SUSE 5168 Published by

SUSE Linux has been updated with several security enhancements, including xorg-x11-server-21.1.14-1.1, grub2-2.12-28.1, java-1_8_0-openjdk-1.8.0.432-1.1, xwayland-24.1.4-1.1, libarchive, ghostscript, openssl-3, and python39:

openSUSE-SU-2024:14466-1: moderate: xorg-x11-server-21.1.14-1.1 on GA media
openSUSE-SU-2024:14464-1: moderate: grub2-2.12-28.1 on GA media
openSUSE-SU-2024:14465-1: moderate: java-1_8_0-openjdk-1.8.0.432-1.1 on GA media
openSUSE-SU-2024:14467-1: moderate: xwayland-24.1.4-1.1 on GA media
SUSE-SU-2024:3940-1: important: Security update for libarchive
SUSE-SU-2024:3941-1: important: Security update for ghostscript
SUSE-SU-2024:3943-1: moderate: Security update for openssl-3
SUSE-SU-2024:3945-1: moderate: Security update for python39




openSUSE-SU-2024:14466-1: moderate: xorg-x11-server-21.1.14-1.1 on GA media


# xorg-x11-server-21.1.14-1.1 on GA media

Announcement ID: openSUSE-SU-2024:14466-1
Rating: moderate

Cross-References:

* CVE-2024-9632

CVSS scores:

* CVE-2024-9632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-9632 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the xorg-x11-server-21.1.14-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* xorg-x11-server 21.1.14-1.1
* xorg-x11-server-Xvfb 21.1.14-1.1
* xorg-x11-server-extra 21.1.14-1.1
* xorg-x11-server-sdk 21.1.14-1.1
* xorg-x11-server-source 21.1.14-1.1
* xorg-x11-server-wrapper 21.1.14-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-9632.html



openSUSE-SU-2024:14464-1: moderate: grub2-2.12-28.1 on GA media


# grub2-2.12-28.1 on GA media

Announcement ID: openSUSE-SU-2024:14464-1
Rating: moderate

Cross-References:

* CVE-2024-49504

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the grub2-2.12-28.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* grub2 2.12-28.1
* grub2-branding-upstream 2.12-28.1
* grub2-common 2.12-28.1
* grub2-i386-efi 2.12-28.1
* grub2-i386-efi-bls 2.12-28.1
* grub2-i386-efi-debug 2.12-28.1
* grub2-i386-efi-extras 2.12-28.1
* grub2-i386-pc 2.12-28.1
* grub2-i386-pc-debug 2.12-28.1
* grub2-i386-pc-extras 2.12-28.1
* grub2-snapper-plugin 2.12-28.1
* grub2-systemd-sleep-plugin 2.12-28.1
* grub2-x86_64-efi 2.12-28.1
* grub2-x86_64-efi-bls 2.12-28.1
* grub2-x86_64-efi-debug 2.12-28.1
* grub2-x86_64-efi-extras 2.12-28.1
* grub2-x86_64-xen 2.12-28.1
* grub2-x86_64-xen-extras 2.12-28.1

## References:

* https://www.suse.com/security/cve/CVE-2024-49504.html



openSUSE-SU-2024:14465-1: moderate: java-1_8_0-openjdk-1.8.0.432-1.1 on GA media


# java-1_8_0-openjdk-1.8.0.432-1.1 on GA media

Announcement ID: openSUSE-SU-2024:14465-1
Rating: moderate

Cross-References:

* CVE-2024-21208
* CVE-2024-21210
* CVE-2024-21217
* CVE-2024-21235

CVSS scores:

* CVE-2024-21208 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21208 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-21210 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-21210 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-21217 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21217 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-21235 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-21235 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-1_8_0-openjdk-1.8.0.432-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-1_8_0-openjdk 1.8.0.432-1.1
* java-1_8_0-openjdk-accessibility 1.8.0.432-1.1
* java-1_8_0-openjdk-demo 1.8.0.432-1.1
* java-1_8_0-openjdk-devel 1.8.0.432-1.1
* java-1_8_0-openjdk-headless 1.8.0.432-1.1
* java-1_8_0-openjdk-javadoc 1.8.0.432-1.1
* java-1_8_0-openjdk-src 1.8.0.432-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-21208.html
* https://www.suse.com/security/cve/CVE-2024-21210.html
* https://www.suse.com/security/cve/CVE-2024-21217.html
* https://www.suse.com/security/cve/CVE-2024-21235.html



openSUSE-SU-2024:14467-1: moderate: xwayland-24.1.4-1.1 on GA media


# xwayland-24.1.4-1.1 on GA media

Announcement ID: openSUSE-SU-2024:14467-1
Rating: moderate

Cross-References:

* CVE-2024-9632

CVSS scores:

* CVE-2024-9632 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-9632 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the xwayland-24.1.4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* xwayland 24.1.4-1.1
* xwayland-devel 24.1.4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-9632.html



SUSE-SU-2024:3940-1: important: Security update for libarchive


# Security update for libarchive

Announcement ID: SUSE-SU-2024:3940-1
Release Date: 2024-11-07T10:09:14Z
Rating: important
References:

* bsc#1225972
* bsc#1231624

Cross-References:

* CVE-2024-20697
* CVE-2024-48958

CVSS scores:

* CVE-2024-20697 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-20697 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-48958 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-48958 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-48958 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-48958 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for libarchive fixes the following issues:

* CVE-2024-20697: Fixed Out of bounds Remote Code Execution Vulnerability
(bsc#1225972).
* CVE-2024-48958: Fixed out-of-bounds access via a crafted archive file in
execute_filter_delta function (bsc#1231624).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3940=1 openSUSE-SLE-15.6-2024-3940=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3940=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-3940=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* bsdtar-3.7.2-150600.3.9.1
* bsdtar-debuginfo-3.7.2-150600.3.9.1
* libarchive13-3.7.2-150600.3.9.1
* libarchive-debugsource-3.7.2-150600.3.9.1
* libarchive13-debuginfo-3.7.2-150600.3.9.1
* libarchive-devel-3.7.2-150600.3.9.1
* openSUSE Leap 15.6 (x86_64)
* libarchive13-32bit-3.7.2-150600.3.9.1
* libarchive13-32bit-debuginfo-3.7.2-150600.3.9.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libarchive13-64bit-debuginfo-3.7.2-150600.3.9.1
* libarchive13-64bit-3.7.2-150600.3.9.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libarchive13-3.7.2-150600.3.9.1
* libarchive13-debuginfo-3.7.2-150600.3.9.1
* libarchive-devel-3.7.2-150600.3.9.1
* libarchive-debugsource-3.7.2-150600.3.9.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* bsdtar-debuginfo-3.7.2-150600.3.9.1
* bsdtar-3.7.2-150600.3.9.1
* libarchive-debugsource-3.7.2-150600.3.9.1

## References:

* https://www.suse.com/security/cve/CVE-2024-20697.html
* https://www.suse.com/security/cve/CVE-2024-48958.html
* https://bugzilla.suse.com/show_bug.cgi?id=1225972
* https://bugzilla.suse.com/show_bug.cgi?id=1231624



SUSE-SU-2024:3941-1: important: Security update for ghostscript


# Security update for ghostscript

Announcement ID: SUSE-SU-2024:3941-1
Release Date: 2024-11-07T10:11:36Z
Rating: important
References:

* bsc#1232265
* bsc#1232267
* bsc#1232269
* bsc#1232270

Cross-References:

* CVE-2024-46951
* CVE-2024-46953
* CVE-2024-46955
* CVE-2024-46956

CVSS scores:

* CVE-2024-46951 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-46953 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-46955 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-46956 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP5
* Basesystem Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves four vulnerabilities can now be installed.

## Description:

This update for ghostscript fixes the following issues:

* CVE-2024-46951: Fixed arbitrary code execution via unchecked
"Implementation" pointer in "Pattern" color space (bsc#1232265).
* CVE-2024-46953: Fixed integer overflow when parsing the page format results
in path truncation, path traversal, code execution (bsc#1232267).
* CVE-2024-46956: Fixed arbitrary code execution via out of bounds data access
in filenameforall (bsc#1232270).
* CVE-2024-46955: Fixed out of bounds read when reading color in "Indexed"
color space (bsc#1232269).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-3941=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3941=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-3941=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3941=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3941=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3941=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3941=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3941=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3941=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3941=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3941=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3941=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3941=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3941=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3941=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3941=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3941=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3941=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3941=1

## Package List:

* SUSE Manager Retail Branch Server 4.3 (x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1
* SUSE Manager Proxy 4.3 (x86_64)
* ghostscript-debugsource-9.52-150000.200.1
* ghostscript-debuginfo-9.52-150000.200.1
* ghostscript-9.52-150000.200.1
* ghostscript-x11-debuginfo-9.52-150000.200.1
* ghostscript-devel-9.52-150000.200.1
* ghostscript-x11-9.52-150000.200.1

## References:

* https://www.suse.com/security/cve/CVE-2024-46951.html
* https://www.suse.com/security/cve/CVE-2024-46953.html
* https://www.suse.com/security/cve/CVE-2024-46955.html
* https://www.suse.com/security/cve/CVE-2024-46956.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232265
* https://bugzilla.suse.com/show_bug.cgi?id=1232267
* https://bugzilla.suse.com/show_bug.cgi?id=1232269
* https://bugzilla.suse.com/show_bug.cgi?id=1232270



SUSE-SU-2024:3943-1: moderate: Security update for openssl-3


# Security update for openssl-3

Announcement ID: SUSE-SU-2024:3943-1
Release Date: 2024-11-07T10:12:08Z
Rating: moderate
References:

* bsc#1220262

Cross-References:

* CVE-2023-50782

CVSS scores:

* CVE-2023-50782 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-50782 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-50782 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for openssl-3 fixes the following issues:

* CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-3943=1 openSUSE-SLE-15.6-2024-3943=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3943=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* openssl-3-3.1.4-150600.5.21.1
* libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.21.1
* libopenssl3-3.1.4-150600.5.21.1
* libopenssl-3-fips-provider-3.1.4-150600.5.21.1
* openssl-3-debuginfo-3.1.4-150600.5.21.1
* openssl-3-debugsource-3.1.4-150600.5.21.1
* libopenssl-3-devel-3.1.4-150600.5.21.1
* libopenssl3-debuginfo-3.1.4-150600.5.21.1
* openSUSE Leap 15.6 (x86_64)
* libopenssl-3-devel-32bit-3.1.4-150600.5.21.1
* libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.21.1
* libopenssl3-32bit-3.1.4-150600.5.21.1
* libopenssl-3-fips-provider-32bit-3.1.4-150600.5.21.1
* libopenssl3-32bit-debuginfo-3.1.4-150600.5.21.1
* openSUSE Leap 15.6 (noarch)
* openssl-3-doc-3.1.4-150600.5.21.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libopenssl-3-fips-provider-64bit-3.1.4-150600.5.21.1
* libopenssl3-64bit-3.1.4-150600.5.21.1
* libopenssl-3-devel-64bit-3.1.4-150600.5.21.1
* libopenssl-3-fips-provider-64bit-debuginfo-3.1.4-150600.5.21.1
* libopenssl3-64bit-debuginfo-3.1.4-150600.5.21.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* openssl-3-3.1.4-150600.5.21.1
* libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.21.1
* libopenssl3-3.1.4-150600.5.21.1
* libopenssl-3-fips-provider-3.1.4-150600.5.21.1
* openssl-3-debuginfo-3.1.4-150600.5.21.1
* openssl-3-debugsource-3.1.4-150600.5.21.1
* libopenssl-3-devel-3.1.4-150600.5.21.1
* libopenssl3-debuginfo-3.1.4-150600.5.21.1
* Basesystem Module 15-SP6 (x86_64)
* libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.21.1
* libopenssl3-32bit-3.1.4-150600.5.21.1
* libopenssl-3-fips-provider-32bit-3.1.4-150600.5.21.1
* libopenssl3-32bit-debuginfo-3.1.4-150600.5.21.1

## References:

* https://www.suse.com/security/cve/CVE-2023-50782.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220262



SUSE-SU-2024:3945-1: moderate: Security update for python39


# Security update for python39

Announcement ID: SUSE-SU-2024:3945-1
Release Date: 2024-11-07T16:24:16Z
Rating: moderate
References:

* bsc#1230906
* bsc#1232241

Cross-References:

* CVE-2024-9287

CVSS scores:

* CVE-2024-9287 ( SUSE ): 5.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green
* CVE-2024-9287 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-9287 ( NVD ): 5.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green

Affected Products:

* Legacy Module 15-SP5
* openSUSE Leap 15.3
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for python39 fixes the following issues:

* CVE-2024-9287: Fixed quoted path names provided when creating a virtual
environment (bsc#1232241).

Bug fixes:

* Drop .pyc files from docdir for reproducible builds (bsc#1230906).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-3945=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3945=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2024-3945=1

* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-3945=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python39-devel-3.9.20-150300.4.55.2
* python39-base-debuginfo-3.9.20-150300.4.55.2
* libpython3_9-1_0-3.9.20-150300.4.55.2
* python39-testsuite-3.9.20-150300.4.55.2
* python39-dbm-3.9.20-150300.4.55.1
* python39-tk-debuginfo-3.9.20-150300.4.55.1
* python39-base-3.9.20-150300.4.55.2
* python39-curses-debuginfo-3.9.20-150300.4.55.1
* python39-tk-3.9.20-150300.4.55.1
* libpython3_9-1_0-debuginfo-3.9.20-150300.4.55.2
* python39-testsuite-debuginfo-3.9.20-150300.4.55.2
* python39-debuginfo-3.9.20-150300.4.55.1
* python39-idle-3.9.20-150300.4.55.1
* python39-tools-3.9.20-150300.4.55.2
* python39-3.9.20-150300.4.55.1
* python39-debugsource-3.9.20-150300.4.55.1
* python39-core-debugsource-3.9.20-150300.4.55.2
* python39-curses-3.9.20-150300.4.55.1
* python39-dbm-debuginfo-3.9.20-150300.4.55.1
* python39-doc-3.9.20-150300.4.55.1
* python39-doc-devhelp-3.9.20-150300.4.55.1
* openSUSE Leap 15.3 (x86_64)
* libpython3_9-1_0-32bit-debuginfo-3.9.20-150300.4.55.2
* libpython3_9-1_0-32bit-3.9.20-150300.4.55.2
* python39-32bit-3.9.20-150300.4.55.1
* python39-base-32bit-3.9.20-150300.4.55.2
* python39-32bit-debuginfo-3.9.20-150300.4.55.1
* python39-base-32bit-debuginfo-3.9.20-150300.4.55.2
* openSUSE Leap 15.3 (aarch64_ilp32)
* python39-base-64bit-3.9.20-150300.4.55.2
* python39-base-64bit-debuginfo-3.9.20-150300.4.55.2
* libpython3_9-1_0-64bit-3.9.20-150300.4.55.2
* python39-64bit-3.9.20-150300.4.55.1
* libpython3_9-1_0-64bit-debuginfo-3.9.20-150300.4.55.2
* python39-64bit-debuginfo-3.9.20-150300.4.55.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python39-devel-3.9.20-150300.4.55.2
* python39-base-debuginfo-3.9.20-150300.4.55.2
* libpython3_9-1_0-3.9.20-150300.4.55.2
* python39-testsuite-3.9.20-150300.4.55.2
* python39-dbm-3.9.20-150300.4.55.1
* python39-tk-debuginfo-3.9.20-150300.4.55.1
* python39-base-3.9.20-150300.4.55.2
* python39-curses-debuginfo-3.9.20-150300.4.55.1
* python39-tk-3.9.20-150300.4.55.1
* libpython3_9-1_0-debuginfo-3.9.20-150300.4.55.2
* python39-testsuite-debuginfo-3.9.20-150300.4.55.2
* python39-debuginfo-3.9.20-150300.4.55.1
* python39-idle-3.9.20-150300.4.55.1
* python39-tools-3.9.20-150300.4.55.2
* python39-3.9.20-150300.4.55.1
* python39-debugsource-3.9.20-150300.4.55.1
* python39-core-debugsource-3.9.20-150300.4.55.2
* python39-curses-3.9.20-150300.4.55.1
* python39-dbm-debuginfo-3.9.20-150300.4.55.1
* python39-doc-3.9.20-150300.4.55.1
* python39-doc-devhelp-3.9.20-150300.4.55.1
* openSUSE Leap 15.5 (x86_64)
* libpython3_9-1_0-32bit-debuginfo-3.9.20-150300.4.55.2
* libpython3_9-1_0-32bit-3.9.20-150300.4.55.2
* python39-32bit-3.9.20-150300.4.55.1
* python39-base-32bit-3.9.20-150300.4.55.2
* python39-32bit-debuginfo-3.9.20-150300.4.55.1
* python39-base-32bit-debuginfo-3.9.20-150300.4.55.2
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python39-devel-3.9.20-150300.4.55.2
* python39-base-debuginfo-3.9.20-150300.4.55.2
* libpython3_9-1_0-3.9.20-150300.4.55.2
* python39-testsuite-3.9.20-150300.4.55.2
* python39-dbm-3.9.20-150300.4.55.1
* python39-tk-debuginfo-3.9.20-150300.4.55.1
* python39-base-3.9.20-150300.4.55.2
* python39-curses-debuginfo-3.9.20-150300.4.55.1
* python39-tk-3.9.20-150300.4.55.1
* libpython3_9-1_0-debuginfo-3.9.20-150300.4.55.2
* python39-testsuite-debuginfo-3.9.20-150300.4.55.2
* python39-debuginfo-3.9.20-150300.4.55.1
* python39-idle-3.9.20-150300.4.55.1
* python39-tools-3.9.20-150300.4.55.2
* python39-3.9.20-150300.4.55.1
* python39-debugsource-3.9.20-150300.4.55.1
* python39-core-debugsource-3.9.20-150300.4.55.2
* python39-curses-3.9.20-150300.4.55.1
* python39-dbm-debuginfo-3.9.20-150300.4.55.1
* python39-doc-3.9.20-150300.4.55.1
* python39-doc-devhelp-3.9.20-150300.4.55.1
* openSUSE Leap 15.6 (x86_64)
* libpython3_9-1_0-32bit-debuginfo-3.9.20-150300.4.55.2
* libpython3_9-1_0-32bit-3.9.20-150300.4.55.2
* python39-32bit-3.9.20-150300.4.55.1
* python39-base-32bit-3.9.20-150300.4.55.2
* python39-32bit-debuginfo-3.9.20-150300.4.55.1
* python39-base-32bit-debuginfo-3.9.20-150300.4.55.2
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* python39-base-3.9.20-150300.4.55.2
* python39-3.9.20-150300.4.55.1
* python39-curses-3.9.20-150300.4.55.1
* libpython3_9-1_0-3.9.20-150300.4.55.2
* python39-dbm-3.9.20-150300.4.55.1

## References:

* https://www.suse.com/security/cve/CVE-2024-9287.html
* https://bugzilla.suse.com/show_bug.cgi?id=1230906
* https://bugzilla.suse.com/show_bug.cgi?id=1232241