SUSE 5170 Published by

SUSE Linux has undergone multiple security updates, featuring significant updates for ucode-intel, moderate updates for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop, as well as important updates for postgresql and moderate updates for tomcat:

SUSE-SU-2024:4053-1: important: Security update for ucode-intel
SUSE-SU-2024:4054-1: moderate: Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop
SUSE-SU-2024:4063-1: important: Security update for postgresql, postgresql16, postgresql17
openSUSE-SU-2024:14526-1: moderate: tomcat10-10.1.33-1.1 on GA media
openSUSE-SU-2024:14525-1: moderate: tomcat-9.0.97-1.1 on GA media
openSUSE-SU-2024:14524-1: moderate: rclone-1.68.2-2.1 on GA media




SUSE-SU-2024:4053-1: important: Security update for ucode-intel


# Security update for ucode-intel

Announcement ID: SUSE-SU-2024:4053-1
Release Date: 2024-11-26T03:37:12Z
Rating: important
References:

* bsc#1233313

Cross-References:

* CVE-2024-21820
* CVE-2024-21853
* CVE-2024-23918
* CVE-2024-23984
* CVE-2024-24968

CVSS scores:

* CVE-2024-21820 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
* CVE-2024-21820 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
* CVE-2024-21820 ( NVD ): 8.5
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-21820 ( NVD ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
* CVE-2024-21853 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-21853 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-21853 ( NVD ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-21853 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23918 ( SUSE ): 8.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2024-23918 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2024-23918 ( NVD ): 8.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-23918 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2024-23984 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
* CVE-2024-23984 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
* CVE-2024-23984 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-23984 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
* CVE-2024-24968 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-24968 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-24968 ( NVD ): 5.6
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-24968 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP5
* Basesystem Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* openSUSE Leap Micro 5.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves five vulnerabilities can now be installed.

## Description:

This update for ucode-intel fixes the following issues:

* Intel CPU Microcode was updated to the 20241112 release (bsc#1233313)
* CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in
some 4th and 5th Generation Intel Xeon Processors may allow an authorized
user to potentially enable denial of service via local access.
* CVE-2024-23918: Improper conditions check in some Intel Xeon processor
memory controller configurations when using Intel SGX may allow a privileged
user to potentially enable escalation of privilege via local access.
* CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor
memory controller configurations when using Intel SGX may allow a privileged
user to potentially enable escalation of privilege via local access.
* CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in
some Intel Processors may allow an privileged user to potentially enable a
denial of service via local access.
* CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel
Processors may allow a privileged user to potentially enable information
disclosure via local access.
* Update for functional issues. New Platforms: | Processor | Stepping |
F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver |
Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000036 | 00000037 | Core Gen12 | ADL | H0 |
06-97-05/07 | 00000036 | 00000037 | Core Gen12 | ADL | L0 | 06-9a-03/80 |
00000434 | 00000435 | Core Gen12 | ADL | R0 | 06-9a-04/80 | 00000434 |
00000435 | Core Gen12 | EMR-SP | A0 | 06-cf-01/87 | 21000230 | 21000283 |
Xeon Scalable Gen5 | EMR-SP | A1 | 06-cf-02/87 | 21000230 | 21000283 | Xeon
Scalable Gen5 | MTL | C0 | 06-aa-04/e6 | 0000001f | 00000020 | Core:tm: Ultra
Processor | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004122 | 00004123 | Core
Gen13 | RPL-HX/S | C0 | 06-bf-02/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-S | H0 | 06-bf-05/07 | 00000036 | 00000037 | Core Gen13/Gen14 | RPL-U
2+8 | Q0 | 06-ba-03/e0 | 00004122 | 00004123 | Core Gen13 | SPR-SP | E3 |
06-8f-06/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 | SPR-SP | E4/S2 |
06-8f-07/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 | SPR-SP | E5/S3 |
06-8f-08/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 New Disclosures
Updated in Prior Releases: | Processor | Stepping | F-M-S/PI | Old Ver | New
Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | N/A | Xeon D-17xx/D-18xx,
D-27xx/D-28xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | N/A | Xeon
Scalable Gen3

* Intel CPU Microcode was updated to the 20241029 release Update for
functional issues. Updated Platforms: | Processor | Stepping | F-M-S/PI |
Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| RPL-E/HX/S | B0 | 06-b7-01/32 | 00000129 | 0000012b | Core Gen13/Gen14

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap Micro 5.5
zypper in -t patch openSUSE-Leap-Micro-5.5-2024-4053=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-4053=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-4053=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-4053=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-4053=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-4053=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-4053=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-4053=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-4053=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4053=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-4053=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4053=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4053=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4053=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-4053=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-4053=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4053=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4053=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-4053=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4053=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4053=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-4053=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-4053=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-4053=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-4053=1

* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-4053=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-4053=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-4053=1

## Package List:

* openSUSE Leap Micro 5.5 (x86_64)
* ucode-intel-20241112-150200.50.1
* openSUSE Leap 15.5 (x86_64)
* ucode-intel-20241112-150200.50.1
* openSUSE Leap 15.6 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise Micro 5.3 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise Micro 5.4 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* ucode-intel-20241112-150200.50.1
* Basesystem Module 15-SP5 (x86_64)
* ucode-intel-20241112-150200.50.1
* Basesystem Module 15-SP6 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Manager Proxy 4.3 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Manager Server 4.3 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Enterprise Storage 7.1 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise Micro 5.1 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise Micro 5.2 (x86_64)
* ucode-intel-20241112-150200.50.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)
* ucode-intel-20241112-150200.50.1

## References:

* https://www.suse.com/security/cve/CVE-2024-21820.html
* https://www.suse.com/security/cve/CVE-2024-21853.html
* https://www.suse.com/security/cve/CVE-2024-23918.html
* https://www.suse.com/security/cve/CVE-2024-23984.html
* https://www.suse.com/security/cve/CVE-2024-24968.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233313



SUSE-SU-2024:4054-1: moderate: Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop


# Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-
commons, xmlgraphics-fop

Announcement ID: SUSE-SU-2024:4054-1
Release Date: 2024-11-26T05:06:51Z
Rating: moderate
References:

* bsc#1231347
* bsc#1231428

Cross-References:

* CVE-2024-28168

CVSS scores:

* CVE-2024-28168 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-28168 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
* CVE-2024-28168 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* Basesystem Module 15-SP5
* Basesystem Module 15-SP6
* Development Tools Module 15-SP5
* Development Tools Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP6

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons,
xmlgraphics-fop fixes the following issues:

xmlgraphics-fop was updated from version 2.8 to 2.10:

* Security issues fixed:

* CVE-2024-28168: Fixed improper restriction of XML External Entity (XXE)
reference (bsc#1231428)

* Upstream changes and bugs fixed:

* Version 2.10:

* footnote-body ignores rl-tb writing mode
* SVG tspan content is displayed out of place
* Added new schema to handle pdf/a and pdfa/ua
* Correct fop version at runtime
* NoSuchElementException when using font with no family name
* Resolve classpath for binary distribution
* Switch to spotbugs
* Set an automatic module name
* Rename packages to avoid conflicts with modules
* Resize table only for multicolumn page
* Missing jars in servlet
* Optimise performance of PNG with alpha using raw loader
* basic-link not navigating to corresponding footnote
* Added option to sign PDF
* Added secure processing for XSL input
* Allow sections which need security permissions to be run when AllPermission denied in caller code
* Remove unused PDFStructElem
* Remove space generated by fo:wrapper
* Reset content length for table changing ipd
* Added alt text to PDF signature
* Allow change of resource level for SVG in AFP
* Exclude shape not in clipping path for AFP
* Only support 1 column for redo of layout without page pos only
* Switch to Jakarta servlet API
* NPE when list item is split alongside an ipd change
* Added mandatory MODCA triplet to AFP
* Redo layout for multipage columns
* Added image mask option for AFP
* Skip written block ipds inside float
* Allow curly braces for src url
* Missing content for last page with change ipd
* Added warning when different pdf languages are used
* Only restart line manager when there is a linebreak for blocklayout
* Version 2.9:

* Values in PDF Number Trees must be indirect references
* Do not delete files on syntax errors using command line
* Surrogate pair edge-case causes Exception
* Reset character spacing
* SVG text containing certain glyphs isn't rendered
* Remove duplicate classes from maven classpath
* Allow use of page position only on redo of layout
* Failure to render multi-block itemBody alongside float
* Update to PDFBox 2.0.27
* NPE if link destination is missing with accessibility
* Make property cache thread safe
* Font size was rounded to 0 for AFP TTF
* Cannot process a SVG using mvn jars
* Remove serializer jar
* Allow creating a PDF 2.0 document
* Text missing after page break inside table inline
* IllegalArgumentException for list in a table
* Table width may be too wide when layout width changes
* NPE when using broken link and PDF 1.5
* Allow XMP at PDF page level
* Symbol font was not being mapped to unicode
* Correct font differences table for Chrome
* Link against Java 8 API
* Added support for font-selection-strategy=character-by-character
* Merge form fields in external PDFs
* Fixed test for Java 11

xmlgraphics-batik was updated from version 1.17 to 1.18:

* PNG transcoder references nonexistent class
* Set offset to 0 if missing in stop tag
* Validate throws NPE
* Fixed missing arabic characters
* Animated rotate tranform ignores y-origin at exactly 270 degrees
* Set an automatic module name
* Ignore inkscape properties
* Switch to spotbugs
* Allow source and target resolution configuration

xmlgraphics-commons was updated from version 2.8 to 2.10:

* Fixed test for Java 11
* Allow XMP at PDF page level
* Allow source resolution configuration
* Added new schema to handle pdf/a and pdfa/ua
* Set an automatic module name
* Switch to spotbugs
* Do not use a singleton for ImageImplRegistry

javapackages-tools was updated from version 6.3.0 to 6.3.4:

* Version 6.3.4:

* A corner case when which is not present

* Remove dependency on which
* Simplify after the which -> type -p change
* jpackage_script: Remove pointless assignment when %java_home is unset
* Don't export JAVA_HOME (bsc#1231347)

* Version 6.3.2:

* Search for JAVACMD under JAVA_HOME only if it's set

* Obsolete set_jvm and set_jvm_dirs functions
* Drop unneeded _set_java_home function
* Remove JAVA_HOME check from check_java_env function
* Bump codecov/codecov-action from 2.0.2 to 4.6.0
* Bump actions/setup-python from 4 to 5
* Bump actions/checkout from 2 to 4
* Added custom dependabot config
* Remove the test for JAVA_HOME and error if it is not set
* java-functions: Remove unneeded local variables
* Fixed build status shield

* Version 6.3.1:

* Allow missing components with abs2rel

* Fixed tests with python 3.4
* Sync spec file from Fedora
* Drop default JRE/JDK
* Fixed the use of java-functions in scripts
* Test that we don't bomb on
* Test variable expansion in artifactId
* Interpolate properties also in the current artifact
* Rewrite abs2rel in shell
* Use asciidoctor instead of asciidoc
* Fixed incompatibility with RPM 4.20
* Reproducible exclusions order in maven metadata
* Do not bomb on construct
* Make maven_depmap order of aliases reproducible

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-4054=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-4054=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-4054=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4054=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-4054=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-4054=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4054=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-4054=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4054=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4054=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4054=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-4054=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-4054=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4054=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4054=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-4054=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4054=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4054=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-4054=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-4054=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-4054=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-4054=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* openSUSE Leap 15.5 (noarch)
* xmlgraphics-batik-svgpp-1.18-150200.4.10.2
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* xmlgraphics-batik-javadoc-1.18-150200.4.10.2
* xmlgraphics-batik-ttf2svg-1.18-150200.4.10.2
* python3-javapackages-6.3.4-150200.3.15.1
* xmlgraphics-batik-squiggle-1.18-150200.4.10.2
* xmlgraphics-fop-2.10-150200.13.10.1
* xmlgraphics-commons-javadoc-2.10-150200.3.10.2
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* javapackages-local-6.3.4-150200.3.15.1
* xmlgraphics-batik-rasterizer-1.18-150200.4.10.2
* xmlgraphics-batik-css-1.18-150200.4.10.2
* xmlgraphics-batik-demo-1.18-150200.4.10.2
* xmlgraphics-batik-slideshow-1.18-150200.4.10.2
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* openSUSE Leap 15.6 (noarch)
* xmlgraphics-batik-svgpp-1.18-150200.4.10.2
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* xmlgraphics-batik-javadoc-1.18-150200.4.10.2
* xmlgraphics-batik-ttf2svg-1.18-150200.4.10.2
* python3-javapackages-6.3.4-150200.3.15.1
* xmlgraphics-batik-squiggle-1.18-150200.4.10.2
* xmlgraphics-fop-2.10-150200.13.10.1
* xmlgraphics-commons-javadoc-2.10-150200.3.10.2
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* javapackages-local-6.3.4-150200.3.15.1
* xmlgraphics-batik-rasterizer-1.18-150200.4.10.2
* xmlgraphics-batik-css-1.18-150200.4.10.2
* xmlgraphics-batik-demo-1.18-150200.4.10.2
* xmlgraphics-batik-slideshow-1.18-150200.4.10.2
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* Basesystem Module 15-SP5 (noarch)
* python3-javapackages-6.3.4-150200.3.15.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* Basesystem Module 15-SP6 (noarch)
* python3-javapackages-6.3.4-150200.3.15.1
* Development Tools Module 15-SP5 (noarch)
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* xmlgraphics-fop-2.10-150200.13.10.1
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* javapackages-local-6.3.4-150200.3.15.1
* xmlgraphics-batik-css-1.18-150200.4.10.2
* Development Tools Module 15-SP6 (noarch)
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* javapackages-local-6.3.4-150200.3.15.1
* SUSE Package Hub 15 15-SP6 (noarch)
* xmlgraphics-batik-css-1.18-150200.4.10.2
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* python3-javapackages-6.3.4-150200.3.15.1
* xmlgraphics-fop-2.10-150200.13.10.1
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* javapackages-local-6.3.4-150200.3.15.1
* xmlgraphics-batik-css-1.18-150200.4.10.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* python3-javapackages-6.3.4-150200.3.15.1
* xmlgraphics-fop-2.10-150200.13.10.1
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* javapackages-local-6.3.4-150200.3.15.1
* xmlgraphics-batik-css-1.18-150200.4.10.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* python3-javapackages-6.3.4-150200.3.15.1
* xmlgraphics-fop-2.10-150200.13.10.1
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* javapackages-local-6.3.4-150200.3.15.1
* xmlgraphics-batik-css-1.18-150200.4.10.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* python3-javapackages-6.3.4-150200.3.15.1
* xmlgraphics-fop-2.10-150200.13.10.1
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* javapackages-local-6.3.4-150200.3.15.1
* xmlgraphics-batik-css-1.18-150200.4.10.2
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* python3-javapackages-6.3.4-150200.3.15.1
* xmlgraphics-fop-2.10-150200.13.10.1
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* javapackages-local-6.3.4-150200.3.15.1
* xmlgraphics-batik-css-1.18-150200.4.10.2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* python3-javapackages-6.3.4-150200.3.15.1
* xmlgraphics-fop-2.10-150200.13.10.1
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* javapackages-local-6.3.4-150200.3.15.1
* xmlgraphics-batik-css-1.18-150200.4.10.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* python3-javapackages-6.3.4-150200.3.15.1
* xmlgraphics-fop-2.10-150200.13.10.1
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* javapackages-local-6.3.4-150200.3.15.1
* xmlgraphics-batik-css-1.18-150200.4.10.2
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* python3-javapackages-6.3.4-150200.3.15.1
* xmlgraphics-fop-2.10-150200.13.10.1
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* javapackages-local-6.3.4-150200.3.15.1
* xmlgraphics-batik-css-1.18-150200.4.10.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* python3-javapackages-6.3.4-150200.3.15.1
* xmlgraphics-fop-2.10-150200.13.10.1
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* javapackages-local-6.3.4-150200.3.15.1
* xmlgraphics-batik-css-1.18-150200.4.10.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* python3-javapackages-6.3.4-150200.3.15.1
* xmlgraphics-fop-2.10-150200.13.10.1
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* javapackages-local-6.3.4-150200.3.15.1
* xmlgraphics-batik-css-1.18-150200.4.10.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* python3-javapackages-6.3.4-150200.3.15.1
* xmlgraphics-fop-2.10-150200.13.10.1
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* javapackages-local-6.3.4-150200.3.15.1
* xmlgraphics-batik-css-1.18-150200.4.10.2
* SUSE Manager Proxy 4.3 (x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* SUSE Manager Proxy 4.3 (noarch)
* python3-javapackages-6.3.4-150200.3.15.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* python3-javapackages-6.3.4-150200.3.15.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* SUSE Manager Server 4.3 (noarch)
* python3-javapackages-6.3.4-150200.3.15.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* javapackages-filesystem-6.3.4-150200.3.15.1
* javapackages-tools-6.3.4-150200.3.15.1
* SUSE Enterprise Storage 7.1 (noarch)
* javapackages-ivy-6.3.4-150200.3.15.1
* javapackages-gradle-6.3.4-150200.3.15.1
* python3-javapackages-6.3.4-150200.3.15.1
* xmlgraphics-fop-2.10-150200.13.10.1
* xmlgraphics-commons-2.10-150200.3.10.2
* xmlgraphics-batik-1.18-150200.4.10.2
* javapackages-local-6.3.4-150200.3.15.1
* xmlgraphics-batik-css-1.18-150200.4.10.2

## References:

* https://www.suse.com/security/cve/CVE-2024-28168.html
* https://bugzilla.suse.com/show_bug.cgi?id=1231347
* https://bugzilla.suse.com/show_bug.cgi?id=1231428



SUSE-SU-2024:4063-1: important: Security update for postgresql, postgresql16, postgresql17


# Security update for postgresql, postgresql16, postgresql17

Announcement ID: SUSE-SU-2024:4063-1
Release Date: 2024-11-26T09:16:21Z
Rating: important
References:

* bsc#1219340
* bsc#1230423
* bsc#1233323
* bsc#1233325
* bsc#1233326
* bsc#1233327
* jsc#PED-11514

Cross-References:

* CVE-2024-10976
* CVE-2024-10977
* CVE-2024-10978
* CVE-2024-10979

CVSS scores:

* CVE-2024-10976 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-10976 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-10977 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2024-10977 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2024-10978 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-10978 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-10979 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-10979 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves four vulnerabilities, contains one feature and has two
security fixes can now be installed.

## Description:

This update for postgresql, postgresql16, postgresql17 fixes the following
issues:

This update ships postgresql17 , and fixes security issues with postgresql16:

* bsc#1230423: Relax the dependency of extensions on the server version from
exact major.minor to greater or equal, after Tom Lane confirmed on the
PostgreSQL packagers list that ABI stability is being taken care of between
minor releases.

* bsc#1219340: The last fix was not correct. Improve it by removing the
dependency again and call fillup only if it is installed.

postgresql16 was updated to 16.6: * Repair ABI break for extensions that work
with struct ResultRelInfo. * Restore functionality of ALTER {ROLE|DATABASE} SET
role. * Fix cases where a logical replication slot's restart_lsn could go
backwards. * Avoid deleting still-needed WAL files during pg_rewind. * Fix race
conditions associated with dropping shared statistics entries. * Count index
scans in contrib/bloom indexes in the statistics views, such as the
pg_stat_user_indexes.idx_scan counter. * Fix crash when checking to see if an
index's opclass options have changed. * Avoid assertion failure caused by
disconnected NFA sub-graphs in regular expression parsing. *
https://www.postgresql.org/docs/release/16.6/

postgresql16 was updated to 16.5:

* CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as dependent on
the calling role when RLS applies to a non-top-level table reference.
* CVE-2024-10977, bsc#1233325: Make libpq discard error messages received
during SSL or GSS protocol negotiation.
* CVE-2024-10978, bsc#1233326: Fix unintended interactions between SET SESSION
AUTHORIZATION and SET ROLE
* CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from changing
environment variables.
* https://www.postgresql.org/about/news/p-2955/
* https://www.postgresql.org/docs/release/16.5/

* Don't build the libs and mini flavor anymore to hand over to PostgreSQL 17.

* https://www.postgresql.org/about/news/p-2910/

postgresql17 is shipped in version 17.2:

* CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as dependent on
the calling role when RLS applies to a non-top-level table reference.
* CVE-2024-10977, bsc#1233325: Make libpq discard error messages received
during SSL or GSS protocol negotiation.
* CVE-2024-10978, bsc#1233326: Fix unintended interactions between SET SESSION
AUTHORIZATION and SET ROLE
* CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from changing
environment variables.
* https://www.postgresql.org/about/news/p-2955/
* https://www.postgresql.org/docs/release/17.1/
* https://www.postgresql.org/docs/release/17.2/

Upgrade to 17.2:

* Repair ABI break for extensions that work with struct ResultRelInfo.
* Restore functionality of ALTER {ROLE|DATABASE} SET role.
* Fix cases where a logical replication slot's restart_lsn could go backwards.
* Avoid deleting still-needed WAL files during pg_rewind.
* Fix race conditions associated with dropping shared statistics entries.
* Count index scans in contrib/bloom indexes in the statistics views, such as
the pg_stat_user_indexes.idx_scan counter.
* Fix crash when checking to see if an index's opclass options have changed.
* Avoid assertion failure caused by disconnected NFA sub-graphs in regular
expression parsing.

Upgrade to 17.0:

* New memory management system for VACUUM, which reduces memory consumption
and can improve overall vacuuming performance.
* New SQL/JSON capabilities, including constructors, identity functions, and
the JSON_TABLE() function, which converts JSON data into a table
representation.
* Various query performance improvements, including for sequential reads using
streaming I/O, write throughput under high concurrency, and searches over
multiple values in a btree index.
* Logical replication enhancements, including:
* Failover control
* pg_createsubscriber, a utility that creates logical replicas from physical
standbys
* pg_upgrade now preserves replication slots on both publishers and
subscribers
* New client-side connection option, sslnegotiation=direct, that performs a
direct TLS handshake to avoid a round-trip negotiation.
* pg_basebackup now supports incremental backup.
* COPY adds a new option, ON_ERROR ignore, that allows a copy operation to
continue in the event of an error.
* https://www.postgresql.org/about/news/p-2936/
* https://www.postgresql.org/docs/17/release-17.html

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-4063=1 SUSE-2024-4063=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4063=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4063=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-4063=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* postgresql-docs-17-150600.17.6.1
* postgresql-llvmjit-devel-17-150600.17.6.1
* postgresql-contrib-17-150600.17.6.1
* postgresql-server-devel-17-150600.17.6.1
* postgresql-server-17-150600.17.6.1
* postgresql16-docs-16.6-150600.16.10.1
* postgresql-llvmjit-17-150600.17.6.1
* postgresql-17-150600.17.6.1
* postgresql-plpython-17-150600.17.6.1
* postgresql-pltcl-17-150600.17.6.1
* postgresql17-docs-17.2-150600.13.5.1
* postgresql-test-17-150600.17.6.1
* postgresql-devel-17-150600.17.6.1
* postgresql-plperl-17-150600.17.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* postgresql17-devel-mini-17.2-150600.13.5.1
* postgresql16-plpython-16.6-150600.16.10.1
* postgresql17-debuginfo-17.2-150600.13.5.1
* postgresql17-llvmjit-debuginfo-17.2-150600.13.5.1
* postgresql16-test-16.6-150600.16.10.1
* postgresql16-llvmjit-16.6-150600.16.10.1
* libecpg6-debuginfo-17.2-150600.13.5.1
* postgresql17-plpython-debuginfo-17.2-150600.13.5.1
* postgresql17-17.2-150600.13.5.1
* libecpg6-17.2-150600.13.5.1
* postgresql17-server-devel-debuginfo-17.2-150600.13.5.1
* postgresql16-contrib-16.6-150600.16.10.1
* postgresql17-debugsource-17.2-150600.13.5.1
* postgresql17-devel-debuginfo-17.2-150600.13.5.1
* libpq5-debuginfo-17.2-150600.13.5.1
* postgresql16-server-devel-debuginfo-16.6-150600.16.10.1
* postgresql16-plpython-debuginfo-16.6-150600.16.10.1
* postgresql17-contrib-debuginfo-17.2-150600.13.5.1
* postgresql17-llvmjit-devel-17.2-150600.13.5.1
* postgresql17-server-debuginfo-17.2-150600.13.5.1
* postgresql16-devel-debuginfo-16.6-150600.16.10.1
* postgresql17-pltcl-17.2-150600.13.5.1
* postgresql16-contrib-debuginfo-16.6-150600.16.10.1
* postgresql16-server-debuginfo-16.6-150600.16.10.1
* postgresql16-llvmjit-devel-16.6-150600.16.10.1
* postgresql17-llvmjit-17.2-150600.13.5.1
* postgresql17-plpython-17.2-150600.13.5.1
* postgresql16-llvmjit-debuginfo-16.6-150600.16.10.1
* postgresql16-debugsource-16.6-150600.16.10.1
* postgresql16-16.6-150600.16.10.1
* postgresql17-test-17.2-150600.13.5.1
* postgresql16-plperl-debuginfo-16.6-150600.16.10.1
* postgresql17-server-17.2-150600.13.5.1
* libpq5-17.2-150600.13.5.1
* postgresql17-devel-mini-debuginfo-17.2-150600.13.5.1
* postgresql16-debuginfo-16.6-150600.16.10.1
* postgresql17-pltcl-debuginfo-17.2-150600.13.5.1
* postgresql17-plperl-17.2-150600.13.5.1
* postgresql17-plperl-debuginfo-17.2-150600.13.5.1
* postgresql17-server-devel-17.2-150600.13.5.1
* postgresql16-plperl-16.6-150600.16.10.1
* postgresql16-pltcl-16.6-150600.16.10.1
* postgresql16-server-16.6-150600.16.10.1
* postgresql17-mini-debugsource-17.2-150600.13.5.1
* postgresql16-devel-16.6-150600.16.10.1
* postgresql16-pltcl-debuginfo-16.6-150600.16.10.1
* postgresql17-devel-17.2-150600.13.5.1
* postgresql17-contrib-17.2-150600.13.5.1
* postgresql16-server-devel-16.6-150600.16.10.1
* openSUSE Leap 15.6 (x86_64)
* libecpg6-32bit-17.2-150600.13.5.1
* libpq5-32bit-debuginfo-17.2-150600.13.5.1
* libpq5-32bit-17.2-150600.13.5.1
* libecpg6-32bit-debuginfo-17.2-150600.13.5.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libecpg6-64bit-17.2-150600.13.5.1
* libpq5-64bit-debuginfo-17.2-150600.13.5.1
* libecpg6-64bit-debuginfo-17.2-150600.13.5.1
* libpq5-64bit-17.2-150600.13.5.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql17-debugsource-17.2-150600.13.5.1
* postgresql16-debugsource-16.6-150600.16.10.1
* postgresql16-16.6-150600.16.10.1
* postgresql17-debuginfo-17.2-150600.13.5.1
* libpq5-debuginfo-17.2-150600.13.5.1
* libpq5-17.2-150600.13.5.1
* postgresql17-17.2-150600.13.5.1
* postgresql16-debuginfo-16.6-150600.16.10.1
* Basesystem Module 15-SP6 (noarch)
* postgresql-17-150600.17.6.1
* Basesystem Module 15-SP6 (x86_64)
* libpq5-32bit-debuginfo-17.2-150600.13.5.1
* libpq5-32bit-17.2-150600.13.5.1
* SUSE Package Hub 15 15-SP6 (noarch)
* postgresql-docs-17-150600.17.6.1
* postgresql-llvmjit-devel-17-150600.17.6.1
* postgresql-contrib-17-150600.17.6.1
* postgresql-server-devel-17-150600.17.6.1
* postgresql-server-17-150600.17.6.1
* postgresql-llvmjit-17-150600.17.6.1
* postgresql-17-150600.17.6.1
* postgresql-plpython-17-150600.17.6.1
* postgresql-pltcl-17-150600.17.6.1
* postgresql-test-17-150600.17.6.1
* postgresql-devel-17-150600.17.6.1
* postgresql-plperl-17-150600.17.6.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql17-debugsource-17.2-150600.13.5.1
* postgresql16-llvmjit-debuginfo-16.6-150600.16.10.1
* postgresql16-debugsource-16.6-150600.16.10.1
* postgresql17-debuginfo-17.2-150600.13.5.1
* postgresql17-test-17.2-150600.13.5.1
* postgresql17-llvmjit-debuginfo-17.2-150600.13.5.1
* postgresql16-test-16.6-150600.16.10.1
* postgresql16-llvmjit-16.6-150600.16.10.1
* postgresql17-llvmjit-devel-17.2-150600.13.5.1
* postgresql16-debuginfo-16.6-150600.16.10.1
* postgresql17-llvmjit-17.2-150600.13.5.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql17-debuginfo-17.2-150600.13.5.1
* postgresql16-plpython-16.6-150600.16.10.1
* libecpg6-debuginfo-17.2-150600.13.5.1
* postgresql17-plpython-debuginfo-17.2-150600.13.5.1
* libecpg6-17.2-150600.13.5.1
* postgresql17-server-devel-debuginfo-17.2-150600.13.5.1
* postgresql16-contrib-16.6-150600.16.10.1
* postgresql17-debugsource-17.2-150600.13.5.1
* postgresql17-devel-debuginfo-17.2-150600.13.5.1
* postgresql16-server-devel-debuginfo-16.6-150600.16.10.1
* postgresql16-plpython-debuginfo-16.6-150600.16.10.1
* postgresql17-contrib-debuginfo-17.2-150600.13.5.1
* postgresql17-server-debuginfo-17.2-150600.13.5.1
* postgresql16-devel-debuginfo-16.6-150600.16.10.1
* postgresql17-pltcl-17.2-150600.13.5.1
* postgresql16-contrib-debuginfo-16.6-150600.16.10.1
* postgresql16-server-debuginfo-16.6-150600.16.10.1
* postgresql17-plpython-17.2-150600.13.5.1
* postgresql16-debugsource-16.6-150600.16.10.1
* postgresql16-plperl-debuginfo-16.6-150600.16.10.1
* postgresql17-server-17.2-150600.13.5.1
* postgresql16-debuginfo-16.6-150600.16.10.1
* postgresql17-pltcl-debuginfo-17.2-150600.13.5.1
* postgresql17-plperl-17.2-150600.13.5.1
* postgresql17-plperl-debuginfo-17.2-150600.13.5.1
* postgresql17-server-devel-17.2-150600.13.5.1
* postgresql16-plperl-16.6-150600.16.10.1
* postgresql16-pltcl-16.6-150600.16.10.1
* postgresql16-server-16.6-150600.16.10.1
* postgresql16-devel-16.6-150600.16.10.1
* postgresql16-pltcl-debuginfo-16.6-150600.16.10.1
* postgresql17-devel-17.2-150600.13.5.1
* postgresql17-contrib-17.2-150600.13.5.1
* postgresql16-server-devel-16.6-150600.16.10.1
* Server Applications Module 15-SP6 (noarch)
* postgresql-docs-17-150600.17.6.1
* postgresql-contrib-17-150600.17.6.1
* postgresql-server-devel-17-150600.17.6.1
* postgresql-server-17-150600.17.6.1
* postgresql-plpython-17-150600.17.6.1
* postgresql-pltcl-17-150600.17.6.1
* postgresql17-docs-17.2-150600.13.5.1
* postgresql16-docs-16.6-150600.16.10.1
* postgresql-devel-17-150600.17.6.1
* postgresql-plperl-17-150600.17.6.1

## References:

* https://www.suse.com/security/cve/CVE-2024-10976.html
* https://www.suse.com/security/cve/CVE-2024-10977.html
* https://www.suse.com/security/cve/CVE-2024-10978.html
* https://www.suse.com/security/cve/CVE-2024-10979.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219340
* https://bugzilla.suse.com/show_bug.cgi?id=1230423
* https://bugzilla.suse.com/show_bug.cgi?id=1233323
* https://bugzilla.suse.com/show_bug.cgi?id=1233325
* https://bugzilla.suse.com/show_bug.cgi?id=1233326
* https://bugzilla.suse.com/show_bug.cgi?id=1233327
* https://jira.suse.com/browse/PED-11514



openSUSE-SU-2024:14526-1: moderate: tomcat10-10.1.33-1.1 on GA media


# tomcat10-10.1.33-1.1 on GA media

Announcement ID: openSUSE-SU-2024:14526-1
Rating: moderate

Cross-References:

* CVE-2024-52316

CVSS scores:

* CVE-2024-52316 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-52316 ( SUSE ): 10 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the tomcat10-10.1.33-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tomcat10 10.1.33-1.1
* tomcat10-admin-webapps 10.1.33-1.1
* tomcat10-doc 10.1.33-1.1
* tomcat10-docs-webapp 10.1.33-1.1
* tomcat10-el-5_0-api 10.1.33-1.1
* tomcat10-embed 10.1.33-1.1
* tomcat10-jsp-3_1-api 10.1.33-1.1
* tomcat10-jsvc 10.1.33-1.1
* tomcat10-lib 10.1.33-1.1
* tomcat10-servlet-6_0-api 10.1.33-1.1
* tomcat10-webapps 10.1.33-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-52316.html



openSUSE-SU-2024:14525-1: moderate: tomcat-9.0.97-1.1 on GA media


# tomcat-9.0.97-1.1 on GA media

Announcement ID: openSUSE-SU-2024:14525-1
Rating: moderate

Cross-References:

* CVE-2024-52316

CVSS scores:

* CVE-2024-52316 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-52316 ( SUSE ): 10 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the tomcat-9.0.97-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tomcat 9.0.97-1.1
* tomcat-admin-webapps 9.0.97-1.1
* tomcat-docs-webapp 9.0.97-1.1
* tomcat-el-3_0-api 9.0.97-1.1
* tomcat-embed 9.0.97-1.1
* tomcat-javadoc 9.0.97-1.1
* tomcat-jsp-2_3-api 9.0.97-1.1
* tomcat-jsvc 9.0.97-1.1
* tomcat-lib 9.0.97-1.1
* tomcat-servlet-4_0-api 9.0.97-1.1
* tomcat-webapps 9.0.97-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-52316.html



openSUSE-SU-2024:14524-1: moderate: rclone-1.68.2-2.1 on GA media


# rclone-1.68.2-2.1 on GA media

Announcement ID: openSUSE-SU-2024:14524-1
Rating: moderate

Cross-References:

* CVE-2024-52522

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the rclone-1.68.2-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* rclone 1.68.2-2.1
* rclone-bash-completion 1.68.2-2.1
* rclone-zsh-completion 1.68.2-2.1

## References:

* https://www.suse.com/security/cve/CVE-2024-52522.html