1192696 – (CVE-2021-3918) VUL-0: CVE-2021-3918: nodejs14, nodejs10, nodejs12, nodejs8: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Bug 1192696 (CVE-2021-3918) - VUL-0: CVE-2021-3918: nodejs14, nodejs10, nodejs12, nodejs8: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Summary: VUL-0: CVE-2021-3918: nodejs14, nodejs10, nodejs12, nodejs8: json-schema is v...

Status:	RESOLVED FIXED

Alias:	CVE-2021-3918

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/314956/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-3918:8.1:(AV:N...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2021-11-15 11:13 UTC by Thomas Leroy
Modified:	2024-06-06 12:16 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Leroy 2021-11-15 11:13:20 UTC

CVE-2021-3918

json-schema is vulnerable to Improperly Controlled Modification of Object
Prototype Attributes ('Prototype Pollution')

Upstream commit:
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741#diff-6db27cd01f7a95b7fbc2d76b396eaec1957abbe8ec3198385c95e38e0a4909dd


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3918
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
http://www.cvedetails.com/cve/CVE-2021-3918/
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9

Comment 1 Thomas Leroy 2021-11-15 11:21:11 UTC

Affected codestreams:

- SUSE:SLE-12:Update/nodejs10 	        10.16.3-1.12.1	(json-schema: 0.2.3)
- SUSE:SLE-15:Update/nodejs10 	        10.24.1         (json-schema: 0.2.3)
- SUSE:SLE-12:Update/nodejs12	        12.22.2-1.32.1	(json-schema: 0.2.3)
- SUSE:SLE-15-SP2:Update/nodejs12 	12.22.2-4.16.1	(json-schema: 0.2.3)
- SUSE:SLE-12-SP4:Update/nodejs14	14.17.2-6.12.1	(json-schema: 0.2.3)
- SUSE:SLE-15-SP2:Update/nodejs14 	14.17.2-5.12.1  (json-schema: 0.2.3)
- SUSE:SLE-15:Update/nodejs8		8.17.0          (json-schema: 0.2.3)
- SUSE:SLE-15-SP2:Update/nodejs8 	8.17.0-10.9.2   (json-schema: 0.2.3)

Comment 2 Thomas Leroy 2021-11-15 12:34:26 UTC

For openSUSE codestreams, every nodejs version providing json-schema seems affected. For every enabled codestreams, nodejs{8,10,12,14,16} provides json-schema version 0.2.3 which is vulnerable.

Comment 10 Swamp Workflow Management 2022-02-21 14:20:31 UTC

SUSE-SU-2022:0531-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1191962,1191963,1192153,1192154,1192696
CVE References: CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    nodejs12-12.22.10-1.42.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Swamp Workflow Management 2022-02-24 11:24:25 UTC

SUSE-SU-2022:0563-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1191962,1191963,1192153,1192154,1192696
CVE References: CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    nodejs8-8.17.0-3.54.2
SUSE Linux Enterprise Server for SAP 15 (src):    nodejs8-8.17.0-3.54.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    nodejs8-8.17.0-3.54.2
SUSE Linux Enterprise Server 15-SP1-BCL (src):    nodejs8-8.17.0-3.54.2
SUSE Linux Enterprise Server 15-LTSS (src):    nodejs8-8.17.0-3.54.2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    nodejs8-8.17.0-3.54.2
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    nodejs8-8.17.0-3.54.2
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    nodejs8-8.17.0-3.54.2
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    nodejs8-8.17.0-3.54.2
SUSE Enterprise Storage 6 (src):    nodejs8-8.17.0-3.54.2
SUSE CaaS Platform 4.0 (src):    nodejs8-8.17.0-3.54.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Swamp Workflow Management 2022-02-24 14:21:44 UTC

SUSE-SU-2022:0570-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1191962,1191963,1192153,1192154,1192696,1194514
CVE References: CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918,CVE-2022-21824
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    nodejs10-10.24.1-1.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Swamp Workflow Management 2022-02-24 14:23:27 UTC

SUSE-SU-2022:0569-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1191962,1191963,1192153,1192154,1192696
CVE References: CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    nodejs14-14.19.0-6.24.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Swamp Workflow Management 2022-03-02 14:18:20 UTC

SUSE-SU-2022:0657-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1191962,1191963,1192153,1192154,1192696
CVE References: CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    nodejs12-12.22.10-4.29.3
SUSE Manager Retail Branch Server 4.1 (src):    nodejs12-12.22.10-4.29.3
SUSE Manager Proxy 4.1 (src):    nodejs12-12.22.10-4.29.3
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    nodejs12-12.22.10-4.29.3
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    nodejs12-12.22.10-4.29.3
SUSE Linux Enterprise Server 15-SP2-BCL (src):    nodejs12-12.22.10-4.29.3
SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src):    nodejs12-12.22.10-4.29.3
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    nodejs12-12.22.10-4.29.3
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    nodejs12-12.22.10-4.29.3
SUSE Enterprise Storage 7 (src):    nodejs12-12.22.10-4.29.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Swamp Workflow Management 2022-03-02 14:21:53 UTC

openSUSE-SU-2022:0657-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1191962,1191963,1192153,1192154,1192696
CVE References: CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    nodejs12-12.22.10-4.29.3
openSUSE Leap 15.3 (src):    nodejs12-12.22.10-4.29.3

Comment 17 Swamp Workflow Management 2022-03-03 20:29:54 UTC

SUSE-SU-2022:0704-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1191962,1191963,1192153,1192154,1192696
CVE References: CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    nodejs-common-2.0-3.4.1, nodejs8-8.17.0-10.19.2
SUSE Manager Retail Branch Server 4.1 (src):    nodejs-common-2.0-3.4.1, nodejs8-8.17.0-10.19.2
SUSE Manager Proxy 4.1 (src):    nodejs-common-2.0-3.4.1, nodejs8-8.17.0-10.19.2
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    nodejs-common-2.0-3.4.1, nodejs8-8.17.0-10.19.2
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    nodejs-common-2.0-3.4.1
SUSE Linux Enterprise Server for SAP 15 (src):    nodejs-common-2.0-3.4.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    nodejs-common-2.0-3.4.1, nodejs8-8.17.0-10.19.2
SUSE Linux Enterprise Server 15-SP2-BCL (src):    nodejs-common-2.0-3.4.1, nodejs8-8.17.0-10.19.2
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    nodejs-common-2.0-3.4.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    nodejs-common-2.0-3.4.1
SUSE Linux Enterprise Server 15-LTSS (src):    nodejs-common-2.0-3.4.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    nodejs-common-2.0-3.4.1, nodejs8-8.17.0-10.19.2
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    nodejs-common-2.0-3.4.1, nodejs8-8.17.0-10.19.2
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    nodejs-common-2.0-3.4.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    nodejs-common-2.0-3.4.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    nodejs-common-2.0-3.4.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    nodejs-common-2.0-3.4.1
SUSE Enterprise Storage 7 (src):    nodejs-common-2.0-3.4.1, nodejs8-8.17.0-10.19.2
SUSE Enterprise Storage 6 (src):    nodejs-common-2.0-3.4.1
SUSE CaaS Platform 4.0 (src):    nodejs-common-2.0-3.4.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2022-03-03 20:32:38 UTC

openSUSE-SU-42022-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1038980,1191962,1191963,1192153,1192154,1192696,1195230,1195682
CVE References: CVE-2017-8923,CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918,CVE-2022-22753,CVE-2022-22754,CVE-2022-22756,CVE-2022-22759,CVE-2022-22760,CVE-2022-22761,CVE-2022-22763,CVE-2022-22764
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    MozillaFirefox-91.6.0-152.15.1
openSUSE Leap 15.3 (src):    nodejs8-8.17.0-10.19.2, php7-7.4.6-3.32.1, php7-test-7.4.6-3.32.1

Comment 19 Swamp Workflow Management 2022-03-04 08:29:31 UTC

openSUSE-SU-22022:20000-2: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1038980,1191962,1191963,1192153,1192154,1192696
CVE References: CVE-2017-8923,CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    nodejs8-8.17.0-10.19.2, php7-7.4.6-3.32.1, php7-test-7.4.6-3.32.1

Comment 20 Swamp Workflow Management 2022-03-04 08:57:27 UTC

openSUSE-SU-2022:0704-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1191962,1191963,1192153,1192154,1192696
CVE References: CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    nodejs8-8.17.0-10.19.2
openSUSE Leap 15.3 (src):    nodejs8-8.17.0-10.19.2

Comment 21 Swamp Workflow Management 2022-03-04 14:22:41 UTC

openSUSE-SU-2022:0715-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1191962,1191963,1192153,1192154,1192696
CVE References: CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    nodejs14-14.19.0-15.27.1
openSUSE Leap 15.3 (src):    nodejs14-14.19.0-15.27.1

Comment 22 Swamp Workflow Management 2022-03-04 14:26:50 UTC

SUSE-SU-2022:0715-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1191962,1191963,1192153,1192154,1192696
CVE References: CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    nodejs14-14.19.0-15.27.1
SUSE Manager Retail Branch Server 4.1 (src):    nodejs14-14.19.0-15.27.1
SUSE Manager Proxy 4.1 (src):    nodejs14-14.19.0-15.27.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    nodejs14-14.19.0-15.27.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    nodejs14-14.19.0-15.27.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    nodejs14-14.19.0-15.27.1
SUSE Linux Enterprise Module for Web Scripting 15-SP4 (src):    nodejs14-14.19.0-15.27.1
SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src):    nodejs14-14.19.0-15.27.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    nodejs14-14.19.0-15.27.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    nodejs14-14.19.0-15.27.1
SUSE Enterprise Storage 7 (src):    nodejs14-14.19.0-15.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2022-05-17 19:21:47 UTC

SUSE-SU-2022:1717-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1191962,1191963,1192153,1192154,1192696,1194514,1194819,1197283,1198247
CVE References: CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918,CVE-2021-44906,CVE-2021-44907,CVE-2022-0235,CVE-2022-21824
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    nodejs10-10.24.1-150000.1.44.1
openSUSE Leap 15.3 (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Manager Server 4.1 (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Manager Retail Branch Server 4.1 (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Manager Proxy 4.1 (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Linux Enterprise Server for SAP 15 (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Linux Enterprise Server 15-LTSS (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Enterprise Storage 7 (src):    nodejs10-10.24.1-150000.1.44.1
SUSE Enterprise Storage 6 (src):    nodejs10-10.24.1-150000.1.44.1
SUSE CaaS Platform 4.0 (src):    nodejs10-10.24.1-150000.1.44.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Maintenance Automation 2023-06-21 12:30:43 UTC

SUSE-SU-2023:2579-1: An update that solves 16 vulnerabilities, contains four features and has one fix can now be installed.

Category: security (moderate)
Bug References: 1047218, 1192154, 1192696, 1200480, 1201535, 1201539, 1203185, 1203596, 1203597, 1203599, 1204501, 1207830, 1208719, 1208965, 1209645, 1210458, 1210907
CVE References: CVE-2020-7753, CVE-2021-3807, CVE-2021-3918, CVE-2021-43138, CVE-2022-0155, CVE-2022-27191, CVE-2022-27664, CVE-2022-31097, CVE-2022-31107, CVE-2022-32149, CVE-2022-35957, CVE-2022-36062, CVE-2022-41715, CVE-2022-46146, CVE-2023-1387, CVE-2023-1410
Jira References: MSQA-666, PED-3576, PED-3578, PED-3694
Sources used:
SUSE Manager Client Tools for SLE 12 (src): mgr-daemon-4.3.7-1.41.1, uyuni-common-libs-4.3.8-1.33.1, zypp-plugin-spacewalk-1.0.14-30.42.1, spacecmd-4.3.21-38.121.1, grafana-9.5.1-1.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Maintenance Automation 2023-06-21 12:30:53 UTC

SUSE-SU-2023:2578-1: An update that solves 15 vulnerabilities, contains three features and has one fix can now be installed.

Category: security (important)
Bug References: 1192154, 1192696, 1200480, 1201535, 1201539, 1203185, 1203596, 1203597, 1203599, 1204501, 1207830, 1208719, 1209645, 1210458, 1210640, 1210907
CVE References: CVE-2020-7753, CVE-2021-3807, CVE-2021-3918, CVE-2021-43138, CVE-2022-0155, CVE-2022-27664, CVE-2022-31097, CVE-2022-31107, CVE-2022-32149, CVE-2022-35957, CVE-2022-36062, CVE-2022-41715, CVE-2022-46146, CVE-2023-1387, CVE-2023-1410
Jira References: MSQA-666, PED-3576, PED-3694
Sources used:
openSUSE Leap 15.4 (src): bind-9.16.6-150000.12.65.1, wire-0.5.0-150000.1.12.3, dracut-saltboot-0.1.1681904360.84ef141-150000.1.50.1, spacecmd-4.3.21-150000.3.98.1
openSUSE Leap 15.5 (src): wire-0.5.0-150000.1.12.3, dracut-saltboot-0.1.1681904360.84ef141-150000.1.50.1, spacecmd-4.3.21-150000.3.98.1
SUSE Manager Client Tools for SLE 15 (src): grafana-9.5.1-150000.1.48.5, spacecmd-4.3.21-150000.3.98.1, zypp-plugin-spacewalk-1.0.14-150000.3.35.1, uyuni-common-libs-4.3.8-150000.1.33.1, dracut-saltboot-0.1.1681904360.84ef141-150000.1.50.1, mgr-daemon-4.3.7-150000.1.41.1
SUSE Manager Client Tools for SLE Micro 5 (src): bind-9.16.6-150000.12.65.1, dracut-saltboot-0.1.1681904360.84ef141-150000.1.50.1
SUSE Manager Proxy 4.2 Module 4.2 (src): zypp-plugin-spacewalk-1.0.14-150000.3.35.1
SUSE Manager Proxy 4.3 Module 4.3 (src): zypp-plugin-spacewalk-1.0.14-150000.3.35.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): bind-9.16.6-150000.12.65.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): bind-9.16.6-150000.12.65.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): bind-9.16.6-150000.12.65.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): bind-9.16.6-150000.12.65.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): bind-9.16.6-150000.12.65.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): bind-9.16.6-150000.12.65.1
SUSE Enterprise Storage 7 (src): bind-9.16.6-150000.12.65.1
SUSE CaaS Platform 4.0 (src): bind-9.16.6-150000.12.65.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Maintenance Automation 2023-06-21 12:31:05 UTC

SUSE-SU-2023:2575-1: An update that solves 13 vulnerabilities and contains two features can now be installed.

Category: security (important)
Bug References: 1192154, 1192696, 1200480, 1201535, 1201539, 1203185, 1203596, 1203597, 1204501, 1209645, 1210907
CVE References: CVE-2020-7753, CVE-2021-3807, CVE-2021-3918, CVE-2021-43138, CVE-2022-0155, CVE-2022-27664, CVE-2022-31097, CVE-2022-31107, CVE-2022-32149, CVE-2022-35957, CVE-2022-36062, CVE-2023-1387, CVE-2023-1410
Jira References: MSQA-666, PED-3694
Sources used:
SUSE Package Hub 15 15-SP4 (src): grafana-9.5.1-150200.3.41.3
SUSE Package Hub 15 15-SP5 (src): grafana-9.5.1-150200.3.41.3
openSUSE Leap 15.4 (src): grafana-9.5.1-150200.3.41.3
openSUSE Leap 15.5 (src): grafana-9.5.1-150200.3.41.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Maintenance Automation 2024-01-23 20:30:10 UTC

SUSE-SU-2024:0196-1: An update that solves 44 vulnerabilities, contains 14 features and has 35 security fixes can now be installed.

Category: security (moderate)
Bug References: 1172110, 1176460, 1180816, 1180942, 1181119, 1181935, 1183684, 1187725, 1188061, 1188571, 1189520, 1191454, 1192154, 1192383, 1192696, 1192763, 1193492, 1193686, 1193688, 1197507, 1198903, 1199810, 1200142, 1200480, 1200591, 1200968, 1200970, 1201003, 1201059, 1201535, 1201539, 1202614, 1202945, 1203283, 1203596, 1203597, 1203599, 1204032, 1204126, 1204302, 1204303, 1204304, 1204305, 1204501, 1205207, 1205225, 1205227, 1205599, 1205759, 1207352, 1207749, 1207750, 1207830, 1208046, 1208049, 1208060, 1208062, 1208065, 1208270, 1208293, 1208298, 1208612, 1208692, 1208719, 1208819, 1208821, 1208965, 1209113, 1209645, 1210458, 1210640, 1210907, 1211525, 1212099, 1212100, 1212279, 1212641, 1218843, 1218844
CVE References: CVE-2020-7753, CVE-2021-20178, CVE-2021-20180, CVE-2021-20191, CVE-2021-20228, CVE-2021-3447, CVE-2021-3583, CVE-2021-3620, CVE-2021-36222, CVE-2021-3711, CVE-2021-3807, CVE-2021-3918, CVE-2021-41174, CVE-2021-41244, CVE-2021-43138, CVE-2021-43798, CVE-2021-43813, CVE-2021-43815, CVE-2022-0155, CVE-2022-23552, CVE-2022-27664, CVE-2022-29170, CVE-2022-31097, CVE-2022-31107, CVE-2022-31123, CVE-2022-31130, CVE-2022-32149, CVE-2022-35957, CVE-2022-36062, CVE-2022-39201, CVE-2022-39229, CVE-2022-39306, CVE-2022-39307, CVE-2022-39324, CVE-2022-41715, CVE-2022-41723, CVE-2022-46146, CVE-2023-0507, CVE-2023-0594, CVE-2023-1387, CVE-2023-1410, CVE-2023-2183, CVE-2023-2801, CVE-2023-3128
Jira References: MSQA-718, PED-2145, PED-2617, PED-3576, PED-3694, PED-4556, PED-5405, PED-5406, SLE-23422, SLE-23439, SLE-23631, SLE-24133, SLE-24565, SLE-24791
Sources used:
SUSE Manager Client Tools Beta for SLE Micro 5 (src): golang-github-QubitProducts-exporter_exporter-0.4.0-159000.4.6.1, prometheus-blackbox_exporter-0.24.0-159000.3.6.1, uyuni-proxy-systemd-services-5.0.1-159000.3.9.1, dracut-saltboot-0.1.1681904360.84ef141-159000.3.30.1
SUSE Manager Client Tools Beta for SLE 15 (src): python-pyvmomi-6.7.3-159000.3.6.1, golang-github-QubitProducts-exporter_exporter-0.4.0-159000.4.6.1, supportutils-plugin-salt-1.2.2-159000.5.9.1, uyuni-proxy-systemd-services-5.0.1-159000.3.9.1, mgr-push-5.0.1-159000.4.21.1, golang-github-lusitaniae-apache_exporter-1.0.0-159000.4.12.1, rhnlib-5.0.1-159000.6.30.1, golang-github-prometheus-prometheus-2.45.0-159000.6.33.1, spacewalk-client-tools-5.0.1-159000.6.48.1, uyuni-common-libs-5.0.1-159000.3.33.1, dracut-saltboot-0.1.1681904360.84ef141-159000.3.30.1, golang-github-boynux-squid_exporter-1.6-159000.4.9.1, ansible-2.9.27-159000.3.9.1, prometheus-postgres_exporter-0.10.1-159000.3.6.1, grafana-9.5.8-159000.4.24.1, spacecmd-5.0.1-159000.6.42.1, python-hwdata-2.3.5-159000.5.13.1, prometheus-blackbox_exporter-0.24.0-159000.3.6.1, supportutils-plugin-susemanager-client-5.0.1-159000.6.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 31 Maintenance Automation 2024-01-23 20:30:42 UTC

SUSE-SU-2024:0191-1: An update that solves 45 vulnerabilities, contains 17 features and has 30 security fixes can now be installed.

Category: security (moderate)
Bug References: 1047218, 1172110, 1188571, 1189520, 1191454, 1192154, 1192383, 1192696, 1192763, 1193492, 1193686, 1193688, 1194873, 1195726, 1195727, 1195728, 1196338, 1196652, 1197507, 1198903, 1199810, 1200480, 1200591, 1200725, 1201003, 1201059, 1201535, 1201539, 1203283, 1203596, 1203597, 1203599, 1204032, 1204089, 1204126, 1204302, 1204303, 1204304, 1204305, 1204501, 1205207, 1205225, 1205227, 1205759, 1207352, 1207749, 1207750, 1207830, 1208046, 1208049, 1208051, 1208060, 1208062, 1208064, 1208065, 1208270, 1208293, 1208298, 1208612, 1208692, 1208719, 1208819, 1208821, 1208965, 1209113, 1209645, 1210458, 1210907, 1211525, 1212099, 1212100, 1212279, 1212641, 1218843, 1218844
CVE References: CVE-2020-7753, CVE-2021-36222, CVE-2021-3711, CVE-2021-3807, CVE-2021-3918, CVE-2021-39226, CVE-2021-41174, CVE-2021-41244, CVE-2021-43138, CVE-2021-43798, CVE-2021-43813, CVE-2021-43815, CVE-2022-0155, CVE-2022-21673, CVE-2022-21698, CVE-2022-21702, CVE-2022-21703, CVE-2022-21713, CVE-2022-23552, CVE-2022-27191, CVE-2022-27664, CVE-2022-29170, CVE-2022-31097, CVE-2022-31107, CVE-2022-31123, CVE-2022-31130, CVE-2022-32149, CVE-2022-35957, CVE-2022-36062, CVE-2022-39201, CVE-2022-39229, CVE-2022-39306, CVE-2022-39307, CVE-2022-39324, CVE-2022-41715, CVE-2022-41723, CVE-2022-46146, CVE-2023-0507, CVE-2023-0594, CVE-2023-1387, CVE-2023-1410, CVE-2023-2183, CVE-2023-2801, CVE-2023-3128, CVE-2023-40577
Jira References: MSQA-718, PED-2145, PED-2617, PED-3576, PED-3578, PED-3694, PED-4556, PED-5405, PED-5406, PED-7353, SLE-23422, SLE-23439, SLE-24238, SLE-24239, SLE-24565, SLE-24791, SUMA-114
Sources used:
SUSE Manager Client Tools Beta for SLE 12 (src): rhnlib-5.0.1-24.30.3, spacecmd-5.0.1-41.42.3, grafana-9.5.8-4.21.2, prometheus-postgres_exporter-0.10.1-3.6.4, golang-github-prometheus-node_exporter-1.5.0-4.15.4, golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2, system-user-grafana-1.0.0-3.7.2, kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2, golang-github-prometheus-prometheus-2.45.0-4.33.3, supportutils-plugin-susemanager-client-5.0.1-9.15.2, uyuni-common-libs-5.0.1-3.33.3, prometheus-blackbox_exporter-0.24.0-3.6.3, golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4, golang-github-prometheus-alertmanager-0.26.0-4.12.4, system-user-prometheus-1.0.0-3.7.2, python-hwdata-2.3.5-15.12.2, golang-github-boynux-squid_exporter-1.6-4.9.2, supportutils-plugin-salt-1.2.2-9.9.2, golang-github-prometheus-promu-0.14.0-4.12.2, mgr-push-5.0.1-4.21.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 35 Maintenance Automation 2024-02-15 16:30:59 UTC

SUSE-RU-2024:0511-1: An update that solves five vulnerabilities and contains one feature can now be installed.

Category: recommended (moderate)
Bug References: 1192154, 1192696, 1200480, 1218843, 1218844
CVE References: CVE-2020-7753, CVE-2021-3807, CVE-2021-3918, CVE-2021-43138, CVE-2022-0155
Jira References: MSQA-719
Sources used:
openSUSE Leap 15.5 (src): grafana-9.5.8-150200.3.53.2
SUSE Package Hub 15 15-SP5 (src): grafana-9.5.8-150200.3.53.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 36 Maintenance Automation 2024-02-15 16:32:02 UTC

SUSE-SU-2024:0487-1: An update that solves eight vulnerabilities and contains one feature can now be installed.

Category: security (moderate)
Bug References: 1192154, 1192696, 1193492, 1193686, 1200480, 1204023, 1218843, 1218844
CVE References: CVE-2020-7753, CVE-2021-3807, CVE-2021-3918, CVE-2021-43138, CVE-2021-43798, CVE-2021-43815, CVE-2022-0155, CVE-2022-41715
Jira References: MSQA-719
Sources used:
openSUSE Leap 15.5 (src): golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.20.1, spacecmd-4.3.26-150000.3.113.1, prometheus-postgres_exporter-0.10.1-150000.1.17.1
SUSE Manager Client Tools for SLE 15 (src): spacewalk-client-tools-4.3.18-150000.3.86.2, mgr-daemon-4.3.8-150000.1.44.1, uyuni-proxy-systemd-services-4.3.10-150000.1.15.1, spacecmd-4.3.26-150000.3.113.1, golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.20.1, golang-github-prometheus-prometheus-2.45.0-150000.3.53.1, grafana-9.5.8-150000.1.60.2, prometheus-postgres_exporter-0.10.1-150000.1.17.1
SUSE Manager Client Tools for SLE Micro 5 (src): uyuni-proxy-systemd-services-4.3.10-150000.1.15.1
SUSE Manager Proxy 4.3 Module 4.3 (src): golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.20.1
SUSE Manager Server 4.3 Module 4.3 (src): golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 37 Maintenance Automation 2024-02-15 16:32:07 UTC

SUSE-SU-2024:0486-1: An update that solves nine vulnerabilities and contains two features can now be installed.

Category: security (moderate)
Bug References: 1192154, 1192696, 1193492, 1193686, 1200480, 1204023, 1218838, 1218843, 1218844
CVE References: CVE-2020-7753, CVE-2021-3807, CVE-2021-3918, CVE-2021-43138, CVE-2021-43798, CVE-2021-43815, CVE-2022-0155, CVE-2022-41715, CVE-2023-40577
Jira References: MSQA-719, PED-7353
Sources used:
SUSE Manager Client Tools for SLE 12 (src): spacewalk-client-tools-4.3.18-52.95.2, mgr-daemon-4.3.8-1.44.2, golang-github-prometheus-alertmanager-0.26.0-1.24.2, golang-github-lusitaniae-apache_exporter-1.0.0-1.21.2, grafana-9.5.8-1.60.1, spacecmd-4.3.26-38.136.2, golang-github-prometheus-prometheus-2.45.0-1.50.2, prometheus-postgres_exporter-0.10.1-1.17.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 38 Maintenance Automation 2024-03-04 12:30:09 UTC

SUSE-RU-2024:0746-1: An update that contains two features and has nine fixes can now be installed.

Category: recommended (moderate)
Bug References: 1192154, 1192696, 1193492, 1193686, 1200480, 1204023, 1218838, 1218843, 1218844
Jira References: MSQA-720, PED-7843
Sources used:
SUSE Manager Client Tools Beta for SLE 12 (src): golang-github-prometheus-prometheus-2.45.0-4.36.1, spacewalk-client-tools-5.0.3-55.48.1, supportutils-plugin-susemanager-client-5.0.2-9.18.1, rhnlib-5.0.2-24.33.1, uyuni-tools-0.1.4-3.3.1, golang-github-prometheus-alertmanager-0.26.0-4.15.1, uyuni-common-libs-5.0.2-3.36.1, grafana-9.5.8-4.24.1, spacecmd-5.0.4-41.45.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 39 Maintenance Automation 2024-03-04 12:30:14 UTC

SUSE-RU-2024:0745-1: An update that contains two features and has eight fixes can now be installed.

Category: recommended (moderate)
Bug References: 1192154, 1192696, 1193492, 1193686, 1200480, 1204023, 1218843, 1218844
Jira References: MSQA-720, PED-7843
Sources used:
SUSE Manager Client Tools Beta for SLE 15 (src): supportutils-plugin-susemanager-client-5.0.2-159000.6.18.1, grafana-9.5.8-159000.4.27.1, uyuni-tools-0.1.4-159000.3.3.1, uyuni-common-libs-5.0.2-159000.3.36.1, golang-github-prometheus-prometheus-2.45.0-159000.6.36.1, spacecmd-5.0.4-159000.6.45.1, spacewalk-client-tools-5.0.3-159000.6.51.1, rhnlib-5.0.2-159000.6.33.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 40 Alexander Bergmann 2024-06-06 12:16:06 UTC

Fixed and released.