x86_64.rpm frr-8.4-150500.4.3.1.s390x.rpm frr-devel-8.4-150500.4.3.1.s390x.rpm libfrr0-8.4-150500.4.3.1.s390x.rpm libfrr_pb0-8.4-150500.4.3.1.s390x.rpm libfrrcares0-8.4-150500.4.3.1.s390x.rpm libfrrfpm_pb0-8.4-150500.4.3.1.s390x.rpm libfrrospfapiclient0-8.4-150500.4.3.1.s390x.rpm libfrrsnmp0-8.4-150500.4.3.1.s390x.rpm libfrrzmq0-8.4-150500.4.3.1.s390x.rpm libmlag_pb0-8.4-150500.4.3.1.s390x.rpm frr-8.4-150500.4.3.1.ppc64le.rpm frr-devel-8.4-150500.4.3.1.ppc64le.rpm libfrr0-8.4-150500.4.3.1.ppc64le.rpm libfrr_pb0-8.4-150500.4.3.1.ppc64le.rpm libfrrcares0-8.4-150500.4.3.1.ppc64le.rpm libfrrfpm_pb0-8.4-150500.4.3.1.ppc64le.rpm libfrrospfapiclient0-8.4-150500.4.3.1.ppc64le.rpm libfrrsnmp0-8.4-150500.4.3.1.ppc64le.rpm libfrrzmq0-8.4-150500.4.3.1.ppc64le.rpm libmlag_pb0-8.4-150500.4.3.1.ppc64le.rpm frr-8.4-150500.4.3.1.aarch64.rpm frr-devel-8.4-150500.4.3.1.aarch64.rpm libfrr0-8.4-150500.4.3.1.aarch64.rpm libfrr_pb0-8.4-150500.4.3.1.aarch64.rpm libfrrcares0-8.4-150500.4.3.1.aarch64.rpm libfrrfpm_pb0-8.4-150500.4.3.1.aarch64.rpm libfrrospfapiclient0-8.4-150500.4.3.1.aarch64.rpm libfrrsnmp0-8.4-150500.4.3.1.aarch64.rpm libfrrzmq0-8.4-150500.4.3.1.aarch64.rpm libmlag_pb0-8.4-150500.4.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-2618 moderate SUSE Updates openSUSE-SLE 15.5 This update for dav1d fixes the following issues: - CVE-2023-32570: Fixed possible crash when decoding a frame (bsc#1211262). dav1d-1.0.0-150500.3.3.1.src.rpm dav1d-1.0.0-150500.3.3.1.x86_64.rpm dav1d-devel-1.0.0-150500.3.3.1.x86_64.rpm libdav1d6-1.0.0-150500.3.3.1.x86_64.rpm libdav1d6-32bit-1.0.0-150500.3.3.1.x86_64.rpm dav1d-1.0.0-150500.3.3.1.s390x.rpm dav1d-devel-1.0.0-150500.3.3.1.s390x.rpm libdav1d6-1.0.0-150500.3.3.1.s390x.rpm dav1d-1.0.0-150500.3.3.1.ppc64le.rpm dav1d-devel-1.0.0-150500.3.3.1.ppc64le.rpm libdav1d6-1.0.0-150500.3.3.1.ppc64le.rpm dav1d-1.0.0-150500.3.3.1.aarch64.rpm dav1d-devel-1.0.0-150500.3.3.1.aarch64.rpm libdav1d6-1.0.0-150500.3.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-2582 moderate SUSE Updates openSUSE-SLE 15.5 This update for salt fixes the following issues: - Update to Salt release version 3006.0 (jsc#PED-3139) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python3-salt-3006.0-150500.4.9.2.x86_64.rpm True salt-3006.0-150500.4.9.2.src.rpm True salt-3006.0-150500.4.9.2.x86_64.rpm True salt-api-3006.0-150500.4.9.2.x86_64.rpm True salt-bash-completion-3006.0-150500.4.9.2.noarch.rpm True salt-cloud-3006.0-150500.4.9.2.x86_64.rpm True salt-doc-3006.0-150500.4.9.2.x86_64.rpm True salt-fish-completion-3006.0-150500.4.9.2.noarch.rpm True salt-master-3006.0-150500.4.9.2.x86_64.rpm True salt-minion-3006.0-150500.4.9.2.x86_64.rpm True salt-proxy-3006.0-150500.4.9.2.x86_64.rpm True salt-ssh-3006.0-150500.4.9.2.x86_64.rpm True salt-standalone-formulas-configuration-3006.0-150500.4.9.2.x86_64.rpm True salt-syndic-3006.0-150500.4.9.2.x86_64.rpm True salt-tests-3006.0-150500.4.9.2.x86_64.rpm True salt-transactional-update-3006.0-150500.4.9.2.x86_64.rpm True salt-zsh-completion-3006.0-150500.4.9.2.noarch.rpm True python3-salt-3006.0-150500.4.9.2.s390x.rpm True salt-3006.0-150500.4.9.2.s390x.rpm True salt-api-3006.0-150500.4.9.2.s390x.rpm True salt-cloud-3006.0-150500.4.9.2.s390x.rpm True salt-doc-3006.0-150500.4.9.2.s390x.rpm True salt-master-3006.0-150500.4.9.2.s390x.rpm True salt-minion-3006.0-150500.4.9.2.s390x.rpm True salt-proxy-3006.0-150500.4.9.2.s390x.rpm True salt-ssh-3006.0-150500.4.9.2.s390x.rpm True salt-standalone-formulas-configuration-3006.0-150500.4.9.2.s390x.rpm True salt-syndic-3006.0-150500.4.9.2.s390x.rpm True salt-tests-3006.0-150500.4.9.2.s390x.rpm True salt-transactional-update-3006.0-150500.4.9.2.s390x.rpm True python3-salt-3006.0-150500.4.9.2.ppc64le.rpm True salt-3006.0-150500.4.9.2.ppc64le.rpm True salt-api-3006.0-150500.4.9.2.ppc64le.rpm True salt-cloud-3006.0-150500.4.9.2.ppc64le.rpm True salt-doc-3006.0-150500.4.9.2.ppc64le.rpm True salt-master-3006.0-150500.4.9.2.ppc64le.rpm True salt-minion-3006.0-150500.4.9.2.ppc64le.rpm True salt-proxy-3006.0-150500.4.9.2.ppc64le.rpm True salt-ssh-3006.0-150500.4.9.2.ppc64le.rpm True salt-standalone-formulas-configuration-3006.0-150500.4.9.2.ppc64le.rpm True salt-syndic-3006.0-150500.4.9.2.ppc64le.rpm True salt-tests-3006.0-150500.4.9.2.ppc64le.rpm True salt-transactional-update-3006.0-150500.4.9.2.ppc64le.rpm True python3-salt-3006.0-150500.4.9.2.aarch64.rpm True salt-3006.0-150500.4.9.2.aarch64.rpm True salt-api-3006.0-150500.4.9.2.aarch64.rpm True salt-cloud-3006.0-150500.4.9.2.aarch64.rpm True salt-doc-3006.0-150500.4.9.2.aarch64.rpm True salt-master-3006.0-150500.4.9.2.aarch64.rpm True salt-minion-3006.0-150500.4.9.2.aarch64.rpm True salt-proxy-3006.0-150500.4.9.2.aarch64.rpm True salt-ssh-3006.0-150500.4.9.2.aarch64.rpm True salt-standalone-formulas-configuration-3006.0-150500.4.9.2.aarch64.rpm True salt-syndic-3006.0-150500.4.9.2.aarch64.rpm True salt-tests-3006.0-150500.4.9.2.aarch64.rpm True salt-transactional-update-3006.0-150500.4.9.2.aarch64.rpm True openSUSE-SLE-15.5-2023-2536 important SUSE Updates openSUSE-SLE 15.5 This update for openvswitch3 fixes the following issues: - CVE-2023-1668: Fixed a remote denial of service that could be triggered via malformed IP packets (bsc#1210054). libopenvswitch-3_1-0-3.1.0-150500.3.3.1.x86_64.rpm libovn-23_03-0-23.03.0-150500.3.3.1.x86_64.rpm openvswitch3-3.1.0-150500.3.3.1.src.rpm openvswitch3-3.1.0-150500.3.3.1.x86_64.rpm openvswitch3-devel-3.1.0-150500.3.3.1.x86_64.rpm openvswitch3-doc-3.1.0-150500.3.3.1.noarch.rpm openvswitch3-ipsec-3.1.0-150500.3.3.1.x86_64.rpm openvswitch3-pki-3.1.0-150500.3.3.1.x86_64.rpm openvswitch3-test-3.1.0-150500.3.3.1.x86_64.rpm openvswitch3-vtep-3.1.0-150500.3.3.1.x86_64.rpm ovn3-23.03.0-150500.3.3.1.x86_64.rpm ovn3-central-23.03.0-150500.3.3.1.x86_64.rpm ovn3-devel-23.03.0-150500.3.3.1.x86_64.rpm ovn3-doc-23.03.0-150500.3.3.1.noarch.rpm ovn3-docker-23.03.0-150500.3.3.1.x86_64.rpm ovn3-host-23.03.0-150500.3.3.1.x86_64.rpm ovn3-vtep-23.03.0-150500.3.3.1.x86_64.rpm python3-ovs3-3.1.0-150500.3.3.1.x86_64.rpm libopenvswitch-3_1-0-3.1.0-150500.3.3.1.s390x.rpm libovn-23_03-0-23.03.0-150500.3.3.1.s390x.rpm openvswitch3-3.1.0-150500.3.3.1.s390x.rpm openvswitch3-devel-3.1.0-150500.3.3.1.s390x.rpm openvswitch3-ipsec-3.1.0-150500.3.3.1.s390x.rpm openvswitch3-pki-3.1.0-150500.3.3.1.s390x.rpm openvswitch3-test-3.1.0-150500.3.3.1.s390x.rpm openvswitch3-vtep-3.1.0-150500.3.3.1.s390x.rpm ovn3-23.03.0-150500.3.3.1.s390x.rpm ovn3-central-23.03.0-150500.3.3.1.s390x.rpm ovn3-devel-23.03.0-150500.3.3.1.s390x.rpm ovn3-docker-23.03.0-150500.3.3.1.s390x.rpm ovn3-host-23.03.0-150500.3.3.1.s390x.rpm ovn3-vtep-23.03.0-150500.3.3.1.s390x.rpm python3-ovs3-3.1.0-150500.3.3.1.s390x.rpm libopenvswitch-3_1-0-3.1.0-150500.3.3.1.ppc64le.rpm libovn-23_03-0-23.03.0-150500.3.3.1.ppc64le.rpm openvswitch3-3.1.0-150500.3.3.1.ppc64le.rpm openvswitch3-devel-3.1.0-150500.3.3.1.ppc64le.rpm openvswitch3-ipsec-3.1.0-150500.3.3.1.ppc64le.rpm openvswitch3-pki-3.1.0-150500.3.3.1.ppc64le.rpm openvswitch3-test-3.1.0-150500.3.3.1.ppc64le.rpm openvswitch3-vtep-3.1.0-150500.3.3.1.ppc64le.rpm ovn3-23.03.0-150500.3.3.1.ppc64le.rpm ovn3-central-23.03.0-150500.3.3.1.ppc64le.rpm ovn3-devel-23.03.0-150500.3.3.1.ppc64le.rpm ovn3-docker-23.03.0-150500.3.3.1.ppc64le.rpm ovn3-host-23.03.0-150500.3.3.1.ppc64le.rpm ovn3-vtep-23.03.0-150500.3.3.1.ppc64le.rpm python3-ovs3-3.1.0-150500.3.3.1.ppc64le.rpm libopenvswitch-3_1-0-3.1.0-150500.3.3.1.aarch64.rpm libovn-23_03-0-23.03.0-150500.3.3.1.aarch64.rpm openvswitch3-3.1.0-150500.3.3.1.aarch64.rpm openvswitch3-devel-3.1.0-150500.3.3.1.aarch64.rpm openvswitch3-ipsec-3.1.0-150500.3.3.1.aarch64.rpm openvswitch3-pki-3.1.0-150500.3.3.1.aarch64.rpm openvswitch3-test-3.1.0-150500.3.3.1.aarch64.rpm openvswitch3-vtep-3.1.0-150500.3.3.1.aarch64.rpm ovn3-23.03.0-150500.3.3.1.aarch64.rpm ovn3-central-23.03.0-150500.3.3.1.aarch64.rpm ovn3-devel-23.03.0-150500.3.3.1.aarch64.rpm ovn3-docker-23.03.0-150500.3.3.1.aarch64.rpm ovn3-host-23.03.0-150500.3.3.1.aarch64.rpm ovn3-vtep-23.03.0-150500.3.3.1.aarch64.rpm python3-ovs3-3.1.0-150500.3.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-2383 moderate SUSE Updates openSUSE-SLE 15.5 This update for jansi contains the following fix: - Fetch sources using source_service and don't distribute legally spurious files. (bsc#1210877) jansi-2.4.0-150200.3.7.1.src.rpm jansi-2.4.0-150200.3.7.1.x86_64.rpm jansi-javadoc-2.4.0-150200.3.7.1.noarch.rpm jansi-2.4.0-150200.3.7.1.s390x.rpm jansi-2.4.0-150200.3.7.1.ppc64le.rpm jansi-2.4.0-150200.3.7.1.aarch64.rpm openSUSE-SLE-15.5-2023-2296 important SUSE Updates openSUSE-SLE 15.5 This update for openvswitch fixes the following issues: - CVE-2023-1668: Fixed remote traffic denial of service via crafted packets with IP proto 0 (bsc#1210054). libopenvswitch-2_14-0-2.14.2-150400.24.9.1.x86_64.rpm libovn-20_06-0-20.06.2-150400.24.9.1.x86_64.rpm openvswitch-2.14.2-150400.24.9.1.src.rpm openvswitch-2.14.2-150400.24.9.1.x86_64.rpm openvswitch-devel-2.14.2-150400.24.9.1.x86_64.rpm openvswitch-doc-2.14.2-150400.24.9.1.noarch.rpm openvswitch-ipsec-2.14.2-150400.24.9.1.x86_64.rpm openvswitch-pki-2.14.2-150400.24.9.1.x86_64.rpm openvswitch-test-2.14.2-150400.24.9.1.x86_64.rpm openvswitch-vtep-2.14.2-150400.24.9.1.x86_64.rpm ovn-20.06.2-150400.24.9.1.x86_64.rpm ovn-central-20.06.2-150400.24.9.1.x86_64.rpm ovn-devel-20.06.2-150400.24.9.1.x86_64.rpm ovn-doc-20.06.2-150400.24.9.1.noarch.rpm ovn-docker-20.06.2-150400.24.9.1.x86_64.rpm ovn-host-20.06.2-150400.24.9.1.x86_64.rpm ovn-vtep-20.06.2-150400.24.9.1.x86_64.rpm python3-ovs-2.14.2-150400.24.9.1.x86_64.rpm libopenvswitch-2_14-0-2.14.2-150400.24.9.1.s390x.rpm libovn-20_06-0-20.06.2-150400.24.9.1.s390x.rpm openvswitch-2.14.2-150400.24.9.1.s390x.rpm openvswitch-devel-2.14.2-150400.24.9.1.s390x.rpm openvswitch-ipsec-2.14.2-150400.24.9.1.s390x.rpm openvswitch-pki-2.14.2-150400.24.9.1.s390x.rpm openvswitch-test-2.14.2-150400.24.9.1.s390x.rpm openvswitch-vtep-2.14.2-150400.24.9.1.s390x.rpm ovn-20.06.2-150400.24.9.1.s390x.rpm ovn-central-20.06.2-150400.24.9.1.s390x.rpm ovn-devel-20.06.2-150400.24.9.1.s390x.rpm ovn-docker-20.06.2-150400.24.9.1.s390x.rpm ovn-host-20.06.2-150400.24.9.1.s390x.rpm ovn-vtep-20.06.2-150400.24.9.1.s390x.rpm python3-ovs-2.14.2-150400.24.9.1.s390x.rpm libopenvswitch-2_14-0-2.14.2-150400.24.9.1.ppc64le.rpm libovn-20_06-0-20.06.2-150400.24.9.1.ppc64le.rpm openvswitch-2.14.2-150400.24.9.1.ppc64le.rpm openvswitch-devel-2.14.2-150400.24.9.1.ppc64le.rpm openvswitch-ipsec-2.14.2-150400.24.9.1.ppc64le.rpm openvswitch-pki-2.14.2-150400.24.9.1.ppc64le.rpm openvswitch-test-2.14.2-150400.24.9.1.ppc64le.rpm openvswitch-vtep-2.14.2-150400.24.9.1.ppc64le.rpm ovn-20.06.2-150400.24.9.1.ppc64le.rpm ovn-central-20.06.2-150400.24.9.1.ppc64le.rpm ovn-devel-20.06.2-150400.24.9.1.ppc64le.rpm ovn-docker-20.06.2-150400.24.9.1.ppc64le.rpm ovn-host-20.06.2-150400.24.9.1.ppc64le.rpm ovn-vtep-20.06.2-150400.24.9.1.ppc64le.rpm python3-ovs-2.14.2-150400.24.9.1.ppc64le.rpm libopenvswitch-2_14-0-2.14.2-150400.24.9.1.aarch64.rpm libovn-20_06-0-20.06.2-150400.24.9.1.aarch64.rpm openvswitch-2.14.2-150400.24.9.1.aarch64.rpm openvswitch-devel-2.14.2-150400.24.9.1.aarch64.rpm openvswitch-ipsec-2.14.2-150400.24.9.1.aarch64.rpm openvswitch-pki-2.14.2-150400.24.9.1.aarch64.rpm openvswitch-test-2.14.2-150400.24.9.1.aarch64.rpm openvswitch-vtep-2.14.2-150400.24.9.1.aarch64.rpm ovn-20.06.2-150400.24.9.1.aarch64.rpm ovn-central-20.06.2-150400.24.9.1.aarch64.rpm ovn-devel-20.06.2-150400.24.9.1.aarch64.rpm ovn-docker-20.06.2-150400.24.9.1.aarch64.rpm ovn-host-20.06.2-150400.24.9.1.aarch64.rpm ovn-vtep-20.06.2-150400.24.9.1.aarch64.rpm python3-ovs-2.14.2-150400.24.9.1.aarch64.rpm openSUSE-SLE-15.5-2023-2539 moderate SUSE Updates openSUSE-SLE 15.5 This update for jetty-minimal fixes the following issues: Updated to version 9.4.51.v20230217: - CVE-2023-26048: Fixed an excessive memory consumption when processing a large multipart request (bsc#1210620) - CVE-2023-26049: Fixed a cookie exfiltration issue due to improper parsing (bsc#1210621). jetty-annotations-9.4.51-150200.3.19.2.noarch.rpm jetty-ant-9.4.51-150200.3.19.2.noarch.rpm jetty-cdi-9.4.51-150200.3.19.2.noarch.rpm jetty-client-9.4.51-150200.3.19.2.noarch.rpm jetty-continuation-9.4.51-150200.3.19.2.noarch.rpm jetty-deploy-9.4.51-150200.3.19.2.noarch.rpm jetty-fcgi-9.4.51-150200.3.19.2.noarch.rpm jetty-http-9.4.51-150200.3.19.2.noarch.rpm jetty-http-spi-9.4.51-150200.3.19.2.noarch.rpm jetty-io-9.4.51-150200.3.19.2.noarch.rpm jetty-jaas-9.4.51-150200.3.19.2.noarch.rpm jetty-jmx-9.4.51-150200.3.19.2.noarch.rpm jetty-jndi-9.4.51-150200.3.19.2.noarch.rpm jetty-jsp-9.4.51-150200.3.19.2.noarch.rpm jetty-minimal-9.4.51-150200.3.19.2.src.rpm jetty-minimal-javadoc-9.4.51-150200.3.19.2.noarch.rpm jetty-openid-9.4.51-150200.3.19.2.noarch.rpm jetty-plus-9.4.51-150200.3.19.2.noarch.rpm jetty-proxy-9.4.51-150200.3.19.2.noarch.rpm jetty-quickstart-9.4.51-150200.3.19.2.noarch.rpm jetty-rewrite-9.4.51-150200.3.19.2.noarch.rpm jetty-security-9.4.51-150200.3.19.2.noarch.rpm jetty-server-9.4.51-150200.3.19.2.noarch.rpm jetty-servlet-9.4.51-150200.3.19.2.noarch.rpm jetty-servlets-9.4.51-150200.3.19.2.noarch.rpm jetty-start-9.4.51-150200.3.19.2.noarch.rpm jetty-util-9.4.51-150200.3.19.2.noarch.rpm jetty-util-ajax-9.4.51-150200.3.19.2.noarch.rpm jetty-webapp-9.4.51-150200.3.19.2.noarch.rpm jetty-xml-9.4.51-150200.3.19.2.noarch.rpm openSUSE-SLE-15.5-2023-2625 moderate SUSE Updates openSUSE-SLE 15.5 This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 cpp12-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-aarch64-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.src.rpm cross-aarch64-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-arm-gcc12-12.3.0+git1204-150000.1.10.1.src.rpm cross-arm-gcc12-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-arm-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-arm-none-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.src.rpm cross-arm-none-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-avr-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.src.rpm cross-avr-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-epiphany-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.src.rpm cross-epiphany-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-hppa-gcc12-12.3.0+git1204-150000.1.10.1.src.rpm cross-hppa-gcc12-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-hppa-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.src.rpm cross-hppa-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-hppa-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-m68k-gcc12-12.3.0+git1204-150000.1.10.1.src.rpm cross-m68k-gcc12-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-m68k-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-mips-gcc12-12.3.0+git1204-150000.1.10.1.src.rpm cross-mips-gcc12-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-mips-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1.src.rpm cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-ppc64-gcc12-12.3.0+git1204-150000.1.10.1.src.rpm cross-ppc64-gcc12-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-ppc64-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-ppc64le-gcc12-12.3.0+git1204-150000.1.10.1.src.rpm cross-ppc64le-gcc12-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-ppc64le-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-riscv64-elf-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.src.rpm cross-riscv64-elf-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-riscv64-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.src.rpm cross-riscv64-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-rx-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.src.rpm cross-rx-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-s390x-gcc12-12.3.0+git1204-150000.1.10.1.src.rpm cross-s390x-gcc12-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-s390x-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-sparc-gcc12-12.3.0+git1204-150000.1.10.1.src.rpm cross-sparc-gcc12-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-sparc64-gcc12-12.3.0+git1204-150000.1.10.1.src.rpm cross-sparc64-gcc12-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-sparc64-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.x86_64.rpm cross-sparcv9-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-12.3.0+git1204-150000.1.10.1.src.rpm gcc12-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-PIE-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-ada-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-ada-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-c++-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-d-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-d-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-fortran-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-go-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-go-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-info-12.3.0+git1204-150000.1.10.1.noarch.rpm gcc12-locale-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-obj-c++-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-obj-c++-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-objc-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-objc-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm gcc12-testresults-12.3.0+git1204-150000.1.10.1.src.rpm gcc12-testresults-12.3.0+git1204-150000.1.10.1.x86_64.rpm libada12-12.3.0+git1204-150000.1.10.1.x86_64.rpm libada12-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libasan8-12.3.0+git1204-150000.1.10.1.x86_64.rpm libasan8-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libatomic1-12.3.0+git1204-150000.1.10.1.x86_64.rpm libatomic1-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgcc_s1-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgdruntime3-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgdruntime3-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgfortran5-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgfortran5-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgo21-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgo21-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgomp1-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgomp1-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgphobos3-12.3.0+git1204-150000.1.10.1.x86_64.rpm libgphobos3-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libitm1-12.3.0+git1204-150000.1.10.1.x86_64.rpm libitm1-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm liblsan0-12.3.0+git1204-150000.1.10.1.x86_64.rpm libobjc4-12.3.0+git1204-150000.1.10.1.x86_64.rpm libobjc4-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libquadmath0-12.3.0+git1204-150000.1.10.1.x86_64.rpm libquadmath0-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libstdc++6-12.3.0+git1204-150000.1.10.1.x86_64.rpm libstdc++6-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1.x86_64.rpm libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libstdc++6-locale-12.3.0+git1204-150000.1.10.1.x86_64.rpm libstdc++6-pp-12.3.0+git1204-150000.1.10.1.x86_64.rpm libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm libtsan2-12.3.0+git1204-150000.1.10.1.x86_64.rpm libubsan1-12.3.0+git1204-150000.1.10.1.x86_64.rpm libubsan1-32bit-12.3.0+git1204-150000.1.10.1.x86_64.rpm cpp12-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-aarch64-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-arm-gcc12-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-arm-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-arm-none-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-avr-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-epiphany-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-hppa-gcc12-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-hppa-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-hppa-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-m68k-gcc12-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-m68k-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-mips-gcc12-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-mips-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-ppc64-gcc12-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-ppc64-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-ppc64le-gcc12-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-ppc64le-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-riscv64-elf-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-riscv64-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-rx-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-sparc-gcc12-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-sparc64-gcc12-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-sparc64-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-sparcv9-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-x86_64-gcc12-12.3.0+git1204-150000.1.10.1.s390x.rpm cross-x86_64-gcc12-12.3.0+git1204-150000.1.10.1.src.rpm cross-x86_64-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-PIE-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-ada-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-ada-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-c++-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-d-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-d-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-fortran-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-go-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-go-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-locale-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-obj-c++-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-obj-c++-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-objc-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-objc-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm gcc12-testresults-12.3.0+git1204-150000.1.10.1.s390x.rpm libada12-12.3.0+git1204-150000.1.10.1.s390x.rpm libada12-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm libasan8-12.3.0+git1204-150000.1.10.1.s390x.rpm libasan8-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm libatomic1-12.3.0+git1204-150000.1.10.1.s390x.rpm libatomic1-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm libgcc_s1-12.3.0+git1204-150000.1.10.1.s390x.rpm libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm libgdruntime3-12.3.0+git1204-150000.1.10.1.s390x.rpm libgdruntime3-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm libgfortran5-12.3.0+git1204-150000.1.10.1.s390x.rpm libgfortran5-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm libgo21-12.3.0+git1204-150000.1.10.1.s390x.rpm libgo21-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm libgomp1-12.3.0+git1204-150000.1.10.1.s390x.rpm libgomp1-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm libgphobos3-12.3.0+git1204-150000.1.10.1.s390x.rpm libgphobos3-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm libitm1-12.3.0+git1204-150000.1.10.1.s390x.rpm libitm1-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm liblsan0-12.3.0+git1204-150000.1.10.1.s390x.rpm libobjc4-12.3.0+git1204-150000.1.10.1.s390x.rpm libobjc4-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm libstdc++6-12.3.0+git1204-150000.1.10.1.s390x.rpm libstdc++6-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1.s390x.rpm libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm libstdc++6-locale-12.3.0+git1204-150000.1.10.1.s390x.rpm libstdc++6-pp-12.3.0+git1204-150000.1.10.1.s390x.rpm libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm libtsan2-12.3.0+git1204-150000.1.10.1.s390x.rpm libubsan1-12.3.0+git1204-150000.1.10.1.s390x.rpm libubsan1-32bit-12.3.0+git1204-150000.1.10.1.s390x.rpm cpp12-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-aarch64-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-arm-gcc12-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-arm-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-arm-none-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-avr-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-epiphany-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-hppa-gcc12-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-hppa-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-hppa-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-m68k-gcc12-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-m68k-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-mips-gcc12-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-mips-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-ppc64-gcc12-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-ppc64-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-riscv64-elf-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-riscv64-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-rx-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-s390x-gcc12-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-s390x-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-sparc-gcc12-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-sparc64-gcc12-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-sparc64-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-sparcv9-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-x86_64-gcc12-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cross-x86_64-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.ppc64le.rpm gcc12-12.3.0+git1204-150000.1.10.1.ppc64le.rpm gcc12-PIE-12.3.0+git1204-150000.1.10.1.ppc64le.rpm gcc12-ada-12.3.0+git1204-150000.1.10.1.ppc64le.rpm gcc12-c++-12.3.0+git1204-150000.1.10.1.ppc64le.rpm gcc12-fortran-12.3.0+git1204-150000.1.10.1.ppc64le.rpm gcc12-go-12.3.0+git1204-150000.1.10.1.ppc64le.rpm gcc12-locale-12.3.0+git1204-150000.1.10.1.ppc64le.rpm gcc12-obj-c++-12.3.0+git1204-150000.1.10.1.ppc64le.rpm gcc12-objc-12.3.0+git1204-150000.1.10.1.ppc64le.rpm gcc12-testresults-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libada12-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libasan8-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libatomic1-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libgcc_s1-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libgfortran5-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libgo21-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libgomp1-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libitm1-12.3.0+git1204-150000.1.10.1.ppc64le.rpm liblsan0-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libobjc4-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libquadmath0-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libstdc++6-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libstdc++6-locale-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libstdc++6-pp-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libtsan2-12.3.0+git1204-150000.1.10.1.ppc64le.rpm libubsan1-12.3.0+git1204-150000.1.10.1.ppc64le.rpm cpp12-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-arm-gcc12-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-arm-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-arm-none-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-avr-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-epiphany-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-hppa-gcc12-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-hppa-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-hppa-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-m68k-gcc12-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-m68k-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-mips-gcc12-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-mips-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-ppc64-gcc12-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-ppc64-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-ppc64le-gcc12-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-ppc64le-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-riscv64-elf-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-riscv64-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-rx-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-s390x-gcc12-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-s390x-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-sparc-gcc12-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-sparc64-gcc12-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-sparc64-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-sparcv9-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-x86_64-gcc12-12.3.0+git1204-150000.1.10.1.aarch64.rpm cross-x86_64-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1.aarch64.rpm gcc12-12.3.0+git1204-150000.1.10.1.aarch64.rpm gcc12-PIE-12.3.0+git1204-150000.1.10.1.aarch64.rpm gcc12-ada-12.3.0+git1204-150000.1.10.1.aarch64.rpm gcc12-c++-12.3.0+git1204-150000.1.10.1.aarch64.rpm gcc12-d-12.3.0+git1204-150000.1.10.1.aarch64.rpm gcc12-fortran-12.3.0+git1204-150000.1.10.1.aarch64.rpm gcc12-go-12.3.0+git1204-150000.1.10.1.aarch64.rpm gcc12-locale-12.3.0+git1204-150000.1.10.1.aarch64.rpm gcc12-obj-c++-12.3.0+git1204-150000.1.10.1.aarch64.rpm gcc12-objc-12.3.0+git1204-150000.1.10.1.aarch64.rpm gcc12-testresults-12.3.0+git1204-150000.1.10.1.aarch64.rpm libada12-12.3.0+git1204-150000.1.10.1.aarch64.rpm libasan8-12.3.0+git1204-150000.1.10.1.aarch64.rpm libatomic1-12.3.0+git1204-150000.1.10.1.aarch64.rpm libgcc_s1-12.3.0+git1204-150000.1.10.1.aarch64.rpm libgdruntime3-12.3.0+git1204-150000.1.10.1.aarch64.rpm libgfortran5-12.3.0+git1204-150000.1.10.1.aarch64.rpm libgo21-12.3.0+git1204-150000.1.10.1.aarch64.rpm libgomp1-12.3.0+git1204-150000.1.10.1.aarch64.rpm libgphobos3-12.3.0+git1204-150000.1.10.1.aarch64.rpm libhwasan0-12.3.0+git1204-150000.1.10.1.aarch64.rpm libitm1-12.3.0+git1204-150000.1.10.1.aarch64.rpm liblsan0-12.3.0+git1204-150000.1.10.1.aarch64.rpm libobjc4-12.3.0+git1204-150000.1.10.1.aarch64.rpm libstdc++6-12.3.0+git1204-150000.1.10.1.aarch64.rpm libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1.aarch64.rpm libstdc++6-locale-12.3.0+git1204-150000.1.10.1.aarch64.rpm libstdc++6-pp-12.3.0+git1204-150000.1.10.1.aarch64.rpm libtsan2-12.3.0+git1204-150000.1.10.1.aarch64.rpm libubsan1-12.3.0+git1204-150000.1.10.1.aarch64.rpm openSUSE-SLE-15.5-2023-2313 important SUSE Updates openSUSE-SLE 15.5 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support c-ares-1.19.1-150000.3.23.1.src.rpm c-ares-devel-1.19.1-150000.3.23.1.x86_64.rpm c-ares-utils-1.19.1-150000.3.23.1.x86_64.rpm libcares2-1.19.1-150000.3.23.1.x86_64.rpm libcares2-32bit-1.19.1-150000.3.23.1.x86_64.rpm c-ares-devel-1.19.1-150000.3.23.1.s390x.rpm c-ares-utils-1.19.1-150000.3.23.1.s390x.rpm libcares2-1.19.1-150000.3.23.1.s390x.rpm c-ares-devel-1.19.1-150000.3.23.1.ppc64le.rpm c-ares-utils-1.19.1-150000.3.23.1.ppc64le.rpm libcares2-1.19.1-150000.3.23.1.ppc64le.rpm c-ares-devel-1.19.1-150000.3.23.1.aarch64.rpm c-ares-utils-1.19.1-150000.3.23.1.aarch64.rpm libcares2-1.19.1-150000.3.23.1.aarch64.rpm openSUSE-SLE-15.5-2023-2505 important SUSE Updates openSUSE-SLE 15.5 This update for tomcat fixes the following issues: Updated to version 9.0.75: - CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1208513, bsc#1211608). tomcat-9.0.75-150200.41.1.noarch.rpm tomcat-9.0.75-150200.41.1.src.rpm tomcat-admin-webapps-9.0.75-150200.41.1.noarch.rpm tomcat-docs-webapp-9.0.75-150200.41.1.noarch.rpm tomcat-el-3_0-api-9.0.75-150200.41.1.noarch.rpm tomcat-embed-9.0.75-150200.41.1.noarch.rpm tomcat-javadoc-9.0.75-150200.41.1.noarch.rpm tomcat-jsp-2_3-api-9.0.75-150200.41.1.noarch.rpm tomcat-jsvc-9.0.75-150200.41.1.noarch.rpm tomcat-lib-9.0.75-150200.41.1.noarch.rpm tomcat-servlet-4_0-api-9.0.75-150200.41.1.noarch.rpm tomcat-webapps-9.0.75-150200.41.1.noarch.rpm openSUSE-SLE-15.5-2023-2390 important SUSE Updates openSUSE-SLE 15.5 This update for apache-commons-fileupload fixes the following issues: Updated to version 1.5: - CVE-2023-24998: Added a configurable maximum number of files to upload per request (bsc#1208513). apache-commons-fileupload-1.5-150200.3.9.1.noarch.rpm apache-commons-fileupload-1.5-150200.3.9.1.src.rpm apache-commons-fileupload-javadoc-1.5-150200.3.9.1.noarch.rpm openSUSE-SLE-15.5-2023-2312 important SUSE Updates openSUSE-SLE 15.5 This update for go1.18-openssl fixes the following issues: - Add subpackage go1.x-libstd compiled shared object libstd.so (jsc#PED-1962) * Main go1.x package included libstd.so in previous versions * Split libstd.so into subpackage that can be installed standalone * Continues the slimming down of main go1.x package by 40 Mb * Experimental and not recommended for general use, Go currently has no ABI * Upstream Go has not committed to support buildmode=shared long-term * Do not use in packaging, build static single binaries (the default) * Upstream Go go1.x binary releases do not include libstd.so * go1.x Suggests go1.x-libstd so not installed by default Recommends * go1.x-libstd does not Require: go1.x so can install standalone * Provides go-libstd unversioned package name * Fix build step -buildmode=shared std to omit -linkshared - Packaging improvements: * go1.x Suggests go1.x-doc so not installed by default Recommends * Use Group: Development/Languages/Go instead of Other - Improvements to go1.x packaging spec: * On Tumbleweed bootstrap with current default gcc13 and gccgo118 * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap using go1.x package (%bcond_without gccgo). This is no longer needed on current SLE-12:Update and removing will consolidate the build configurations used. * Change source URLs to go.dev as per Go upstream * On x86_64 export GOAMD64=v1 as per the current baseline. At this time forgo GOAMD64=v3 option for x86_64_v3 support. * On x86_64 %define go_amd64=v1 as current instruction baseline - Update to version 1.18.10.1 cut from the go1.18-openssl-fips branch at the revision tagged go1.18.10-1-openssl-fips. * Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips * Merge go1.18.10 into dev.boringcrypto.go1.18 - go1.18.10 (released 2023-01-10) includes fixes to cgo, the compiler, the linker, and the crypto/x509, net/http, and syscall packages. Refs bsc#1193742 go1.18 release tracking * go#57705 misc/cgo: backport needed for dlltool fix * go#57426 crypto/x509: Verify on macOS does not return typed errors * go#57344 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its "old" argument. * go#57338 syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices * go#57213 os: TestLstat failure on Linux Aarch64 * go#57211 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length * go#57057 cmd/go: remove test dependency on gopkg.in service * go#57054 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders * go#57044 cgo: malformed DWARF TagVariable entry * go#57028 cmd/cgo: Wrong types in compiler errors with clang 14 * go#56833 cmd/link/internal/ppc64: too-far trampoline is reused * go#56711 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target * go#56323 net/http: bad handling of HEAD requests with a body go1.18-openssl-1.18.10.1-150000.1.9.1.src.rpm go1.18-openssl-1.18.10.1-150000.1.9.1.x86_64.rpm go1.18-openssl-doc-1.18.10.1-150000.1.9.1.x86_64.rpm go1.18-openssl-race-1.18.10.1-150000.1.9.1.x86_64.rpm go1.18-openssl-1.18.10.1-150000.1.9.1.s390x.rpm go1.18-openssl-doc-1.18.10.1-150000.1.9.1.s390x.rpm go1.18-openssl-1.18.10.1-150000.1.9.1.ppc64le.rpm go1.18-openssl-doc-1.18.10.1-150000.1.9.1.ppc64le.rpm go1.18-openssl-1.18.10.1-150000.1.9.1.aarch64.rpm go1.18-openssl-doc-1.18.10.1-150000.1.9.1.aarch64.rpm go1.18-openssl-race-1.18.10.1-150000.1.9.1.aarch64.rpm openSUSE-SLE-15.5-2023-2347 important SUSE Updates openSUSE-SLE 15.5 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). cups-2.2.7-150000.3.43.1.src.rpm cups-2.2.7-150000.3.43.1.x86_64.rpm cups-client-2.2.7-150000.3.43.1.x86_64.rpm cups-config-2.2.7-150000.3.43.1.x86_64.rpm cups-ddk-2.2.7-150000.3.43.1.x86_64.rpm cups-devel-2.2.7-150000.3.43.1.x86_64.rpm cups-devel-32bit-2.2.7-150000.3.43.1.x86_64.rpm libcups2-2.2.7-150000.3.43.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.43.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.43.1.x86_64.rpm libcupscgi1-32bit-2.2.7-150000.3.43.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.43.1.x86_64.rpm libcupsimage2-32bit-2.2.7-150000.3.43.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.43.1.x86_64.rpm libcupsmime1-32bit-2.2.7-150000.3.43.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.43.1.x86_64.rpm libcupsppdc1-32bit-2.2.7-150000.3.43.1.x86_64.rpm cups-2.2.7-150000.3.43.1.s390x.rpm cups-client-2.2.7-150000.3.43.1.s390x.rpm cups-config-2.2.7-150000.3.43.1.s390x.rpm cups-ddk-2.2.7-150000.3.43.1.s390x.rpm cups-devel-2.2.7-150000.3.43.1.s390x.rpm libcups2-2.2.7-150000.3.43.1.s390x.rpm libcupscgi1-2.2.7-150000.3.43.1.s390x.rpm libcupsimage2-2.2.7-150000.3.43.1.s390x.rpm libcupsmime1-2.2.7-150000.3.43.1.s390x.rpm libcupsppdc1-2.2.7-150000.3.43.1.s390x.rpm cups-2.2.7-150000.3.43.1.ppc64le.rpm cups-client-2.2.7-150000.3.43.1.ppc64le.rpm cups-config-2.2.7-150000.3.43.1.ppc64le.rpm cups-ddk-2.2.7-150000.3.43.1.ppc64le.rpm cups-devel-2.2.7-150000.3.43.1.ppc64le.rpm libcups2-2.2.7-150000.3.43.1.ppc64le.rpm libcupscgi1-2.2.7-150000.3.43.1.ppc64le.rpm libcupsimage2-2.2.7-150000.3.43.1.ppc64le.rpm libcupsmime1-2.2.7-150000.3.43.1.ppc64le.rpm libcupsppdc1-2.2.7-150000.3.43.1.ppc64le.rpm cups-2.2.7-150000.3.43.1.aarch64.rpm cups-client-2.2.7-150000.3.43.1.aarch64.rpm cups-config-2.2.7-150000.3.43.1.aarch64.rpm cups-ddk-2.2.7-150000.3.43.1.aarch64.rpm cups-devel-2.2.7-150000.3.43.1.aarch64.rpm libcups2-2.2.7-150000.3.43.1.aarch64.rpm libcupscgi1-2.2.7-150000.3.43.1.aarch64.rpm libcupsimage2-2.2.7-150000.3.43.1.aarch64.rpm libcupsmime1-2.2.7-150000.3.43.1.aarch64.rpm libcupsppdc1-2.2.7-150000.3.43.1.aarch64.rpm openSUSE-SLE-15.5-2023-2479 low SUSE Updates openSUSE-SLE 15.5 This update for mariadb fixes the following issues: Updated to version 10.6.13: - CVE-2022-47015: Fixed a denial of service that could be triggered by a crafted SQL query (bsc#1207404). libmariadbd-devel-10.6.13-150400.3.23.1.x86_64.rpm libmariadbd19-10.6.13-150400.3.23.1.x86_64.rpm mariadb-10.6.13-150400.3.23.1.src.rpm mariadb-10.6.13-150400.3.23.1.x86_64.rpm mariadb-bench-10.6.13-150400.3.23.1.x86_64.rpm mariadb-client-10.6.13-150400.3.23.1.x86_64.rpm mariadb-errormessages-10.6.13-150400.3.23.1.noarch.rpm mariadb-galera-10.6.13-150400.3.23.1.x86_64.rpm mariadb-rpm-macros-10.6.13-150400.3.23.1.x86_64.rpm mariadb-test-10.6.13-150400.3.23.1.x86_64.rpm mariadb-tools-10.6.13-150400.3.23.1.x86_64.rpm libmariadbd-devel-10.6.13-150400.3.23.1.s390x.rpm libmariadbd19-10.6.13-150400.3.23.1.s390x.rpm mariadb-10.6.13-150400.3.23.1.s390x.rpm mariadb-bench-10.6.13-150400.3.23.1.s390x.rpm mariadb-client-10.6.13-150400.3.23.1.s390x.rpm mariadb-galera-10.6.13-150400.3.23.1.s390x.rpm mariadb-rpm-macros-10.6.13-150400.3.23.1.s390x.rpm mariadb-test-10.6.13-150400.3.23.1.s390x.rpm mariadb-tools-10.6.13-150400.3.23.1.s390x.rpm libmariadbd-devel-10.6.13-150400.3.23.1.ppc64le.rpm libmariadbd19-10.6.13-150400.3.23.1.ppc64le.rpm mariadb-10.6.13-150400.3.23.1.ppc64le.rpm mariadb-bench-10.6.13-150400.3.23.1.ppc64le.rpm mariadb-client-10.6.13-150400.3.23.1.ppc64le.rpm mariadb-galera-10.6.13-150400.3.23.1.ppc64le.rpm mariadb-rpm-macros-10.6.13-150400.3.23.1.ppc64le.rpm mariadb-test-10.6.13-150400.3.23.1.ppc64le.rpm mariadb-tools-10.6.13-150400.3.23.1.ppc64le.rpm libmariadbd-devel-10.6.13-150400.3.23.1.aarch64.rpm libmariadbd19-10.6.13-150400.3.23.1.aarch64.rpm mariadb-10.6.13-150400.3.23.1.aarch64.rpm mariadb-bench-10.6.13-150400.3.23.1.aarch64.rpm mariadb-client-10.6.13-150400.3.23.1.aarch64.rpm mariadb-galera-10.6.13-150400.3.23.1.aarch64.rpm mariadb-rpm-macros-10.6.13-150400.3.23.1.aarch64.rpm mariadb-test-10.6.13-150400.3.23.1.aarch64.rpm mariadb-tools-10.6.13-150400.3.23.1.aarch64.rpm openSUSE-SLE-15.5-2023-2541 important SUSE Updates openSUSE-SLE 15.5 This update for kubernetes1.18 fixes the following issues: - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin (bsc#1211630). - CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1211631). kubernetes1.18-1.18.10-150200.5.10.1.src.rpm kubernetes1.18-client-1.18.10-150200.5.10.1.x86_64.rpm kubernetes1.18-client-common-1.18.10-150200.5.10.1.x86_64.rpm kubernetes1.18-client-1.18.10-150200.5.10.1.s390x.rpm kubernetes1.18-client-common-1.18.10-150200.5.10.1.s390x.rpm kubernetes1.18-client-1.18.10-150200.5.10.1.ppc64le.rpm kubernetes1.18-client-common-1.18.10-150200.5.10.1.ppc64le.rpm kubernetes1.18-client-1.18.10-150200.5.10.1.aarch64.rpm kubernetes1.18-client-common-1.18.10-150200.5.10.1.aarch64.rpm openSUSE-SLE-15.5-2023-2334 moderate SUSE Updates openSUSE-SLE 15.5 This update for tiff fixes the following issues: Fixed multiple out of bounds read/write security issues: CVE-2023-0795 (bsc#1208226), CVE-2023-0796 (bsc#1208227), CVE-2023-0797 (bsc#1208228), CVE-2023-0798 (bsc#1208229), CVE-2023-0799 (bsc#1208230), CVE-2023-0800 (bsc#1208231), CVE-2023-0801 (bsc#1208232), CVE-2023-0802 (bsc#1208233), CVE-2023-0803 (bsc#1208234), CVE-2023-0804 (bsc#1208236). libtiff-devel-32bit-4.0.9-150000.45.28.1.x86_64.rpm libtiff-devel-4.0.9-150000.45.28.1.x86_64.rpm libtiff5-32bit-4.0.9-150000.45.28.1.x86_64.rpm libtiff5-4.0.9-150000.45.28.1.x86_64.rpm tiff-4.0.9-150000.45.28.1.src.rpm tiff-4.0.9-150000.45.28.1.x86_64.rpm libtiff-devel-4.0.9-150000.45.28.1.s390x.rpm libtiff5-4.0.9-150000.45.28.1.s390x.rpm tiff-4.0.9-150000.45.28.1.s390x.rpm libtiff-devel-4.0.9-150000.45.28.1.ppc64le.rpm libtiff5-4.0.9-150000.45.28.1.ppc64le.rpm tiff-4.0.9-150000.45.28.1.ppc64le.rpm libtiff-devel-4.0.9-150000.45.28.1.aarch64.rpm libtiff5-4.0.9-150000.45.28.1.aarch64.rpm tiff-4.0.9-150000.45.28.1.aarch64.rpm openSUSE-SLE-15.5-2023-2598 important SUSE Updates openSUSE-SLE 15.5 This update for golang-github-prometheus-prometheus fixes the following issues: golang-github-prometheus-prometheus: - Security issues fixed in this version update to 2.37.6: * CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576) * CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023) * CVE-2022-41723: Fixed go issue to avoid quadratic complexity in HPACK decoding (bsc#1208298) - Other non-security bugs fixed and changes in this version update to 2.37.6: * [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak. * [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup. * [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired. * [BUGFIX] Properly close file descriptor when logging unfinished queries. * [BUGFIX] TSDB: In the WAL watcher metrics, expose the type="exemplar" label instead of type="unknown" for exemplar records. * [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued. * [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file. * [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures. * [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads. * [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled. * [BUGFIX] TSDB: Fix panic if series is not found when deleting series. * [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors. * [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default configuration values. * [BUGFIX] Fix serving of static assets like fonts and favicon. * [BUGFIX] promtool: Add --lint-fatal option. * [BUGFIX] Changing TotalQueryableSamples from int to int64. * [BUGFIX] tsdb/agent: Ignore duplicate exemplars. * [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate. * [BUGFIX] Stop rule manager before TSDB is stopped. * [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io. * [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly. * [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page. * [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false. * [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments. * [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue. * [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset. * [BUGFIX] UI: Fix bug that sets the range input to the resolution. * [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled. * [BUGFIX] Parser: Specify type in metadata parser errors. * [BUGFIX] Scrape: Fix label limit changes not applying. * [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch. * [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk. * [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set. * [BUGFIX] Azure SD: Fix panic when public IP Address isn't set. * [BUGFIX] Remote-write: Fix deadlock when stopping a shard. * [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s. * [BUGFIX] Promtool: Make exit codes more consistent. * [BUGFIX] Promtool: Fix flakiness of rule testing. * [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write irrecoverably fails. * [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator. * [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks. * [BUGFIX] TSDB: Fix logging of exemplar storage size. * [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes. * [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets. * [BUGFIX] UI: Fix autocompletion when expression is empty. * [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write. * [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts. * [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting in a new exit code (3) for linter errors. * [CHANGE] UI: Classic UI removed. * [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing. * [CHANGE] PromQL: Promote negative offset and @ modifer to stable features. * [CHANGE] Web: Promote remote-write-receiver to stable. * [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery. * [FEATURE] Add lowercase and uppercase relabel action. * [FEATURE] SD: Add IONOS Cloud integration. * [FEATURE] SD: Add Vultr integration. * [FEATURE] SD: Add Linode SD failure count metric. * [FEATURE] Add prometheus_ready metric. * [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit. Enable with the flag `--enable-feature=auto-gomaxprocs`. * [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query. Additionally, per-step statistics are available with --enable-feature=promql-per-step-stats and using stats=all in the query API. Enable with the flag `--enable-feature=per-step-stats`. * [FEATURE] Config: Add stripPort template function. * [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended. * [FEATURE] SD: Enable target discovery in own K8s namespace. * [FEATURE] SD: Add provider ID label in K8s SD. * [FEATURE] Web: Add limit field to the rules API. * [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role. * [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels. * [ENHANCEMENT] TSDB: Memory optimizations. * [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL. * [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header. * [ENHANCEMENT] Add stripDomain to template function. * [ENHANCEMENT] UI: Enable active search through dropped targets. * [ENHANCEMENT] promtool: support matchers when querying label * [ENHANCEMENT] Add agent mode identifier. * [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup. * [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures. * [ENHANCEMENT] Azure SD: Add an optional resource_group configuration. * [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1 EndpointSlice (previously only discovery.k8s.io/v1beta1 EndpointSlice was supported). * [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered pods. * [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens. * [ENHANCEMENT] Configuration: Add the ability to disable HTTP2. * [ENHANCEMENT] Config: Support overriding minimum TLS version. * [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag `--storage.tsdb.head-chunks-write-queue-size`. * [ENHANCEMENT] HTTP SD: Add a failure counter. * [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests. * [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni. * [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape. * [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1. * [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read. * [ENHANCEMENT] UI: Optimize the alerts page and add a search bar. * [ENHANCEMENT] UI: Improve graph colors that were hard to see. * [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels. * [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces. * [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver. * [ENHANCEMENT] Remote-write: Shard up more when backlogged. * [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance. * [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap. * [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write. * [ENHANCEMENT] TSDB: Improve label matching performance. * [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar. * [ENHANCEMENT] UI: Optimize the target page and add a search bar. firewalld-prometheus-config-0.1-150100.4.17.1.x86_64.rpm golang-github-prometheus-prometheus-2.37.6-150100.4.17.1.src.rpm golang-github-prometheus-prometheus-2.37.6-150100.4.17.1.x86_64.rpm firewalld-prometheus-config-0.1-150100.4.17.1.s390x.rpm golang-github-prometheus-prometheus-2.37.6-150100.4.17.1.s390x.rpm firewalld-prometheus-config-0.1-150100.4.17.1.ppc64le.rpm golang-github-prometheus-prometheus-2.37.6-150100.4.17.1.ppc64le.rpm firewalld-prometheus-config-0.1-150100.4.17.1.aarch64.rpm golang-github-prometheus-prometheus-2.37.6-150100.4.17.1.aarch64.rpm openSUSE-SLE-15.5-2023-2430 critical SUSE Updates openSUSE-SLE 15.5 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - This update will be delivered to SLE Micro. (SMO-219) supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1.noarch.rpm supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1.src.rpm openSUSE-SLE-15.5-2023-2331 important SUSE Updates openSUSE-SLE 15.5 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl10-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl1_0_0-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl1_0_0-32bit-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl1_0_0-hmac-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl1_0_0-steam-1.0.2p-150000.3.76.1.x86_64.rpm libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.76.1.x86_64.rpm openssl-1_0_0-1.0.2p-150000.3.76.1.src.rpm openssl-1_0_0-1.0.2p-150000.3.76.1.x86_64.rpm openssl-1_0_0-cavs-1.0.2p-150000.3.76.1.x86_64.rpm openssl-1_0_0-doc-1.0.2p-150000.3.76.1.noarch.rpm libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1.s390x.rpm libopenssl10-1.0.2p-150000.3.76.1.s390x.rpm libopenssl1_0_0-1.0.2p-150000.3.76.1.s390x.rpm libopenssl1_0_0-hmac-1.0.2p-150000.3.76.1.s390x.rpm libopenssl1_0_0-steam-1.0.2p-150000.3.76.1.s390x.rpm openssl-1_0_0-1.0.2p-150000.3.76.1.s390x.rpm openssl-1_0_0-cavs-1.0.2p-150000.3.76.1.s390x.rpm libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1.ppc64le.rpm libopenssl10-1.0.2p-150000.3.76.1.ppc64le.rpm libopenssl1_0_0-1.0.2p-150000.3.76.1.ppc64le.rpm libopenssl1_0_0-hmac-1.0.2p-150000.3.76.1.ppc64le.rpm libopenssl1_0_0-steam-1.0.2p-150000.3.76.1.ppc64le.rpm openssl-1_0_0-1.0.2p-150000.3.76.1.ppc64le.rpm openssl-1_0_0-cavs-1.0.2p-150000.3.76.1.ppc64le.rpm libopenssl-1_0_0-devel-1.0.2p-150000.3.76.1.aarch64.rpm libopenssl10-1.0.2p-150000.3.76.1.aarch64.rpm libopenssl1_0_0-1.0.2p-150000.3.76.1.aarch64.rpm libopenssl1_0_0-hmac-1.0.2p-150000.3.76.1.aarch64.rpm libopenssl1_0_0-steam-1.0.2p-150000.3.76.1.aarch64.rpm openssl-1_0_0-1.0.2p-150000.3.76.1.aarch64.rpm openssl-1_0_0-cavs-1.0.2p-150000.3.76.1.aarch64.rpm openSUSE-SLE-15.5-2023-2535 important SUSE Updates openSUSE-SLE 15.5 This update for xen fixes the following issues: Security fixes: - CVE-2022-42336: Fix an issue where guests configuring AMD Speculative Store Bypass Disable would have no effect (XSA-431) (bsc#1211433). - CVE-2022-42335: Fixed an issue where guests running under shadow mode with a PCI devices passed through could force the hypervisor to dereference arbitrary memory, leading to a denial of service (XSA-430) (bsc#1210315). Non-security fixes: - Fixed a build warning false positive (bsc#1210570). - Added missing debug-info to xen-syms (bsc#1209237). - Updated to version 4.17.1 (bsc#1027519). - Fixed a failure during VM destruction when using host-assisted kexec and kdump (bsc#1209245). - Other upstream fixes (bsc#1027519). xen-4.17.1_04-150500.3.3.1.src.rpm True xen-4.17.1_04-150500.3.3.1.x86_64.rpm True xen-devel-4.17.1_04-150500.3.3.1.x86_64.rpm True xen-doc-html-4.17.1_04-150500.3.3.1.x86_64.rpm True xen-libs-32bit-4.17.1_04-150500.3.3.1.x86_64.rpm True xen-libs-4.17.1_04-150500.3.3.1.x86_64.rpm True xen-tools-4.17.1_04-150500.3.3.1.x86_64.rpm True xen-tools-domU-4.17.1_04-150500.3.3.1.x86_64.rpm True xen-tools-xendomains-wait-disk-4.17.1_04-150500.3.3.1.noarch.rpm True xen-4.17.1_04-150500.3.3.1.aarch64.rpm True xen-devel-4.17.1_04-150500.3.3.1.aarch64.rpm True xen-doc-html-4.17.1_04-150500.3.3.1.aarch64.rpm True xen-libs-4.17.1_04-150500.3.3.1.aarch64.rpm True xen-tools-4.17.1_04-150500.3.3.1.aarch64.rpm True xen-tools-domU-4.17.1_04-150500.3.3.1.aarch64.rpm True openSUSE-SLE-15.5-2023-2320 moderate SUSE Updates openSUSE-SLE 15.5 This update for wireshark fixes the following issues: Updated to version 3.6.14: - CVE-2023-2855: Fixed a crash in the Candump log file parser (boo#1211703). - CVE-2023-2856: Fixed a crash in the VMS TCPIPtrace file parser (boo#1211707). - CVE-2023-2857: Fixed a crash in the BLF file parser (boo#1211705). - CVE-2023-2858: Fixed a crash in the NetScaler file parser (boo#1211706). - CVE-2023-0668: Fixed a crash in the IEEE C37.118 Synchrophasor dissector (boo#1211710). - CVE-2023-2879: GDSDB dissector infinite loop (boo#1211793). Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.14.html libwireshark15-3.6.14-150000.3.92.1.x86_64.rpm libwiretap12-3.6.14-150000.3.92.1.x86_64.rpm libwsutil13-3.6.14-150000.3.92.1.x86_64.rpm wireshark-3.6.14-150000.3.92.1.src.rpm wireshark-3.6.14-150000.3.92.1.x86_64.rpm wireshark-devel-3.6.14-150000.3.92.1.x86_64.rpm wireshark-ui-qt-3.6.14-150000.3.92.1.x86_64.rpm libwireshark15-3.6.14-150000.3.92.1.s390x.rpm libwiretap12-3.6.14-150000.3.92.1.s390x.rpm libwsutil13-3.6.14-150000.3.92.1.s390x.rpm wireshark-3.6.14-150000.3.92.1.s390x.rpm wireshark-devel-3.6.14-150000.3.92.1.s390x.rpm wireshark-ui-qt-3.6.14-150000.3.92.1.s390x.rpm libwireshark15-3.6.14-150000.3.92.1.ppc64le.rpm libwiretap12-3.6.14-150000.3.92.1.ppc64le.rpm libwsutil13-3.6.14-150000.3.92.1.ppc64le.rpm wireshark-3.6.14-150000.3.92.1.ppc64le.rpm wireshark-devel-3.6.14-150000.3.92.1.ppc64le.rpm wireshark-ui-qt-3.6.14-150000.3.92.1.ppc64le.rpm libwireshark15-3.6.14-150000.3.92.1.aarch64.rpm libwiretap12-3.6.14-150000.3.92.1.aarch64.rpm libwsutil13-3.6.14-150000.3.92.1.aarch64.rpm wireshark-3.6.14-150000.3.92.1.aarch64.rpm wireshark-devel-3.6.14-150000.3.92.1.aarch64.rpm wireshark-ui-qt-3.6.14-150000.3.92.1.aarch64.rpm openSUSE-SLE-15.5-2023-2381 moderate SUSE Updates openSUSE-SLE 15.5 This update for bouncycastle fixes the following issues: bouncycastle was updated to version 1.73: [jsc#PED-3756] Defects Fixed: - BCJSSE: Instantiating a JSSE provider in some contexts could cause an AccessControl exception. - The EC key pair generator can generate out of range private keys when used with SM2. A specific SM2KeyPairGenerator has been added to the low-level API and is used by KeyPairGenerator.getInstance("SM2", "BC"). The SM2 signer has been updated to check for out of range keys as well.. - The attached signature type byte was still present in Falcon signatures as well as the detached signature byte. - There was an off-by-one error in engineGetOutputSize() for ECIES. - The method for invoking read() internally in BCPGInputStream could result in inconsistent behaviour if the class was extended. - Fixed a rounding issue with FF1 Format Preserving Encryption algorithm for certain radices. - Fixed RFC3394WrapEngine handling of 64 bit keys. - Internal buffer for blake2sp was too small and could result in an ArrayIndexOutOfBoundsException. - JCA PSS Signatures using SHAKE128 and SHAKE256 now support encoding of algorithm parameters. - PKCS10CertificationRequest now checks for empty extension parameters. - Parsing errors in the processing of PGP Armored Data now throw an explicit exception ArmoredInputException. - PGP AEAD streams could occassionally be truncated. - The ESTService class now supports processing of chunked HTTP data. - A constructed ASN.1 OCTET STRING with a single member would sometimes be re-encoded as a definite-length OCTET STRING. The encoding has been adjusted to preserve the BER status of the object. - PKIXCertPathReviewer could fail if the trust anchor was also included in the certificate store being used for path analysis. - UTF-8 parsing of an array range ignored the provided length. - IPAddress has been written to provide stricter checking and avoid the use of Integer.parseInt(). - A Java 7 class snuck into the Java 5 to Java 8 build. Additional Features and Functionality: - The Rainbow NIST Post Quantum Round-3 Candidate has been added to the low-level API and the BCPQC provider (level 3 and level 5 parameter sets only). - The GeMSS NIST Post Quantum Round-3 Candidate has been added to the low-level API. - The org.bouncycastle.rsa.max_mr_tests property check has been added to allow capping of MR tests done on RSA moduli. - Significant performance improvements in PQC algorithms, especially BIKE, CMCE, Frodo, HQC, Picnic. - EdDSA verification now conforms to the recommendations of Taming the many EdDSAs, in particular cofactored verification. As a side benefit, Pornin's basis reduction is now used for EdDSA verification, giving a significant performance boost. - Major performance improvements for Anomalous Binary (Koblitz) Curves. - The lightweight Cryptography finalists Ascon, ISAP, Elephant, PhotonBeetle, Sparkle, and Xoodyak have been added to the light-weight cryptography API. - BLAKE2bp and BLAKE2sp have been added to the light-weight cryptography API. - Support has been added for X.509, Section 9.8, hybrid certificates and CRLs using alternate public keys and alternate signatures. - The property "org.bouncycastle.emulate.oracle" has been added to signal the provider should return algorithm names on some algorithms in the same manner as the Oracle JCE provider. - An extra replaceSigners method has been added to CMSSignedData which allows for specifying the digest algorithm IDs to be used in the new CMSSignedData object. - Parsing and re-encoding of ASN.1 PEM data has been further optimized to prevent unecessary conversions between basic encoding, definite length, and DER. - Support has been added for KEM ciphers in CMS in accordance with draft-ietf-lamps-cms-kemri - Support has been added for certEncr in CRMF to allow issuing of certificates for KEM public keys. - Further speedups have been made to CRC24. - GCMParameterSpec constructor caching has been added to improve performance for JVMs that have the class available. - The PGPEncrytedDataGenerator now supports injecting the session key to be used for PGP PBE encrypted data. - The CRMF CertificateRequestMessageBuilder now supports optional attributes. - Improvements to the s calculation in JPAKE. - A general purpose PQCOtherInfoGenerator has been added which supports all Kyber and NTRU. - An implementation of HPKE (RFC 9180 - Hybrid Public Key Encryption) has been added to the light-weight cryptography API. Security Advisories: - The PQC implementations have now been subject to formal review for secret leakage and side channels, there were issues in BIKE, Falcon, Frodo, HQC which have now been fixed. Some weak positives also showed up in Rainbow, Picnic, SIKE, and GeMSS - for now this last set has been ignored as the algorithms will either be updated if they reappear in the Signature Round, or deleted, as is already the case for SIKE (it is now in the legacy package). Details on the group responsible for the testing can be found in the CONTRIBUTORS file. - For at least some ECIES variants (e.g. when using CBC) there is an issue with potential malleability of a nonce (implying silent malleability of the plaintext) that must be sent alongside the ciphertext but is outside the IES integrity check. For this reason the automatic generation of nonces with IED is now disabled and they have to be passed in using an IESParameterSpec. The current advice is to agree on a nonce between parties and then rely on the use of the ephemeral key component to allow the nonce (rather the so called nonce) usage to be extended. bouncycastle-1.73-150200.3.18.1.noarch.rpm bouncycastle-1.73-150200.3.18.1.src.rpm bouncycastle-javadoc-1.73-150200.3.18.1.noarch.rpm bouncycastle-jmail-1.73-150200.3.18.1.noarch.rpm bouncycastle-mail-1.73-150200.3.18.1.noarch.rpm bouncycastle-pg-1.73-150200.3.18.1.noarch.rpm bouncycastle-pkix-1.73-150200.3.18.1.noarch.rpm bouncycastle-tls-1.73-150200.3.18.1.noarch.rpm bouncycastle-util-1.73-150200.3.18.1.noarch.rpm openSUSE-SLE-15.5-2023-2484 moderate SUSE Updates openSUSE-SLE 15.5 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). libldap-2_4-2-2.4.46-150200.14.14.1.x86_64.rpm libldap-2_4-2-32bit-2.4.46-150200.14.14.1.x86_64.rpm libldap-data-2.4.46-150200.14.14.1.noarch.rpm openldap2-2.4.46-150200.14.14.1.src.rpm openldap2-2.4.46-150200.14.14.1.x86_64.rpm openldap2-back-meta-2.4.46-150200.14.14.1.x86_64.rpm openldap2-back-perl-2.4.46-150200.14.14.1.x86_64.rpm openldap2-back-sock-2.4.46-150200.14.14.1.x86_64.rpm openldap2-back-sql-2.4.46-150200.14.14.1.x86_64.rpm openldap2-client-2.4.46-150200.14.14.1.x86_64.rpm openldap2-contrib-2.4.46-150200.14.14.1.x86_64.rpm openldap2-devel-2.4.46-150200.14.14.1.x86_64.rpm openldap2-devel-32bit-2.4.46-150200.14.14.1.x86_64.rpm openldap2-devel-static-2.4.46-150200.14.14.1.x86_64.rpm openldap2-doc-2.4.46-150200.14.14.1.noarch.rpm openldap2-ppolicy-check-password-1.2-150200.14.14.1.x86_64.rpm libldap-2_4-2-2.4.46-150200.14.14.1.s390x.rpm openldap2-2.4.46-150200.14.14.1.s390x.rpm openldap2-back-meta-2.4.46-150200.14.14.1.s390x.rpm openldap2-back-perl-2.4.46-150200.14.14.1.s390x.rpm openldap2-back-sock-2.4.46-150200.14.14.1.s390x.rpm openldap2-back-sql-2.4.46-150200.14.14.1.s390x.rpm openldap2-client-2.4.46-150200.14.14.1.s390x.rpm openldap2-contrib-2.4.46-150200.14.14.1.s390x.rpm openldap2-devel-2.4.46-150200.14.14.1.s390x.rpm openldap2-devel-static-2.4.46-150200.14.14.1.s390x.rpm openldap2-ppolicy-check-password-1.2-150200.14.14.1.s390x.rpm libldap-2_4-2-2.4.46-150200.14.14.1.ppc64le.rpm openldap2-2.4.46-150200.14.14.1.ppc64le.rpm openldap2-back-meta-2.4.46-150200.14.14.1.ppc64le.rpm openldap2-back-perl-2.4.46-150200.14.14.1.ppc64le.rpm openldap2-back-sock-2.4.46-150200.14.14.1.ppc64le.rpm openldap2-back-sql-2.4.46-150200.14.14.1.ppc64le.rpm openldap2-client-2.4.46-150200.14.14.1.ppc64le.rpm openldap2-contrib-2.4.46-150200.14.14.1.ppc64le.rpm openldap2-devel-2.4.46-150200.14.14.1.ppc64le.rpm openldap2-devel-static-2.4.46-150200.14.14.1.ppc64le.rpm openldap2-ppolicy-check-password-1.2-150200.14.14.1.ppc64le.rpm libldap-2_4-2-2.4.46-150200.14.14.1.aarch64.rpm openldap2-2.4.46-150200.14.14.1.aarch64.rpm openldap2-back-meta-2.4.46-150200.14.14.1.aarch64.rpm openldap2-back-perl-2.4.46-150200.14.14.1.aarch64.rpm openldap2-back-sock-2.4.46-150200.14.14.1.aarch64.rpm openldap2-back-sql-2.4.46-150200.14.14.1.aarch64.rpm openldap2-client-2.4.46-150200.14.14.1.aarch64.rpm openldap2-contrib-2.4.46-150200.14.14.1.aarch64.rpm openldap2-devel-2.4.46-150200.14.14.1.aarch64.rpm openldap2-devel-static-2.4.46-150200.14.14.1.aarch64.rpm openldap2-ppolicy-check-password-1.2-150200.14.14.1.aarch64.rpm openSUSE-SLE-15.5-2023-2344 important SUSE Updates openSUSE-SLE 15.5 This update for ImageMagick fixes the following issues: - CVE-2023-34151: Fixed an undefined behavior issue due to floating point truncation (bsc#1211791). - CVE-2023-34153: Fixed a command injection issue when encoding or decoding VIDEO files (bsc#1211792). ImageMagick-7.1.0.9-150400.6.21.1.src.rpm ImageMagick-7.1.0.9-150400.6.21.1.x86_64.rpm ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1.x86_64.rpm ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1.x86_64.rpm ImageMagick-devel-32bit-7.1.0.9-150400.6.21.1.x86_64.rpm ImageMagick-devel-7.1.0.9-150400.6.21.1.x86_64.rpm ImageMagick-doc-7.1.0.9-150400.6.21.1.noarch.rpm ImageMagick-extra-7.1.0.9-150400.6.21.1.x86_64.rpm libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.21.1.x86_64.rpm libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1.x86_64.rpm libMagick++-devel-32bit-7.1.0.9-150400.6.21.1.x86_64.rpm libMagick++-devel-7.1.0.9-150400.6.21.1.x86_64.rpm libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.21.1.x86_64.rpm libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1.x86_64.rpm libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.21.1.x86_64.rpm libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1.x86_64.rpm perl-PerlMagick-7.1.0.9-150400.6.21.1.x86_64.rpm ImageMagick-7.1.0.9-150400.6.21.1.s390x.rpm ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1.s390x.rpm ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1.s390x.rpm ImageMagick-devel-7.1.0.9-150400.6.21.1.s390x.rpm ImageMagick-extra-7.1.0.9-150400.6.21.1.s390x.rpm libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1.s390x.rpm libMagick++-devel-7.1.0.9-150400.6.21.1.s390x.rpm libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1.s390x.rpm libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1.s390x.rpm perl-PerlMagick-7.1.0.9-150400.6.21.1.s390x.rpm ImageMagick-7.1.0.9-150400.6.21.1.ppc64le.rpm ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1.ppc64le.rpm ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1.ppc64le.rpm ImageMagick-devel-7.1.0.9-150400.6.21.1.ppc64le.rpm ImageMagick-extra-7.1.0.9-150400.6.21.1.ppc64le.rpm libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1.ppc64le.rpm libMagick++-devel-7.1.0.9-150400.6.21.1.ppc64le.rpm libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1.ppc64le.rpm libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1.ppc64le.rpm perl-PerlMagick-7.1.0.9-150400.6.21.1.ppc64le.rpm ImageMagick-7.1.0.9-150400.6.21.1.aarch64.rpm ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1.aarch64.rpm ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1.aarch64.rpm ImageMagick-devel-7.1.0.9-150400.6.21.1.aarch64.rpm ImageMagick-extra-7.1.0.9-150400.6.21.1.aarch64.rpm libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1.aarch64.rpm libMagick++-devel-7.1.0.9-150400.6.21.1.aarch64.rpm libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1.aarch64.rpm libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1.aarch64.rpm perl-PerlMagick-7.1.0.9-150400.6.21.1.aarch64.rpm openSUSE-SLE-15.5-2023-2433 moderate SUSE Updates openSUSE-SLE 15.5 This update for picocli fixes the following issues: - Build picocli using ant to avoid cycles (jsc#SLE-23217) picocli-4.6.2-150200.3.8.1.noarch.rpm picocli-4.6.2-150200.3.8.1.src.rpm picocli-javadoc-4.6.2-150200.3.8.1.noarch.rpm openSUSE-SLE-15.5-2023-2432 moderate SUSE Updates openSUSE-SLE 15.5 This update for mockito fixes the following issues: - Build with Java 8 (jsc#SLE-23217) mockito-1.10.19-150200.3.4.1.noarch.rpm mockito-1.10.19-150200.3.4.1.src.rpm mockito-javadoc-1.10.19-150200.3.4.1.noarch.rpm openSUSE-SLE-15.5-2023-2529 moderate SUSE Updates openSUSE-SLE 15.5 This update for go1.19-openssl fixes the following issues: This update delivers a go1.19 1.19.10.1 package built with its cryptography using the system openssl library. (jsc#SLE-18320 jsc#PED-1962) This allows GO binaries built with go1.19-openssl to be operating in FIPS 140-2/3 mode. go1.19-openssl-1.19.10.1-150000.1.5.1.src.rpm go1.19-openssl-1.19.10.1-150000.1.5.1.x86_64.rpm go1.19-openssl-doc-1.19.10.1-150000.1.5.1.x86_64.rpm go1.19-openssl-race-1.19.10.1-150000.1.5.1.x86_64.rpm go1.19-openssl-1.19.10.1-150000.1.5.1.s390x.rpm go1.19-openssl-doc-1.19.10.1-150000.1.5.1.s390x.rpm go1.19-openssl-race-1.19.10.1-150000.1.5.1.s390x.rpm go1.19-openssl-1.19.10.1-150000.1.5.1.ppc64le.rpm go1.19-openssl-doc-1.19.10.1-150000.1.5.1.ppc64le.rpm go1.19-openssl-race-1.19.10.1-150000.1.5.1.ppc64le.rpm go1.19-openssl-1.19.10.1-150000.1.5.1.aarch64.rpm go1.19-openssl-doc-1.19.10.1-150000.1.5.1.aarch64.rpm go1.19-openssl-race-1.19.10.1-150000.1.5.1.aarch64.rpm openSUSE-SLE-15.5-2023-2452 moderate SUSE Updates openSUSE-SLE 15.5 This update for libnvme, nvme-cli, nvme-stas fixes the following issues: - Update to version v1.4 (jsc#PED-553, jsc#PED-3884) - Fix invalid string lenght calculation for UUID (bsc#1209906) - Fix segmentation fault during garbage collection (bsc#1209905) - Always sanitize traddr and trsvcid entries (bsc#1207435) - Allow tracking unique discover controllers (bsc#1186689) - Enabled unit test on s390x again (bsc#1207687, bsc#1207686) - Replaced old nbft implementation with the upstream one - Don't enable TLS if kernel does not support it - Set version-tag so that version are correctly reported - Extend udev rule to pass --host-interface argument to nvme-cli (bsc#1208001) - Build documentation to be up to date - Improvements for supported-log-pages (bsc#1209550) - Fix read command (bsc#1209564) - Fix mounting filesystems via fstab (bsc#1208075) - Update host_traddr when using config.json file (bsc#1210089) - Changed default behavior of connect-all to match with old nbft behavior - Fix auto connect conditions (bsc#1210105) - Fix auto boot for NBFT connections (bsc#1211647) - nvme-stas: Update to version 2.2: - add DHCHAP support for in-band authentication (bsc#1208580) libnvme-1.4+18.g932f9c37e05a-150500.4.3.1.src.rpm libnvme-devel-1.4+18.g932f9c37e05a-150500.4.3.1.x86_64.rpm libnvme-mi1-1.4+18.g932f9c37e05a-150500.4.3.1.x86_64.rpm libnvme1-1.4+18.g932f9c37e05a-150500.4.3.1.x86_64.rpm nvme-cli-2.4+17.gf4cfca93998a-150500.4.3.1.src.rpm nvme-cli-2.4+17.gf4cfca93998a-150500.4.3.1.x86_64.rpm nvme-cli-bash-completion-2.4+17.gf4cfca93998a-150500.4.3.1.noarch.rpm nvme-cli-regress-script-2.4+17.gf4cfca93998a-150500.4.3.1.noarch.rpm nvme-cli-zsh-completion-2.4+17.gf4cfca93998a-150500.4.3.1.noarch.rpm nvme-stas-2.2-150500.3.3.1.src.rpm nvme-stas-2.2-150500.3.3.1.x86_64.rpm python3-libnvme-1.4+18.g932f9c37e05a-150500.4.3.1.x86_64.rpm libnvme-devel-1.4+18.g932f9c37e05a-150500.4.3.1.s390x.rpm libnvme-mi1-1.4+18.g932f9c37e05a-150500.4.3.1.s390x.rpm libnvme1-1.4+18.g932f9c37e05a-150500.4.3.1.s390x.rpm nvme-cli-2.4+17.gf4cfca93998a-150500.4.3.1.s390x.rpm nvme-stas-2.2-150500.3.3.1.s390x.rpm python3-libnvme-1.4+18.g932f9c37e05a-150500.4.3.1.s390x.rpm libnvme-devel-1.4+18.g932f9c37e05a-150500.4.3.1.ppc64le.rpm libnvme-mi1-1.4+18.g932f9c37e05a-150500.4.3.1.ppc64le.rpm libnvme1-1.4+18.g932f9c37e05a-150500.4.3.1.ppc64le.rpm nvme-cli-2.4+17.gf4cfca93998a-150500.4.3.1.ppc64le.rpm nvme-stas-2.2-150500.3.3.1.ppc64le.rpm python3-libnvme-1.4+18.g932f9c37e05a-150500.4.3.1.ppc64le.rpm libnvme-devel-1.4+18.g932f9c37e05a-150500.4.3.1.aarch64.rpm libnvme-mi1-1.4+18.g932f9c37e05a-150500.4.3.1.aarch64.rpm libnvme1-1.4+18.g932f9c37e05a-150500.4.3.1.aarch64.rpm nvme-cli-2.4+17.gf4cfca93998a-150500.4.3.1.aarch64.rpm nvme-stas-2.2-150500.3.3.1.aarch64.rpm python3-libnvme-1.4+18.g932f9c37e05a-150500.4.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-2601 moderate SUSE Updates openSUSE-SLE 15.5 This update for go1.20-openssl fixes the following issues: This update delivers a go1.20 1.20.5.2 package built with its cryptography using the system openssl library. (jsc#SLE-18320 jsc#PED-1962) This allows GO binaries built with go1.20-openssl to be operating in FIPS 140-2/3 mode. go1.20-openssl-1.20.5.2-150000.1.5.1.src.rpm go1.20-openssl-1.20.5.2-150000.1.5.1.x86_64.rpm go1.20-openssl-doc-1.20.5.2-150000.1.5.1.x86_64.rpm go1.20-openssl-race-1.20.5.2-150000.1.5.1.x86_64.rpm go1.20-openssl-1.20.5.2-150000.1.5.1.s390x.rpm go1.20-openssl-doc-1.20.5.2-150000.1.5.1.s390x.rpm go1.20-openssl-race-1.20.5.2-150000.1.5.1.s390x.rpm go1.20-openssl-1.20.5.2-150000.1.5.1.ppc64le.rpm go1.20-openssl-doc-1.20.5.2-150000.1.5.1.ppc64le.rpm go1.20-openssl-race-1.20.5.2-150000.1.5.1.ppc64le.rpm go1.20-openssl-1.20.5.2-150000.1.5.1.aarch64.rpm go1.20-openssl-doc-1.20.5.2-150000.1.5.1.aarch64.rpm go1.20-openssl-race-1.20.5.2-150000.1.5.1.aarch64.rpm openSUSE-SLE-15.5-2023-29171 important SUSE Updates openSUSE-SLE 15.5 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) libopenssl-1_1-devel-1.1.1l-150500.17.6.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150500.17.6.1.x86_64.rpm libopenssl1_1-1.1.1l-150500.17.6.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150500.17.6.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150500.17.6.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150500.17.6.1.x86_64.rpm openssl-1_1-1.1.1l-150500.17.6.1.src.rpm openssl-1_1-1.1.1l-150500.17.6.1.x86_64.rpm openssl-1_1-doc-1.1.1l-150500.17.6.1.noarch.rpm libopenssl-1_1-devel-1.1.1l-150500.17.6.1.s390x.rpm libopenssl1_1-1.1.1l-150500.17.6.1.s390x.rpm libopenssl1_1-hmac-1.1.1l-150500.17.6.1.s390x.rpm openssl-1_1-1.1.1l-150500.17.6.1.s390x.rpm libopenssl-1_1-devel-1.1.1l-150500.17.6.1.ppc64le.rpm libopenssl1_1-1.1.1l-150500.17.6.1.ppc64le.rpm libopenssl1_1-hmac-1.1.1l-150500.17.6.1.ppc64le.rpm openssl-1_1-1.1.1l-150500.17.6.1.ppc64le.rpm libopenssl-1_1-devel-1.1.1l-150500.17.6.1.aarch64.rpm libopenssl1_1-1.1.1l-150500.17.6.1.aarch64.rpm libopenssl1_1-hmac-1.1.1l-150500.17.6.1.aarch64.rpm openssl-1_1-1.1.1l-150500.17.6.1.aarch64.rpm openSUSE-SLE-15.5-2023-2515 moderate SUSE Updates openSUSE-SLE 15.5 This update for rekor fixes the following issues: - updated to rekor 1.2.1 (jsc#SLE-23476): - CVE-2023-33199: Fixed that malformed proposed intoto v0.0.2 entries can cause a panic (bsc#1211790). rekor-1.2.1-150400.4.12.1.src.rpm rekor-1.2.1-150400.4.12.1.x86_64.rpm rekor-1.2.1-150400.4.12.1.s390x.rpm rekor-1.2.1-150400.4.12.1.ppc64le.rpm rekor-1.2.1-150400.4.12.1.aarch64.rpm openSUSE-SLE-15.5-2023-2467 important SUSE Updates openSUSE-SLE 15.5 This update for libwebp fixes the following issues: - CVE-2023-1999: Fixed a double free (bsc#1210212). libwebp-1.0.3-150200.3.5.1.src.rpm libwebp-devel-1.0.3-150200.3.5.1.x86_64.rpm libwebp-devel-32bit-1.0.3-150200.3.5.1.x86_64.rpm libwebp-tools-1.0.3-150200.3.5.1.x86_64.rpm libwebp7-1.0.3-150200.3.5.1.x86_64.rpm libwebp7-32bit-1.0.3-150200.3.5.1.x86_64.rpm libwebpdecoder3-1.0.3-150200.3.5.1.x86_64.rpm libwebpdecoder3-32bit-1.0.3-150200.3.5.1.x86_64.rpm libwebpdemux2-1.0.3-150200.3.5.1.x86_64.rpm libwebpdemux2-32bit-1.0.3-150200.3.5.1.x86_64.rpm libwebpmux3-1.0.3-150200.3.5.1.x86_64.rpm libwebpmux3-32bit-1.0.3-150200.3.5.1.x86_64.rpm libwebp-devel-1.0.3-150200.3.5.1.s390x.rpm libwebp-tools-1.0.3-150200.3.5.1.s390x.rpm libwebp7-1.0.3-150200.3.5.1.s390x.rpm libwebpdecoder3-1.0.3-150200.3.5.1.s390x.rpm libwebpdemux2-1.0.3-150200.3.5.1.s390x.rpm libwebpmux3-1.0.3-150200.3.5.1.s390x.rpm libwebp-devel-1.0.3-150200.3.5.1.ppc64le.rpm libwebp-tools-1.0.3-150200.3.5.1.ppc64le.rpm libwebp7-1.0.3-150200.3.5.1.ppc64le.rpm libwebpdecoder3-1.0.3-150200.3.5.1.ppc64le.rpm libwebpdemux2-1.0.3-150200.3.5.1.ppc64le.rpm libwebpmux3-1.0.3-150200.3.5.1.ppc64le.rpm libwebp-devel-1.0.3-150200.3.5.1.aarch64.rpm libwebp-tools-1.0.3-150200.3.5.1.aarch64.rpm libwebp7-1.0.3-150200.3.5.1.aarch64.rpm libwebpdecoder3-1.0.3-150200.3.5.1.aarch64.rpm libwebpdemux2-1.0.3-150200.3.5.1.aarch64.rpm libwebpmux3-1.0.3-150200.3.5.1.aarch64.rpm openSUSE-SLE-15.5-2023-2516 moderate SUSE Updates openSUSE-SLE 15.5 This update for opensc fixes the following issues: - CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894). opensc-0.22.0-150400.3.3.1.src.rpm opensc-0.22.0-150400.3.3.1.x86_64.rpm opensc-32bit-0.22.0-150400.3.3.1.x86_64.rpm opensc-0.22.0-150400.3.3.1.s390x.rpm opensc-0.22.0-150400.3.3.1.ppc64le.rpm opensc-0.22.0-150400.3.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-2489 important SUSE Updates openSUSE-SLE 15.5 This update for MozillaFirefox fixes the following issues: Extended Support Release 102.12.0 ESR (bsc#1211922): - CVE-2023-34414: Click-jacking certificate exceptions through rendering lag - CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 MozillaFirefox-102.12.0-150200.152.90.1.src.rpm MozillaFirefox-102.12.0-150200.152.90.1.x86_64.rpm MozillaFirefox-branding-upstream-102.12.0-150200.152.90.1.x86_64.rpm MozillaFirefox-devel-102.12.0-150200.152.90.1.x86_64.rpm MozillaFirefox-translations-common-102.12.0-150200.152.90.1.x86_64.rpm MozillaFirefox-translations-other-102.12.0-150200.152.90.1.x86_64.rpm MozillaFirefox-102.12.0-150200.152.90.1.s390x.rpm MozillaFirefox-branding-upstream-102.12.0-150200.152.90.1.s390x.rpm MozillaFirefox-devel-102.12.0-150200.152.90.1.s390x.rpm MozillaFirefox-translations-common-102.12.0-150200.152.90.1.s390x.rpm MozillaFirefox-translations-other-102.12.0-150200.152.90.1.s390x.rpm MozillaFirefox-102.12.0-150200.152.90.1.ppc64le.rpm MozillaFirefox-branding-upstream-102.12.0-150200.152.90.1.ppc64le.rpm MozillaFirefox-devel-102.12.0-150200.152.90.1.ppc64le.rpm MozillaFirefox-translations-common-102.12.0-150200.152.90.1.ppc64le.rpm MozillaFirefox-translations-other-102.12.0-150200.152.90.1.ppc64le.rpm MozillaFirefox-102.12.0-150200.152.90.1.aarch64.rpm MozillaFirefox-branding-upstream-102.12.0-150200.152.90.1.aarch64.rpm MozillaFirefox-devel-102.12.0-150200.152.90.1.aarch64.rpm MozillaFirefox-translations-common-102.12.0-150200.152.90.1.aarch64.rpm MozillaFirefox-translations-other-102.12.0-150200.152.90.1.aarch64.rpm openSUSE-SLE-15.5-2023-2597 moderate SUSE Updates openSUSE-SLE 15.5 This update for sapstartsrv-resource-agents fixes the following issues: - Version bump to 0.9.2 * Prevent systemd service race between sapping and sappong during system boot. (bsc#1207138) * Fix a problem of monitor/probe operation to detect a running sapstartsrv process. (bsc#1210790) sapstartsrv-resource-agents-0.9.2+git.1684336720.d2ebd49-150000.1.18.1.noarch.rpm sapstartsrv-resource-agents-0.9.2+git.1684336720.d2ebd49-150000.1.18.1.src.rpm openSUSE-SLE-15.5-2023-2517 moderate SUSE Updates openSUSE-SLE 15.5 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). libpython3_6m1_0-3.6.15-150300.10.48.1.x86_64.rpm libpython3_6m1_0-32bit-3.6.15-150300.10.48.1.x86_64.rpm python3-3.6.15-150300.10.48.1.src.rpm python3-3.6.15-150300.10.48.1.x86_64.rpm python3-base-3.6.15-150300.10.48.1.x86_64.rpm python3-core-3.6.15-150300.10.48.1.src.rpm python3-curses-3.6.15-150300.10.48.1.x86_64.rpm python3-dbm-3.6.15-150300.10.48.1.x86_64.rpm python3-devel-3.6.15-150300.10.48.1.x86_64.rpm python3-doc-3.6.15-150300.10.48.1.x86_64.rpm python3-doc-devhelp-3.6.15-150300.10.48.1.x86_64.rpm python3-documentation-3.6.15-150300.10.48.1.src.rpm python3-idle-3.6.15-150300.10.48.1.x86_64.rpm python3-testsuite-3.6.15-150300.10.48.1.x86_64.rpm python3-tk-3.6.15-150300.10.48.1.x86_64.rpm python3-tools-3.6.15-150300.10.48.1.x86_64.rpm libpython3_6m1_0-3.6.15-150300.10.48.1.s390x.rpm python3-3.6.15-150300.10.48.1.s390x.rpm python3-base-3.6.15-150300.10.48.1.s390x.rpm python3-curses-3.6.15-150300.10.48.1.s390x.rpm python3-dbm-3.6.15-150300.10.48.1.s390x.rpm python3-devel-3.6.15-150300.10.48.1.s390x.rpm python3-doc-3.6.15-150300.10.48.1.s390x.rpm python3-doc-devhelp-3.6.15-150300.10.48.1.s390x.rpm python3-idle-3.6.15-150300.10.48.1.s390x.rpm python3-testsuite-3.6.15-150300.10.48.1.s390x.rpm python3-tk-3.6.15-150300.10.48.1.s390x.rpm python3-tools-3.6.15-150300.10.48.1.s390x.rpm libpython3_6m1_0-3.6.15-150300.10.48.1.ppc64le.rpm python3-3.6.15-150300.10.48.1.ppc64le.rpm python3-base-3.6.15-150300.10.48.1.ppc64le.rpm python3-curses-3.6.15-150300.10.48.1.ppc64le.rpm python3-dbm-3.6.15-150300.10.48.1.ppc64le.rpm python3-devel-3.6.15-150300.10.48.1.ppc64le.rpm python3-doc-3.6.15-150300.10.48.1.ppc64le.rpm python3-doc-devhelp-3.6.15-150300.10.48.1.ppc64le.rpm python3-idle-3.6.15-150300.10.48.1.ppc64le.rpm python3-testsuite-3.6.15-150300.10.48.1.ppc64le.rpm python3-tk-3.6.15-150300.10.48.1.ppc64le.rpm python3-tools-3.6.15-150300.10.48.1.ppc64le.rpm libpython3_6m1_0-3.6.15-150300.10.48.1.aarch64.rpm python3-3.6.15-150300.10.48.1.aarch64.rpm python3-base-3.6.15-150300.10.48.1.aarch64.rpm python3-curses-3.6.15-150300.10.48.1.aarch64.rpm python3-dbm-3.6.15-150300.10.48.1.aarch64.rpm python3-devel-3.6.15-150300.10.48.1.aarch64.rpm python3-doc-3.6.15-150300.10.48.1.aarch64.rpm python3-doc-devhelp-3.6.15-150300.10.48.1.aarch64.rpm python3-idle-3.6.15-150300.10.48.1.aarch64.rpm python3-testsuite-3.6.15-150300.10.48.1.aarch64.rpm python3-tk-3.6.15-150300.10.48.1.aarch64.rpm python3-tools-3.6.15-150300.10.48.1.aarch64.rpm openSUSE-SLE-15.5-2023-2463 moderate SUSE Updates openSUSE-SLE 15.5 This update for python310 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). libpython3_10-1_0-3.10.11-150400.4.25.1.x86_64.rpm libpython3_10-1_0-32bit-3.10.11-150400.4.25.1.x86_64.rpm python310-3.10.11-150400.4.25.1.src.rpm python310-3.10.11-150400.4.25.1.x86_64.rpm python310-32bit-3.10.11-150400.4.25.1.x86_64.rpm python310-base-3.10.11-150400.4.25.1.x86_64.rpm python310-base-32bit-3.10.11-150400.4.25.1.x86_64.rpm python310-core-3.10.11-150400.4.25.1.src.rpm python310-curses-3.10.11-150400.4.25.1.x86_64.rpm python310-dbm-3.10.11-150400.4.25.1.x86_64.rpm python310-devel-3.10.11-150400.4.25.1.x86_64.rpm python310-doc-3.10.11-150400.4.25.1.x86_64.rpm python310-doc-devhelp-3.10.11-150400.4.25.1.x86_64.rpm python310-documentation-3.10.11-150400.4.25.1.src.rpm python310-idle-3.10.11-150400.4.25.1.x86_64.rpm python310-testsuite-3.10.11-150400.4.25.1.x86_64.rpm python310-tk-3.10.11-150400.4.25.1.x86_64.rpm python310-tools-3.10.11-150400.4.25.1.x86_64.rpm libpython3_10-1_0-3.10.11-150400.4.25.1.s390x.rpm python310-3.10.11-150400.4.25.1.s390x.rpm python310-base-3.10.11-150400.4.25.1.s390x.rpm python310-curses-3.10.11-150400.4.25.1.s390x.rpm python310-dbm-3.10.11-150400.4.25.1.s390x.rpm python310-devel-3.10.11-150400.4.25.1.s390x.rpm python310-doc-3.10.11-150400.4.25.1.s390x.rpm python310-doc-devhelp-3.10.11-150400.4.25.1.s390x.rpm python310-idle-3.10.11-150400.4.25.1.s390x.rpm python310-testsuite-3.10.11-150400.4.25.1.s390x.rpm python310-tk-3.10.11-150400.4.25.1.s390x.rpm python310-tools-3.10.11-150400.4.25.1.s390x.rpm libpython3_10-1_0-3.10.11-150400.4.25.1.ppc64le.rpm python310-3.10.11-150400.4.25.1.ppc64le.rpm python310-base-3.10.11-150400.4.25.1.ppc64le.rpm python310-curses-3.10.11-150400.4.25.1.ppc64le.rpm python310-dbm-3.10.11-150400.4.25.1.ppc64le.rpm python310-devel-3.10.11-150400.4.25.1.ppc64le.rpm python310-doc-3.10.11-150400.4.25.1.ppc64le.rpm python310-doc-devhelp-3.10.11-150400.4.25.1.ppc64le.rpm python310-idle-3.10.11-150400.4.25.1.ppc64le.rpm python310-testsuite-3.10.11-150400.4.25.1.ppc64le.rpm python310-tk-3.10.11-150400.4.25.1.ppc64le.rpm python310-tools-3.10.11-150400.4.25.1.ppc64le.rpm libpython3_10-1_0-3.10.11-150400.4.25.1.aarch64.rpm python310-3.10.11-150400.4.25.1.aarch64.rpm python310-base-3.10.11-150400.4.25.1.aarch64.rpm python310-curses-3.10.11-150400.4.25.1.aarch64.rpm python310-dbm-3.10.11-150400.4.25.1.aarch64.rpm python310-devel-3.10.11-150400.4.25.1.aarch64.rpm python310-doc-3.10.11-150400.4.25.1.aarch64.rpm python310-doc-devhelp-3.10.11-150400.4.25.1.aarch64.rpm python310-idle-3.10.11-150400.4.25.1.aarch64.rpm python310-testsuite-3.10.11-150400.4.25.1.aarch64.rpm python310-tk-3.10.11-150400.4.25.1.aarch64.rpm python310-tools-3.10.11-150400.4.25.1.aarch64.rpm openSUSE-SLE-15.5-2023-2619 moderate SUSE Updates openSUSE-SLE 15.5 This update for python-sqlparse fixes the following issues: - CVE-2023-30608: Fixed a Regular Expression Denial of Service (ReDOS) vulnerability (bsc#1210617). python-sqlparse-0.4.2-150300.3.6.1.src.rpm python3-sqlparse-0.4.2-150300.3.6.1.noarch.rpm openSUSE-SLE-15.5-2023-2481 moderate SUSE Updates openSUSE-SLE 15.5 This update for dracut fixes the following issues: - Update to version 055+suse.364.g4c1d0276: - Honor rd.timeout for nvme ctrl_loss_tmo (bsc#1211080) - Suppress warning if hostname is not set (bsc#1211072) - Set netroot=nbft (bsc#1210909) dracut-055+suse.364.g4c1d0276-150500.3.3.1.src.rpm dracut-055+suse.364.g4c1d0276-150500.3.3.1.x86_64.rpm dracut-extra-055+suse.364.g4c1d0276-150500.3.3.1.x86_64.rpm dracut-fips-055+suse.364.g4c1d0276-150500.3.3.1.x86_64.rpm dracut-ima-055+suse.364.g4c1d0276-150500.3.3.1.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.364.g4c1d0276-150500.3.3.1.x86_64.rpm dracut-tools-055+suse.364.g4c1d0276-150500.3.3.1.x86_64.rpm dracut-055+suse.364.g4c1d0276-150500.3.3.1.s390x.rpm dracut-extra-055+suse.364.g4c1d0276-150500.3.3.1.s390x.rpm dracut-fips-055+suse.364.g4c1d0276-150500.3.3.1.s390x.rpm dracut-ima-055+suse.364.g4c1d0276-150500.3.3.1.s390x.rpm dracut-mkinitrd-deprecated-055+suse.364.g4c1d0276-150500.3.3.1.s390x.rpm dracut-tools-055+suse.364.g4c1d0276-150500.3.3.1.s390x.rpm dracut-055+suse.364.g4c1d0276-150500.3.3.1.ppc64le.rpm dracut-extra-055+suse.364.g4c1d0276-150500.3.3.1.ppc64le.rpm dracut-fips-055+suse.364.g4c1d0276-150500.3.3.1.ppc64le.rpm dracut-ima-055+suse.364.g4c1d0276-150500.3.3.1.ppc64le.rpm dracut-mkinitrd-deprecated-055+suse.364.g4c1d0276-150500.3.3.1.ppc64le.rpm dracut-tools-055+suse.364.g4c1d0276-150500.3.3.1.ppc64le.rpm dracut-055+suse.364.g4c1d0276-150500.3.3.1.aarch64.rpm dracut-extra-055+suse.364.g4c1d0276-150500.3.3.1.aarch64.rpm dracut-fips-055+suse.364.g4c1d0276-150500.3.3.1.aarch64.rpm dracut-ima-055+suse.364.g4c1d0276-150500.3.3.1.aarch64.rpm dracut-mkinitrd-deprecated-055+suse.364.g4c1d0276-150500.3.3.1.aarch64.rpm dracut-tools-055+suse.364.g4c1d0276-150500.3.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-2519 moderate SUSE Updates openSUSE-SLE 15.5 This update for supportutils fixes the following issues: - Added missed sanitation check on crash.txt (bsc#1203818) - Added check to _sanitize_file - Using variable for replement text in _sanitize_file supportutils-3.1.21-150300.7.35.18.1.noarch.rpm supportutils-3.1.21-150300.7.35.18.1.src.rpm openSUSE-SLE-15.5-2023-2612 important SUSE Updates openSUSE-SLE 15.5 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 102.12 MFSA 2023-21 (bsc#1211922): - CVE-2023-34414: Click-jacking certificate exceptions through rendering lag - CVE-2023-34416: Memory safety bugs fixed in Thunderbird 102.12 MozillaThunderbird-102.12.0-150200.8.121.1.src.rpm MozillaThunderbird-102.12.0-150200.8.121.1.x86_64.rpm MozillaThunderbird-translations-common-102.12.0-150200.8.121.1.x86_64.rpm MozillaThunderbird-translations-other-102.12.0-150200.8.121.1.x86_64.rpm MozillaThunderbird-102.12.0-150200.8.121.1.s390x.rpm MozillaThunderbird-translations-common-102.12.0-150200.8.121.1.s390x.rpm MozillaThunderbird-translations-other-102.12.0-150200.8.121.1.s390x.rpm MozillaThunderbird-102.12.0-150200.8.121.1.ppc64le.rpm MozillaThunderbird-translations-common-102.12.0-150200.8.121.1.ppc64le.rpm MozillaThunderbird-translations-other-102.12.0-150200.8.121.1.ppc64le.rpm MozillaThunderbird-102.12.0-150200.8.121.1.aarch64.rpm MozillaThunderbird-translations-common-102.12.0-150200.8.121.1.aarch64.rpm MozillaThunderbird-translations-other-102.12.0-150200.8.121.1.aarch64.rpm openSUSE-SLE-15.5-2023-2620 moderate SUSE Updates openSUSE-SLE 15.5 This update for openssl-3 fixes the following issues: - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64.rpm libopenssl-3-devel-32bit-3.0.8-150500.5.3.1.x86_64.rpm libopenssl3-3.0.8-150500.5.3.1.x86_64.rpm libopenssl3-32bit-3.0.8-150500.5.3.1.x86_64.rpm openssl-3-3.0.8-150500.5.3.1.src.rpm openssl-3-3.0.8-150500.5.3.1.x86_64.rpm openssl-3-doc-3.0.8-150500.5.3.1.noarch.rpm libopenssl-3-devel-3.0.8-150500.5.3.1.s390x.rpm libopenssl3-3.0.8-150500.5.3.1.s390x.rpm openssl-3-3.0.8-150500.5.3.1.s390x.rpm libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le.rpm libopenssl3-3.0.8-150500.5.3.1.ppc64le.rpm openssl-3-3.0.8-150500.5.3.1.ppc64le.rpm libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64.rpm libopenssl3-3.0.8-150500.5.3.1.aarch64.rpm openssl-3-3.0.8-150500.5.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-2491 important SUSE Updates openSUSE-SLE 15.5 This update for java-1_8_0-ibm fixes the following issues: - CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628). - CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631). - CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632). - CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634). - CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637). - CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615). - CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636). - CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635). Additional reference fixed already in 8.0.7.15: - CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711). java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.nosrc.rpm java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64.rpm java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64.rpm java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64.rpm java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64.rpm java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64.rpm java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64.rpm java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64.rpm java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64.rpm java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x.rpm java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x.rpm java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x.rpm java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x.rpm java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le.rpm java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le.rpm java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le.rpm java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le.rpm openSUSE-SLE-15.5-2023-2495 important SUSE Updates openSUSE-SLE 15.5 This update for libzypp fixes the following issues: - Fix "Curl error 92" when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] libzypp-17.31.13-150400.3.30.1.src.rpm True libzypp-17.31.13-150400.3.30.1.x86_64.rpm True libzypp-devel-17.31.13-150400.3.30.1.x86_64.rpm True libzypp-devel-doc-17.31.13-150400.3.30.1.x86_64.rpm True libzypp-17.31.13-150400.3.30.1.s390x.rpm True libzypp-devel-17.31.13-150400.3.30.1.s390x.rpm True libzypp-devel-doc-17.31.13-150400.3.30.1.s390x.rpm True libzypp-17.31.13-150400.3.30.1.ppc64le.rpm True libzypp-devel-17.31.13-150400.3.30.1.ppc64le.rpm True libzypp-devel-doc-17.31.13-150400.3.30.1.ppc64le.rpm True libzypp-17.31.13-150400.3.30.1.aarch64.rpm True libzypp-devel-17.31.13-150400.3.30.1.aarch64.rpm True libzypp-devel-doc-17.31.13-150400.3.30.1.aarch64.rpm True openSUSE-SLE-15.5-2023-2525 moderate SUSE Updates openSUSE-SLE 15.5 This update for go1.19 fixes the following issues: Update to go1.19.10 (bsc#1200441): - CVE-2023-29402: cmd/go: Fixed cgo code injection (bsc#1212073). - CVE-2023-29403: runtime: Fixed unexpected behavior of setuid/setgid binaries (bsc#1212074). - CVE-2023-29404: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212075). - CVE-2023-29405: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212076). go1.19-1.19.10-150000.1.34.1.src.rpm go1.19-1.19.10-150000.1.34.1.x86_64.rpm go1.19-doc-1.19.10-150000.1.34.1.x86_64.rpm go1.19-race-1.19.10-150000.1.34.1.x86_64.rpm go1.19-1.19.10-150000.1.34.1.s390x.rpm go1.19-doc-1.19.10-150000.1.34.1.s390x.rpm go1.19-race-1.19.10-150000.1.34.1.s390x.rpm go1.19-1.19.10-150000.1.34.1.ppc64le.rpm go1.19-doc-1.19.10-150000.1.34.1.ppc64le.rpm go1.19-race-1.19.10-150000.1.34.1.ppc64le.rpm go1.19-1.19.10-150000.1.34.1.aarch64.rpm go1.19-doc-1.19.10-150000.1.34.1.aarch64.rpm go1.19-race-1.19.10-150000.1.34.1.aarch64.rpm openSUSE-SLE-15.5-2023-2526 moderate SUSE Updates openSUSE-SLE 15.5 This update for go1.20 fixes the following issues: Update to go1.20.5 (bsc#1206346): - CVE-2023-29402: cmd/go: Fixed cgo code injection (bsc#1212073). - CVE-2023-29403: runtime: Fixed unexpected behavior of setuid/setgid binaries (bsc#1212074). - CVE-2023-29404: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212075). - CVE-2023-29405: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212076). go1.20-1.20.5-150000.1.14.1.src.rpm go1.20-1.20.5-150000.1.14.1.x86_64.rpm go1.20-doc-1.20.5-150000.1.14.1.x86_64.rpm go1.20-race-1.20.5-150000.1.14.1.x86_64.rpm go1.20-1.20.5-150000.1.14.1.s390x.rpm go1.20-doc-1.20.5-150000.1.14.1.s390x.rpm go1.20-race-1.20.5-150000.1.14.1.s390x.rpm go1.20-1.20.5-150000.1.14.1.ppc64le.rpm go1.20-doc-1.20.5-150000.1.14.1.ppc64le.rpm go1.20-race-1.20.5-150000.1.14.1.ppc64le.rpm go1.20-1.20.5-150000.1.14.1.aarch64.rpm go1.20-doc-1.20.5-150000.1.14.1.aarch64.rpm go1.20-race-1.20.5-150000.1.14.1.aarch64.rpm openSUSE-SLE-15.5-2023-2547 moderate SUSE Updates openSUSE-SLE 15.5 This update for qemu fixes the following issues: - vCPU stalls in Qemu with NFS storage (bsc#1211000) qemu-testsuite-6.2.0-150400.37.17.2.src.rpm qemu-testsuite-6.2.0-150400.37.17.2.x86_64.rpm qemu-testsuite-6.2.0-150400.37.17.2.s390x.rpm qemu-testsuite-6.2.0-150400.37.17.2.ppc64le.rpm qemu-testsuite-6.2.0-150400.37.17.2.aarch64.rpm openSUSE-SLE-15.5-2023-2549 moderate SUSE Updates openSUSE-SLE 15.5 This update for qemu fixes the following issues: - vCPU stalls in Qemu with NFS storage (bsc#1211000) - The SMBIOS tables are not being filled out correctly (bsc#bsc#1211697) qemu-7.1.0-150500.49.3.1.src.rpm qemu-7.1.0-150500.49.3.1.x86_64.rpm qemu-SLOF-7.1.0-150500.49.3.1.noarch.rpm qemu-accel-qtest-7.1.0-150500.49.3.1.x86_64.rpm qemu-accel-tcg-x86-7.1.0-150500.49.3.1.x86_64.rpm qemu-arm-7.1.0-150500.49.3.1.x86_64.rpm qemu-audio-alsa-7.1.0-150500.49.3.1.x86_64.rpm qemu-audio-dbus-7.1.0-150500.49.3.1.x86_64.rpm qemu-audio-jack-7.1.0-150500.49.3.1.x86_64.rpm qemu-audio-pa-7.1.0-150500.49.3.1.x86_64.rpm qemu-audio-spice-7.1.0-150500.49.3.1.x86_64.rpm qemu-block-curl-7.1.0-150500.49.3.1.x86_64.rpm qemu-block-dmg-7.1.0-150500.49.3.1.x86_64.rpm qemu-block-gluster-7.1.0-150500.49.3.1.x86_64.rpm qemu-block-iscsi-7.1.0-150500.49.3.1.x86_64.rpm qemu-block-nfs-7.1.0-150500.49.3.1.x86_64.rpm qemu-block-rbd-7.1.0-150500.49.3.1.x86_64.rpm qemu-block-ssh-7.1.0-150500.49.3.1.x86_64.rpm qemu-chardev-baum-7.1.0-150500.49.3.1.x86_64.rpm qemu-chardev-spice-7.1.0-150500.49.3.1.x86_64.rpm qemu-extra-7.1.0-150500.49.3.1.x86_64.rpm qemu-guest-agent-7.1.0-150500.49.3.1.x86_64.rpm qemu-hw-display-qxl-7.1.0-150500.49.3.1.x86_64.rpm qemu-hw-display-virtio-gpu-7.1.0-150500.49.3.1.x86_64.rpm qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.3.1.x86_64.rpm qemu-hw-display-virtio-vga-7.1.0-150500.49.3.1.x86_64.rpm qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.3.1.x86_64.rpm qemu-hw-usb-host-7.1.0-150500.49.3.1.x86_64.rpm qemu-hw-usb-redirect-7.1.0-150500.49.3.1.x86_64.rpm qemu-hw-usb-smartcard-7.1.0-150500.49.3.1.x86_64.rpm qemu-ipxe-1.0.0+-150500.49.3.1.noarch.rpm qemu-ivshmem-tools-7.1.0-150500.49.3.1.x86_64.rpm qemu-ksm-7.1.0-150500.49.3.1.x86_64.rpm qemu-kvm-7.1.0-150500.49.3.1.x86_64.rpm qemu-lang-7.1.0-150500.49.3.1.x86_64.rpm qemu-microvm-7.1.0-150500.49.3.1.noarch.rpm qemu-ppc-7.1.0-150500.49.3.1.x86_64.rpm qemu-s390x-7.1.0-150500.49.3.1.x86_64.rpm qemu-seabios-1.16.0_0_gd239552-150500.49.3.1.noarch.rpm qemu-sgabios-8-150500.49.3.1.noarch.rpm qemu-skiboot-7.1.0-150500.49.3.1.noarch.rpm qemu-tools-7.1.0-150500.49.3.1.x86_64.rpm qemu-ui-curses-7.1.0-150500.49.3.1.x86_64.rpm qemu-ui-dbus-7.1.0-150500.49.3.1.x86_64.rpm qemu-ui-gtk-7.1.0-150500.49.3.1.x86_64.rpm qemu-ui-opengl-7.1.0-150500.49.3.1.x86_64.rpm qemu-ui-spice-app-7.1.0-150500.49.3.1.x86_64.rpm qemu-ui-spice-core-7.1.0-150500.49.3.1.x86_64.rpm qemu-vgabios-1.16.0_0_gd239552-150500.49.3.1.noarch.rpm qemu-vhost-user-gpu-7.1.0-150500.49.3.1.x86_64.rpm qemu-x86-7.1.0-150500.49.3.1.x86_64.rpm qemu-7.1.0-150500.49.3.1.s390x.rpm qemu-accel-qtest-7.1.0-150500.49.3.1.s390x.rpm qemu-accel-tcg-x86-7.1.0-150500.49.3.1.s390x.rpm qemu-arm-7.1.0-150500.49.3.1.s390x.rpm qemu-audio-alsa-7.1.0-150500.49.3.1.s390x.rpm qemu-audio-dbus-7.1.0-150500.49.3.1.s390x.rpm qemu-audio-jack-7.1.0-150500.49.3.1.s390x.rpm qemu-audio-pa-7.1.0-150500.49.3.1.s390x.rpm qemu-audio-spice-7.1.0-150500.49.3.1.s390x.rpm qemu-block-curl-7.1.0-150500.49.3.1.s390x.rpm qemu-block-dmg-7.1.0-150500.49.3.1.s390x.rpm qemu-block-gluster-7.1.0-150500.49.3.1.s390x.rpm qemu-block-iscsi-7.1.0-150500.49.3.1.s390x.rpm qemu-block-nfs-7.1.0-150500.49.3.1.s390x.rpm qemu-block-rbd-7.1.0-150500.49.3.1.s390x.rpm qemu-block-ssh-7.1.0-150500.49.3.1.s390x.rpm qemu-chardev-baum-7.1.0-150500.49.3.1.s390x.rpm qemu-chardev-spice-7.1.0-150500.49.3.1.s390x.rpm qemu-extra-7.1.0-150500.49.3.1.s390x.rpm qemu-guest-agent-7.1.0-150500.49.3.1.s390x.rpm qemu-hw-display-qxl-7.1.0-150500.49.3.1.s390x.rpm qemu-hw-display-virtio-gpu-7.1.0-150500.49.3.1.s390x.rpm qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.3.1.s390x.rpm qemu-hw-display-virtio-vga-7.1.0-150500.49.3.1.s390x.rpm qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.3.1.s390x.rpm qemu-hw-usb-host-7.1.0-150500.49.3.1.s390x.rpm qemu-hw-usb-redirect-7.1.0-150500.49.3.1.s390x.rpm qemu-hw-usb-smartcard-7.1.0-150500.49.3.1.s390x.rpm qemu-ivshmem-tools-7.1.0-150500.49.3.1.s390x.rpm qemu-ksm-7.1.0-150500.49.3.1.s390x.rpm qemu-kvm-7.1.0-150500.49.3.1.s390x.rpm qemu-lang-7.1.0-150500.49.3.1.s390x.rpm qemu-ppc-7.1.0-150500.49.3.1.s390x.rpm qemu-s390x-7.1.0-150500.49.3.1.s390x.rpm qemu-tools-7.1.0-150500.49.3.1.s390x.rpm qemu-ui-curses-7.1.0-150500.49.3.1.s390x.rpm qemu-ui-dbus-7.1.0-150500.49.3.1.s390x.rpm qemu-ui-gtk-7.1.0-150500.49.3.1.s390x.rpm qemu-ui-opengl-7.1.0-150500.49.3.1.s390x.rpm qemu-ui-spice-app-7.1.0-150500.49.3.1.s390x.rpm qemu-ui-spice-core-7.1.0-150500.49.3.1.s390x.rpm qemu-vhost-user-gpu-7.1.0-150500.49.3.1.s390x.rpm qemu-x86-7.1.0-150500.49.3.1.s390x.rpm qemu-7.1.0-150500.49.3.1.ppc64le.rpm qemu-accel-qtest-7.1.0-150500.49.3.1.ppc64le.rpm qemu-accel-tcg-x86-7.1.0-150500.49.3.1.ppc64le.rpm qemu-arm-7.1.0-150500.49.3.1.ppc64le.rpm qemu-audio-alsa-7.1.0-150500.49.3.1.ppc64le.rpm qemu-audio-dbus-7.1.0-150500.49.3.1.ppc64le.rpm qemu-audio-jack-7.1.0-150500.49.3.1.ppc64le.rpm qemu-audio-pa-7.1.0-150500.49.3.1.ppc64le.rpm qemu-audio-spice-7.1.0-150500.49.3.1.ppc64le.rpm qemu-block-curl-7.1.0-150500.49.3.1.ppc64le.rpm qemu-block-dmg-7.1.0-150500.49.3.1.ppc64le.rpm qemu-block-gluster-7.1.0-150500.49.3.1.ppc64le.rpm qemu-block-iscsi-7.1.0-150500.49.3.1.ppc64le.rpm qemu-block-nfs-7.1.0-150500.49.3.1.ppc64le.rpm qemu-block-rbd-7.1.0-150500.49.3.1.ppc64le.rpm qemu-block-ssh-7.1.0-150500.49.3.1.ppc64le.rpm qemu-chardev-baum-7.1.0-150500.49.3.1.ppc64le.rpm qemu-chardev-spice-7.1.0-150500.49.3.1.ppc64le.rpm qemu-extra-7.1.0-150500.49.3.1.ppc64le.rpm qemu-guest-agent-7.1.0-150500.49.3.1.ppc64le.rpm qemu-hw-display-qxl-7.1.0-150500.49.3.1.ppc64le.rpm qemu-hw-display-virtio-gpu-7.1.0-150500.49.3.1.ppc64le.rpm qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.3.1.ppc64le.rpm qemu-hw-display-virtio-vga-7.1.0-150500.49.3.1.ppc64le.rpm qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.3.1.ppc64le.rpm qemu-hw-usb-host-7.1.0-150500.49.3.1.ppc64le.rpm qemu-hw-usb-redirect-7.1.0-150500.49.3.1.ppc64le.rpm qemu-hw-usb-smartcard-7.1.0-150500.49.3.1.ppc64le.rpm qemu-ivshmem-tools-7.1.0-150500.49.3.1.ppc64le.rpm qemu-ksm-7.1.0-150500.49.3.1.ppc64le.rpm qemu-lang-7.1.0-150500.49.3.1.ppc64le.rpm qemu-ppc-7.1.0-150500.49.3.1.ppc64le.rpm qemu-s390x-7.1.0-150500.49.3.1.ppc64le.rpm qemu-tools-7.1.0-150500.49.3.1.ppc64le.rpm qemu-ui-curses-7.1.0-150500.49.3.1.ppc64le.rpm qemu-ui-dbus-7.1.0-150500.49.3.1.ppc64le.rpm qemu-ui-gtk-7.1.0-150500.49.3.1.ppc64le.rpm qemu-ui-opengl-7.1.0-150500.49.3.1.ppc64le.rpm qemu-ui-spice-app-7.1.0-150500.49.3.1.ppc64le.rpm qemu-ui-spice-core-7.1.0-150500.49.3.1.ppc64le.rpm qemu-vhost-user-gpu-7.1.0-150500.49.3.1.ppc64le.rpm qemu-x86-7.1.0-150500.49.3.1.ppc64le.rpm qemu-7.1.0-150500.49.3.1.aarch64.rpm qemu-accel-qtest-7.1.0-150500.49.3.1.aarch64.rpm qemu-accel-tcg-x86-7.1.0-150500.49.3.1.aarch64.rpm qemu-arm-7.1.0-150500.49.3.1.aarch64.rpm qemu-audio-alsa-7.1.0-150500.49.3.1.aarch64.rpm qemu-audio-dbus-7.1.0-150500.49.3.1.aarch64.rpm qemu-audio-jack-7.1.0-150500.49.3.1.aarch64.rpm qemu-audio-pa-7.1.0-150500.49.3.1.aarch64.rpm qemu-audio-spice-7.1.0-150500.49.3.1.aarch64.rpm qemu-block-curl-7.1.0-150500.49.3.1.aarch64.rpm qemu-block-dmg-7.1.0-150500.49.3.1.aarch64.rpm qemu-block-gluster-7.1.0-150500.49.3.1.aarch64.rpm qemu-block-iscsi-7.1.0-150500.49.3.1.aarch64.rpm qemu-block-nfs-7.1.0-150500.49.3.1.aarch64.rpm qemu-block-rbd-7.1.0-150500.49.3.1.aarch64.rpm qemu-block-ssh-7.1.0-150500.49.3.1.aarch64.rpm qemu-chardev-baum-7.1.0-150500.49.3.1.aarch64.rpm qemu-chardev-spice-7.1.0-150500.49.3.1.aarch64.rpm qemu-extra-7.1.0-150500.49.3.1.aarch64.rpm qemu-guest-agent-7.1.0-150500.49.3.1.aarch64.rpm qemu-hw-display-qxl-7.1.0-150500.49.3.1.aarch64.rpm qemu-hw-display-virtio-gpu-7.1.0-150500.49.3.1.aarch64.rpm qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.3.1.aarch64.rpm qemu-hw-display-virtio-vga-7.1.0-150500.49.3.1.aarch64.rpm qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.3.1.aarch64.rpm qemu-hw-usb-host-7.1.0-150500.49.3.1.aarch64.rpm qemu-hw-usb-redirect-7.1.0-150500.49.3.1.aarch64.rpm qemu-hw-usb-smartcard-7.1.0-150500.49.3.1.aarch64.rpm qemu-ivshmem-tools-7.1.0-150500.49.3.1.aarch64.rpm qemu-ksm-7.1.0-150500.49.3.1.aarch64.rpm qemu-lang-7.1.0-150500.49.3.1.aarch64.rpm qemu-ppc-7.1.0-150500.49.3.1.aarch64.rpm qemu-s390x-7.1.0-150500.49.3.1.aarch64.rpm qemu-tools-7.1.0-150500.49.3.1.aarch64.rpm qemu-ui-curses-7.1.0-150500.49.3.1.aarch64.rpm qemu-ui-dbus-7.1.0-150500.49.3.1.aarch64.rpm qemu-ui-gtk-7.1.0-150500.49.3.1.aarch64.rpm qemu-ui-opengl-7.1.0-150500.49.3.1.aarch64.rpm qemu-ui-spice-app-7.1.0-150500.49.3.1.aarch64.rpm qemu-ui-spice-core-7.1.0-150500.49.3.1.aarch64.rpm qemu-vhost-user-gpu-7.1.0-150500.49.3.1.aarch64.rpm qemu-x86-7.1.0-150500.49.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-2534 important SUSE Updates openSUSE-SLE 15.5 The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629). The following non-security bugs were fixed: - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - google/gve:fix repeated words in comments (bsc#1211519). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (bsc#1211519). - gve: Fix GFP flags when allocing pages (bsc#1211519). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (bsc#1211519). - gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). - gve: enhance no queue page list detection (bsc#1211519). - hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - scsi: storvsc: Parameterize number hardware queues (bsc#1211622). - usrmerge: Compatibility with earlier rpm (boo#1211796) kernel-vanilla-4.12.14-150100.197.148.1.nosrc.rpm True kernel-vanilla-4.12.14-150100.197.148.1.x86_64.rpm True kernel-vanilla-base-4.12.14-150100.197.148.1.x86_64.rpm True kernel-vanilla-devel-4.12.14-150100.197.148.1.x86_64.rpm True kernel-vanilla-livepatch-devel-4.12.14-150100.197.148.1.x86_64.rpm True kernel-vanilla-4.12.14-150100.197.148.1.s390x.rpm True kernel-vanilla-base-4.12.14-150100.197.148.1.s390x.rpm True kernel-vanilla-devel-4.12.14-150100.197.148.1.s390x.rpm True kernel-vanilla-livepatch-devel-4.12.14-150100.197.148.1.s390x.rpm True kernel-vanilla-4.12.14-150100.197.148.1.ppc64le.rpm True kernel-vanilla-base-4.12.14-150100.197.148.1.ppc64le.rpm True kernel-vanilla-devel-4.12.14-150100.197.148.1.ppc64le.rpm True kernel-vanilla-livepatch-devel-4.12.14-150100.197.148.1.ppc64le.rpm True kernel-vanilla-4.12.14-150100.197.148.1.aarch64.rpm True kernel-vanilla-base-4.12.14-150100.197.148.1.aarch64.rpm True kernel-vanilla-devel-4.12.14-150100.197.148.1.aarch64.rpm True kernel-vanilla-livepatch-devel-4.12.14-150100.197.148.1.aarch64.rpm True openSUSE-SLE-15.5-2023-2543 important SUSE Updates openSUSE-SLE 15.5 This update for kubernetes1.23 fixes the following issues: - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin (bsc#1211630). - CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1211631). kubernetes1.23-1.23.17-150500.3.3.1.src.rpm kubernetes1.23-apiserver-1.23.17-150500.3.3.1.x86_64.rpm kubernetes1.23-client-1.23.17-150500.3.3.1.x86_64.rpm kubernetes1.23-client-bash-completion-1.23.17-150500.3.3.1.noarch.rpm kubernetes1.23-client-common-1.23.17-150500.3.3.1.x86_64.rpm kubernetes1.23-client-fish-completion-1.23.17-150500.3.3.1.noarch.rpm kubernetes1.23-controller-manager-1.23.17-150500.3.3.1.x86_64.rpm kubernetes1.23-kubeadm-1.23.17-150500.3.3.1.x86_64.rpm kubernetes1.23-kubelet-1.23.17-150500.3.3.1.x86_64.rpm kubernetes1.23-kubelet-common-1.23.17-150500.3.3.1.x86_64.rpm kubernetes1.23-proxy-1.23.17-150500.3.3.1.x86_64.rpm kubernetes1.23-scheduler-1.23.17-150500.3.3.1.x86_64.rpm kubernetes1.23-apiserver-1.23.17-150500.3.3.1.s390x.rpm kubernetes1.23-client-1.23.17-150500.3.3.1.s390x.rpm kubernetes1.23-client-common-1.23.17-150500.3.3.1.s390x.rpm kubernetes1.23-controller-manager-1.23.17-150500.3.3.1.s390x.rpm kubernetes1.23-kubeadm-1.23.17-150500.3.3.1.s390x.rpm kubernetes1.23-kubelet-1.23.17-150500.3.3.1.s390x.rpm kubernetes1.23-kubelet-common-1.23.17-150500.3.3.1.s390x.rpm kubernetes1.23-proxy-1.23.17-150500.3.3.1.s390x.rpm kubernetes1.23-scheduler-1.23.17-150500.3.3.1.s390x.rpm kubernetes1.23-apiserver-1.23.17-150500.3.3.1.ppc64le.rpm kubernetes1.23-client-1.23.17-150500.3.3.1.ppc64le.rpm kubernetes1.23-client-common-1.23.17-150500.3.3.1.ppc64le.rpm kubernetes1.23-controller-manager-1.23.17-150500.3.3.1.ppc64le.rpm kubernetes1.23-kubeadm-1.23.17-150500.3.3.1.ppc64le.rpm kubernetes1.23-kubelet-1.23.17-150500.3.3.1.ppc64le.rpm kubernetes1.23-kubelet-common-1.23.17-150500.3.3.1.ppc64le.rpm kubernetes1.23-proxy-1.23.17-150500.3.3.1.ppc64le.rpm kubernetes1.23-scheduler-1.23.17-150500.3.3.1.ppc64le.rpm kubernetes1.23-apiserver-1.23.17-150500.3.3.1.aarch64.rpm kubernetes1.23-client-1.23.17-150500.3.3.1.aarch64.rpm kubernetes1.23-client-common-1.23.17-150500.3.3.1.aarch64.rpm kubernetes1.23-controller-manager-1.23.17-150500.3.3.1.aarch64.rpm kubernetes1.23-kubeadm-1.23.17-150500.3.3.1.aarch64.rpm kubernetes1.23-kubelet-1.23.17-150500.3.3.1.aarch64.rpm kubernetes1.23-kubelet-common-1.23.17-150500.3.3.1.aarch64.rpm kubernetes1.23-proxy-1.23.17-150500.3.3.1.aarch64.rpm kubernetes1.23-scheduler-1.23.17-150500.3.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-2544 important SUSE Updates openSUSE-SLE 15.5 This update for kubernetes1.24 fixes the following issues: - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin (bsc#1211630). - CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1211631). kubernetes1.24-1.24.13-150500.3.3.1.src.rpm kubernetes1.24-apiserver-1.24.13-150500.3.3.1.x86_64.rpm kubernetes1.24-client-1.24.13-150500.3.3.1.x86_64.rpm kubernetes1.24-client-bash-completion-1.24.13-150500.3.3.1.noarch.rpm kubernetes1.24-client-common-1.24.13-150500.3.3.1.x86_64.rpm kubernetes1.24-client-fish-completion-1.24.13-150500.3.3.1.noarch.rpm kubernetes1.24-controller-manager-1.24.13-150500.3.3.1.x86_64.rpm kubernetes1.24-kubeadm-1.24.13-150500.3.3.1.x86_64.rpm kubernetes1.24-kubelet-1.24.13-150500.3.3.1.x86_64.rpm kubernetes1.24-kubelet-common-1.24.13-150500.3.3.1.x86_64.rpm kubernetes1.24-proxy-1.24.13-150500.3.3.1.x86_64.rpm kubernetes1.24-scheduler-1.24.13-150500.3.3.1.x86_64.rpm kubernetes1.24-apiserver-1.24.13-150500.3.3.1.s390x.rpm kubernetes1.24-client-1.24.13-150500.3.3.1.s390x.rpm kubernetes1.24-client-common-1.24.13-150500.3.3.1.s390x.rpm kubernetes1.24-controller-manager-1.24.13-150500.3.3.1.s390x.rpm kubernetes1.24-kubeadm-1.24.13-150500.3.3.1.s390x.rpm kubernetes1.24-kubelet-1.24.13-150500.3.3.1.s390x.rpm kubernetes1.24-kubelet-common-1.24.13-150500.3.3.1.s390x.rpm kubernetes1.24-proxy-1.24.13-150500.3.3.1.s390x.rpm kubernetes1.24-scheduler-1.24.13-150500.3.3.1.s390x.rpm kubernetes1.24-apiserver-1.24.13-150500.3.3.1.ppc64le.rpm kubernetes1.24-client-1.24.13-150500.3.3.1.ppc64le.rpm kubernetes1.24-client-common-1.24.13-150500.3.3.1.ppc64le.rpm kubernetes1.24-controller-manager-1.24.13-150500.3.3.1.ppc64le.rpm kubernetes1.24-kubeadm-1.24.13-150500.3.3.1.ppc64le.rpm kubernetes1.24-kubelet-1.24.13-150500.3.3.1.ppc64le.rpm kubernetes1.24-kubelet-common-1.24.13-150500.3.3.1.ppc64le.rpm kubernetes1.24-proxy-1.24.13-150500.3.3.1.ppc64le.rpm kubernetes1.24-scheduler-1.24.13-150500.3.3.1.ppc64le.rpm kubernetes1.24-apiserver-1.24.13-150500.3.3.1.aarch64.rpm kubernetes1.24-client-1.24.13-150500.3.3.1.aarch64.rpm kubernetes1.24-client-common-1.24.13-150500.3.3.1.aarch64.rpm kubernetes1.24-controller-manager-1.24.13-150500.3.3.1.aarch64.rpm kubernetes1.24-kubeadm-1.24.13-150500.3.3.1.aarch64.rpm kubernetes1.24-kubelet-1.24.13-150500.3.3.1.aarch64.rpm kubernetes1.24-kubelet-common-1.24.13-150500.3.3.1.aarch64.rpm kubernetes1.24-proxy-1.24.13-150500.3.3.1.aarch64.rpm kubernetes1.24-scheduler-1.24.13-150500.3.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-2603 moderate SUSE Updates openSUSE-SLE 15.5 This update for rustup fixes the following issues: - CVE-2022-31394: Fixed possible HTTP2 attacks by specifying the HTTP/2 SETTINGS_MAX_HEADER_LIST_SIZE (bsc#1208552). - CVE-2023-26964: Fixed high memory and CPU usage when stream stacking occurs when H2 processes HTTP2 RST_STREAM frames (bsc#1210345). rustup-1.26.0~0-150400.3.7.1.src.rpm rustup-1.26.0~0-150400.3.7.1.x86_64.rpm rustup-1.26.0~0-150400.3.7.1.aarch64.rpm openSUSE-SLE-15.5-2023-2559 moderate SUSE Updates openSUSE-SLE 15.5 This update for rust, rust1.70 fixes the following issues: Changes in rust: - Update to version 1.70.0 - for details see the rust1.70 package Changes in rust1.70: Version 1.70.0 (2023-06-01) ========================== Language -------- - Relax ordering rules for `asm!` operands - Properly allow macro expanded `format_args` invocations to uses captures - Lint ambiguous glob re-exports - Perform const and unsafe checking for expressions in `let _ = expr` position. Compiler -------- - Extend -Cdebuginfo with new options and named aliases This provides a smaller version of debuginfo for cases that only need line number information (`-Cdebuginfo=line-tables-only`), which may eventually become the default for `-Cdebuginfo=1`. - Make `unused_allocation` lint against `Box::new` too - Detect uninhabited types early in const eval - Switch to LLD as default linker for {arm,thumb}v4t-none-eabi - Add tier 3 target `loongarch64-unknown-linux-gnu` - Add tier 3 target for `i586-pc-nto-qnx700` (QNX Neutrino RTOS, version 7.0) - Insert alignment checks for pointer dereferences as debug assertions This catches undefined behavior at runtime, and may cause existing code to fail. Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - Document NonZeroXxx layout guarantees - Windows: make `Command` prefer non-verbatim paths - Implement Default for some alloc/core iterators - Fix handling of trailing bare CR in str::lines - allow negative numeric literals in `concat!` - Add documentation about the memory layout of `Cell` - Use `partial_cmp` to implement tuple `lt`/`le`/`ge`/`gt` - Stabilize `atomic_as_ptr` - Stabilize `nonnull_slice_from_raw_parts` - Partial stabilization of `once_cell` - Stabilize `nonzero_min_max` - Flatten/inline format_args!() and (string and int) literal arguments into format_args!() - Stabilize movbe target feature - don't splice from files into pipes in io::copy - Add a builtin unstable `FnPtr` trait that is implemented for all function pointers This extends `Debug`, `Pointer`, `Hash`, `PartialEq`, `Eq`, `PartialOrd`, and `Ord` implementations for function pointers with all ABIs. Stabilized APIs --------------- - `NonZero*::MIN/MAX` - `BinaryHeap::retain` - `Default for std::collections::binary_heap::IntoIter` - `Default for std::collections::btree_map::{IntoIter, Iter, IterMut}` - `Default for std::collections::btree_map::{IntoKeys, Keys}` - `Default for std::collections::btree_map::{IntoValues, Values}` - `Default for std::collections::btree_map::Range` - `Default for std::collections::btree_set::{IntoIter, Iter}` - `Default for std::collections::btree_set::Range` - `Default for std::collections::linked_list::{IntoIter, Iter, IterMut}` - `Default for std::vec::IntoIter` - `Default for std::iter::Chain` - `Default for std::iter::Cloned` - `Default for std::iter::Copied` - `Default for std::iter::Enumerate` - `Default for std::iter::Flatten` - `Default for std::iter::Fuse` - `Default for std::iter::Rev` - `Default for std::slice::Iter` - `Default for std::slice::IterMut` - `Rc::into_inner` - `Arc::into_inner` - `std::cell::OnceCell` - `Option::is_some_and` - `NonNull::slice_from_raw_parts` - `Result::is_ok_and` - `Result::is_err_and` - `std::sync::atomic::Atomic*::as_ptr` - `std::io::IsTerminal` - `std::os::linux::net::SocketAddrExt` - `std::os::unix::net::UnixDatagram::bind_addr` - `std::os::unix::net::UnixDatagram::connect_addr` - `std::os::unix::net::UnixDatagram::send_to_addr` - `std::os::unix::net::UnixListener::bind_addr` - `std::path::Path::as_mut_os_str` - `std::sync::OnceLock` Cargo ----- - Add `CARGO_PKG_README` - Make `sparse` the default protocol for crates.io - Accurately show status when downgrading dependencies - Use registry.default for login/logout - Stabilize `cargo logout` Misc ---- - Stabilize rustdoc `--test-run-directory` Compatibility Notes ------------------- - Prevent stable `libtest` from supporting `-Zunstable-options` - Perform const and unsafe checking for expressions in `let _ = expr` position. - WebAssembly targets enable `sign-ext` and `mutable-globals` features in codegen This may cause incompatibility with older execution environments. - Insert alignment checks for pointer dereferences as debug assertions This catches undefined behavior at runtime, and may cause existing code to fail. cargo-1.70.0-150400.24.18.1.x86_64.rpm cargo1.70-1.70.0-150400.9.3.1.x86_64.rpm rust-1.70.0-150400.24.18.1.src.rpm rust-1.70.0-150400.24.18.1.x86_64.rpm rust1.70-1.70.0-150400.9.3.1.nosrc.rpm rust1.70-1.70.0-150400.9.3.1.x86_64.rpm cargo-1.70.0-150400.24.18.1.s390x.rpm cargo1.70-1.70.0-150400.9.3.1.s390x.rpm rust-1.70.0-150400.24.18.1.s390x.rpm rust1.70-1.70.0-150400.9.3.1.s390x.rpm cargo-1.70.0-150400.24.18.1.ppc64le.rpm cargo1.70-1.70.0-150400.9.3.1.ppc64le.rpm rust-1.70.0-150400.24.18.1.ppc64le.rpm rust1.70-1.70.0-150400.9.3.1.ppc64le.rpm cargo-1.70.0-150400.24.18.1.aarch64.rpm cargo1.70-1.70.0-150400.9.3.1.aarch64.rpm rust-1.70.0-150400.24.18.1.aarch64.rpm rust1.70-1.70.0-150400.9.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-2558 moderate SUSE Updates openSUSE-SLE 15.5 This update for virt-manager fixes the following issues: - virt-install --graphics vnc fails with not support for video model 'virtio' (bsc#1201748) - Language file fixes (bsc#1209800, bsc#1197945, bsc#1197947, bsc#1198041) - libvirt fails to start the guest once the new shared disk is added (bsc#1207070) - Replace downstream patch with upstream version (bsc#1203252) virt-install-4.1.0-150500.3.3.1.noarch.rpm virt-manager-4.1.0-150500.3.3.1.noarch.rpm virt-manager-4.1.0-150500.3.3.1.src.rpm virt-manager-common-4.1.0-150500.3.3.1.noarch.rpm openSUSE-SLE-15.5-2023-2511 moderate SUSE Updates openSUSE-SLE 15.5 This update for powerpc-utils fixes the following issues: - Fix negative utilization value reported by lparstat -E (bsc#1212031) - Fix lparstat error with mixed SMT state (bsc#1211883 ltc#02144) powerpc-utils-1.3.11-150500.3.3.1.ppc64le.rpm powerpc-utils-1.3.11-150500.3.3.1.src.rpm openSUSE-SLE-15.5-2023-2561 critical SUSE Updates openSUSE-SLE 15.5 This update for python-reportlab fixes the following issues: - CVE-2023-33733: Fixed arbitrary code execution via supplying a crafted PDF file (bsc#1212065). python-reportlab-3.4.0-150000.3.9.1.src.rpm python3-reportlab-3.4.0-150000.3.9.1.x86_64.rpm python3-reportlab-3.4.0-150000.3.9.1.s390x.rpm python3-reportlab-3.4.0-150000.3.9.1.ppc64le.rpm python3-reportlab-3.4.0-150000.3.9.1.aarch64.rpm openSUSE-SLE-15.5-2023-2615 important SUSE Updates openSUSE-SLE 15.5 This update for mdadm fixes the following issues: - Grow: fix possible memory leak (bsc#1208618) - Use source code mdadm-4.2.tar.xz from kernel.org version for checksum mdadm-4.2-150500.6.3.1.src.rpm mdadm-4.2-150500.6.3.1.x86_64.rpm mdadm-4.2-150500.6.3.1.s390x.rpm mdadm-4.2-150500.6.3.1.ppc64le.rpm mdadm-4.2-150500.6.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-2604 moderate SUSE Updates openSUSE-SLE 15.5 This update for open-vm-tools fixes the following issues: - CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143). Bug fixes: - Fixed build problem with grpc 1.54 (bsc#1210695). libvmtools-devel-12.2.0-150300.29.1.x86_64.rpm libvmtools0-12.2.0-150300.29.1.x86_64.rpm open-vm-tools-12.2.0-150300.29.1.src.rpm open-vm-tools-12.2.0-150300.29.1.x86_64.rpm open-vm-tools-desktop-12.2.0-150300.29.1.x86_64.rpm open-vm-tools-salt-minion-12.2.0-150300.29.1.x86_64.rpm open-vm-tools-sdmp-12.2.0-150300.29.1.x86_64.rpm libvmtools-devel-12.2.0-150300.29.1.aarch64.rpm libvmtools0-12.2.0-150300.29.1.aarch64.rpm open-vm-tools-12.2.0-150300.29.1.aarch64.rpm open-vm-tools-desktop-12.2.0-150300.29.1.aarch64.rpm open-vm-tools-sdmp-12.2.0-150300.29.1.aarch64.rpm openSUSE-SLE-15.5-2023-2614 important SUSE Updates openSUSE-SLE 15.5 This update for libX11 fixes the following issues: - CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102). libX11-1.6.5-150000.3.30.1.src.rpm libX11-6-1.6.5-150000.3.30.1.x86_64.rpm libX11-6-32bit-1.6.5-150000.3.30.1.x86_64.rpm libX11-data-1.6.5-150000.3.30.1.noarch.rpm libX11-devel-1.6.5-150000.3.30.1.x86_64.rpm libX11-devel-32bit-1.6.5-150000.3.30.1.x86_64.rpm libX11-xcb1-1.6.5-150000.3.30.1.x86_64.rpm libX11-xcb1-32bit-1.6.5-150000.3.30.1.x86_64.rpm libX11-6-1.6.5-150000.3.30.1.s390x.rpm libX11-devel-1.6.5-150000.3.30.1.s390x.rpm libX11-xcb1-1.6.5-150000.3.30.1.s390x.rpm libX11-6-1.6.5-150000.3.30.1.ppc64le.rpm libX11-devel-1.6.5-150000.3.30.1.ppc64le.rpm libX11-xcb1-1.6.5-150000.3.30.1.ppc64le.rpm libX11-6-1.6.5-150000.3.30.1.aarch64.rpm libX11-devel-1.6.5-150000.3.30.1.aarch64.rpm libX11-xcb1-1.6.5-150000.3.30.1.aarch64.rpm openSUSE-SLE-15.5-2023-2616 important SUSE Updates openSUSE-SLE 15.5 This update for cups fixes the following issues: - CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). cups-2.2.7-150000.3.46.1.src.rpm cups-2.2.7-150000.3.46.1.x86_64.rpm cups-client-2.2.7-150000.3.46.1.x86_64.rpm cups-config-2.2.7-150000.3.46.1.x86_64.rpm cups-ddk-2.2.7-150000.3.46.1.x86_64.rpm cups-devel-2.2.7-150000.3.46.1.x86_64.rpm cups-devel-32bit-2.2.7-150000.3.46.1.x86_64.rpm libcups2-2.2.7-150000.3.46.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.46.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.46.1.x86_64.rpm libcupscgi1-32bit-2.2.7-150000.3.46.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.46.1.x86_64.rpm libcupsimage2-32bit-2.2.7-150000.3.46.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.46.1.x86_64.rpm libcupsmime1-32bit-2.2.7-150000.3.46.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.46.1.x86_64.rpm libcupsppdc1-32bit-2.2.7-150000.3.46.1.x86_64.rpm cups-2.2.7-150000.3.46.1.s390x.rpm cups-client-2.2.7-150000.3.46.1.s390x.rpm cups-config-2.2.7-150000.3.46.1.s390x.rpm cups-ddk-2.2.7-150000.3.46.1.s390x.rpm cups-devel-2.2.7-150000.3.46.1.s390x.rpm libcups2-2.2.7-150000.3.46.1.s390x.rpm libcupscgi1-2.2.7-150000.3.46.1.s390x.rpm libcupsimage2-2.2.7-150000.3.46.1.s390x.rpm libcupsmime1-2.2.7-150000.3.46.1.s390x.rpm libcupsppdc1-2.2.7-150000.3.46.1.s390x.rpm cups-2.2.7-150000.3.46.1.ppc64le.rpm cups-client-2.2.7-150000.3.46.1.ppc64le.rpm cups-config-2.2.7-150000.3.46.1.ppc64le.rpm cups-ddk-2.2.7-150000.3.46.1.ppc64le.rpm cups-devel-2.2.7-150000.3.46.1.ppc64le.rpm libcups2-2.2.7-150000.3.46.1.ppc64le.rpm libcupscgi1-2.2.7-150000.3.46.1.ppc64le.rpm libcupsimage2-2.2.7-150000.3.46.1.ppc64le.rpm libcupsmime1-2.2.7-150000.3.46.1.ppc64le.rpm libcupsppdc1-2.2.7-150000.3.46.1.ppc64le.rpm cups-2.2.7-150000.3.46.1.aarch64.rpm cups-client-2.2.7-150000.3.46.1.aarch64.rpm cups-config-2.2.7-150000.3.46.1.aarch64.rpm cups-ddk-2.2.7-150000.3.46.1.aarch64.rpm cups-devel-2.2.7-150000.3.46.1.aarch64.rpm libcups2-2.2.7-150000.3.46.1.aarch64.rpm libcupscgi1-2.2.7-150000.3.46.1.aarch64.rpm libcupsimage2-2.2.7-150000.3.46.1.aarch64.rpm libcupsmime1-2.2.7-150000.3.46.1.aarch64.rpm libcupsppdc1-2.2.7-150000.3.46.1.aarch64.rpm openSUSE-SLE-15.5-2023-2554 critical SUSE Updates openSUSE-SLE 15.5 This update for nvme-stas fixes the following issues: - Update to version 2.2.2: * Fix python crash caused by wrong transport identifier handling. (bsc#1211557) * staslib: Fix setting controller DHCHAP key (bsc#1211557) nvme-stas-2.2.2-150500.3.6.1.src.rpm nvme-stas-2.2.2-150500.3.6.1.x86_64.rpm nvme-stas-2.2.2-150500.3.6.1.s390x.rpm nvme-stas-2.2.2-150500.3.6.1.ppc64le.rpm nvme-stas-2.2.2-150500.3.6.1.aarch64.rpm openSUSE-SLE-15.5-2023-2546 important SUSE Updates openSUSE-SLE 15.5 This update for bluez fixes the following issues: - CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398). bluez-5.65-150500.3.3.1.src.rpm bluez-5.65-150500.3.3.1.x86_64.rpm bluez-auto-enable-devices-5.65-150500.3.3.1.noarch.rpm bluez-cups-5.65-150500.3.3.1.x86_64.rpm bluez-deprecated-5.65-150500.3.3.1.x86_64.rpm bluez-devel-32bit-5.65-150500.3.3.1.x86_64.rpm bluez-devel-5.65-150500.3.3.1.x86_64.rpm bluez-obexd-5.65-150500.3.3.1.x86_64.rpm bluez-test-5.65-150500.3.3.1.x86_64.rpm bluez-zsh-completion-5.65-150500.3.3.1.noarch.rpm libbluetooth3-32bit-5.65-150500.3.3.1.x86_64.rpm libbluetooth3-5.65-150500.3.3.1.x86_64.rpm bluez-5.65-150500.3.3.1.s390x.rpm bluez-cups-5.65-150500.3.3.1.s390x.rpm bluez-deprecated-5.65-150500.3.3.1.s390x.rpm bluez-devel-5.65-150500.3.3.1.s390x.rpm bluez-obexd-5.65-150500.3.3.1.s390x.rpm bluez-test-5.65-150500.3.3.1.s390x.rpm libbluetooth3-5.65-150500.3.3.1.s390x.rpm bluez-5.65-150500.3.3.1.ppc64le.rpm bluez-cups-5.65-150500.3.3.1.ppc64le.rpm bluez-deprecated-5.65-150500.3.3.1.ppc64le.rpm bluez-devel-5.65-150500.3.3.1.ppc64le.rpm bluez-obexd-5.65-150500.3.3.1.ppc64le.rpm bluez-test-5.65-150500.3.3.1.ppc64le.rpm libbluetooth3-5.65-150500.3.3.1.ppc64le.rpm bluez-5.65-150500.3.3.1.aarch64.rpm bluez-cups-5.65-150500.3.3.1.aarch64.rpm bluez-deprecated-5.65-150500.3.3.1.aarch64.rpm bluez-devel-5.65-150500.3.3.1.aarch64.rpm bluez-obexd-5.65-150500.3.3.1.aarch64.rpm bluez-test-5.65-150500.3.3.1.aarch64.rpm libbluetooth3-5.65-150500.3.3.1.aarch64.rpm openSUSE-SLE-15.5-2023-2608 moderate SUSE Updates openSUSE-SLE 15.5 This update for ntp fixes the following issues: - CVE-2023-26555: Fixed assertion failure on malformed RT-11 dates (bsc#1210390). ntp-4.2.8p17-150000.4.25.1.src.rpm ntp-4.2.8p17-150000.4.25.1.x86_64.rpm ntp-doc-4.2.8p17-150000.4.25.1.x86_64.rpm ntp-4.2.8p17-150000.4.25.1.s390x.rpm ntp-doc-4.2.8p17-150000.4.25.1.s390x.rpm ntp-4.2.8p17-150000.4.25.1.ppc64le.rpm ntp-doc-4.2.8p17-150000.4.25.1.ppc64le.rpm ntp-4.2.8p17-150000.4.25.1.aarch64.rpm ntp-doc-4.2.8p17-150000.4.25.1.aarch64.rpm openSUSE-SLE-15.5-2023-2550 moderate SUSE Updates openSUSE-SLE 15.5 This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to the INSTALLER self-update channel. yast2-pkg-bindings: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) autoyast2: - Selected products are not installed after resetting the package manager internally (bsc#1202234) libyui: - Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354) - Fixed loading icons from an absolute path (bsc#1210591) - Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112) - Force messages from .ui file through our translation mechanism (bsc#1198097) libsolv-0.7.24-150400.3.8.1.src.rpm True libsolv-demo-0.7.24-150400.3.8.1.x86_64.rpm True libsolv-devel-0.7.24-150400.3.8.1.x86_64.rpm True libsolv-tools-0.7.24-150400.3.8.1.x86_64.rpm True libzck-devel-1.1.16-150400.3.4.1.x86_64.rpm True libzck1-1.1.16-150400.3.4.1.x86_64.rpm True libzypp-17.31.13-150400.3.32.1.src.rpm True libzypp-17.31.13-150400.3.32.1.x86_64.rpm True libzypp-devel-17.31.13-150400.3.32.1.x86_64.rpm True libzypp-devel-doc-17.31.13-150400.3.32.1.x86_64.rpm True perl-solv-0.7.24-150400.3.8.1.x86_64.rpm True python-solv-0.7.24-150400.3.8.1.x86_64.rpm True python3-solv-0.7.24-150400.3.8.1.x86_64.rpm True ruby-solv-0.7.24-150400.3.8.1.x86_64.rpm True zchunk-1.1.16-150400.3.4.1.src.rpm True zchunk-1.1.16-150400.3.4.1.x86_64.rpm True libsolv-demo-0.7.24-150400.3.8.1.s390x.rpm True libsolv-devel-0.7.24-150400.3.8.1.s390x.rpm True libsolv-tools-0.7.24-150400.3.8.1.s390x.rpm True libzck-devel-1.1.16-150400.3.4.1.s390x.rpm True libzck1-1.1.16-150400.3.4.1.s390x.rpm True libzypp-17.31.13-150400.3.32.1.s390x.rpm True libzypp-devel-17.31.13-150400.3.32.1.s390x.rpm True libzypp-devel-doc-17.31.13-150400.3.32.1.s390x.rpm True perl-solv-0.7.24-150400.3.8.1.s390x.rpm True python-solv-0.7.24-150400.3.8.1.s390x.rpm True python3-solv-0.7.24-150400.3.8.1.s390x.rpm True ruby-solv-0.7.24-150400.3.8.1.s390x.rpm True zchunk-1.1.16-150400.3.4.1.s390x.rpm True libsolv-demo-0.7.24-150400.3.8.1.ppc64le.rpm True libsolv-devel-0.7.24-150400.3.8.1.ppc64le.rpm True libsolv-tools-0.7.24-150400.3.8.1.ppc64le.rpm True libzck-devel-1.1.16-150400.3.4.1.ppc64le.rpm True libzck1-1.1.16-150400.3.4.1.ppc64le.rpm True libzypp-17.31.13-150400.3.32.1.ppc64le.rpm True libzypp-devel-17.31.13-150400.3.32.1.ppc64le.rpm True libzypp-devel-doc-17.31.13-150400.3.32.1.ppc64le.rpm True perl-solv-0.7.24-150400.3.8.1.ppc64le.rpm True python-solv-0.7.24-150400.3.8.1.ppc64le.rpm True python3-solv-0.7.24-150400.3.8.1.ppc64le.rpm True ruby-solv-0.7.24-150400.3.8.1.ppc64le.rpm True zchunk-1.1.16-150400.3.4.1.ppc64le.rpm True libsolv-demo-0.7.24-150400.3.8.1.aarch64.rpm True libsolv-devel-0.7.24-150400.3.8.1.aarch64.rpm True libsolv-tools-0.7.24-150400.3.8.1.aarch64.rpm True libzck-devel-1.1.16-150400.3.4.1.aarch64.rpm True libzck1-1.1.16-150400.3.4.1.aarch64.rpm True libzypp-17.31.13-150400.3.32.1.aarch64.rpm True libzypp-devel-17.31.13-150400.3.32.1.aarch64.rpm True libzypp-devel-doc-17.31.13-150400.3.32.1.aarch64.rpm True perl-solv-0.7.24-150400.3.8.1.aarch64.rpm True python-solv-0.7.24-150400.3.8.1.aarch64.rpm True python3-solv-0.7.24-150400.3.8.1.aarch64.rpm True ruby-solv-0.7.24-150400.3.8.1.aarch64.rpm True zchunk-1.1.16-150400.3.4.1.aarch64.rpm True openSUSE-SLE-15.5-2023-2626 moderate SUSE Updates openSUSE-SLE 15.5 This update for picocli fixes the following issues: - Update to version 4.7.4 picocli-4.7.4-150200.3.11.1.noarch.rpm picocli-4.7.4-150200.3.11.1.src.rpm picocli-javadoc-4.7.4-150200.3.11.1.noarch.rpm openSUSE-SLE-15.5-2023-2610 moderate SUSE Updates openSUSE-SLE 15.5 This update for php8 fixes the following issues: - CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (bsc#1212349). apache2-mod_php8-8.0.29-150400.4.34.1.src.rpm apache2-mod_php8-8.0.29-150400.4.34.1.x86_64.rpm php8-8.0.29-150400.4.34.1.src.rpm php8-8.0.29-150400.4.34.1.x86_64.rpm php8-bcmath-8.0.29-150400.4.34.1.x86_64.rpm php8-bz2-8.0.29-150400.4.34.1.x86_64.rpm php8-calendar-8.0.29-150400.4.34.1.x86_64.rpm php8-cli-8.0.29-150400.4.34.1.x86_64.rpm php8-ctype-8.0.29-150400.4.34.1.x86_64.rpm php8-curl-8.0.29-150400.4.34.1.x86_64.rpm php8-dba-8.0.29-150400.4.34.1.x86_64.rpm php8-devel-8.0.29-150400.4.34.1.x86_64.rpm php8-dom-8.0.29-150400.4.34.1.x86_64.rpm php8-embed-8.0.29-150400.4.34.1.src.rpm php8-embed-8.0.29-150400.4.34.1.x86_64.rpm php8-enchant-8.0.29-150400.4.34.1.x86_64.rpm php8-exif-8.0.29-150400.4.34.1.x86_64.rpm php8-fastcgi-8.0.29-150400.4.34.1.src.rpm php8-fastcgi-8.0.29-150400.4.34.1.x86_64.rpm php8-fileinfo-8.0.29-150400.4.34.1.x86_64.rpm php8-fpm-8.0.29-150400.4.34.1.src.rpm php8-fpm-8.0.29-150400.4.34.1.x86_64.rpm php8-ftp-8.0.29-150400.4.34.1.x86_64.rpm php8-gd-8.0.29-150400.4.34.1.x86_64.rpm php8-gettext-8.0.29-150400.4.34.1.x86_64.rpm php8-gmp-8.0.29-150400.4.34.1.x86_64.rpm php8-iconv-8.0.29-150400.4.34.1.x86_64.rpm php8-intl-8.0.29-150400.4.34.1.x86_64.rpm php8-ldap-8.0.29-150400.4.34.1.x86_64.rpm php8-mbstring-8.0.29-150400.4.34.1.x86_64.rpm php8-mysql-8.0.29-150400.4.34.1.x86_64.rpm php8-odbc-8.0.29-150400.4.34.1.x86_64.rpm php8-opcache-8.0.29-150400.4.34.1.x86_64.rpm php8-openssl-8.0.29-150400.4.34.1.x86_64.rpm php8-pcntl-8.0.29-150400.4.34.1.x86_64.rpm php8-pdo-8.0.29-150400.4.34.1.x86_64.rpm php8-pgsql-8.0.29-150400.4.34.1.x86_64.rpm php8-phar-8.0.29-150400.4.34.1.x86_64.rpm php8-posix-8.0.29-150400.4.34.1.x86_64.rpm php8-readline-8.0.29-150400.4.34.1.x86_64.rpm php8-shmop-8.0.29-150400.4.34.1.x86_64.rpm php8-snmp-8.0.29-150400.4.34.1.x86_64.rpm php8-soap-8.0.29-150400.4.34.1.x86_64.rpm php8-sockets-8.0.29-150400.4.34.1.x86_64.rpm php8-sodium-8.0.29-150400.4.34.1.x86_64.rpm php8-sqlite-8.0.29-150400.4.34.1.x86_64.rpm php8-sysvmsg-8.0.29-150400.4.34.1.x86_64.rpm php8-sysvsem-8.0.29-150400.4.34.1.x86_64.rpm php8-sysvshm-8.0.29-150400.4.34.1.x86_64.rpm php8-test-8.0.29-150400.4.34.1.src.rpm php8-test-8.0.29-150400.4.34.1.x86_64.rpm php8-tidy-8.0.29-150400.4.34.1.x86_64.rpm php8-tokenizer-8.0.29-150400.4.34.1.x86_64.rpm php8-xmlreader-8.0.29-150400.4.34.1.x86_64.rpm php8-xmlwriter-8.0.29-150400.4.34.1.x86_64.rpm php8-xsl-8.0.29-150400.4.34.1.x86_64.rpm php8-zip-8.0.29-150400.4.34.1.x86_64.rpm php8-zlib-8.0.29-150400.4.34.1.x86_64.rpm apache2-mod_php8-8.0.29-150400.4.34.1.s390x.rpm php8-8.0.29-150400.4.34.1.s390x.rpm php8-bcmath-8.0.29-150400.4.34.1.s390x.rpm php8-bz2-8.0.29-150400.4.34.1.s390x.rpm php8-calendar-8.0.29-150400.4.34.1.s390x.rpm php8-cli-8.0.29-150400.4.34.1.s390x.rpm php8-ctype-8.0.29-150400.4.34.1.s390x.rpm php8-curl-8.0.29-150400.4.34.1.s390x.rpm php8-dba-8.0.29-150400.4.34.1.s390x.rpm php8-devel-8.0.29-150400.4.34.1.s390x.rpm php8-dom-8.0.29-150400.4.34.1.s390x.rpm php8-embed-8.0.29-150400.4.34.1.s390x.rpm php8-enchant-8.0.29-150400.4.34.1.s390x.rpm php8-exif-8.0.29-150400.4.34.1.s390x.rpm php8-fastcgi-8.0.29-150400.4.34.1.s390x.rpm php8-fileinfo-8.0.29-150400.4.34.1.s390x.rpm php8-fpm-8.0.29-150400.4.34.1.s390x.rpm php8-ftp-8.0.29-150400.4.34.1.s390x.rpm php8-gd-8.0.29-150400.4.34.1.s390x.rpm php8-gettext-8.0.29-150400.4.34.1.s390x.rpm php8-gmp-8.0.29-150400.4.34.1.s390x.rpm php8-iconv-8.0.29-150400.4.34.1.s390x.rpm php8-intl-8.0.29-150400.4.34.1.s390x.rpm php8-ldap-8.0.29-150400.4.34.1.s390x.rpm php8-mbstring-8.0.29-150400.4.34.1.s390x.rpm php8-mysql-8.0.29-150400.4.34.1.s390x.rpm php8-odbc-8.0.29-150400.4.34.1.s390x.rpm php8-opcache-8.0.29-150400.4.34.1.s390x.rpm php8-openssl-8.0.29-150400.4.34.1.s390x.rpm php8-pcntl-8.0.29-150400.4.34.1.s390x.rpm php8-pdo-8.0.29-150400.4.34.1.s390x.rpm php8-pgsql-8.0.29-150400.4.34.1.s390x.rpm php8-phar-8.0.29-150400.4.34.1.s390x.rpm php8-posix-8.0.29-150400.4.34.1.s390x.rpm php8-readline-8.0.29-150400.4.34.1.s390x.rpm php8-shmop-8.0.29-150400.4.34.1.s390x.rpm php8-snmp-8.0.29-150400.4.34.1.s390x.rpm php8-soap-8.0.29-150400.4.34.1.s390x.rpm php8-sockets-8.0.29-150400.4.34.1.s390x.rpm php8-sodium-8.0.29-150400.4.34.1.s390x.rpm php8-sqlite-8.0.29-150400.4.34.1.s390x.rpm php8-sysvmsg-8.0.29-150400.4.34.1.s390x.rpm php8-sysvsem-8.0.29-150400.4.34.1.s390x.rpm php8-sysvshm-8.0.29-150400.4.34.1.s390x.rpm php8-test-8.0.29-150400.4.34.1.s390x.rpm php8-tidy-8.0.29-150400.4.34.1.s390x.rpm php8-tokenizer-8.0.29-150400.4.34.1.s390x.rpm php8-xmlreader-8.0.29-150400.4.34.1.s390x.rpm php8-xmlwriter-8.0.29-150400.4.34.1.s390x.rpm php8-xsl-8.0.29-150400.4.34.1.s390x.rpm php8-zip-8.0.29-150400.4.34.1.s390x.rpm php8-zlib-8.0.29-150400.4.34.1.s390x.rpm apache2-mod_php8-8.0.29-150400.4.34.1.ppc64le.rpm php8-8.0.29-150400.4.34.1.ppc64le.rpm php8-bcmath-8.0.29-150400.4.34.1.ppc64le.rpm php8-bz2-8.0.29-150400.4.34.1.ppc64le.rpm php8-calendar-8.0.29-150400.4.34.1.ppc64le.rpm php8-cli-8.0.29-150400.4.34.1.ppc64le.rpm php8-ctype-8.0.29-150400.4.34.1.ppc64le.rpm php8-curl-8.0.29-150400.4.34.1.ppc64le.rpm php8-dba-8.0.29-150400.4.34.1.ppc64le.rpm php8-devel-8.0.29-150400.4.34.1.ppc64le.rpm php8-dom-8.0.29-150400.4.34.1.ppc64le.rpm php8-embed-8.0.29-150400.4.34.1.ppc64le.rpm php8-enchant-8.0.29-150400.4.34.1.ppc64le.rpm php8-exif-8.0.29-150400.4.34.1.ppc64le.rpm php8-fastcgi-8.0.29-150400.4.34.1.ppc64le.rpm php8-fileinfo-8.0.29-150400.4.34.1.ppc64le.rpm php8-fpm-8.0.29-150400.4.34.1.ppc64le.rpm php8-ftp-8.0.29-150400.4.34.1.ppc64le.rpm php8-gd-8.0.29-150400.4.34.1.ppc64le.rpm php8-gettext-8.0.29-150400.4.34.1.ppc64le.rpm php8-gmp-8.0.29-150400.4.34.1.ppc64le.rpm php8-iconv-8.0.29-150400.4.34.1.ppc64le.rpm php8-intl-8.0.29-150400.4.34.1.ppc64le.rpm php8-ldap-8.0.29-150400.4.34.1.ppc64le.rpm php8-mbstring-8.0.29-150400.4.34.1.ppc64le.rpm php8-mysql-8.0.29-150400.4.34.1.ppc64le.rpm php8-odbc-8.0.29-150400.4.34.1.ppc64le.rpm php8-opcache-8.0.29-150400.4.34.1.ppc64le.rpm php8-openssl-8.0.29-150400.4.34.1.ppc64le.rpm php8-pcntl-8.0.29-150400.4.34.1.ppc64le.rpm php8-pdo-8.0.29-150400.4.34.1.ppc64le.rpm php8-pgsql-8.0.29-150400.4.34.1.ppc64le.rpm php8-phar-8.0.29-150400.4.34.1.ppc64le.rpm php8-posix-8.0.29-150400.4.34.1.ppc64le.rpm php8-readline-8.0.29-150400.4.34.1.ppc64le.rpm php8-shmop-8.0.29-150400.4.34.1.ppc64le.rpm php8-snmp-8.0.29-150400.4.34.1.ppc64le.rpm php8-soap-8.0.29-150400.4.34.1.ppc64le.rpm php8-sockets-8.0.29-150400.4.34.1.ppc64le.rpm php8-sodium-8.0.29-150400.4.34.1.ppc64le.rpm php8-sqlite-8.0.29-150400.4.34.1.ppc64le.rpm php8-sysvmsg-8.0.29-150400.4.34.1.ppc64le.rpm php8-sysvsem-8.0.29-150400.4.34.1.ppc64le.rpm php8-sysvshm-8.0.29-150400.4.34.1.ppc64le.rpm php8-test-8.0.29-150400.4.34.1.ppc64le.rpm php8-tidy-8.0.29-150400.4.34.1.ppc64le.rpm php8-tokenizer-8.0.29-150400.4.34.1.ppc64le.rpm php8-xmlreader-8.0.29-150400.4.34.1.ppc64le.rpm php8-xmlwriter-8.0.29-150400.4.34.1.ppc64le.rpm php8-xsl-8.0.29-150400.4.34.1.ppc64le.rpm php8-zip-8.0.29-150400.4.34.1.ppc64le.rpm php8-zlib-8.0.29-150400.4.34.1.ppc64le.rpm apache2-mod_php8-8.0.29-150400.4.34.1.aarch64.rpm php8-8.0.29-150400.4.34.1.aarch64.rpm php8-bcmath-8.0.29-150400.4.34.1.aarch64.rpm php8-bz2-8.0.29-150400.4.34.1.aarch64.rpm php8-calendar-8.0.29-150400.4.34.1.aarch64.rpm php8-cli-8.0.29-150400.4.34.1.aarch64.rpm php8-ctype-8.0.29-150400.4.34.1.aarch64.rpm php8-curl-8.0.29-150400.4.34.1.aarch64.rpm php8-dba-8.0.29-150400.4.34.1.aarch64.rpm php8-devel-8.0.29-150400.4.34.1.aarch64.rpm php8-dom-8.0.29-150400.4.34.1.aarch64.rpm php8-embed-8.0.29-150400.4.34.1.aarch64.rpm php8-enchant-8.0.29-150400.4.34.1.aarch64.rpm php8-exif-8.0.29-150400.4.34.1.aarch64.rpm php8-fastcgi-8.0.29-150400.4.34.1.aarch64.rpm php8-fileinfo-8.0.29-150400.4.34.1.aarch64.rpm php8-fpm-8.0.29-150400.4.34.1.aarch64.rpm php8-ftp-8.0.29-150400.4.34.1.aarch64.rpm php8-gd-8.0.29-150400.4.34.1.aarch64.rpm php8-gettext-8.0.29-150400.4.34.1.aarch64.rpm php8-gmp-8.0.29-150400.4.34.1.aarch64.rpm php8-iconv-8.0.29-150400.4.34.1.aarch64.rpm php8-intl-8.0.29-150400.4.34.1.aarch64.rpm php8-ldap-8.0.29-150400.4.34.1.aarch64.rpm php8-mbstring-8.0.29-150400.4.34.1.aarch64.rpm php8-mysql-8.0.29-150400.4.34.1.aarch64.rpm php8-odbc-8.0.29-150400.4.34.1.aarch64.rpm php8-opcache-8.0.29-150400.4.34.1.aarch64.rpm php8-openssl-8.0.29-150400.4.34.1.aarch64.rpm php8-pcntl-8.0.29-150400.4.34.1.aarch64.rpm php8-pdo-8.0.29-150400.4.34.1.aarch64.rpm php8-pgsql-8.0.29-150400.4.34.1.aarch64.rpm php8-phar-8.0.29-150400.4.34.1.aarch64.rpm php8-posix-8.0.29-150400.4.34.1.aarch64.rpm php8-readline-8.0.29-150400.4.34.1.aarch64.rpm php8-shmop-8.0.29-150400.4.34.1.aarch64.rpm php8-snmp-8.0.29-150400.4.34.1.aarch64.rpm php8-soap-8.0.29-150400.4.34.1.aarch64.rpm php8-sockets-8.0.29-150400.4.34.1.aarch64.rpm php8-sodium-8.0.29-150400.4.34.1.aarch64.rpm php8-sqlite-8.0.29-150400.4.34.1.aarch64.rpm php8-sysvmsg-8.0.29-150400.4.34.1.aarch64.rpm php8-sysvsem-8.0.29-150400.4.34.1.aarch64.rpm php8-sysvshm-8.0.29-150400.4.34.1.aarch64.rpm php8-test-8.0.29-150400.4.34.1.aarch64.rpm php8-tidy-8.0.29-150400.4.34.1.aarch64.rpm php8-tokenizer-8.0.29-150400.4.34.1.aarch64.rpm php8-xmlreader-8.0.29-150400.4.34.1.aarch64.rpm php8-xmlwriter-8.0.29-150400.4.34.1.aarch64.rpm php8-xsl-8.0.29-150400.4.34.1.aarch64.rpm php8-zip-8.0.29-150400.4.34.1.aarch64.rpm php8-zlib-8.0.29-150400.4.34.1.aarch64.rpm openSUSE-SLE-15.5-2023-2560 moderate SUSE Updates openSUSE-SLE 15.5 This update for rust-cbindgen fixes the following issues: Update to version 0.24.3+git0: * tests: Add a test for struct constants going through typedefs. * bindings: Peel through typedefs for struct constant generation. * bitflags: Be explicit in binary operators and such. * constant: Add support for unary negation. * bitflags: Make more operations constexpr. Update to version 0.24.2+git0: * bitflags: Be explicit in binary operators and such. * constant: Add support for unary negation. * bitflags: Make more operations constexpr. * constant: Support suffixes for integers that otherwise would be narrowed. * Fix specialization of `SomeType<N>` when `N` is a const parameter. * Minor refactor of ConstExpr::load(). rust-cbindgen-0.24.3+git0-150000.1.15.1.src.rpm rust-cbindgen-0.24.3+git0-150000.1.15.1.x86_64.rpm rust-cbindgen-0.24.3+git0-150000.1.15.1.s390x.rpm rust-cbindgen-0.24.3+git0-150000.1.15.1.ppc64le.rpm rust-cbindgen-0.24.3+git0-150000.1.15.1.aarch64.rpm openSUSE-SLE-15.5-2023-2617 important SUSE Updates openSUSE-SLE 15.5 This update of google-cloud-sap-agent fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). google-cloud-sap-agent-1.5.1-150100.3.9.1.src.rpm google-cloud-sap-agent-1.5.1-150100.3.9.1.x86_64.rpm google-cloud-sap-agent-1.5.1-150100.3.9.1.s390x.rpm google-cloud-sap-agent-1.5.1-150100.3.9.1.ppc64le.rpm google-cloud-sap-agent-1.5.1-150100.3.9.1.aarch64.rpm