First Last Prev Next    This bug is not in your last search results.
Bug 784670 - VUL-1: fdupes: RPM macro %fdupes links files with different owner, group, or permissions
VUL-1: fdupes: RPM macro %fdupes links files with different owner, group, or ...
Status: RESOLVED FIXED
: 840812 (view as bug list)
Classification: openSUSE
Product: openSUSE.org
Classification: openSUSE
Component: BuildService
unspecified
All SUSE Other
: P2 - High : Major (vote)
: ---
Assigned To: Security Team bot
Adrian Schröter
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-11 14:46 UTC by Johannes Meixner
Modified: 2022-02-16 23:35 UTC (History)
11 users (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
fdupes-opensuse12.2.log (53.12 KB, text/plain)
2012-10-30 13:18 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Meixner 2012-10-11 14:46:31 UTC 
/usr/bin/fdupes finds files with identical content
but does not care about owner, group, or permissions.

Accordingly the RPM macro %fdupes links files
with identical content but does not care about
owner, group, or permissions.

When there are two files with identical content
which differ in owner, group, or permissions
the RPM macro %fdupes overwrites one of them
with a link which effectively lets the two files
have same owner, group, and permissions.

I think this is even a security issue.
I think it can happen that a file with restricted permissions
(e.g. a file in another sub-direcory with restricted permissions)
becomes accessible via an unrestricted accessible link?
E.g. assume there are two files with identical content
-rw-r--r-- root root /etc/secure-stuff.conf
-rw-rw-rw- root root /usr/share/doc/package/secure-stuff.conf-example
and the RPM macro %fdupes overwrites /etc/secure-stuff.conf
by a link (I know "-rw-rw-rw- root root" should not happen,
it is only meant as a simple example to show the idea behind).
I added our security team to Cc to have a look.

The RPM macro %fdupes should be enhanced by a test
that additionally compares owner, group, and permissions
and only link files with identical content, owner, group,
and permissions including owner, group, and permissions
of all (parent) directories.

As far as I see this issue affects the build of all our products.
Therefore I filed the bug report for "BuildService"
(and not just as a normal bug for the fdupes package)
but I assigned it to the fdupes package bugowner.
Comment 1 Michal Vyskocil 2012-10-12 07:03:54 UTC 
Hallo security team, would you consider it as a security issue?
Comment 2 Michal Vyskocil 2012-10-12 08:15:09 UTC 
> The RPM macro %fdupes should be enhanced by a test
> that additionally compares owner, group, and permissions
> and only link files with identical content, owner, group,
> and permissions including owner, group, and permissions

That's a trivial change - just add few lines into fdupes.c

> of all (parent) directories.

OK, that's not that easy - we can't compare the lists of uid:guid:mode from the path as path's can be different. We cannot use set's as there is a counter-example

/user-dir/root-dir/same-file
/root-dir/user-dir/same-file

thus we might create a list of the uid:guid:mode from the path, call uniq and compare the results.

That one seems to be more easier writtable in bash ... however I am not sure if the effort is not pointless - are there any occurrences of it in our packages?
Comment 3 Johannes Meixner 2012-10-12 08:42:42 UTC 
It was in the hplip package where I found the issue:

HPLIP's upstream "make install" installs
(owner:group is root:root for all):
-rw-r--r--  962 /usr/share/hplip/fax/pstotiff
-rw-r--r--  778 /usr/share/hplip/fax/pstotiff.convs
-rw-r--r-- 2084 /usr/share/hplip/fax/pstotiff.types
and
-rwxr-xr-x  962 /usr/lib/cups/filter/pstotiff
-rw-r--r--  778 /etc/cups/pstotiff.convs
-rw-r--r-- 2084 /etc/cups/pstotiff.types

The RPM macro %fdupes results (I leave out the file size):
-rw-r--r-- /usr/share/hplip/fax/pstotiff
lrwxrwxrwx /usr/share/hplip/fax/pstotiff.convs -> /etc/cups/pstotiff.convs
lrwxrwxrwx /usr/share/hplip/fax/pstotiff.types -> /etc/cups/pstotiff.types
lrwxrwxrwx /usr/lib/cups/filter/pstotiff -> ../../../share/hplip/fax/pstotiff
-rw-r--r-- /etc/cups/pstotiff.convs
-rw-r--r-- /etc/cups/pstotiff.types

This causes several issues for HPLIP:

/usr/lib/cups/filter/pstotiff is no longer executable which causes
bnc#783810 (Faxing an image file using hplip fails)

/usr/share/hplip/fax/pstotiff /usr/share/hplip/fax/pstotiff.convs
and /usr/share/hplip/fax/pstotiff.types are in the main package "hplip"
but
/usr/lib/cups/filter/pstotiff /etc/cups/pstotiff.convs
and /etc/cups/pstotiff.types are in the sub-package "hplip-hpijs"

The RPM macro %fdupes links across sub-package boundaries which
can result dangling symlinks if a sub-package or the main package
is not installed.

In my case "hplip" requires "hplip-hpijs" but "hplip-hpijs" does not
require "hplip" so that the %fdupes link
/usr/lib/cups/filter/pstotiff -> ../../../share/hplip/fax/pstotiff
becomes dangling if only "hplip-hpijs" is installed.
Comment 4 Michal Vyskocil 2012-10-12 09:23:02 UTC 
I made a patch to fdupes checks the st_uid, st_gid and st_mode for files. It works pretty well

# default behavior is to compare file size / crc / content
fdupes .

./root-owned-file                       
./root-owned-file-2
./user-executable-file
./user-executable-file-2
./user-owned-file
./user-owned-file-2

# -p mode checks the uid/gid/mode and return differences
fdupes -p .
./user-executable-file                  
./user-executable-file-2

./root-owned-file
./root-owned-file-2

./user-owned-file
./user-owned-file-2

so the -p mode for fdupes is what you have requested. The %fdupes macro needs to be changed to call fdupes with -p as well.

I've commited the patched fdupes to home:mvyskocil:branches:utilities - feel free to test if that matches your needs.

I am still not convinced the complete path checking is needed, so this is not implemented.

About sub-package boundaries - that can't be solved without a substantial change of the build process. As %fdupes is called on the end of %install section, there is no way how to give it a a content of subpackages. Therefor you as a package maintainer must call fdupes only on directories won't be slitted across packages. I have had the same problem in openjdk package, so you're not alone who have faced this problem.
Comment 5 Johannes Meixner 2012-10-12 09:57:05 UTC 
Many thanks for the fast response!

Because I provide HPLIP in the Printing project also
for older products like SLE_11, SLE_11_SP1, SLE_11_SP2
I cannot use "fdupes -p" (I must work with what I get
in the build environments).

For my "hplip" package I will exchange the dumb
%fdupes -s %{buildroot}
call by a more specific call (or calls) only for
particular directories where linking files with
same content should be safe.


Regarding complete path checking:

I think the security experts should decide this because
this is too complicated for me - e.g. what about if there
are links in the path or what about different filesystems
under different path with different capabilities regarding
access permissions e.g. ACLs or such stuff...


Regarding %fdupes links across sub-package boundaries:

One more reason to have this issue reported under "BuildService"
to have them at least aware of the issue.

rpmlint does not show a dangling symlink warning in any case
when there are links across sub-package boundaries.

Currently I get for hplip only:
-------------------------------------------------------------------------
$ osc remotebuildlog Printing hplip openSUSE_12.2 i586 | grep dangling

[  566s] hplip.i586: W: dangling-symlink
 /usr/share/hplip/fax/pstotiff.types /etc/cups/pstotiff.types

[  566s] hplip.i586: W: dangling-symlink
 /usr/share/hplip/fax/pstotiff.convs /etc/cups/pstotiff.convs
-------------------------------------------------------------------------

rpmlint finds links from the main package to files in a sub-package
but not links from a sub-package to files in the main package.

And the above dangling-symlink warnings are false-positives
because here the main package requires the sub-package.
Comment 6 Michal Vyskocil 2012-10-12 10:16:46 UTC 
(In reply to comment #5)
> Many thanks for the fast response!
> 
> Because I provide HPLIP in the Printing project also
> for older products like SLE_11, SLE_11_SP1, SLE_11_SP2
> I cannot use "fdupes -p" (I must work with what I get
> in the build environments).

That't not hard - if you have useforbuild option enabled, just link the fdupes package from openSUSE:Factory to your project (and limit the build on older distributions) once the fixed version appear here. Then the fixed package will be installed in your buildroot and -p will be used automatically.

> 
> Regarding complete path checking:
> 
> I think the security experts should decide this because
> this is too complicated for me - e.g. what about if there
> are links in the path or what about different filesystems
> under different path with different capabilities regarding
> access permissions e.g. ACLs or such stuff...

sure - that's still an opened question to @security-team.

> 
> 
> Regarding %fdupes links across sub-package boundaries:
> 
> One more reason to have this issue reported under "BuildService"
> to have them at least aware of the issue.
> 
> rpmlint does not show a dangling symlink warning in any case
> when there are links across sub-package boundaries.

Can I ask you to split this particular issue to the separate bug? You can simply clone this one and limit it to the dangling symlink problem. I'll move this one to factory then.
Comment 7 Johannes Meixner 2012-10-12 11:12:56 UTC 
I filed
bnc#784869 (rpmlint should warn about all links across sub-package boundaries)
Comment 8 Bernhard Wiedemann 2012-10-16 12:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (784670) was mentioned in
https://build.opensuse.org/request/show/138347 Factory / fdupes
Comment 9 Marcus Meissner 2012-10-19 11:28:01 UTC 
Can we identify the affected packages of case 1 mixed permissions/ownerships?

especially as we cannot rebuild all of the distro on a whim
Comment 10 Bernhard Wiedemann 2012-10-22 14:00:21 UTC 
This is an autogenerated message for OBS integration:
This bug (784670) was mentioned in
https://build.opensuse.org/request/show/139002 Factory / fdupes
Comment 11 Bernhard Wiedemann 2012-10-25 11:00:18 UTC 
This is an autogenerated message for OBS integration:
This bug (784670) was mentioned in
https://build.opensuse.org/request/show/139254 Factory / fdupes
Comment 12 Michal Vyskocil 2012-10-25 13:00:35 UTC 
(In reply to comment #9)
> Can we identify the affected packages of case 1 mixed permissions/ownerships?

Store all build logs from Factory, trigger the complete rebuild and review the rpmling warnings for duplicated files?
Comment 13 Marcus Meissner 2012-10-25 16:34:17 UTC 
I did a project linked home:msmeissn:fdupes, with a fdupes that exti(1) on such mode mismatch cases and will rebuild factory, 12.2 and 12.1 on that.
Comment 14 Michal Vyskocil 2012-10-26 13:20:52 UTC 
Cool, then I'll prepare the maintenance update ...
Comment 15 Marcus Meissner 2012-10-30 13:15:29 UTC 
12.2:

antlr
dicts
docbook-xsl-stylesheets
erlang
gimp-help
gnome-blog
hawk
hplip
ipsec-tools
kernel-source
leechcraft
mono-core
ndoutils
python-M2Crypto
texlive-bin
virtualbox
Comment 16 Marcus Meissner 2012-10-30 13:18:06 UTC 
Created attachment 511349 [details]
fdupes-opensuse12.2.log

list of file permission mismatches during fdupes.

we do not need to fix them all I think.
Comment 17 Michal Vyskocil 2012-10-31 10:27:42 UTC 
(In reply to comment #15)
> 12.2:
> 
> antlr

there are different permissions in header files in examples/, no need to update, fixed in factory

The rest is WIP
Comment 18 Michal Vyskocil 2012-10-31 10:41:29 UTC 
(In reply to comment #15)
> 12.2:
> 
> dicts

0644 vs 0640 in COPYING files, not need to update

> docbook-xsl-stylesheets

don't know - Karl, please check the log in comment#16 if the link was intentional, or not

> erlang

don't know - Sascha, please check the log in comment#16 if the link was intentional, or not

> gimp-help

one png file got 0755, no need to update

> gnome-blog

don't know, gnome maintainers, please check the log in comment#16 to realize if link was intentional, or not

> hawk

no needed, 0664 vc 0644 in COPYING

> hplip

this one triggers the bug, so I would say we need to rebuit it

> ipsec-tools

not needed, some 0600 vc 0644 in examples

> kernel-source

0755 vs 0644 in header files, not needed to update

> leechcraft

a lot of 0755 vs 0644 differences in images

> mono-core

Andrew, please please check the log in comment#16 to realize if link was intentional, or not - to me it seems like packaging bug

> ndoutils

0755 vs 0644 in png files, not needed to update

> python-M2Crypto

sascha, next your package, please check

> texlive-bin

0755 vs 0644 in some data files, no need to update

> virtualbox

there are some so files with 0644, michal, please review the log in comment#16 - it seems like packaging bug
Comment 19 Bernhard Wiedemann 2012-10-31 11:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (784670) was mentioned in
https://build.opensuse.org/request/show/139823 Factory / antlr
Comment 20 Sascha Peilicke 2012-10-31 13:17:30 UTC 
(In reply to comment #18)
> > erlang
> 
> don't know - Sascha, please check the log in comment#16 if the link was
> intentional, or not
False positive, the script is comparing different files, no?

erlang.i586.log:[  947s] files 
erlang-R14B04-3.2.1.i386//usr/lib/erlang/erts-5.8.5/bin/start_erl.src and 
erlang-R14B04-3.2.1.i386//usr/lib/erlang/bin/start_erl
compare 100644 vs 100755, but modes are different!

> 
> > python-M2Crypto
> 
> sascha, next your package, please check
python-M2Crypto.i586.log:[   72s] files 
./M2Crypto/BN.py and 
./build/lib.linux-i686-2.7/M2Crypto/BN.py
compare 100755 vs 100644, but modes are different!

Dito, BN.py is installed only once (i.e. not linked). So I limited the scope of fdupes, see sr#139855. Not worth an update to 12.2 IMO.
Comment 21 Michal Vyskocil 2012-10-31 13:46:12 UTC 
I've take some time and fixed few packages from the list

dicts:       request 139832 to Base:System
gimp-help:   request 139848 to GNOME:Apps
ipsec-tools: request 139850 to security
leechcraft:  request 139859 network
ndoutils:    request 139858 to server:monitoring

those I have skipped

hawk:        N/A - not building atm
kernel-source: N/A - don't know how to fix, probably patch to
http://gitorious.org/opensuse/kernel-source/blobs/master/rpm/kernel-source.spec.in
texlive-bin: not sure I want to perform the test build ...
Comment 22 Karl Eichwalder 2012-10-31 13:52:24 UTC 
(In reply to comment #18)

> > docbook-xsl-stylesheets
> 
> don't know - Karl, please check the log in comment#16 if the link was
> intentional, or not

Not nice, but in the worst case there are just links from /usr/share/xml/docbook/stylesheet/$SOME/$THING to /usr/bin/$SCRIPT executables such as

ls -l /usr/share/xml/docbook/stylesheet/nwalsh/1.77.1/epub/bin/dbtoepub
lrwxrwxrwx 1 root root 36 Sep 12 11:30 /usr/share/xml/docbook/stylesheet/nwalsh/1.77.1/epub/bin/dbtoepub -> ../../../../../../../../bin/dbtoepub*

DO you think that that's ok?
Comment 23 Marcus Meissner 2012-10-31 13:59:47 UTC 
these warnings from the logfile 
erlang.i586.log:[  947s] files 
erlang-R14B04-3.2.1.i386//usr/lib/erlang/erts-5.8.5/bin/start_erl.src and 
erlang-R14B04-3.2.1.i386//usr/lib/erlang/bin/start_erl

mean the file have the exact same content bytewise, but different modes, and the fdupes run would chose one set of these modes. (probably at random, depending on filetree walk order).

Cross package symlinks should be fixed too, but probably are not that much of an issue.
Comment 24 Bernhard Wiedemann 2012-10-31 14:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (784670) was mentioned in
https://build.opensuse.org/request/show/139855 Factory / python-M2Crypto
Comment 25 Michal Vyskocil 2012-10-31 14:05:40 UTC 
(In reply to comment #23)
> (probably at random, depending on filetree walk order).

It is actually not random - old fdupes sorts by name, the 1.5.0RC2 in Factory sorts by mtab. However from packager's point of view it's random.
Comment 26 Michal Vyskocil 2012-10-31 14:09:45 UTC 
(In reply to comment #22)
> Not nice, but in the worst case there are just links from
> /usr/share/xml/docbook/stylesheet/$SOME/$THING to /usr/bin/$SCRIPT executables
> such as
> 
> ls -l /usr/share/xml/docbook/stylesheet/nwalsh/1.77.1/epub/bin/dbtoepub
> lrwxrwxrwx 1 root root 36 Sep 12 11:30
> /usr/share/xml/docbook/stylesheet/nwalsh/1.77.1/epub/bin/dbtoepub ->
> ../../../../../../../../bin/dbtoepub*
> 
> DO you think that that's ok?

I would say no need to maintenance update - in the worst case you'll end with /usr/bin/$SCRIPT beeing a symlink to 0644 file, which breaks the package, but it's not a security issue.

However you should change the mode of all $HOME/$THING to 0755, because fdupes now sorts according mtab, so the 0644 /usr/bin symlink might happen.
Comment 27 Karl Eichwalder 2012-10-31 14:22:31 UTC 
Ok, but why does fdupes create links if the permissions or modes are different?
Comment 28 Marcus Meissner 2012-10-31 14:27:06 UTC 
karl, it did not check this fact... it only compared file content up to now. Thats the bug :/
Comment 29 Karl Eichwalder 2012-10-31 14:41:27 UTC 
Yes, but we will fix it for Factory?  I do not understand, why Michal says:

"However you should change the mode of all $HOME/$THING to 0755, because fdupes
now sorts according mtab, so the 0644 /usr/bin symlink might happen."

Shall I do this for 12.2?  Or for Factory (just for sure?)?
Comment 30 Bernhard Wiedemann 2012-10-31 15:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (784670) was mentioned in
https://build.opensuse.org/request/show/139862 Factory / ipsec-tools
https://build.opensuse.org/request/show/139863 Factory / dicts
Comment 31 Bernhard Wiedemann 2012-10-31 20:00:08 UTC 
This is an autogenerated message for OBS integration:
This bug (784670) was mentioned in
https://build.opensuse.org/request/show/139890 Factory / ndoutils
Comment 32 Michal Vyskocil 2012-11-01 08:40:32 UTC 
(In reply to comment #29)
> Yes, but we will fix it for Factory?  I do not understand, why Michal says:

Hi Karl, sorry for beeing cryptic

> "However you should change the mode of all $HOME/$THING to 0755, because fdupes
> now sorts according mtab, so the 0644 /usr/bin symlink might happen."

The SUSE patched fdupes sort duplicates according name - that means, the output for docbook package was

usr/bin/dbtoepub
usr/share/xml/docbook/stylesheet/nwalsh/1.77.1/epub/bin/dbtoepub

so the %fdupes macro left the first line untouched and converted all others to a link.

But that have changed in Factory, because in fdupes 1.5 upstream have added the sorting according mtime. I did not want to deviate from upstream much, but it's no longer guaranteed that shorter path will win. On the other hand, %fdupes no longer link files with different uid/gid/permissions, so that's not the big issue.

> 
> Shall I do this for 12.2?  Or for Factory (just for sure?)?

Factory is enough.
Comment 33 Jiri Bohac 2013-09-19 14:46:22 UTC 
*** Bug 840812 has been marked as a duplicate of this bug. ***
Comment 35 Dominique Leuenberger 2016-11-03 21:54:21 UTC 
Assigning to Simon: you promised to confirm closure here
Comment 36 Simon Lees 2016-11-03 23:13:39 UTC 
This issue was fixed long ago and should be closed (Reassigning to security as a security issue).
Comment 37 Bernhard Wiedemann 2017-11-29 17:50:09 UTC 
This is an autogenerated message for OBS integration:
This bug (784670) was mentioned in
https://build.opensuse.org/request/show/546499 Factory / gimp-help
Comment 38 Swamp Workflow Management 2018-04-17 10:00:25 UTC 
This is an autogenerated message for OBS integration:
This bug (784670) was mentioned in
https://build.opensuse.org/request/show/597389 15.0 / erlang
Comment 39 Swamp Workflow Management 2022-02-16 20:38:49 UTC 
SUSE-FU-2022:0454-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 40 Swamp Workflow Management 2022-02-16 21:12:26 UTC 
SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668
CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 12-BETA (src):    venv-salt-minion-3002.2-3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 41 Swamp Workflow Management 2022-02-16 21:48:03 UTC 
SUSE-FU-2022:0456-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 42 Swamp Workflow Management 2022-02-16 22:14:46 UTC 
SUSE-FU-2022:0450-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 43 Swamp Workflow Management 2022-02-16 22:41:16 UTC 
SUSE-FU-2022:0444-1: An update that solves 51 vulnerabilities, contains 21 features and has 249 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-9015,CVE-2017-18342,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 15-BETA (src):    venv-salt-minion-3002.2-159000.3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 44 Swamp Workflow Management 2022-02-16 23:08:23 UTC 
SUSE-FU-2022:0452-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 45 Swamp Workflow Management 2022-02-16 23:35:24 UTC 
SUSE-FU-2022:0447-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
First Last Prev Next    This bug is not in your last search results.