1121717 – (CVE-2019-6250) VUL-0: CVE-2019-6250: zeromq: remote execution vulnerability

Bug 1121717 (CVE-2019-6250) - VUL-0: CVE-2019-6250: zeromq: remote execution vulnerability

Summary: VUL-0: CVE-2019-6250: zeromq: remote execution vulnerability

Status:	RESOLVED FIXED

Alias:	CVE-2019-6250

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	unspecified
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/222735/
Whiteboard:	CVSSv3:SUSE:CVE-2019-6250:7.2:(AV:N/A...
Keywords:

Depends on:	1122012
Blocks:
	Show dependency tree / graph

Clone This Bug

Reported:	2019-01-12 17:40 UTC by Luca Boccassi
Modified:	2024-06-13 15:34 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
patch for 4.2.2 and 4.2.3 (981 bytes, patch) 2019-01-12 17:40 UTC, Luca Boccassi	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Luca Boccassi 2019-01-12 17:40:09 UTC

Created attachment 794269 [details]
patch for 4.2.2 and 4.2.3

Dear Maintainer,

A remote execution vulnerability has been reported in zeromq. Full details can be found on the upstream issue tracker [1].

The issue is fixed in upstream version v4.3.1, just released, or with the attached patch for 4.2.3 (leap 15) and 4.2.2 (leap 42) (applies cleanly on both).
This issue has been introduced in 4.2.0 so SLES 12 is not affected.

The latest version will hopefully arrive in disco via debian unstable soon, but I would recommend patching older releases.

As mentioned in the upstream tracker and the changelog, the issue can be mitigated by ASLR and by authentication via CURVE/GSSAPI. As far as I am aware no CVEs have been assigned nor have been requested as of now.

Comment 1 Andreas Stieger 2019-01-12 18:46:21 UTC

https://github.com/zeromq/libzmq/issues/3351
https://github.com/zeromq/libzmq/pull/3353
https://github.com/zeromq/libzmq/releases/tag/v4.3.1

Comment 2 Luca Boccassi 2019-01-13 10:33:09 UTC

(In reply to Luca Boccassi from comment #0)
> The latest version will hopefully arrive in disco via debian unstable soon,
> but I would recommend patching older releases.

s/disco/tumbleweed/
s/debian unstable/obs factory/

Comment 3 Luca Boccassi 2019-01-13 14:58:22 UTC

This issue has been assigned CVE-2019-6250

Comment 5 Adam Majer 2019-01-14 12:06:24 UTC

Fixes submitted to all affected codestreams. Re-assigning back to security team for tracking purposes.

Comment 6 Swamp Workflow Management 2019-01-17 17:09:22 UTC

SUSE-SU-2019:0110-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1121717
CVE References: CVE-2019-6250
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    zeromq-4.2.3-3.3.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    zeromq-4.2.3-3.3.2

Comment 7 Swamp Workflow Management 2019-01-17 17:10:14 UTC

This is an autogenerated message for OBS integration:
This bug (1121717) was mentioned in
https://build.opensuse.org/request/show/666782 15.0 / zeromq

Comment 8 Swamp Workflow Management 2019-01-17 23:38:52 UTC

openSUSE-SU-2019:0064-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1121717
CVE References: CVE-2019-6250
Sources used:
openSUSE Leap 42.3 (src):    zeromq-4.2.2-2.8.1

Comment 9 Swamp Workflow Management 2019-01-25 14:09:19 UTC

openSUSE-SU-2019:0087-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1082318,1121717
CVE References: CVE-2019-6250
Sources used:
openSUSE Leap 15.0 (src):    zeromq-4.2.3-lp150.2.10.1

Comment 10 Marcus Meissner 2019-01-25 16:31:05 UTC

released

Comment 20 Swamp Workflow Management 2022-02-16 20:27:00 UTC

SUSE-FU-2022:0454-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Swamp Workflow Management 2022-02-16 20:56:41 UTC

SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668
CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 12-BETA (src):    venv-salt-minion-3002.2-3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Swamp Workflow Management 2022-02-16 21:35:50 UTC

SUSE-FU-2022:0456-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Swamp Workflow Management 2022-02-16 22:02:25 UTC

SUSE-FU-2022:0450-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2022-02-16 22:29:07 UTC

SUSE-FU-2022:0444-1: An update that solves 51 vulnerabilities, contains 21 features and has 249 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-9015,CVE-2017-18342,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 15-BETA (src):    venv-salt-minion-3002.2-159000.3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2022-02-16 22:55:45 UTC

SUSE-FU-2022:0452-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Swamp Workflow Management 2022-02-16 23:22:57 UTC

SUSE-FU-2022:0447-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.