SUSE-SU-2024:4433-1: moderate: Security update for govulncheck-vulndb
openSUSE-SU-2024:14610-1: moderate: assimp-devel-5.4.3-3.1 on GA media
openSUSE-SU-2024:14611-1: moderate: libQt6Pdf6-6.8.1-2.1 on GA media
SUSE-SU-2024:4436-1: moderate: Security update for grpc
SUSE-SU-2024:4435-1: moderate: Security update for poppler
SUSE-SU-2024:4433-1: moderate: Security update for govulncheck-vulndb
# Security update for govulncheck-vulndb
Announcement ID: SUSE-SU-2024:4433-1
Release Date: 2024-12-30T08:24:02Z
Rating: moderate
References:
* jsc#PED-11136
Affected Products:
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP5
* SUSE Package Hub 15 15-SP6
An update that contains one feature can now be installed.
## Description:
This update for govulncheck-vulndb fixes the following issues:
* Update to version 0.0.20241218T202206 2024-12-18T20:22:06Z. (jsc#PED-11136)
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3333
* Update to version 0.0.20241218T163557 2024-12-18T16:35:57Z. (jsc#PED-11136)
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3331 GHSA-9j3m-fr7q-jxfw
* GO-2024-3334 GHSA-qqc8-rv37-79q5
* GO-2024-3335 GHSA-xx83-cxmq-x89m
* GO-2024-3336 GHSA-cwq8-g58r-32hg
* GO-2024-3337 GHSA-69pr-78gv-7c6h
* GO-2024-3338 GHSA-826h-p4c3-477p
* GO-2024-3339 GHSA-8wcc-m6j2-qxvm
* GO-2024-3340 GHSA-v647-h8jj-fw5r
* Update to version 0.0.20241213T205935 2024-12-13T20:59:35Z. (jsc#PED-11136)
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2022-0635 GHSA-7f33-f4f5-xwgw
* GO-2022-0646 GHSA-f5pg-7wfw-84q9
* GO-2022-0828 GHSA-fx8w-mjvm-hvpc
* GO-2023-2170 GHSA-q78c-gwqw-jcmc
* GO-2023-2330 GHSA-7fxm-f474-hf8w
* GO-2024-2901 GHSA-8hqg-whrw-pv92
* GO-2024-3104 GHSA-846m-99qv-67mg
* GO-2024-3122 GHSA-q3hw-3gm4-w5cr
* GO-2024-3140 GHSA-xxxw-3j6h-q7h6
* GO-2024-3169 GHSA-fhqq-8f65-5xfc
* GO-2024-3186 GHSA-586p-749j-fhwp
* GO-2024-3205 GHSA-xhr3-wf7j-h255
* GO-2024-3218 GHSA-mqr9-hjr8-2m9w
* GO-2024-3245 GHSA-95j2-w8x7-hm88
* GO-2024-3248 GHSA-p26r-gfgc-c47h
* GO-2024-3259 GHSA-p7mv-53f2-4cwj
* GO-2024-3265 GHSA-gppm-hq3p-h4rp
* GO-2024-3268 GHSA-r864-28pw-8682
* GO-2024-3279 GHSA-7225-m954-23v7
* GO-2024-3282 GHSA-r4pg-vg54-wxx4
* GO-2024-3286 GHSA-27wf-5967-98gx
* GO-2024-3293
* GO-2024-3295 GHSA-55v3-xh23-96gh
* GO-2024-3302 GHSA-px8v-pp82-rcvr
* GO-2024-3306 GHSA-7mwh-q3xm-qh6p
* GO-2024-3312 GHSA-4c49-9fpc-hc3v
* GO-2024-3313 GHSA-jpmc-7p9c-4rxf
* GO-2024-3314 GHSA-c2xf-9v2r-r2rx
* GO-2024-3315
* GO-2024-3319 GHSA-vmg2-r3xv-r3xf
* GO-2024-3321 GHSA-v778-237x-gjrc
* GO-2024-3323 GHSA-25w9-wqfq-gwqx
* GO-2024-3324 GHSA-4pjc-pwgq-q9jp
* GO-2024-3325 GHSA-c7xh-gjv4-4jgv
* GO-2024-3326 GHSA-fqj6-whhx-47p7
* GO-2024-3327 GHSA-xx68-37v4-4596
* GO-2024-3330 GHSA-7prj-hgx4-2xc3
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-4433=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-4433=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4433=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4433=1
## Package List:
* openSUSE Leap 15.5 (noarch)
* govulncheck-vulndb-0.0.20241218T202206-150000.1.23.1
* openSUSE Leap 15.6 (noarch)
* govulncheck-vulndb-0.0.20241218T202206-150000.1.23.1
* SUSE Package Hub 15 15-SP5 (noarch)
* govulncheck-vulndb-0.0.20241218T202206-150000.1.23.1
* SUSE Package Hub 15 15-SP6 (noarch)
* govulncheck-vulndb-0.0.20241218T202206-150000.1.23.1
## References:
* https://jira.suse.com/browse/PED-11136
openSUSE-SU-2024:14610-1: moderate: assimp-devel-5.4.3-3.1 on GA media
# assimp-devel-5.4.3-3.1 on GA media
Announcement ID: openSUSE-SU-2024:14610-1
Rating: moderate
Cross-References:
* CVE-2024-48423
* CVE-2024-48424
* CVE-2024-48425
* CVE-2024-53425
CVSS scores:
* CVE-2024-48423 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2024-48424 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-48425 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53425 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Tumbleweed
An update that solves 4 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the assimp-devel-5.4.3-3.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* assimp-devel 5.4.3-3.1
* libassimp5 5.4.3-3.1
## References:
* https://www.suse.com/security/cve/CVE-2024-48423.html
* https://www.suse.com/security/cve/CVE-2024-48424.html
* https://www.suse.com/security/cve/CVE-2024-48425.html
* https://www.suse.com/security/cve/CVE-2024-53425.html
openSUSE-SU-2024:14611-1: moderate: libQt6Pdf6-6.8.1-2.1 on GA media
# libQt6Pdf6-6.8.1-2.1 on GA media
Announcement ID: openSUSE-SU-2024:14611-1
Rating: moderate
Cross-References:
* CVE-2024-40896
CVSS scores:
* CVE-2024-40896 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
* CVE-2024-40896 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the libQt6Pdf6-6.8.1-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* libQt6Pdf6 6.8.1-2.1
* libQt6PdfQuick6 6.8.1-2.1
* libQt6PdfWidgets6 6.8.1-2.1
* libQt6WebEngineCore6 6.8.1-2.1
* libQt6WebEngineQuick6 6.8.1-2.1
* libQt6WebEngineWidgets6 6.8.1-2.1
* qt6-pdf-devel 6.8.1-2.1
* qt6-pdf-imports 6.8.1-2.1
* qt6-pdf-private-devel 6.8.1-2.1
* qt6-pdfquick-devel 6.8.1-2.1
* qt6-pdfquick-private-devel 6.8.1-2.1
* qt6-pdfwidgets-devel 6.8.1-2.1
* qt6-pdfwidgets-private-devel 6.8.1-2.1
* qt6-webengine 6.8.1-2.1
* qt6-webengine-examples 6.8.1-2.1
* qt6-webengine-imports 6.8.1-2.1
* qt6-webenginecore-devel 6.8.1-2.1
* qt6-webenginecore-private-devel 6.8.1-2.1
* qt6-webenginequick-devel 6.8.1-2.1
* qt6-webenginequick-private-devel 6.8.1-2.1
* qt6-webenginewidgets-devel 6.8.1-2.1
* qt6-webenginewidgets-private-devel 6.8.1-2.1
## References:
* https://www.suse.com/security/cve/CVE-2024-40896.html
SUSE-SU-2024:4436-1: moderate: Security update for grpc
# Security update for grpc
Announcement ID: SUSE-SU-2024:4436-1
Release Date: 2024-12-30T13:23:26Z
Rating: moderate
References:
* bsc#1228919
* bsc#1233821
Cross-References:
* CVE-2024-11407
* CVE-2024-7246
CVSS scores:
* CVE-2024-11407 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green
* CVE-2024-11407 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H
* CVE-2024-11407 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green
* CVE-2024-7246 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
* CVE-2024-7246 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Affected Products:
* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* Public Cloud Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves two vulnerabilities can now be installed.
## Description:
This update for grpc fixes the following issues:
* CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a
HTTP/2 proxy. (bsc#1228919)
* CVE-2024-11407: data corruption on servers with transmit zero copy enabled.
(bsc#1233821)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-4436=1 openSUSE-SLE-15.5-2024-4436=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-4436=1
* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-4436=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* grpc-devel-1.60.0-150500.11.8.1
* libupb37-1.60.0-150500.11.8.1
* libgrpc++1_60-1.60.0-150500.11.8.1
* libgrpc++1_60-debuginfo-1.60.0-150500.11.8.1
* libgrpc37-debuginfo-1.60.0-150500.11.8.1
* libgrpc1_60-1.60.0-150500.11.8.1
* upb-devel-1.60.0-150500.11.8.1
* libgrpc1_60-debuginfo-1.60.0-150500.11.8.1
* libupb37-debuginfo-1.60.0-150500.11.8.1
* grpc-devel-debuginfo-1.60.0-150500.11.8.1
* grpc-debuginfo-1.60.0-150500.11.8.1
* libgrpc37-1.60.0-150500.11.8.1
* grpc-debugsource-1.60.0-150500.11.8.1
* openSUSE Leap 15.5 (noarch)
* grpc-source-1.60.0-150500.11.8.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* grpc-devel-1.60.0-150500.11.8.1
* libupb37-1.60.0-150500.11.8.1
* libgrpc++1_60-1.60.0-150500.11.8.1
* libgrpc++1_60-debuginfo-1.60.0-150500.11.8.1
* libgrpc37-debuginfo-1.60.0-150500.11.8.1
* libgrpc1_60-1.60.0-150500.11.8.1
* libgrpc1_60-debuginfo-1.60.0-150500.11.8.1
* libupb37-debuginfo-1.60.0-150500.11.8.1
* grpc-debuginfo-1.60.0-150500.11.8.1
* libgrpc37-1.60.0-150500.11.8.1
* grpc-debugsource-1.60.0-150500.11.8.1
* Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libupb37-1.60.0-150500.11.8.1
* libgrpc37-debuginfo-1.60.0-150500.11.8.1
* libgrpc1_60-1.60.0-150500.11.8.1
* libgrpc1_60-debuginfo-1.60.0-150500.11.8.1
* libupb37-debuginfo-1.60.0-150500.11.8.1
* grpc-debuginfo-1.60.0-150500.11.8.1
* libgrpc37-1.60.0-150500.11.8.1
* grpc-debugsource-1.60.0-150500.11.8.1
## References:
* https://www.suse.com/security/cve/CVE-2024-11407.html
* https://www.suse.com/security/cve/CVE-2024-7246.html
* https://bugzilla.suse.com/show_bug.cgi?id=1228919
* https://bugzilla.suse.com/show_bug.cgi?id=1233821
SUSE-SU-2024:4435-1: moderate: Security update for poppler
# Security update for poppler
Announcement ID: SUSE-SU-2024:4435-1
Release Date: 2024-12-30T13:23:04Z
Rating: moderate
References:
* bsc#1234795
Cross-References:
* CVE-2024-56378
CVSS scores:
* CVE-2024-56378 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-56378 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
* CVE-2024-56378 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for poppler fixes the following issues:
* CVE-2024-56378: out-of-bounds read within JBIG2Bitmap::combine, which can
lead to an application crash. (bsc#1234795)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-4435=1 SUSE-2024-4435=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4435=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4435=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libpoppler-qt5-1-debuginfo-24.03.0-150600.3.5.1
* libpoppler-devel-24.03.0-150600.3.5.1
* libpoppler-qt5-devel-24.03.0-150600.3.5.1
* libpoppler-qt6-devel-24.03.0-150600.3.5.1
* libpoppler-qt6-3-24.03.0-150600.3.5.1
* libpoppler-glib8-24.03.0-150600.3.5.1
* libpoppler-qt5-1-24.03.0-150600.3.5.1
* poppler-tools-24.03.0-150600.3.5.1
* poppler-qt5-debugsource-24.03.0-150600.3.5.1
* libpoppler135-24.03.0-150600.3.5.1
* poppler-tools-debuginfo-24.03.0-150600.3.5.1
* poppler-qt6-debugsource-24.03.0-150600.3.5.1
* poppler-debugsource-24.03.0-150600.3.5.1
* libpoppler-cpp0-24.03.0-150600.3.5.1
* libpoppler-glib-devel-24.03.0-150600.3.5.1
* libpoppler-cpp0-debuginfo-24.03.0-150600.3.5.1
* typelib-1_0-Poppler-0_18-24.03.0-150600.3.5.1
* libpoppler135-debuginfo-24.03.0-150600.3.5.1
* libpoppler-qt6-3-debuginfo-24.03.0-150600.3.5.1
* libpoppler-glib8-debuginfo-24.03.0-150600.3.5.1
* openSUSE Leap 15.6 (x86_64)
* libpoppler135-32bit-24.03.0-150600.3.5.1
* libpoppler135-32bit-debuginfo-24.03.0-150600.3.5.1
* libpoppler-qt5-1-32bit-24.03.0-150600.3.5.1
* libpoppler-glib8-32bit-debuginfo-24.03.0-150600.3.5.1
* libpoppler-cpp0-32bit-24.03.0-150600.3.5.1
* libpoppler-qt5-1-32bit-debuginfo-24.03.0-150600.3.5.1
* libpoppler-glib8-32bit-24.03.0-150600.3.5.1
* libpoppler-cpp0-32bit-debuginfo-24.03.0-150600.3.5.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libpoppler-glib8-64bit-debuginfo-24.03.0-150600.3.5.1
* libpoppler-cpp0-64bit-24.03.0-150600.3.5.1
* libpoppler-cpp0-64bit-debuginfo-24.03.0-150600.3.5.1
* libpoppler135-64bit-24.03.0-150600.3.5.1
* libpoppler135-64bit-debuginfo-24.03.0-150600.3.5.1
* libpoppler-qt5-1-64bit-24.03.0-150600.3.5.1
* libpoppler-qt5-1-64bit-debuginfo-24.03.0-150600.3.5.1
* libpoppler-glib8-64bit-24.03.0-150600.3.5.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libpoppler-devel-24.03.0-150600.3.5.1
* poppler-tools-24.03.0-150600.3.5.1
* libpoppler-glib8-24.03.0-150600.3.5.1
* poppler-tools-debuginfo-24.03.0-150600.3.5.1
* libpoppler135-24.03.0-150600.3.5.1
* poppler-debugsource-24.03.0-150600.3.5.1
* libpoppler-cpp0-24.03.0-150600.3.5.1
* libpoppler-glib-devel-24.03.0-150600.3.5.1
* libpoppler-cpp0-debuginfo-24.03.0-150600.3.5.1
* typelib-1_0-Poppler-0_18-24.03.0-150600.3.5.1
* libpoppler135-debuginfo-24.03.0-150600.3.5.1
* libpoppler-glib8-debuginfo-24.03.0-150600.3.5.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* libpoppler-qt5-1-debuginfo-24.03.0-150600.3.5.1
* libpoppler-devel-24.03.0-150600.3.5.1
* libpoppler-qt5-devel-24.03.0-150600.3.5.1
* libpoppler-qt6-devel-24.03.0-150600.3.5.1
* libpoppler-qt6-3-24.03.0-150600.3.5.1
* libpoppler-qt5-1-24.03.0-150600.3.5.1
* poppler-qt6-debugsource-24.03.0-150600.3.5.1
* poppler-debugsource-24.03.0-150600.3.5.1
* libpoppler-cpp0-24.03.0-150600.3.5.1
* libpoppler-cpp0-debuginfo-24.03.0-150600.3.5.1
* libpoppler-qt6-3-debuginfo-24.03.0-150600.3.5.1
* poppler-qt5-debugsource-24.03.0-150600.3.5.1
* SUSE Package Hub 15 15-SP6 (x86_64)
* libpoppler-glib8-32bit-debuginfo-24.03.0-150600.3.5.1
* libpoppler135-32bit-24.03.0-150600.3.5.1
* libpoppler-glib8-32bit-24.03.0-150600.3.5.1
* libpoppler135-32bit-debuginfo-24.03.0-150600.3.5.1
## References:
* https://www.suse.com/security/cve/CVE-2024-56378.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234795