go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers/os/resources/packages/testdata/updates_zypper.toml (about) 1 [commands."zypper -n --xmlout list-updates"] 2 stdout = """<?xml version='1.0'?> 3 <stream> 4 <message type="info">Loading repository data...</message> 5 <message type="info">Reading installed packages...</message> 6 <update-status version="0.6"> 7 <update-list> 8 <update name="aaa_base" edition="13.2+git20140911.61c1681-28.6.1" arch="x86_64" kind="package" edition-old="13.2+git20140911.61c1681-28.3.1" > 9 <summary>openSUSE Base Package</summary> 10 <description>This package installs several important configuration files and central scripts.</description> 11 <license></license> 12 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 13 </update> 14 <update name="bash" edition="4.3-83.6.1" arch="x86_64" kind="package" edition-old="4.3-83.3.1" > 15 <summary>The GNU Bourne-Again Shell</summary> 16 <description>Bash is an sh-compatible command interpreter that executes commands 17 read from standard input or from a file. Bash incorporates useful 18 features from the Korn and C shells (ksh and csh). Bash is intended to 19 be a conformant implementation of the IEEE Posix Shell and Tools 20 specification (IEEE Working Group 1003.2).</description> 21 <license></license> 22 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 23 </update> 24 <update name="glibc" edition="2.22-19.1" arch="x86_64" kind="package" edition-old="2.22-16.3" > 25 <summary>Standard Shared Libraries (from the GNU C Library)</summary> 26 <description>The GNU C Library provides the most important standard libraries used 27 by nearly all programs: the standard C library, the standard math 28 library, and the POSIX thread library. A system is not functional 29 without these libraries.</description> 30 <license></license> 31 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 32 </update> 33 <update name="gpg2" edition="2.0.24-9.3.1" arch="x86_64" kind="package" edition-old="2.0.24-8.1" > 34 <summary>GnuPG 2</summary> 35 <description>GnuPG 2 is the successor of "GnuPG" or GPG. It provides: GPGSM, 36 gpg-agent, and a keybox library.</description> 37 <license></license> 38 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 39 </update> 40 <update name="libcurl4" edition="7.37.0-36.1" arch="x86_64" kind="package" edition-old="7.37.0-33.1" > 41 <summary>Version 4 of cURL shared library</summary> 42 <description>The cURL shared library version 4 for accessing data using different 43 network protocols.</description> 44 <license></license> 45 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 46 </update> 47 <update name="libgcc_s1" edition="7.3.1+r258812-10.1" arch="x86_64" kind="package" edition-old="7.3.1+r258313-6.1" > 48 <summary>C compiler runtime library</summary> 49 <description>Libgcc is needed for dynamically linked C programs.</description> 50 <license></license> 51 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 52 </update> 53 <update name="libgcrypt20" edition="1.6.1-45.1" arch="x86_64" kind="package" edition-old="1.6.1-42.1" > 54 <summary>The GNU Crypto Library</summary> 55 <description>Libgcrypt is a general purpose crypto library based on the code used in 56 GnuPG (alpha version).</description> 57 <license></license> 58 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 59 </update> 60 <update name="libopenssl1_0_0" edition="1.0.2j-25.1" arch="x86_64" kind="package" edition-old="1.0.2j-16.1" > 61 <summary>Secure Sockets and Transport Layer Security</summary> 62 <description>The OpenSSL Project is a collaborative effort to develop a robust, 63 commercial-grade, full-featured, and open source toolkit implementing 64 the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS 65 v1) protocols with full-strength cryptography. The project is managed 66 by a worldwide community of volunteers that use the Internet to 67 communicate, plan, and develop the OpenSSL toolkit and its related 68 documentation. 69 70 Derivation and License 71 72 OpenSSL is based on the excellent SSLeay library developed by Eric A. 73 Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an 74 Apache-style license, which basically means that you are free to get it 75 and to use it for commercial and noncommercial purposes.</description> 76 <license></license> 77 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 78 </update> 79 <update name="libprocps3" edition="3.3.9-20.1" arch="x86_64" kind="package" edition-old="3.3.9-17.1" > 80 <summary>The procps library</summary> 81 <description>The procps library can be used to read informations out from /proc 82 the process information pseudo-file system,</description> 83 <license></license> 84 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 85 </update> 86 <update name="libreadline6" edition="6.3-83.6.1" arch="x86_64" kind="package" edition-old="6.3-83.3.1" > 87 <summary>The Readline Library</summary> 88 <description>The readline library is used by the Bourne Again Shell (bash, the 89 standard command interpreter) for easy editing of command lines. This 90 includes history and search functionality.</description> 91 <license></license> 92 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 93 </update> 94 <update name="libsolv-tools" edition="0.6.34-9.1" arch="x86_64" kind="package" edition-old="0.6.32-6.1" > 95 <summary>Utilities to work with .solv files</summary> 96 <description>libsolv is a library for solving packages and reading repositories. 97 98 This subpackage contains utilities to create and work with the .solv 99 files used by libsolv.</description> 100 <license></license> 101 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 102 </update> 103 <update name="libstdc++6" edition="7.3.1+r258812-10.1" arch="x86_64" kind="package" edition-old="7.3.1+r258313-6.1" > 104 <summary>The standard C++ shared library</summary> 105 <description>The standard C++ library, needed for dynamically linked C++ programs.</description> 106 <license></license> 107 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 108 </update> 109 <update name="libsystemd0" edition="228-50.1" arch="x86_64" kind="package" edition-old="228-47.1" > 110 <summary>Component library for systemd</summary> 111 <description>This library provides several of the systemd C APIs: 112 113 * sd-bus implements an alternative D-Bus client library that is 114 relatively easy to use, very efficient and supports both classic 115 D-Bus as well as kdbus as transport backend. 116 117 * sd-daemon(3): for system services (daemons) to report their status 118 to systemd and to make easy use of socket-based activation logic 119 120 * sd-event is a generic event loop abstraction that is built around 121 Linux epoll, but adds features such as event prioritization or 122 efficient timer handling. 123 124 * sd-id128(3): generation and processing of 128-bit IDs 125 126 * sd-journal(3): API to submit and query journal log entries 127 128 * sd-login(3): APIs to introspect and monitor seat, login session and 129 user status information on the local system.</description> 130 <license></license> 131 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 132 </update> 133 <update name="libudev1" edition="228-50.1" arch="x86_64" kind="package" edition-old="228-47.1" > 134 <summary>Dynamic library to access udev device information</summary> 135 <description>This package contains the dynamic library libudev, which provides 136 access to udev device information</description> 137 <license></license> 138 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 139 </update> 140 <update name="libz1" edition="1.2.8-14.3.1" arch="x86_64" kind="package" edition-old="1.2.8-13.15" > 141 <summary>Library implementing the DEFLATE compression algorithm</summary> 142 <description>zlib is a general-purpose lossless data-compression library, 143 implementing an API for the DEFLATE algorithm, the latter of 144 which is being used by, for example, gzip and the ZIP archive 145 format.</description> 146 <license></license> 147 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 148 </update> 149 <update name="libzypp" edition="16.17.12-24.1" arch="x86_64" kind="package" edition-old="16.17.10-21.1" > 150 <summary>Package, Patch, Pattern, and Product Management</summary> 151 <description>Package, Patch, Pattern, and Product Management</description> 152 <license></license> 153 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 154 </update> 155 <update name="openssl" edition="1.0.2j-25.1" arch="x86_64" kind="package" edition-old="1.0.2j-16.1" > 156 <summary>Secure Sockets and Transport Layer Security</summary> 157 <description>The OpenSSL Project is a collaborative effort to develop a robust, 158 commercial-grade, full-featured, and open source toolkit implementing 159 the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS 160 v1) protocols with full-strength cryptography. The project is managed 161 by a worldwide community of volunteers that use the Internet to 162 communicate, plan, and develop the OpenSSL toolkit and its related 163 documentation. 164 165 Derivation and License 166 167 OpenSSL is based on the excellent SSLeay library developed by Eric A. 168 Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an 169 Apache-style license, which basically means that you are free to get it 170 and to use it for commercial and noncommercial purposes.</description> 171 <license></license> 172 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 173 </update> 174 <update name="perl-base" edition="5.18.2-15.2" arch="x86_64" kind="package" edition-old="5.18.2-9.1" > 175 <summary>The Perl interpreter</summary> 176 <description>perl - Practical Extraction and Report Language 177 178 Perl is optimized for scanning arbitrary text files, extracting 179 information from those text files, and printing reports based on that 180 information. It is also good for many system management tasks. 181 182 Perl is intended to be practical (easy to use, efficient, and complete) 183 rather than beautiful (tiny, elegant, and minimal). 184 185 This package contains only some basic modules and the perl binary 186 itself.</description> 187 <license></license> 188 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 189 </update> 190 <update name="procps" edition="3.3.9-20.1" arch="x86_64" kind="package" edition-old="3.3.9-17.1" > 191 <summary>The ps utilities for /proc</summary> 192 <description>The procps package contains a set of system utilities that provide 193 system information. Procps includes ps, free, skill, snice, tload, top, 194 uptime, vmstat, w, and watch. The ps command displays a snapshot of 195 running processes. The top command provides a repetitive update of the 196 statuses of running processes. The free command displays the amounts of 197 free and used memory on your system. The skill command sends a 198 terminate command (or another specified signal) to a specified set of 199 processes. The snice command is used to change the scheduling priority 200 of specified processes. The tload command prints a graph of the current 201 system load average to a specified tty. The uptime command displays the 202 current time, how long the system has been running, how many users are 203 logged on, and system load averages for the past one, five, and fifteen 204 minutes. The w command displays a list of the users who are currently 205 logged on and what they are running. The watch program watches a 206 running program. The vmstat command displays virtual memory statistics 207 about processes, memory, paging, block I/O, traps, and CPU activity.</description> 208 <license></license> 209 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 210 </update> 211 <update name="rpm" edition="4.11.2-14.7.1" arch="x86_64" kind="package" edition-old="4.11.2-13.7" > 212 <summary>The RPM Package Manager</summary> 213 <description>RPM Package Manager is the main tool for managing the software packages 214 of the SUSE Linux distribution. 215 216 RPM can be used to install and remove software packages. With rpm, it 217 is easy to update packages. RPM keeps track of all these manipulations 218 in a central database. This way it is possible to get an overview of 219 all installed packages. RPM also supports database queries.</description> 220 <license></license> 221 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 222 </update> 223 <update name="shadow" edition="4.2.1-16.1" arch="x86_64" kind="package" edition-old="4.2.1-13.1" > 224 <summary>Utilities to Manage User and Group Accounts</summary> 225 <description>This package includes the necessary programs for converting plain 226 password files to the shadow password format and to manage user and 227 group accounts.</description> 228 <license></license> 229 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 230 </update> 231 <update name="systemd" edition="228-50.1" arch="x86_64" kind="package" edition-old="228-47.1" > 232 <summary>A System and Session Manager</summary> 233 <description>Systemd is a system and service manager, compatible with SysV and LSB 234 init scripts for Linux. systemd provides aggressive parallelization 235 capabilities, uses socket and D-Bus activation for starting services, 236 offers on-demand starting of daemons, keeps track of processes using 237 Linux cgroups, supports snapshotting and restoring of the system state, 238 maintains mount and automount points and implements an elaborate 239 transactional dependency-based service control logic. It can work as a 240 drop-in replacement for sysvinit.</description> 241 <license></license> 242 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 243 </update> 244 </update-list> 245 </update-status> 246 </stream> 247 """ 248 249 [commands."zypper -n --xmlout list-updates -t patch"] 250 stdout = """<?xml version='1.0'?> 251 <stream> 252 <progress id="raw-refresh" name="Retrieving repository 'NON OSS' metadata" value="0"/> 253 <progress id="raw-refresh" name="Retrieving repository 'NON OSS' metadata" done="1"/> 254 <progress id="11" name="Building repository 'NON OSS' cache"/> 255 <progress id="11" name="Building repository 'NON OSS' cache" value="0"/> 256 <progress id="11" name="Building repository 'NON OSS' cache" value="100"/> 257 <progress id="11" name="Building repository 'NON OSS' cache" value="100"/> 258 <progress id="11" name="Building repository 'NON OSS' cache" done="1"/> 259 <progress id="raw-refresh" name="Retrieving repository 'NON OSS Update' metadata" value="0"/> 260 <progress id="raw-refresh" name="Retrieving repository 'NON OSS Update' metadata" done="1"/> 261 <progress id="17" name="Building repository 'NON OSS Update' cache"/> 262 <progress id="17" name="Building repository 'NON OSS Update' cache" value="0"/> 263 <progress id="17" name="Building repository 'NON OSS Update' cache" value="100"/> 264 <progress id="17" name="Building repository 'NON OSS Update' cache" value="100"/> 265 <progress id="17" name="Building repository 'NON OSS Update' cache" done="1"/> 266 <progress id="raw-refresh" name="Retrieving repository 'OSS' metadata" value="0"/> 267 <progress id="raw-refresh" name="Retrieving repository 'OSS' metadata"/> 268 <progress id="raw-refresh" name="Retrieving repository 'OSS' metadata"/> 269 <progress id="raw-refresh" name="Retrieving repository 'OSS' metadata"/> 270 <progress id="raw-refresh" name="Retrieving repository 'OSS' metadata"/> 271 <progress id="raw-refresh" name="Retrieving repository 'OSS' metadata" done="1"/> 272 <progress id="23" name="Building repository 'OSS' cache"/> 273 <progress id="23" name="Building repository 'OSS' cache" value="0"/> 274 <progress id="23" name="Building repository 'OSS' cache" value="100"/> 275 <progress id="23" name="Building repository 'OSS' cache" value="100"/> 276 <progress id="23" name="Building repository 'OSS' cache" done="1"/> 277 <progress id="raw-refresh" name="Retrieving repository 'OSS Update' metadata" value="0"/> 278 <progress id="raw-refresh" name="Retrieving repository 'OSS Update' metadata"/> 279 <progress id="raw-refresh" name="Retrieving repository 'OSS Update' metadata"/> 280 <progress id="raw-refresh" name="Retrieving repository 'OSS Update' metadata"/> 281 <progress id="raw-refresh" name="Retrieving repository 'OSS Update' metadata"/> 282 <progress id="raw-refresh" name="Retrieving repository 'OSS Update' metadata"/> 283 <progress id="raw-refresh" name="Retrieving repository 'OSS Update' metadata"/> 284 <progress id="raw-refresh" name="Retrieving repository 'OSS Update' metadata"/> 285 <progress id="raw-refresh" name="Retrieving repository 'OSS Update' metadata"/> 286 <progress id="raw-refresh" name="Retrieving repository 'OSS Update' metadata"/> 287 <progress id="raw-refresh" name="Retrieving repository 'OSS Update' metadata"/> 288 <progress id="raw-refresh" name="Retrieving repository 'OSS Update' metadata"/> 289 <progress id="raw-refresh" name="Retrieving repository 'OSS Update' metadata" done="1"/> 290 <progress id="29" name="Building repository 'OSS Update' cache"/> 291 <progress id="29" name="Building repository 'OSS Update' cache" value="0"/> 292 <progress id="29" name="Building repository 'OSS Update' cache" value="100"/> 293 <progress id="29" name="Building repository 'OSS Update' cache" value="100"/> 294 <progress id="29" name="Building repository 'OSS Update' cache" done="1"/> 295 <message type="info">Loading repository data...</message> 296 <message type="info">Reading installed packages...</message> 297 <update-status version="0.6"> 298 <update-list> 299 <update name="openSUSE-2018-397" edition="1" arch="noarch" status="needed" category="recommended" severity="moderate" pkgmanager="true" restart="false" interactive="false" kind="patch"> 300 <summary>Recommended update for libsolv, libzypp </summary> 301 <description>This update for libsolv, libzypp provides the following fixes: 302 303 Changes in libsolv: 304 - Make sure the product file comes from /etc/products.d for the fallback product search. 305 (bsc#1086602) 306 - Also make use of suggests for ordering packages. (bsc#1077635) 307 - Fix bad assignment in solution refinement that led to a memory leak. (bsc#1075978) 308 - Use license tag instead of doc in the spec file. (bsc#1082318) 309 310 Changes in libzypp: 311 - Make sure the product file comes from /etc/products.d for the fallback product search. 312 (bsc#1086602) 313 - Fix a memory leak in Digest.cc. (bsc#1075978) 314 - Add /var/lib/gdm to CheckAccessDeleted blacklist to prevent showing superfluous `zypper ps -s` 315 messages. (bsc#1079991) 316 317 This update was imported from the SUSE:SLE-12-SP3:Update update project.</description> 318 <license></license> 319 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 320 </update> 321 </update-list> 322 <blocked-update-list> 323 <update name="openSUSE-2018-361" edition="1" arch="noarch" status="needed" category="security" severity="moderate" pkgmanager="false" restart="false" interactive="false" kind="patch"> 324 <summary>Security update for openssl </summary> 325 <description>This update for openssl fixes the following issues: 326 327 - CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) 328 could eventually exceed the stack given malicious input with excessive recursion. This could result 329 in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from 330 untrusted sources so this is considered safe. (bsc#1087102). 331 332 This update was imported from the SUSE:SLE-12-SP2:Update update project.</description> 333 <license></license> 334 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 335 </update> 336 <update name="openSUSE-2018-400" edition="1" arch="noarch" status="needed" category="security" severity="moderate" pkgmanager="false" restart="false" interactive="false" kind="patch"> 337 <summary>Security update for perl </summary> 338 <description>This update for perl fixes the following issues: 339 340 Security issues fixed: 341 342 - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). 343 - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). 344 - CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234). 345 346 This update was imported from the SUSE:SLE-12:Update update project.</description> 347 <license></license> 348 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 349 </update> 350 <update name="openSUSE-2018-419" edition="1" arch="noarch" status="needed" category="recommended" severity="low" pkgmanager="false" restart="false" interactive="false" kind="patch"> 351 <summary>Recommended update for rpm </summary> 352 <description>This update for rpm provides the following fixes: 353 354 - Added a %rpm_vercmp macro which accepts two versions as parameters and returns -1, 0, 1 355 if the first version is less than, equal or greater than the second version respectively. 356 - Added a %pkg_version macro that accepts a package or capability name as argument and 357 returns the version number of the installed package. If no package provides the argument, 358 it returns the string "~~~". 359 - Added a %pkg_vcmp macro that accepts 3 parameters. The first parameter is a package name 360 or provided capability name, the second argument is an operator ( < <= = >= > != ) 361 and the third parameter is a version string to be compared to the installed version of 362 the first argument. 363 - Added a %pkg_version_cmp macro which accepts a package or capability name as first argument 364 and a version number as second argument and returns -1, 0, 1 or "~~~". The number values 365 have the same meaning as in %rpm_vercmp and the "~~~" string is returned if the package 366 or capability can't be found. (bsc#1069934) 367 368 This update was imported from the SUSE:SLE-12:Update update project.</description> 369 <license></license> 370 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 371 </update> 372 <update name="openSUSE-2018-439" edition="1" arch="noarch" status="needed" category="recommended" severity="important" pkgmanager="false" restart="false" interactive="false" kind="patch"> 373 <summary>Recommended update for gcc7 </summary> 374 <description>This update for gcc7 to 7.3 release fixes the following issues: 375 376 - Update to GCC 7.3 release and further updated to gcc-7-branch head (r258812). 377 - Various AArch64 compile fixes are included: 378 379 * Picks fix to no longer enable -mpc-relative-literal-loads by default 380 with --enable-fix-cortex-a53-843419. 381 * Enable --enable-fix-cortex-a53-843419 for aarch64. [bsc#1084812] [bsc#1087930] 382 * Enable --enable-fix-cortex-a53-835769 for aarch64. 383 * Contains fix for PR82445 which is about a RPI1 bootloader miscompile. [bsc#1061667] 384 * Fixed bogus stack probe instruction on ARM. [bsc#1068967] 385 386 - Revert the ios_base::failure ABI back to compatible behavior with the default ABI. [bsc#1087550] 387 388 - Fix nvptx offload target compiler install so GCC can pick up 389 required files. Split out the newlib part into cross-nvptx-newlib7-devel 390 and avoid conflicts with GCC 8 variant via Provides/Conflicts 391 of cross-nvptx-newlib-devel. 392 393 This update was imported from the SUSE:SLE-12:Update update project.</description> 394 <license></license> 395 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 396 </update> 397 <update name="openSUSE-2018-471" edition="1" arch="noarch" status="needed" category="security" severity="moderate" pkgmanager="false" restart="false" interactive="false" kind="patch"> 398 <summary>Security update for curl </summary> 399 <description>This update for curl fixes several issues: 400 401 Security issues fixed: 402 403 - CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client (bsc#1092098) 404 405 Non security issues fixed: 406 407 - If the DEFAULT_SUSE cipher list is not available use the HIGH cipher alias before failing. 408 (bsc#1086825) 409 410 This update was imported from the SUSE:SLE-12:Update update project.</description> 411 <license></license> 412 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 413 </update> 414 <update name="openSUSE-2018-530" edition="1" arch="noarch" status="needed" category="recommended" severity="important" pkgmanager="false" restart="false" interactive="false" kind="patch"> 415 <summary>Recommended update for aaa_base </summary> 416 <description>This update for aaa_base fixes the following issue: 417 418 - bsc#1088524: customized profiles were not sourced properly 419 420 This update was imported from the SUSE:SLE-12-SP3:Update update project.</description> 421 <license></license> 422 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 423 </update> 424 <update name="openSUSE-2018-516" edition="1" arch="noarch" status="needed" category="security" severity="moderate" pkgmanager="false" restart="false" interactive="false" kind="patch"> 425 <summary>Security update for bash </summary> 426 <description>This update for bash fixes the following issues: 427 428 Security issues fixed: 429 430 - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299) 431 - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396) 432 433 Non-security issues fixed: 434 435 - Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an 436 external process in the trap handler, and a SIGINT within the trap after the external process runs. (bsc#1086247) 437 438 This update was imported from the SUSE:SLE-12-SP2:Update update project.</description> 439 <license></license> 440 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 441 </update> 442 <update name="openSUSE-2018-529" edition="1" arch="noarch" status="needed" category="recommended" severity="moderate" pkgmanager="false" restart="false" interactive="false" kind="patch"> 443 <summary>Recommended update for systemd </summary> 444 <description>This update for systemd provides the following fixes: 445 446 - sysusers: Do not append entries after the NIS ones. (bsc#1085062, bsc#1045092) 447 - sysusers: Also add support for NIS entries in /etc/shadow. 448 - sysusers: Make sure to reset errno before calling fget*ent(). 449 - coredump: Respect ulimit -c 0 settings. (bsc#1075804) 450 - systemctl: Don't make up unit states, and don't eat up errors too eagerly. (bsc#1084626) 451 - systemctl: Don't mangle unit names in check_unit_generic(). 452 - rules, compat-rules: Fix errors detected by the rule syntax checker. 453 - python: Use raw strings for regexp patterns. 454 - compat-rules: Make path_id_compat build with meson. 455 - compat-rules: Get rid of scsi_id when generating compat symlinks for NVMe devices. 456 (bsc#1051465) 457 - Fix memory hotplugging. 458 - systemd: Add offline environmental condition to the udev rules for acpi container to 459 prevent them from being triggered by the "udevadm trigger" from user space. (bsc#1082485) 460 - systemd-udevd: Limit children-max by the available memory. (bsc#1086785, bsc#1066422) 461 - Rename the tarball to reflect the exact version used, so that it is clear that it 462 contains some additional patches on top of the upstream version. Use the commit hash in 463 the name so the exact version can easily be identified. (bsc#1087323) 464 465 This update was imported from the SUSE:SLE-12-SP2:Update update project.</description> 466 <license></license> 467 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 468 </update> 469 <update name="openSUSE-2018-522" edition="1" arch="noarch" status="needed" category="recommended" severity="moderate" pkgmanager="false" restart="false" interactive="false" kind="patch"> 470 <summary>Recommended update for zlib </summary> 471 <description>This update for zlib fixes the following issues: 472 473 - Fix a segmentation fault which was raised when converting a negative value into an unsigned integer (bsc#1071321) 474 475 This update was imported from the SUSE:SLE-12-SP2:Update update project.</description> 476 <license></license> 477 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 478 </update> 479 <update name="openSUSE-2018-567" edition="1" arch="noarch" status="needed" category="security" severity="important" pkgmanager="false" restart="false" interactive="false" kind="patch"> 480 <summary>Security update for glibc </summary> 481 <description>This update for glibc fixes the following issues: 482 483 - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary (bsc#1094150) 484 - CVE-2018-11236: Fix overflow in path length computation (bsc#1094161) 485 - CVE-2018-11237: Don't write beyond buffer destination in __mempcpy_avx512_no_vzeroupper (bsc#1094154) 486 487 Non security bugs fixed: 488 489 - Fix crash in resolver on memory allocation failure (bsc#1086690) 490 491 This update was imported from the SUSE:SLE-12-SP2:Update update project.</description> 492 <license></license> 493 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 494 </update> 495 <update name="openSUSE-2018-580" edition="1" arch="noarch" status="needed" category="recommended" severity="moderate" pkgmanager="false" restart="false" interactive="false" kind="patch"> 496 <summary>Recommended update for rpm </summary> 497 <description>This update for rpm fixes the following issues: 498 499 - Backport support for no_recompute_build_ids macro. (bsc#964063) 500 - Fix code execution when evaluating common python-related macros. (bsc#1080078) 501 502 Additionally, this update adds python3-rpm to the SUSE Linux Enterprise Server. 503 504 This update was imported from the SUSE:SLE-12:Update update project.</description> 505 <license></license> 506 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 507 </update> 508 <update name="openSUSE-2018-640" edition="1" arch="noarch" status="needed" category="security" severity="important" pkgmanager="false" restart="false" interactive="false" kind="patch"> 509 <summary>Security update for gpg2 </summary> 510 <description>This update for gpg2 fixes the following security issue: 511 512 - CVE-2018-12020: GnuPG mishandled the original filename during decryption and 513 verification actions, which allowed remote attackers to spoof the output that 514 GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" 515 option (bsc#1096745) 516 </description> 517 <license></license> 518 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 519 </update> 520 <update name="openSUSE-2018-645" edition="1" arch="noarch" status="needed" category="recommended" severity="moderate" pkgmanager="false" restart="false" interactive="false" kind="patch"> 521 <summary>Recommended update for openssl </summary> 522 <description>This update for openssl provides the following fix: 523 524 - Suggest libopenssl1_0_0-hmac from libopenssl1_0_0 package to avoid dependency issues 525 during updates. (bsc#1090765) 526 527 This update was imported from the SUSE:SLE-12-SP2:Update update project. 528 </description> 529 <license></license> 530 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 531 </update> 532 <update name="openSUSE-2018-685" edition="1" arch="noarch" status="needed" category="security" severity="moderate" pkgmanager="false" restart="false" interactive="false" kind="patch"> 533 <summary>Security update for procps </summary> 534 <description>This update for procps fixes the following security issues: 535 536 - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top 537 with HOME unset in an attacker-controlled directory, the attacker could have 538 achieved privilege escalation by exploiting one of several vulnerabilities in 539 the config_file() function (bsc#1092100). 540 - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. 541 Inbuilt protection in ps maped a guard page at the end of the overflowed 542 buffer, ensuring that the impact of this flaw is limited to a crash (temporary 543 denial of service) (bsc#1092100). 544 - CVE-2018-1124: Prevent multiple integer overflows leading to a heap 545 corruption in file2strvec function. This allowed a privilege escalation for a 546 local attacker who can create entries in procfs by starting processes, which 547 could result in crashes or arbitrary code execution in proc utilities run by 548 other users (bsc#1092100). 549 - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was 550 mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). 551 - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent 552 truncation/integer overflow issues (bsc#1092100). 553 554 This update was imported from the SUSE:SLE-12:Update update project.</description> 555 <license></license> 556 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 557 </update> 558 <update name="openSUSE-2018-704" edition="1" arch="noarch" status="needed" category="security" severity="moderate" pkgmanager="false" restart="false" interactive="false" kind="patch"> 559 <summary>Security update for openssl </summary> 560 <description>This update for openssl fixes the following issues: 561 562 - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based 563 ciphersuite a malicious server could have sent a very large prime value to the 564 client. This caused the client to spend an unreasonably long period of time 565 generating a key for this prime resulting in a hang until the client has 566 finished. This could be exploited in a Denial Of Service attack (bsc#1097158). 567 - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) 568 569 This update was imported from the SUSE:SLE-12-SP2:Update update project.</description> 570 <license></license> 571 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 572 </update> 573 <update name="openSUSE-2018-750" edition="1" arch="noarch" status="needed" category="security" severity="important" pkgmanager="false" restart="false" interactive="false" kind="patch"> 574 <summary>Security update for perl </summary> 575 <description>This update for perl fixes the following issues: 576 577 This security issue was fixed: 578 579 - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a 580 directory-traversal protection mechanism and overwrite arbitrary files 581 (bsc#1096718) 582 583 This non-security issue was fixed: 584 585 - fix debugger crash in tab completion with Term::ReadLine::Gnu [bsc#1068565] 586 587 This update was imported from the SUSE:SLE-12:Update update project.</description> 588 <license></license> 589 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 590 </update> 591 <update name="openSUSE-2018-770" edition="1" arch="noarch" status="needed" category="security" severity="important" pkgmanager="false" restart="false" interactive="false" kind="patch"> 592 <summary>Security update for shadow </summary> 593 <description>This update for shadow fixes the following issues: 594 595 - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) 596 597 This update was imported from the SUSE:SLE-12-SP2:Update update project.</description> 598 <license></license> 599 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 600 </update> 601 <update name="openSUSE-2018-795" edition="1" arch="noarch" status="needed" category="security" severity="moderate" pkgmanager="false" restart="false" interactive="false" kind="patch"> 602 <summary>Security update for libgcrypt </summary> 603 <description>This update for libgcrypt fixes the following issues: 604 605 The following security vulnerability was addressed: 606 607 - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for 608 ECDSA signatures (bsc#1097410). 609 610 The following other issues were fixed: 611 612 - Extended the fipsdrv dsa-sign and dsa-verify commands with the 613 --algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455). 614 - Ensure libgcrypt20-hmac and libgcrypt20 are installed in the correct order. (bsc#1090766) 615 616 This update was imported from the SUSE:SLE-12:Update update project.</description> 617 <license></license> 618 <source url="http://download.opensuse.org/update/leap/42.3/oss/" alias="OSS Update"/> 619 </update> 620 </blocked-update-list> 621 </update-status> 622 </stream> 623 """