SUSE-IU-2022:1149-1 SUSE Image security@suse.de SUSE Security Team SUSE Image SUSE-IU-2022:1149-1 Interim 1 1 2024-04-06T07:43:58Z current 2022-12-15T01:00:00Z 2022-12-15T01:00:00Z cve-database/bin/generate-cvrf-publiccloud.pl 2021-02-18T01:00:00Z Image update for SUSE-IU-2022:1149-1 / google/sles-15-sp4-chost-byos-v20221215-arm64 This image update for google/sles-15-sp4-chost-byos-v20221215-arm64 contains the following changes: Package audit-secondary was updated: Package containerd was updated: - Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream release notes: <https://github.com/containerd/containerd/releases/tag/v1.6.11> - Update to containerd v1.6.11. Upstream release notes: <https://github.com/containerd/containerd/releases/tag/v1.6.11> - Update to containerd v1.6.9 for Docker v20.10.21-ce. Also includes a fix for CVE-2022-27191. boo#1206065 bsc#1197284 Upstream release notes: <https://github.com/containerd/containerd/releases/tag/v1.6.9> - add devel subpackage, which is needed by open-vm-tools Package dracut was updated: - Update to version 055+suse.323.gca0e74f0: * fix(network-manager): always install the library plugins directory (bsc#1202014) * feat(dracut-init.sh): add inst_libdir_dir() helper (bsc#1202014) A series of fixes for NVMeoF boot (bsc#1203368): * fix(network-legacy): misleading duplicate address detection using wicked * fix(man): dracut.cmdline.7: clarify "/rd.nvmf.discover=fc,auto"/ * fix(network): avoid double brackets around IPv6 address * feat(nvmf): set rd.neednet=1 if tcp records encountered * fix(man): dracut.cmdline(7): correct syntax for rd.nonvmf * fix(network): don't use same ifname multiple times * fix(nvmf): run cmdline hook before parse-ip-opts.sh * fix(nvmf): avoid calling "/exit"/ in a cmdline hook * fix(nvmf): make sure "/rd.nvmf.discover=fc,auto"/ takes precedence * fix(nvmf): don't use "/finished"/ queue for autoconnect * fix(nvmf): don't create did-setup file * fix(nvmf): no need to load the nvme module * fix(nvmf): don't try to validate network connections in cmdline hook * fix(nvmf): nvme list-subsys prints the address using commas as separator * fix(nvmf): deprecate old nvmf cmdline options * fix(nvmf): set executable bit on nvmf-autoconnect.sh - Update to version 055+suse.302.gc7aee2dc: * fix(dmsquash-live): correct regression introduced with shellcheck changes (bsc#1203894) * fix(systemd): add missing modprobe@.service (bsc#1203749) * fix(i18n): do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) Package grub2 was updated: - Security fixes and hardenings * 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch * 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch - Fix CVE-2022-2601 (bsc#1205178) * 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch * 0004-font-Remove-grub_font_dup_glyph.patch * 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch * 0006-font-Fix-integer-overflow-in-BMP-index.patch * 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch * 0008-fbutil-Fix-integer-overflow.patch - Fix CVE-2022-3775 (bsc#1205182) * 0009-font-Fix-an-integer-underflow-in-blit_comb.patch * 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch * 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch * 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch - Bump upstream SBAT generation to 3 Package iputils was updated: - Backport 2 fixes for bsc#1203957: 0001-ping-Add-SA_RESTART-to-sa_flags.patch 0002-ping-Make-ping_rts-struct-static.patch Package krb5 was updated: - Fix integer overflows in PAC parsing; (CVE-2022-42898); (bso#15203), (bsc#1205126). - Added patches: * 0010-Fix-integer-overflows-in-PAC-parsing.patch Package libeconf was updated: - Update to version 0.4.6+git20220427.3016f4e: * econftool: * * Parsing error: Reporting file and line nr. * * --delimeters=spaces Taking all kind of spaces for delimiter * libeconf: Fixed bsc#1198165: Parsing files correctly which have space characters AND none space characters as delimiters. - Update to version 0.4.5+git20220406.c9658f2: * econftool: * * New call "/syntax"/ for checking the configuration files only. Returns an error string with line number if an error occurs. * * New options "/--comment"/ and "/--delimeters"/ * * Parsing one file only if needed. Package lvm2 was updated: - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch - dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074) - in lvm2.spec, change device_mapper_version from 1.02.163 to %{lvm2_version}_1.02.163 - lvmlockd is not supporting sanlock (bsc#1203482) - set 1 for _supportsanlock in lvm2.spec for enabling sanlock. Package nfsidmap was updated: - 0001-Removed-some-unused-and-set-but-not-used-warnings.patch 0002-Handle-NULL-names-better.patch 0003-Strip-newlines-out-of-IDMAP_LOG-messages.patch 0004-onf_parse_line-Ignore-whitespace-at-the-beginning-of.patch 0005-nss.c-wrong-check-of-return-value.patch 0006-Fixed-a-memory-leak-nss_name_to_gid.patch Various bugfixes and improvemes from upstream In particular, 0001 fixes a crash that can happen when a 'static' mapping is configured. (bnc#1200901) Package openssh was updated: - Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: Make ssh connections update their dbus environment (bsc#1179465). Package openssl-1_1 was updated: - FIPS: Service-level indicator [bsc#1190651] * Mark PBKDF2 with key shorter than 112 bits as non-approved * Add openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch - FIPS: Service-level indicator [bsc#1190651] * Consider RSA siggen/sigver with PKCS1 padding also approved * Add openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch - FIPS: Service-level indicator [bsc#1190651] * Return the correct indicator for a given EC group order bits * Add openssl-1_1-ossl-sli-005-EC_group_order_bits.patch Package python3 was updated: - Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in the garbage collection (bsc#1188607). - Add CVE-2022-37454-sha3-buffer-overflow.patch to fix bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer overflow in hashlib.sha3_* implementations (originally from the XKCP library). - Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix CVE-2020-10735 (bsc#1203125) to limit amount of digits converting text to int and vice vera (potential for DoS). Originally by Victor Stinner of Red Hat. - Remove merged patch CVE-2020-8492-urllib-ReDoS.patch, CRLF_injection_via_host_part.patch, and CVE-2019-18348-CRLF_injection_via_host_part.patch. Package rsyslog was updated: - fix parsing of legacy config syntax (bsc#1205275) * add: 0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch 0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch - remove $klogConsoleLogLevel setting from rsyslog.conf (bsc#1191833) * this legacy setting from pre-systemd times is obsolete and can block important systemd messages Package sudo was updated: - Added sudo-utf8-ldap-schema.patch * Change sudo-ldap schema from ASCII to UTF8. * Fixes bsc#1197998 * Credit to William Brown <william.brown@suse.com> * https://github.com/sudo-project/sudo/pull/163 Package supportutils was updated: - Added lifecycle information (issue#140)- Changes to version 3.1.21 + Added type output with df command in fs-diskio.txt (issue#141) + Gather all files in /etc/security/limits.d/ (issue#142) + Fixed KVM virtualization detection on bare metal (bsc#1184689) + Added logging using journalctl (bsc#1200330) + Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) + Added system logging configuration and checking in messages_config.txt (issue#103) + If rsyslog not installed collect more from journalctl (issue#120) + Added systemd-status.txt for the status of all service units (issue#125) + autofs includes files in (+dir:<path>) (issue#111) + Get current sar data before collecting files (bsc#1192648) + Collects everything in /etc/multipath/ (bsc#1192252) + Collects power management information in hardware.txt (bsc#1197428) + Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) + Fixed conf_files and conf_text_files so y2log is gathered (issue#134, bsc#1202269) + Update to nvme_info and block_info #133 (bsc#1202417) + Added IO scheduler (issue#136) + Added includedir directories from /etc/sudoers (bsc#1188086) - Added a listing to /dev/mapper/. #129 Package suse-build-key was updated: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put our PEM key there too (bsc#1204706) Package suseconnect-ng was updated: - Update to version 1.0.0~git0.faee7c196dc1: * Revert "/packaging: 1.0.0 -> 1.0"/ - Update to version v1.0~git0.32cac3fb5047: * packaging: 1.0.0 -> 1.0 - Update to version 1.0.0~git0.60e48564a714 (bsc#1204821): * packaging: obsolete suseconnect < 1.0.0 * packaging: don't end the summary with a dot - Update to version 0.0.10~git2.ee561b8: * Drop .git from tar - Update to version 0.0.10~git0.5f84106: * Fix System-Token support in ruby binding (bsc#1203341) * Added the PACKAGE.md file - Update to version 0.0.9~git10.de887da7231f: * Respect the PROXY_ENABLED environment variable - Update to version 0.0.9~git8.f9adb71: * Use standard buildconditionals * Strip the binaries (saves ~ 30%) - Update to version 0.0.9~git5.75890b6: * Don't run keepalive on reboot * Use system-wide proxy settings (bsc#1200994) * Add customer information about keepalive calls * Add timer for SUSEConnect --keepalive (bsc#1196076) * Add --keepalive to manpage * Added support for the System-Token header * Add Keepalive command line option * Print nested zypper errors (bsc#1200803) * Fix migration json error with SMT (bsc#1198625) * Add option to run local scc tests * Switch to jenkins-hosted credentials * Fix "/VCS stamping"/ problem * Add missing import * Remove redundant code + add comment - Update to version 0.0.8~git2.368ea44: * go1.18 compatibility: BuildRequires:git Package tar was updated: - Fix unexpected inconsistency when making directory, bsc#1203600 * tar-avoid-overflow-in-symlinks-tests.patch * tar-fix-extract-unlink.patch - Update race condition fix, bsc#1200657 * tar-fix-race-condition.patch - Refresh bsc1200657.patch Package vim was updated: - Updated to version 9.0 with patch level 0814, fixes the following problems * Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow * Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483. * Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490. * Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598. * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c * Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer() * Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c * Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c * Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c * Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag() * Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. * Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c * Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free * Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse() * Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321 - ignore-flaky-test-failure.patch: Ignore failure of flaky tests - disable-unreliable-tests-arch.patch: Removed - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.0313...v9.0.0814 Package wget was updated: - Update 0001-possibly-truncate-pathname-components.patch * Truncate file name even if no directory structure * [bsc#1204720] Package wicked was updated: - version 0.6.70- build: Link as Position Independent Executable (bsc#1184124) - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307) - dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b) - dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03) - dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924) - team: Fix to configure port priority in teamd (bsc#1200505) - firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950) - wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Remove libiw dependencies (gh#openSUSE/wicked#910) - client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919) - client: Add release options to ifdown/ifreload (jsc#SLE-10249) - dbus: Clear string array before append (gh#openSUSE/wicked#913) - socket: Fix SEGV on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - dbus: cleanup the dbus-service.h file and unused property macros e.g. tso has been split into several features and the - cleanup: add missing/explicit designated field initializers - dhcp: support to define and request custom options (bsc#988954), - utils: fixed last byte formatting in ni_format_hex - ifconfig: re-add broadcast calculation (bcs#971629). - version 0.6.27 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://publiccloudimagechangeinfo.suse.com/google/sles-15-sp4-chost-byos-v20221215-arm64/ Public Cloud Image Info https://www.suse.com/support/security/rating/ SUSE Security Ratings Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 audit-3.0.6-150400.4.6.1 containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 dracut-055+suse.323.gca0e74f0-150400.3.13.1 dracut-mkinitrd-deprecated-055+suse.323.gca0e74f0-150400.3.13.1 grub2-2.06-150400.11.17.1 grub2-arm64-efi-2.06-150400.11.17.1 iputils-20211215-150400.3.3.2 krb5-1.19.2-150400.3.3.1 libdevmapper1_03-2.03.05_1.02.163-150400.185.1 libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 libgcc_s1-12.2.1+git416-150000.1.5.1 libopenssl1_1-1.1.1l-150400.7.16.1 libpython3_6m1_0-3.6.15-150300.10.37.2 libstdc++6-12.2.1+git416-150000.1.5.1 nfsidmap-0.26-150000.3.7.1 openssh-8.4p1-150300.3.15.4 openssh-clients-8.4p1-150300.3.15.4 openssh-common-8.4p1-150300.3.15.4 openssh-server-8.4p1-150300.3.15.4 openssl-1_1-1.1.1l-150400.7.16.1 python3-3.6.15-150300.10.37.2 python3-base-3.6.15-150300.10.37.2 rpm-ndb-4.14.3-150300.52.1 rsyslog-8.2106.0-150400.5.11.1 samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 sudo-1.9.9-150400.4.9.1 supportutils-3.1.21-150300.7.35.15.1 suse-build-key-12.0-150000.8.28.1 suseconnect-ng-1.0.0~git0.faee7c196dc1-150400.3.7.3 system-group-audit-3.0.6-150400.4.6.1 tar-1.34-150000.3.22.3 vim-9.0.0814-150000.5.28.1 vim-data-common-9.0.0814-150000.5.28.1 wget-1.20.3-150000.3.15.1 wicked-0.6.70-150400.3.3.1 wicked-service-0.6.70-150400.3.3.1 audit-3.0.6-150400.4.6.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 containerd-1.6.12-150000.79.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 containerd-ctr-1.6.12-150000.79.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 dracut-055+suse.323.gca0e74f0-150400.3.13.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 dracut-mkinitrd-deprecated-055+suse.323.gca0e74f0-150400.3.13.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 grub2-2.06-150400.11.17.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 grub2-arm64-efi-2.06-150400.11.17.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 iputils-20211215-150400.3.3.2 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 krb5-1.19.2-150400.3.3.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 libdevmapper1_03-2.03.05_1.02.163-150400.185.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 libgcc_s1-12.2.1+git416-150000.1.5.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 libopenssl1_1-1.1.1l-150400.7.16.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 libpython3_6m1_0-3.6.15-150300.10.37.2 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 libstdc++6-12.2.1+git416-150000.1.5.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 nfsidmap-0.26-150000.3.7.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 openssh-8.4p1-150300.3.15.4 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 openssh-clients-8.4p1-150300.3.15.4 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 openssh-common-8.4p1-150300.3.15.4 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 openssh-server-8.4p1-150300.3.15.4 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 openssl-1_1-1.1.1l-150400.7.16.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 python3-3.6.15-150300.10.37.2 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 python3-base-3.6.15-150300.10.37.2 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 rpm-ndb-4.14.3-150300.52.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 rsyslog-8.2106.0-150400.5.11.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 sudo-1.9.9-150400.4.9.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 supportutils-3.1.21-150300.7.35.15.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 suse-build-key-12.0-150000.8.28.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 suseconnect-ng-1.0.0~git0.faee7c196dc1-150400.3.7.3 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 system-group-audit-3.0.6-150400.4.6.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 tar-1.34-150000.3.22.3 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 vim-9.0.0814-150000.5.28.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 vim-data-common-9.0.0814-150000.5.28.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 wget-1.20.3-150000.3.15.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 wicked-0.6.70-150400.3.3.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 wicked-service-0.6.70-150400.3.3.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64 An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. CVE-2019-18348 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:python3-3.6.15-150300.10.37.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. CVE-2020-10735 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:python3-3.6.15-150300.10.37.2 moderate Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. CVE-2020-8492 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:python3-3.6.15-150300.10.37.2 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C vim is vulnerable to Use of Uninitialized Variable CVE-2021-3928 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-9.0.0814-150000.5.28.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-data-common-9.0.0814-150000.5.28.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. CVE-2022-23471 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:containerd-1.6.12-150000.79.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:containerd-ctr-1.6.12-150000.79.1 moderate A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. CVE-2022-2601 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:grub2-2.06-150400.11.17.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:grub2-arm64-efi-2.06-150400.11.17.1 moderate The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. CVE-2022-27191 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:containerd-1.6.12-150000.79.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:containerd-ctr-1.6.12-150000.79.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. CVE-2022-2980 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-9.0.0814-150000.5.28.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-data-common-9.0.0814-150000.5.28.1 moderate Use After Free in GitHub repository vim/vim prior to 9.0.0260. CVE-2022-2982 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-9.0.0814-150000.5.28.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-data-common-9.0.0814-150000.5.28.1 moderate Use After Free in GitHub repository vim/vim prior to 9.0.0322. CVE-2022-3037 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-9.0.0814-150000.5.28.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-data-common-9.0.0814-150000.5.28.1 moderate Use After Free in GitHub repository vim/vim prior to 9.0.0360. CVE-2022-3099 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-9.0.0814-150000.5.28.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-data-common-9.0.0814-150000.5.28.1 moderate Use After Free in GitHub repository vim/vim prior to 9.0.0389. CVE-2022-3134 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-9.0.0814-150000.5.28.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-data-common-9.0.0814-150000.5.28.1 moderate NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. CVE-2022-3153 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-9.0.0814-150000.5.28.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-data-common-9.0.0814-150000.5.28.1 moderate Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. CVE-2022-3234 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-9.0.0814-150000.5.28.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-data-common-9.0.0814-150000.5.28.1 moderate Use After Free in GitHub repository vim/vim prior to 9.0.0490. CVE-2022-3235 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-9.0.0814-150000.5.28.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-data-common-9.0.0814-150000.5.28.1 moderate NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. CVE-2022-3278 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-9.0.0814-150000.5.28.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-data-common-9.0.0814-150000.5.28.1 moderate Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. CVE-2022-3296 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-9.0.0814-150000.5.28.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-data-common-9.0.0814-150000.5.28.1 moderate Use After Free in GitHub repository vim/vim prior to 9.0.0579. CVE-2022-3297 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-9.0.0814-150000.5.28.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-data-common-9.0.0814-150000.5.28.1 moderate Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. CVE-2022-3324 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-9.0.0814-150000.5.28.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-data-common-9.0.0814-150000.5.28.1 moderate Use After Free in GitHub repository vim/vim prior to 9.0.0614. CVE-2022-3352 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-9.0.0814-150000.5.28.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-data-common-9.0.0814-150000.5.28.1 moderate A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. CVE-2022-3705 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-9.0.0814-150000.5.28.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:vim-data-common-9.0.0814-150000.5.28.1 moderate The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. CVE-2022-37454 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:python3-3.6.15-150300.10.37.2 moderate When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. CVE-2022-3775 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:grub2-2.06-150400.11.17.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:grub2-arm64-efi-2.06-150400.11.17.1 moderate PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." CVE-2022-42898 Public Cloud Image google/sles-15-sp4-chost-byos-v20221215-arm64:krb5-1.19.2-150400.3.3.1 moderate