From 44aeb6a6f3e24e2d5dab58ee4d927f6f03bb531b Mon Sep 17 00:00:00 2001 From: "John M. Horan" Date: Thu, 26 Jan 2023 17:43:17 -0800 Subject: [PATCH] Work on alias/CVE loop #1079 Reference: https://github.com/nexB/vulnerablecode/issues/1079 Signed-off-by: John M. Horan --- vulnerabilities/importer.py | 173 +- vulnerabilities/oval_parser.py | 41 +- ...se-oval-leap.micro.5.3-patch-expected.json | 12146 +++++++++++++++- 3 files changed, 11778 insertions(+), 582 deletions(-) diff --git a/vulnerabilities/importer.py b/vulnerabilities/importer.py index 28a00675d..6322c64ca 100644 --- a/vulnerabilities/importer.py +++ b/vulnerabilities/importer.py @@ -421,6 +421,83 @@ def advisory_data(self) -> List[AdvisoryData]: ) continue + # def get_data_from_xml_doc( + # self, xml_doc: ET.ElementTree, pkg_metadata={} + # ) -> Iterable[AdvisoryData]: + # """ + # The orchestration method of the OvalDataSource. This method breaks an + # OVAL xml ElementTree into a list of `Advisory`. + + # Note: pkg_metadata is a mapping of Package URL data that MUST INCLUDE + # "type" key. + + # Example value of pkg_metadata: + # {"type":"deb","qualifiers":{"distro":"buster"} } + # """ + # oval_parsed_data = OvalParser(self.translations, xml_doc) + # raw_data = oval_parsed_data.get_data() + # oval_doc = oval_parsed_data.oval_document + # timestamp = oval_doc.getGenerator().getTimestamp() + + # print("\noval_parsed_data = {}\n".format(oval_parsed_data)) + # print("\nraw_data = {}\n".format(raw_data)) + + # # convert definition_data to Advisory objects + # for definition_data in raw_data: + # print("\ndefinition_data = {}\n".format(definition_data)) + # # These fields are definition level, i.e common for all elements + # # connected/linked to an OvalDefinition + + # # TODO: 2023-01-24 Tuesday 22:34:20. Is this where we'd loop through the list of CVEs/aliases? + + # vuln_id = definition_data["vuln_id"] + # description = definition_data["description"] + + # severities = [] + # severity = definition_data.get("severity") + # if severity: + # severities.append( + # VulnerabilitySeverity(system=severity_systems.GENERIC, value=severity) + # ) + # references = [ + # Reference(url=url, severities=severities) + # for url in definition_data["reference_urls"] + # ] + # affected_packages = [] + # print('\ndefinition_data["test_data"] = {}\n'.format(definition_data["test_data"])) + # for test_data in definition_data["test_data"]: + # print("\ntest_data['package_list'] = {}\n".format(test_data["package_list"])) + # for package_name in test_data["package_list"]: + # affected_version_range = test_data["version_ranges"] + # vrc = RANGE_CLASS_BY_SCHEMES[pkg_metadata["type"]] + # if affected_version_range: + # try: + # affected_version_range = vrc.from_native(affected_version_range) + # except Exception as e: + # logger.error( + # f"Failed to parse version range {affected_version_range!r} " + # f"for package {package_name!r}:\n{e}" + # ) + # continue + # if package_name: + # affected_packages.append( + # AffectedPackage( + # package=self.create_purl(package_name, pkg_metadata), + # affected_version_range=affected_version_range, + # ) + # ) + # print("affected_packages = {}".format(affected_packages)) + # date_published = dateparser.parse(timestamp) + # if not date_published.tzinfo: + # date_published = date_published.replace(tzinfo=pytz.UTC) + # yield AdvisoryData( + # aliases=[vuln_id], + # summary=description, + # affected_packages=sorted(affected_packages), + # references=sorted(references), + # date_published=date_published, + # ) + def get_data_from_xml_doc( self, xml_doc: ET.ElementTree, pkg_metadata={} ) -> Iterable[AdvisoryData]: @@ -450,50 +527,54 @@ def get_data_from_xml_doc( # TODO: 2023-01-24 Tuesday 22:34:20. Is this where we'd loop through the list of CVEs/aliases? - vuln_id = definition_data["vuln_id"] - description = definition_data["description"] - - severities = [] - severity = definition_data.get("severity") - if severity: - severities.append( - VulnerabilitySeverity(system=severity_systems.GENERIC, value=severity) - ) - references = [ - Reference(url=url, severities=severities) - for url in definition_data["reference_urls"] - ] - affected_packages = [] - print('\ndefinition_data["test_data"] = {}\n'.format(definition_data["test_data"])) - for test_data in definition_data["test_data"]: - print("\ntest_data['package_list'] = {}\n".format(test_data["package_list"])) - for package_name in test_data["package_list"]: - affected_version_range = test_data["version_ranges"] - vrc = RANGE_CLASS_BY_SCHEMES[pkg_metadata["type"]] - if affected_version_range: - try: - affected_version_range = vrc.from_native(affected_version_range) - except Exception as e: - logger.error( - f"Failed to parse version range {affected_version_range!r} " - f"for package {package_name!r}:\n{e}" + vuln_id_list = definition_data["vuln_id"] + + for vuln_id_item in vuln_id_list: + # vuln_id = definition_data["vuln_id"] + vuln_id = vuln_id_item + description = definition_data["description"] + + severities = [] + severity = definition_data.get("severity") + if severity: + severities.append( + VulnerabilitySeverity(system=severity_systems.GENERIC, value=severity) + ) + references = [ + Reference(url=url, severities=severities) + for url in definition_data["reference_urls"] + ] + affected_packages = [] + print('\ndefinition_data["test_data"] = {}\n'.format(definition_data["test_data"])) + for test_data in definition_data["test_data"]: + print("\ntest_data['package_list'] = {}\n".format(test_data["package_list"])) + for package_name in test_data["package_list"]: + affected_version_range = test_data["version_ranges"] + vrc = RANGE_CLASS_BY_SCHEMES[pkg_metadata["type"]] + if affected_version_range: + try: + affected_version_range = vrc.from_native(affected_version_range) + except Exception as e: + logger.error( + f"Failed to parse version range {affected_version_range!r} " + f"for package {package_name!r}:\n{e}" + ) + continue + if package_name: + affected_packages.append( + AffectedPackage( + package=self.create_purl(package_name, pkg_metadata), + affected_version_range=affected_version_range, + ) ) - continue - if package_name: - affected_packages.append( - AffectedPackage( - package=self.create_purl(package_name, pkg_metadata), - affected_version_range=affected_version_range, - ) - ) - print("affected_packages = {}".format(affected_packages)) - date_published = dateparser.parse(timestamp) - if not date_published.tzinfo: - date_published = date_published.replace(tzinfo=pytz.UTC) - yield AdvisoryData( - aliases=[vuln_id], - summary=description, - affected_packages=sorted(affected_packages), - references=sorted(references), - date_published=date_published, - ) + print("affected_packages = {}".format(affected_packages)) + date_published = dateparser.parse(timestamp) + if not date_published.tzinfo: + date_published = date_published.replace(tzinfo=pytz.UTC) + yield AdvisoryData( + aliases=[vuln_id], + summary=description, + affected_packages=sorted(affected_packages), + references=sorted(references), + date_published=date_published, + ) diff --git a/vulnerabilities/oval_parser.py b/vulnerabilities/oval_parser.py index 5e1d1ba70..f472676a6 100755 --- a/vulnerabilities/oval_parser.py +++ b/vulnerabilities/oval_parser.py @@ -36,7 +36,6 @@ def get_data(self) -> List[Dict]: Return a list of OvalDefinition mappings. """ oval_data = [] - # print(len(self.all_definitions)) print("\nlen(self.all_definitions) = {}\n".format(len(self.all_definitions))) for definition in self.all_definitions: # print(definition) @@ -54,20 +53,28 @@ def get_data(self) -> List[Dict]: definition_data["severity"] = self.get_severity_from_definition(definition) print("\nlen(matching_tests) = {}\n".format(len(matching_tests))) + print("\nmatching_tests = {}\n".format(matching_tests)) for test in matching_tests: + print("\ntest = {}\n".format(test)) test_obj, test_state = self.get_object_state_of_test(test) if not test_obj or not test_state: continue test_data = {"package_list": []} - print(test_obj) + print("\ntest_obj = {}\n".format(test_obj)) test_data["package_list"].extend(self.get_pkgs_from_obj(test_obj)) - print(self.get_pkgs_from_obj(test_obj)) + print( + "\nself.get_pkgs_from_obj(test_obj) = {}\n".format( + self.get_pkgs_from_obj(test_obj) + ) + ) version_ranges = self.get_version_range_from_state(test_state) test_data["version_ranges"] = version_ranges definition_data["test_data"].append(test_data) oval_data.append(definition_data) + # print('\ntest_data["package_list"] = {}\n'.format(test_data["package_list"])) + return oval_data def get_tests_of_definition(self, definition: OvalDefinition) -> List[OvalTest]: @@ -185,15 +192,27 @@ def get_severity_from_definition(definition: OvalDefinition) -> Set[str]: @staticmethod def get_vuln_id_from_definition(definition): - # SUSE and Ubuntu OVAL files will get cves via this loop + # # SUSE and Ubuntu OVAL files will get cves via this loop + # for child in definition.element.iter(): + # # if child.get("ref_id"): + # # return child.get("ref_id") + # # Must also check whether 'source' field exists and value is 'CVE' + # # TODO: what if there are multiple elements that satisfy the condition? + # # Add to list and report as separate AdvisoryData() objects? + # if child.get("ref_id") and child.get("source"): + # if child.get("source") == "CVE": + # return child.get("ref_id") + # # Debian OVAL files will get cves via this + # return definition.getMetadata().getTitle() + # ======================================================== + cve_list = [] for child in definition.element.iter(): - # if child.get("ref_id"): - # return child.get("ref_id") - # Must also check whether 'source' field exists and value is 'CVE' - # TODO: what if there are multiple elements that satisfy the condition? - # Add to list and report as separate AdvisoryData() objects? if child.get("ref_id") and child.get("source"): if child.get("source") == "CVE": - return child.get("ref_id") + cve_list.append(child.get("ref_id")) + # Debian OVAL files will get cves via this - return definition.getMetadata().getTitle() + if len(cve_list) == 0: + cve_list.append(definition.getMetadata().getTitle()) + + return cve_list diff --git a/vulnerabilities/tests/test_data/suse_oval/suse-oval-leap.micro.5.3-patch-expected.json b/vulnerabilities/tests/test_data/suse_oval/suse-oval-leap.micro.5.3-patch-expected.json index cb1bce546..0e98a0faa 100644 --- a/vulnerabilities/tests/test_data/suse_oval/suse-oval-leap.micro.5.3-patch-expected.json +++ b/vulnerabilities/tests/test_data/suse_oval/suse-oval-leap.micro.5.3-patch-expected.json @@ -135,6 +135,85 @@ "date_published": "2023-01-18T06:56:54+00:00", "weaknesses": [] }, + { + "aliases": [ + "CVE-2022-3775" + ], + "summary": "\nThis update for grub2 fixes the following issues:\n\n- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).\n- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).\n\nOther:\n\n- Bump upstream SBAT generation to 3\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205178", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205182", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013048.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2601/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3775/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, { "aliases": [ "Security update for kubevirt stack (Important)" @@ -376,9 +455,9 @@ }, { "aliases": [ - "CVE-2022-44638" + "CVE-2022-24806" ], - "summary": "\nThis update for pixman fixes the following issues:\n\n- CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033).\n\t\t", + "summary": "\nThis update for net-snmp fixes the following issues:\n\n Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203):\n\n - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access.\n - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference.\n - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously.\n - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access.\n - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference.\n - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.\n\t\t", "affected_packages": [ { "package": { @@ -396,147 +475,88 @@ "references": [ { "reference_id": "", - "url": "https://bugzilla.suse.com/1205033", + "url": "https://bugzilla.suse.com/1201103", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013096.html", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013226.html", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-44638/", - "severities": [ - { - "system": "generic_textual", - "value": "Important", - "scoring_elements": "" - } - ] - } - ], - "date_published": "2023-01-18T06:56:54+00:00", - "weaknesses": [] - }, - { - "aliases": [ - "CVE-2022-36227" - ], - "summary": "\nThis update for libarchive fixes the following issues:\n\n- CVE-2022-36227: Fixed potential NULL pointer dereference in __archive_write_allocate_filter() (bsc#1205629).\n\t\t", - "affected_packages": [ - { - "package": { - "type": "rpm", - "namespace": "opensuse", - "name": "openSUSE-release", - "version": null, - "qualifiers": null, - "subpath": null - }, - "affected_version_range": "vers:rpm/5.3", - "fixed_version": null - } - ], - "references": [ - { - "reference_id": "", - "url": "https://bugzilla.suse.com/1205629", + "url": "https://www.suse.com/security/cve/CVE-2022-24805/", "severities": [ { "system": "generic_textual", - "value": "Low", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013094.html", + "url": "https://www.suse.com/security/cve/CVE-2022-24806/", "severities": [ { "system": "generic_textual", - "value": "Low", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-36227/", + "url": "https://www.suse.com/security/cve/CVE-2022-24807/", "severities": [ { "system": "generic_textual", - "value": "Low", + "value": "Moderate", "scoring_elements": "" } ] - } - ], - "date_published": "2023-01-18T06:56:54+00:00", - "weaknesses": [] - }, - { - "aliases": [ - "CVE-2019-2708" - ], - "summary": "\nThis update for libdb-4_8 fixes the following issues:\n\n- CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414).\n\t\t", - "affected_packages": [ - { - "package": { - "type": "rpm", - "namespace": "opensuse", - "name": "openSUSE-release", - "version": null, - "qualifiers": null, - "subpath": null - }, - "affected_version_range": "vers:rpm/5.3", - "fixed_version": null - } - ], - "references": [ + }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1174414", + "url": "https://www.suse.com/security/cve/CVE-2022-24808/", "severities": [ { "system": "generic_textual", - "value": "Low", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013106.html", + "url": "https://www.suse.com/security/cve/CVE-2022-24809/", "severities": [ { "system": "generic_textual", - "value": "Low", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2019-2708/", + "url": "https://www.suse.com/security/cve/CVE-2022-24810/", "severities": [ { "system": "generic_textual", - "value": "Low", + "value": "Moderate", "scoring_elements": "" } ] @@ -547,9 +567,9 @@ }, { "aliases": [ - "CVE-2022-3597" + "CVE-2022-24807" ], - "summary": "\nThis update for tiff fixes the following issues:\n\n- CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641).\n- CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643).\n- CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644)\n- CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645).\n- CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392).\n\t\t", + "summary": "\nThis update for net-snmp fixes the following issues:\n\n Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203):\n\n - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access.\n - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference.\n - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously.\n - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access.\n - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference.\n - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.\n\t\t", "affected_packages": [ { "package": { @@ -567,121 +587,88 @@ "references": [ { "reference_id": "", - "url": "https://bugzilla.suse.com/1204641", - "severities": [ - { - "system": "generic_textual", - "value": "Important", - "scoring_elements": "" - } - ] - }, - { - "reference_id": "", - "url": "https://bugzilla.suse.com/1204643", - "severities": [ - { - "system": "generic_textual", - "value": "Important", - "scoring_elements": "" - } - ] - }, - { - "reference_id": "", - "url": "https://bugzilla.suse.com/1204644", - "severities": [ - { - "system": "generic_textual", - "value": "Important", - "scoring_elements": "" - } - ] - }, - { - "reference_id": "", - "url": "https://bugzilla.suse.com/1204645", + "url": "https://bugzilla.suse.com/1201103", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1205392", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013226.html", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013135.html", + "url": "https://www.suse.com/security/cve/CVE-2022-24805/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3597/", + "url": "https://www.suse.com/security/cve/CVE-2022-24806/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3599/", + "url": "https://www.suse.com/security/cve/CVE-2022-24807/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3626/", + "url": "https://www.suse.com/security/cve/CVE-2022-24808/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3627/", + "url": "https://www.suse.com/security/cve/CVE-2022-24809/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3970/", + "url": "https://www.suse.com/security/cve/CVE-2022-24810/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] @@ -692,9 +679,9 @@ }, { "aliases": [ - "Security update for supportutils (Moderate)" + "CVE-2022-24808" ], - "summary": "\nThis update for supportutils fixes the following issues:\n\nSecurity issues fixed:\n\n- Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)\n\nBug fixes:\n\n- Added lifecycle information\n- Fixed KVM virtualization detection on bare metal (bsc#1184689)\n- Added logging using journalctl (bsc#1200330)\n- Get current sar data before collecting files (bsc#1192648)\n- Collects everything in /etc/multipath/ (bsc#1192252)\n- Collects power management information in hardware.txt (bsc#1197428)\n- Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)\n- Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269)\n- Update to nvme_info and block_info (bsc#1202417)\n- Added includedir directories from /etc/sudoers (bsc#1188086)\n\t\t", + "summary": "\nThis update for net-snmp fixes the following issues:\n\n Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203):\n\n - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access.\n - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference.\n - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously.\n - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access.\n - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference.\n - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.\n\t\t", "affected_packages": [ { "package": { @@ -712,7 +699,7 @@ "references": [ { "reference_id": "", - "url": "https://bugzilla.suse.com/1184689", + "url": "https://bugzilla.suse.com/1201103", "severities": [ { "system": "generic_textual", @@ -723,7 +710,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1188086", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013226.html", "severities": [ { "system": "generic_textual", @@ -734,7 +721,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1192252", + "url": "https://www.suse.com/security/cve/CVE-2022-24805/", "severities": [ { "system": "generic_textual", @@ -745,7 +732,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1192648", + "url": "https://www.suse.com/security/cve/CVE-2022-24806/", "severities": [ { "system": "generic_textual", @@ -756,7 +743,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1197428", + "url": "https://www.suse.com/security/cve/CVE-2022-24807/", "severities": [ { "system": "generic_textual", @@ -767,40 +754,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1200330", - "severities": [ - { - "system": "generic_textual", - "value": "Moderate", - "scoring_elements": "" - } - ] - }, - { - "reference_id": "", - "url": "https://bugzilla.suse.com/1202269", - "severities": [ - { - "system": "generic_textual", - "value": "Moderate", - "scoring_elements": "" - } - ] - }, - { - "reference_id": "", - "url": "https://bugzilla.suse.com/1202337", - "severities": [ - { - "system": "generic_textual", - "value": "Moderate", - "scoring_elements": "" - } - ] - }, - { - "reference_id": "", - "url": "https://bugzilla.suse.com/1202417", + "url": "https://www.suse.com/security/cve/CVE-2022-24808/", "severities": [ { "system": "generic_textual", @@ -811,7 +765,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1203818", + "url": "https://www.suse.com/security/cve/CVE-2022-24809/", "severities": [ { "system": "generic_textual", @@ -822,7 +776,7 @@ }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013146.html", + "url": "https://www.suse.com/security/cve/CVE-2022-24810/", "severities": [ { "system": "generic_textual", @@ -837,9 +791,9 @@ }, { "aliases": [ - "CVE-2019-18348" + "CVE-2022-24809" ], - "summary": "\nThis update for python3 fixes the following issues:\n\n- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)\n- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)\n\nThe following non-security bug was fixed:\n\n- Fixed a crash in the garbage collection (bsc#1188607).\n\t\t", + "summary": "\nThis update for net-snmp fixes the following issues:\n\n Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203):\n\n - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access.\n - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference.\n - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously.\n - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access.\n - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference.\n - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.\n\t\t", "affected_packages": [ { "package": { @@ -857,88 +811,88 @@ "references": [ { "reference_id": "", - "url": "https://bugzilla.suse.com/1188607", + "url": "https://bugzilla.suse.com/1201103", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1203125", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013226.html", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1204577", + "url": "https://www.suse.com/security/cve/CVE-2022-24805/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013149.html", + "url": "https://www.suse.com/security/cve/CVE-2022-24806/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2019-18348/", + "url": "https://www.suse.com/security/cve/CVE-2022-24807/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2020-10735/", + "url": "https://www.suse.com/security/cve/CVE-2022-24808/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2020-8492/", + "url": "https://www.suse.com/security/cve/CVE-2022-24809/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-37454/", + "url": "https://www.suse.com/security/cve/CVE-2022-24810/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] @@ -949,9 +903,9 @@ }, { "aliases": [ - "CVE-2021-3928" + "CVE-2022-24810" ], - "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "summary": "\nThis update for net-snmp fixes the following issues:\n\n Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203):\n\n - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access.\n - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference.\n - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously.\n - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access.\n - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference.\n - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.\n\t\t", "affected_packages": [ { "package": { @@ -969,95 +923,119 @@ "references": [ { "reference_id": "", - "url": "https://bugzilla.suse.com/1192478", + "url": "https://bugzilla.suse.com/1201103", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1202962", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013226.html", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1203110", + "url": "https://www.suse.com/security/cve/CVE-2022-24805/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1203152", + "url": "https://www.suse.com/security/cve/CVE-2022-24806/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1203155", + "url": "https://www.suse.com/security/cve/CVE-2022-24807/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1203194", + "url": "https://www.suse.com/security/cve/CVE-2022-24808/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1203272", + "url": "https://www.suse.com/security/cve/CVE-2022-24809/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1203508", + "url": "https://www.suse.com/security/cve/CVE-2022-24810/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] - }, + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-44638" + ], + "summary": "\nThis update for pixman fixes the following issues:\n\n- CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ { "reference_id": "", - "url": "https://bugzilla.suse.com/1203509", + "url": "https://bugzilla.suse.com/1205033", "severities": [ { "system": "generic_textual", @@ -1068,7 +1046,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1203796", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013096.html", "severities": [ { "system": "generic_textual", @@ -1079,7 +1057,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1203797", + "url": "https://www.suse.com/security/cve/CVE-2022-44638/", "severities": [ { "system": "generic_textual", @@ -1087,76 +1065,148 @@ "scoring_elements": "" } ] - }, + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-36227" + ], + "summary": "\nThis update for libarchive fixes the following issues:\n\n- CVE-2022-36227: Fixed potential NULL pointer dereference in __archive_write_allocate_filter() (bsc#1205629).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ { "reference_id": "", - "url": "https://bugzilla.suse.com/1203799", + "url": "https://bugzilla.suse.com/1205629", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Low", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1203820", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013094.html", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Low", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1203924", + "url": "https://www.suse.com/security/cve/CVE-2022-36227/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Low", "scoring_elements": "" } ] - }, + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2019-2708" + ], + "summary": "\nThis update for libdb-4_8 fixes the following issues:\n\n- CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ { "reference_id": "", - "url": "https://bugzilla.suse.com/1204779", + "url": "https://bugzilla.suse.com/1174414", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Low", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013106.html", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Low", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "url": "https://www.suse.com/security/cve/CVE-2019-2708/", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Low", "scoring_elements": "" } ] - }, + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3597" + ], + "summary": "\nThis update for tiff fixes the following issues:\n\n- CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641).\n- CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643).\n- CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644)\n- CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645).\n- CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "url": "https://bugzilla.suse.com/1204641", "severities": [ { "system": "generic_textual", @@ -1167,7 +1217,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "url": "https://bugzilla.suse.com/1204643", "severities": [ { "system": "generic_textual", @@ -1178,7 +1228,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "url": "https://bugzilla.suse.com/1204644", "severities": [ { "system": "generic_textual", @@ -1189,7 +1239,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "url": "https://bugzilla.suse.com/1204645", "severities": [ { "system": "generic_textual", @@ -1200,7 +1250,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "url": "https://bugzilla.suse.com/1205392", "severities": [ { "system": "generic_textual", @@ -1211,7 +1261,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013135.html", "severities": [ { "system": "generic_textual", @@ -1222,7 +1272,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "url": "https://www.suse.com/security/cve/CVE-2022-3597/", "severities": [ { "system": "generic_textual", @@ -1233,7 +1283,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "url": "https://www.suse.com/security/cve/CVE-2022-3599/", "severities": [ { "system": "generic_textual", @@ -1244,7 +1294,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "url": "https://www.suse.com/security/cve/CVE-2022-3626/", "severities": [ { "system": "generic_textual", @@ -1255,7 +1305,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "url": "https://www.suse.com/security/cve/CVE-2022-3627/", "severities": [ { "system": "generic_textual", @@ -1266,7 +1316,42 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "url": "https://www.suse.com/security/cve/CVE-2022-3970/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3599" + ], + "summary": "\nThis update for tiff fixes the following issues:\n\n- CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641).\n- CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643).\n- CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644)\n- CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645).\n- CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204641", "severities": [ { "system": "generic_textual", @@ -1277,7 +1362,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "url": "https://bugzilla.suse.com/1204643", "severities": [ { "system": "generic_textual", @@ -1288,7 +1373,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "url": "https://bugzilla.suse.com/1204644", "severities": [ { "system": "generic_textual", @@ -1299,7 +1384,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "url": "https://bugzilla.suse.com/1204645", "severities": [ { "system": "generic_textual", @@ -1307,34 +1392,21 @@ "scoring_elements": "" } ] - } - ], - "date_published": "2023-01-18T06:56:54+00:00", - "weaknesses": [] - }, - { - "aliases": [ - "CVE-2022-3570" - ], - "summary": "\nThis update for tiff fixes the following issues:\n\n- CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422).\n- CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642]\n\t\t", - "affected_packages": [ + }, { - "package": { - "type": "rpm", - "namespace": "opensuse", - "name": "openSUSE-release", - "version": null, - "qualifiers": null, - "subpath": null - }, - "affected_version_range": "vers:rpm/5.3", - "fixed_version": null - } - ], - "references": [ + "reference_id": "", + "url": "https://bugzilla.suse.com/1205392", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1204642", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013135.html", "severities": [ { "system": "generic_textual", @@ -1345,7 +1417,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1205422", + "url": "https://www.suse.com/security/cve/CVE-2022-3597/", "severities": [ { "system": "generic_textual", @@ -1356,7 +1428,7 @@ }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013217.html", + "url": "https://www.suse.com/security/cve/CVE-2022-3599/", "severities": [ { "system": "generic_textual", @@ -1367,7 +1439,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3570/", + "url": "https://www.suse.com/security/cve/CVE-2022-3626/", "severities": [ { "system": "generic_textual", @@ -1378,7 +1450,18 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3598/", + "url": "https://www.suse.com/security/cve/CVE-2022-3627/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3970/", "severities": [ { "system": "generic_textual", @@ -1393,9 +1476,9 @@ }, { "aliases": [ - "CVE-2021-3623" + "CVE-2022-3626" ], - "summary": "\nThis update for libtpms fixes the following issues:\n\n- CVE-2021-3623: Fixed out-of-bounds access when trying to resume the\n state of the vTPM (bsc#1187767)\n\t\t", + "summary": "\nThis update for tiff fixes the following issues:\n\n- CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641).\n- CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643).\n- CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644)\n- CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645).\n- CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392).\n\t\t", "affected_packages": [ { "package": { @@ -1413,75 +1496,62 @@ "references": [ { "reference_id": "", - "url": "https://bugzilla.suse.com/1187767", + "url": "https://bugzilla.suse.com/1204641", "severities": [ { "system": "generic_textual", - "value": "Moderate", + "value": "Important", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1204556", + "url": "https://bugzilla.suse.com/1204643", "severities": [ { "system": "generic_textual", - "value": "Moderate", + "value": "Important", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013225.html", + "url": "https://bugzilla.suse.com/1204644", "severities": [ { "system": "generic_textual", - "value": "Moderate", + "value": "Important", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2021-3623/", + "url": "https://bugzilla.suse.com/1204645", "severities": [ { "system": "generic_textual", - "value": "Moderate", + "value": "Important", "scoring_elements": "" } ] - } - ], - "date_published": "2023-01-18T06:56:54+00:00", - "weaknesses": [] - }, - { - "aliases": [ - "CVE-2022-23471" - ], - "summary": "\nThis update for containerd fixes the following issues:\n\nUpdate to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065).\n\nAlso includes the following fix:\n\n- CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235).\n- CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284).\n\t\t", - "affected_packages": [ + }, { - "package": { - "type": "rpm", - "namespace": "opensuse", - "name": "openSUSE-release", - "version": null, - "qualifiers": null, - "subpath": null - }, - "affected_version_range": "vers:rpm/5.3", - "fixed_version": null - } - ], - "references": [ + "reference_id": "", + "url": "https://bugzilla.suse.com/1205392", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1197284", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013135.html", "severities": [ { "system": "generic_textual", @@ -1492,7 +1562,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1206065", + "url": "https://www.suse.com/security/cve/CVE-2022-3597/", "severities": [ { "system": "generic_textual", @@ -1503,7 +1573,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1206235", + "url": "https://www.suse.com/security/cve/CVE-2022-3599/", "severities": [ { "system": "generic_textual", @@ -1514,7 +1584,7 @@ }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013228.html", + "url": "https://www.suse.com/security/cve/CVE-2022-3626/", "severities": [ { "system": "generic_textual", @@ -1525,7 +1595,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-23471/", + "url": "https://www.suse.com/security/cve/CVE-2022-3627/", "severities": [ { "system": "generic_textual", @@ -1536,7 +1606,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-27191/", + "url": "https://www.suse.com/security/cve/CVE-2022-3970/", "severities": [ { "system": "generic_textual", @@ -1551,9 +1621,9 @@ }, { "aliases": [ - "CVE-2021-20206" + "CVE-2022-3627" ], - "summary": "\nThis update for cni fixes the following issues:\n\n- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).\n\t\t", + "summary": "\nThis update for tiff fixes the following issues:\n\n- CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641).\n- CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643).\n- CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644)\n- CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645).\n- CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392).\n\t\t", "affected_packages": [ { "package": { @@ -1571,7 +1641,7 @@ "references": [ { "reference_id": "", - "url": "https://bugzilla.suse.com/1181961", + "url": "https://bugzilla.suse.com/1204641", "severities": [ { "system": "generic_textual", @@ -1582,7 +1652,7 @@ }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013299.html", + "url": "https://bugzilla.suse.com/1204643", "severities": [ { "system": "generic_textual", @@ -1593,7 +1663,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2021-20206/", + "url": "https://bugzilla.suse.com/1204644", "severities": [ { "system": "generic_textual", @@ -1601,34 +1671,10 @@ "scoring_elements": "" } ] - } - ], - "date_published": "2023-01-18T06:56:54+00:00", - "weaknesses": [] - }, - { - "aliases": [ - "CVE-2021-20206" - ], - "summary": "\nThis update for cni-plugins fixes the following issues:\n\n- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).\n\t\t", - "affected_packages": [ - { - "package": { - "type": "rpm", - "namespace": "opensuse", - "name": "openSUSE-release", - "version": null, - "qualifiers": null, - "subpath": null - }, - "affected_version_range": "vers:rpm/5.3", - "fixed_version": null - } - ], - "references": [ + }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1181961", + "url": "https://bugzilla.suse.com/1204645", "severities": [ { "system": "generic_textual", @@ -1639,7 +1685,7 @@ }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013297.html", + "url": "https://bugzilla.suse.com/1205392", "severities": [ { "system": "generic_textual", @@ -1650,7 +1696,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2021-20206/", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013135.html", "severities": [ { "system": "generic_textual", @@ -1658,34 +1704,10 @@ "scoring_elements": "" } ] - } - ], - "date_published": "2023-01-18T06:56:54+00:00", - "weaknesses": [] - }, - { - "aliases": [ - "CVE-2022-43551" - ], - "summary": "\nThis update for curl fixes the following issues:\n\n- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).\n- CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308).\n\t\t", - "affected_packages": [ - { - "package": { - "type": "rpm", - "namespace": "opensuse", - "name": "openSUSE-release", - "version": null, - "qualifiers": null, - "subpath": null - }, - "affected_version_range": "vers:rpm/5.3", - "fixed_version": null - } - ], - "references": [ + }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1206308", + "url": "https://www.suse.com/security/cve/CVE-2022-3597/", "severities": [ { "system": "generic_textual", @@ -1696,7 +1718,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1206309", + "url": "https://www.suse.com/security/cve/CVE-2022-3599/", "severities": [ { "system": "generic_textual", @@ -1707,7 +1729,7 @@ }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013302.html", + "url": "https://www.suse.com/security/cve/CVE-2022-3626/", "severities": [ { "system": "generic_textual", @@ -1718,7 +1740,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-43551/", + "url": "https://www.suse.com/security/cve/CVE-2022-3627/", "severities": [ { "system": "generic_textual", @@ -1729,7 +1751,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-43552/", + "url": "https://www.suse.com/security/cve/CVE-2022-3970/", "severities": [ { "system": "generic_textual", @@ -1744,9 +1766,9 @@ }, { "aliases": [ - "CVE-2022-46908" + "CVE-2022-3970" ], - "summary": "\nThis update for sqlite3 fixes the following issues:\n\n- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism,\n when relying on --safe for execution of an untrusted CLI script (bsc#1206337).\n\t\t", + "summary": "\nThis update for tiff fixes the following issues:\n\n- CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641).\n- CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643).\n- CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644)\n- CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645).\n- CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392).\n\t\t", "affected_packages": [ { "package": { @@ -1764,33 +1786,121 @@ "references": [ { "reference_id": "", - "url": "https://bugzilla.suse.com/1206337", + "url": "https://bugzilla.suse.com/1204641", "severities": [ { "system": "generic_textual", - "value": "Moderate", + "value": "Important", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013354.html", + "url": "https://bugzilla.suse.com/1204643", "severities": [ { "system": "generic_textual", - "value": "Moderate", + "value": "Important", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-46908/", + "url": "https://bugzilla.suse.com/1204644", "severities": [ { "system": "generic_textual", - "value": "Moderate", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204645", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205392", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013135.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3597/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3599/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3626/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3627/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3970/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", "scoring_elements": "" } ] @@ -1801,9 +1911,9 @@ }, { "aliases": [ - "CVE-2022-4415" + "Security update for supportutils (Moderate)" ], - "summary": "\nThis update for systemd fixes the following issues:\n\n- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).\n\nBug fixes:\n\n- Support by-path devlink for multipath nvme block devices (bsc#1200723).\n\t\t", + "summary": "\nThis update for supportutils fixes the following issues:\n\nSecurity issues fixed:\n\n- Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)\n\nBug fixes:\n\n- Added lifecycle information\n- Fixed KVM virtualization detection on bare metal (bsc#1184689)\n- Added logging using journalctl (bsc#1200330)\n- Get current sar data before collecting files (bsc#1192648)\n- Collects everything in /etc/multipath/ (bsc#1192252)\n- Collects power management information in hardware.txt (bsc#1197428)\n- Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)\n- Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269)\n- Update to nvme_info and block_info (bsc#1202417)\n- Added includedir directories from /etc/sudoers (bsc#1188086)\n\t\t", "affected_packages": [ { "package": { @@ -1821,44 +1931,121 @@ "references": [ { "reference_id": "", - "url": "https://bugzilla.suse.com/1200723", + "url": "https://bugzilla.suse.com/1184689", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1205000", + "url": "https://bugzilla.suse.com/1188086", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013352.html", + "url": "https://bugzilla.suse.com/1192252", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-4415/", + "url": "https://bugzilla.suse.com/1192648", "severities": [ { "system": "generic_textual", - "value": "Important", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1197428", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1200330", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202269", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202337", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202417", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203818", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013146.html", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", "scoring_elements": "" } ] @@ -1869,9 +2056,9 @@ }, { "aliases": [ - "CVE-2022-3491" + "CVE-2019-18348" ], - "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0.1040:\n\n- CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).\n- CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).\n- CVE-2022-3591: vim: Use After Free (bsc#1206072).\n- CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).\n- CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).\n- CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).\n- CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n\t\t", + "summary": "\nThis update for python3 fixes the following issues:\n\n- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)\n- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)\n\nThe following non-security bug was fixed:\n\n- Fixed a crash in the garbage collection (bsc#1188607).\n\t\t", "affected_packages": [ { "package": { @@ -1889,7 +2076,7 @@ "references": [ { "reference_id": "", - "url": "https://bugzilla.suse.com/1204779", + "url": "https://bugzilla.suse.com/1188607", "severities": [ { "system": "generic_textual", @@ -1900,7 +2087,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1205797", + "url": "https://bugzilla.suse.com/1203125", "severities": [ { "system": "generic_textual", @@ -1911,7 +2098,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1206028", + "url": "https://bugzilla.suse.com/1204577", "severities": [ { "system": "generic_textual", @@ -1922,7 +2109,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1206071", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013149.html", "severities": [ { "system": "generic_textual", @@ -1933,7 +2120,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1206072", + "url": "https://www.suse.com/security/cve/CVE-2019-18348/", "severities": [ { "system": "generic_textual", @@ -1944,7 +2131,10911 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1206075", + "url": "https://www.suse.com/security/cve/CVE-2020-10735/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2020-8492/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37454/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2020-10735" + ], + "summary": "\nThis update for python3 fixes the following issues:\n\n- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)\n- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)\n\nThe following non-security bug was fixed:\n\n- Fixed a crash in the garbage collection (bsc#1188607).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1188607", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203125", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204577", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013149.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2019-18348/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2020-10735/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2020-8492/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37454/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2020-8492" + ], + "summary": "\nThis update for python3 fixes the following issues:\n\n- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)\n- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)\n\nThe following non-security bug was fixed:\n\n- Fixed a crash in the garbage collection (bsc#1188607).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1188607", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203125", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204577", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013149.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2019-18348/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2020-10735/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2020-8492/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37454/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-37454" + ], + "summary": "\nThis update for python3 fixes the following issues:\n\n- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)\n- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)\n\nThe following non-security bug was fixed:\n\n- Fixed a crash in the garbage collection (bsc#1188607).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1188607", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203125", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204577", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013149.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2019-18348/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2020-10735/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2020-8492/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37454/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2021-3928" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1192478", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202962", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203110", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203152", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203155", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203194", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203508", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203509", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203796", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203799", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203820", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203924", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-2980" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1192478", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202962", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203110", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203152", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203155", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203194", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203508", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203509", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203796", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203799", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203820", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203924", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-2982" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1192478", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202962", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203110", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203152", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203155", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203194", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203508", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203509", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203796", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203799", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203820", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203924", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3037" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1192478", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202962", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203110", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203152", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203155", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203194", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203508", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203509", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203796", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203799", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203820", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203924", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3099" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1192478", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202962", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203110", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203152", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203155", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203194", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203508", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203509", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203796", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203799", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203820", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203924", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3134" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1192478", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202962", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203110", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203152", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203155", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203194", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203508", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203509", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203796", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203799", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203820", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203924", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3153" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1192478", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202962", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203110", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203152", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203155", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203194", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203508", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203509", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203796", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203799", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203820", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203924", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3234" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1192478", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202962", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203110", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203152", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203155", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203194", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203508", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203509", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203796", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203799", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203820", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203924", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3235" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1192478", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202962", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203110", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203152", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203155", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203194", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203508", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203509", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203796", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203799", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203820", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203924", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3278" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1192478", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202962", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203110", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203152", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203155", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203194", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203508", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203509", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203796", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203799", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203820", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203924", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3296" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1192478", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202962", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203110", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203152", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203155", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203194", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203508", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203509", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203796", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203799", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203820", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203924", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3297" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1192478", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202962", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203110", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203152", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203155", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203194", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203508", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203509", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203796", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203799", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203820", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203924", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3324" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1192478", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202962", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203110", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203152", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203155", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203194", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203508", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203509", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203796", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203799", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203820", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203924", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3352" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1192478", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202962", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203110", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203152", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203155", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203194", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203508", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203509", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203796", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203799", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203820", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203924", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3705" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0 with patch level 0814:\n\n- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).\n- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).\n- CVE-2022-3235: Fixed use-after-free (bsc#1203509).\n- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).\n- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).\n- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).\n- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).\n- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).\n- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).\n- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).\n- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).\n- CVE-2022-3352: Fixed use-after-free (bsc#1203924).\n- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).\n- CVE-2022-3037: Fixed use-after-free (bsc#1202962).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1192478", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1202962", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203110", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203152", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203155", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203194", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203508", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203509", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203796", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203799", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203820", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1203924", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3928/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2980/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2982/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3037/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3099/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3134/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3153/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3234/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3235/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3278/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3296/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3297/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3324/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3352/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3570" + ], + "summary": "\nThis update for tiff fixes the following issues:\n\n- CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422).\n- CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642]\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204642", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205422", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013217.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3570/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3598/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3598" + ], + "summary": "\nThis update for tiff fixes the following issues:\n\n- CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422).\n- CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642]\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204642", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205422", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013217.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3570/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3598/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2021-3623" + ], + "summary": "\nThis update for libtpms fixes the following issues:\n\n- CVE-2021-3623: Fixed out-of-bounds access when trying to resume the\n state of the vTPM (bsc#1187767)\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1187767", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204556", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013225.html", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-3623/", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-23471" + ], + "summary": "\nThis update for containerd fixes the following issues:\n\nUpdate to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065).\n\nAlso includes the following fix:\n\n- CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235).\n- CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1197284", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206065", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206235", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013228.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-23471/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-27191/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-27191" + ], + "summary": "\nThis update for containerd fixes the following issues:\n\nUpdate to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065).\n\nAlso includes the following fix:\n\n- CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235).\n- CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1197284", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206065", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206235", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013228.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-23471/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-27191/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2021-20206" + ], + "summary": "\nThis update for cni fixes the following issues:\n\n- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1181961", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013299.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-20206/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2021-20206" + ], + "summary": "\nThis update for cni-plugins fixes the following issues:\n\n- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1181961", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013297.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-20206/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-43551" + ], + "summary": "\nThis update for curl fixes the following issues:\n\n- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).\n- CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206308", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206309", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013302.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-43551/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-43552/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-43552" + ], + "summary": "\nThis update for curl fixes the following issues:\n\n- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).\n- CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206308", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206309", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013302.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-43551/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-43552/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-46908" + ], + "summary": "\nThis update for sqlite3 fixes the following issues:\n\n- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism,\n when relying on --safe for execution of an untrusted CLI script (bsc#1206337).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206337", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013354.html", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-46908/", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-4415" + ], + "summary": "\nThis update for systemd fixes the following issues:\n\n- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).\n\nBug fixes:\n\n- Support by-path devlink for multipath nvme block devices (bsc#1200723).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1200723", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205000", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013352.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4415/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3491" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0.1040:\n\n- CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).\n- CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).\n- CVE-2022-3591: vim: Use After Free (bsc#1206072).\n- CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).\n- CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).\n- CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).\n- CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206028", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206071", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206072", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206075", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206077", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013353.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3491/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3520/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3591/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4141/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4292/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4293/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3520" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0.1040:\n\n- CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).\n- CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).\n- CVE-2022-3591: vim: Use After Free (bsc#1206072).\n- CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).\n- CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).\n- CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).\n- CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206028", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206071", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206072", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206075", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206077", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013353.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3491/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3520/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3591/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4141/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4292/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4293/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3591" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0.1040:\n\n- CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).\n- CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).\n- CVE-2022-3591: vim: Use After Free (bsc#1206072).\n- CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).\n- CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).\n- CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).\n- CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206028", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206071", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206072", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206075", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206077", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013353.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3491/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3520/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3591/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4141/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4292/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4293/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3705" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0.1040:\n\n- CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).\n- CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).\n- CVE-2022-3591: vim: Use After Free (bsc#1206072).\n- CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).\n- CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).\n- CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).\n- CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206028", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206071", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206072", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206075", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206077", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013353.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3491/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3520/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3591/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4141/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4292/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4293/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-4141" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0.1040:\n\n- CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).\n- CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).\n- CVE-2022-3591: vim: Use After Free (bsc#1206072).\n- CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).\n- CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).\n- CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).\n- CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206028", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206071", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206072", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206075", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206077", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013353.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3491/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3520/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3591/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4141/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4292/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4293/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-4292" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0.1040:\n\n- CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).\n- CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).\n- CVE-2022-3591: vim: Use After Free (bsc#1206072).\n- CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).\n- CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).\n- CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).\n- CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206028", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206071", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206072", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206075", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206077", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013353.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3491/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3520/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3591/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4141/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4292/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4293/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-4293" + ], + "summary": "\nThis update for vim fixes the following issues:\n\nUpdated to version 9.0.1040:\n\n- CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).\n- CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).\n- CVE-2022-3591: vim: Use After Free (bsc#1206072).\n- CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).\n- CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).\n- CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).\n- CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204779", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205797", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206028", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206071", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206072", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206075", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206077", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013353.html", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3491/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3520/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3591/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4141/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4292/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-4293/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-1708" + ], + "summary": "\nThis update for conmon fixes the following issues:\n\nconmon was updated to version 2.1.5:\n\n* don't leak syslog_identifier\n* logging: do not read more that the buf size\n* logging: fix error handling\n* Makefile: Fix install for FreeBSD\n* signal: Track changes to get_signal_descriptor in the FreeBSD version\n* Packit: initial enablement\n\nUpdate to version 2.1.4:\n\n* Fix a bug where conmon crashed when it got a SIGCHLD\n\nupdate to 2.1.3:\n\n* Stop using g_unix_signal_add() to avoid threads\n* Rename CLI optionlog-size-global-max to log-global-size-max\n\nUpdate to version 2.1.2:\n\n* add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285)\n* journald: print tag and name if both are specified\n* drop some logs to debug level\n\nUpdate to version 2.1.0\n\n* logging: buffer partial messages to journald\n* exit: close all fds >= 3\n* fix: cgroup: Free memory_cgroup_file_path if open fails.\n\nUpdate to version 2.0.32\n\n* Fix: Avoid mainfd_std{in,out} sharing the same file descriptor.\n* exit_command: Fix: unset subreaper attribute before running exit command\n\nUpdate to version 2.0.31\n* logging: new mode -l passthrough\n* ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald\n* conmon: Fix: free userdata files before exec cleanup\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1200285", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013379.html", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-1708/", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-23491" + ], + "summary": "\nThis update for python-certifi fixes the following issues:\n\n- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle\n certs (bsc#1206212 CVE-2022-23491)\n - TrustCor RootCert CA-1\n - TrustCor RootCert CA-2\n - TrustCor ECA-1\n- Add removeTrustCor.patch\n\nThis patch is currently in QA and not yet available for download.\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206212", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-23491/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-40897" + ], + "summary": "\nThis update for python-setuptools fixes the following issues:\n\n- CVE-2022-40897: Fixed an excessive CPU usage that could be triggered\n by fetching a malicious HTML document (bsc#1206667).\n\nThis patch is currently in QA and not yet available for download.\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206667", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-40897/", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-23491" + ], + "summary": "\nThis update for mozilla-nss fixes the following issues:\n\n- CVE-2022-3479: Fixed a potential crash that could be triggered when\n a server requested a client authentication certificate, but the\n client had no certificates stored (bsc#1204272).\n- Updated to version 3.79.3 (bsc#1207038):\n - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor.\n\nThis patch is currently in QA and not yet available for download.\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1207038", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-23491/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3479/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3479" + ], + "summary": "\nThis update for mozilla-nss fixes the following issues:\n\n- CVE-2022-3479: Fixed a potential crash that could be triggered when\n a server requested a client authentication certificate, but the\n client had no certificates stored (bsc#1204272).\n- Updated to version 3.79.3 (bsc#1207038):\n - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor.\n\nThis patch is currently in QA and not yet available for download.\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204272", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1207038", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-23491/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3479/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2021-20251" + ], + "summary": "\nThis update for samba fixes the following issues:\n\n- CVE-2021-20251: Fixed an issue where the bad password count would\n not be properly incremented, which could allow attackers to brute\n force a user's password (bsc#1206546).\n\n- Updated to version 4.15.13:\n - CVE-2022-37966: Fixed an issue where a weak cipher would be\n selected to encrypt session keys, which could lead to privilege\n escalation (bsc#1205385).\n - CVE-2022-37967: Fixed a potential privilege escalation issue via\n constrained delegation due to weak a cryptographic algorithm\n being selected (bsc#1205386).\n - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon\n Secure channel (bsc#1206504).\n\n- Updated to version 4.15.12:\n - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on\n 32-bit systems (bsc#1205126).\n\n- Updated to version 4.15.11:\n - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3()\n (bsc#1204254).\n\n- Updated to version 4.15.10:\n - Fixed a potential crash due to a concurrency issue (bsc#1200102).\n\n- Updated to version 4.15.9:\n - CVE-2022-32742: Fixed an information leak that could be triggered\n via SMB1 (bsc#1201496).\n - CVE-2022-32746: Fixed a memory corruption issue in database\n audit logging (bsc#1201490).\n - CVE-2022-2031: Fixed AD restrictions bypass associated with\n changing passwords (bsc#1201495).\n - CVE-2022-32745: Fixed a remote server crash that could be\n triggered with certain LDAP requests (bsc#1201492).\n - CVE-2022-32744: Fixed an issue where AD users could have forged\n password change requests on behalf of other users (bsc#1201493).\n\nOther fixes:\n\n- Fixed a problem when using bind as samba-ad-dc backend related to\n the named service (bsc#1201689).\n\nThis patch is currently in QA and not yet available for download.\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1200102", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201490", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201492", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201493", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201495", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201496", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201689", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204254", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205126", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205385", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205386", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206504", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206546", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-20251/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2031/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32742/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32744/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32745/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32746/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3437/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37966/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37967/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-38023/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-42898/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-2031" + ], + "summary": "\nThis update for samba fixes the following issues:\n\n- CVE-2021-20251: Fixed an issue where the bad password count would\n not be properly incremented, which could allow attackers to brute\n force a user's password (bsc#1206546).\n\n- Updated to version 4.15.13:\n - CVE-2022-37966: Fixed an issue where a weak cipher would be\n selected to encrypt session keys, which could lead to privilege\n escalation (bsc#1205385).\n - CVE-2022-37967: Fixed a potential privilege escalation issue via\n constrained delegation due to weak a cryptographic algorithm\n being selected (bsc#1205386).\n - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon\n Secure channel (bsc#1206504).\n\n- Updated to version 4.15.12:\n - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on\n 32-bit systems (bsc#1205126).\n\n- Updated to version 4.15.11:\n - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3()\n (bsc#1204254).\n\n- Updated to version 4.15.10:\n - Fixed a potential crash due to a concurrency issue (bsc#1200102).\n\n- Updated to version 4.15.9:\n - CVE-2022-32742: Fixed an information leak that could be triggered\n via SMB1 (bsc#1201496).\n - CVE-2022-32746: Fixed a memory corruption issue in database\n audit logging (bsc#1201490).\n - CVE-2022-2031: Fixed AD restrictions bypass associated with\n changing passwords (bsc#1201495).\n - CVE-2022-32745: Fixed a remote server crash that could be\n triggered with certain LDAP requests (bsc#1201492).\n - CVE-2022-32744: Fixed an issue where AD users could have forged\n password change requests on behalf of other users (bsc#1201493).\n\nOther fixes:\n\n- Fixed a problem when using bind as samba-ad-dc backend related to\n the named service (bsc#1201689).\n\nThis patch is currently in QA and not yet available for download.\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1200102", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201490", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201492", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201493", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201495", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201496", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201689", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204254", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205126", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205385", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205386", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206504", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206546", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-20251/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2031/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32742/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32744/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32745/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32746/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3437/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37966/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37967/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-38023/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-42898/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-32742" + ], + "summary": "\nThis update for samba fixes the following issues:\n\n- CVE-2021-20251: Fixed an issue where the bad password count would\n not be properly incremented, which could allow attackers to brute\n force a user's password (bsc#1206546).\n\n- Updated to version 4.15.13:\n - CVE-2022-37966: Fixed an issue where a weak cipher would be\n selected to encrypt session keys, which could lead to privilege\n escalation (bsc#1205385).\n - CVE-2022-37967: Fixed a potential privilege escalation issue via\n constrained delegation due to weak a cryptographic algorithm\n being selected (bsc#1205386).\n - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon\n Secure channel (bsc#1206504).\n\n- Updated to version 4.15.12:\n - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on\n 32-bit systems (bsc#1205126).\n\n- Updated to version 4.15.11:\n - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3()\n (bsc#1204254).\n\n- Updated to version 4.15.10:\n - Fixed a potential crash due to a concurrency issue (bsc#1200102).\n\n- Updated to version 4.15.9:\n - CVE-2022-32742: Fixed an information leak that could be triggered\n via SMB1 (bsc#1201496).\n - CVE-2022-32746: Fixed a memory corruption issue in database\n audit logging (bsc#1201490).\n - CVE-2022-2031: Fixed AD restrictions bypass associated with\n changing passwords (bsc#1201495).\n - CVE-2022-32745: Fixed a remote server crash that could be\n triggered with certain LDAP requests (bsc#1201492).\n - CVE-2022-32744: Fixed an issue where AD users could have forged\n password change requests on behalf of other users (bsc#1201493).\n\nOther fixes:\n\n- Fixed a problem when using bind as samba-ad-dc backend related to\n the named service (bsc#1201689).\n\nThis patch is currently in QA and not yet available for download.\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1200102", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201490", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201492", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201493", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201495", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201496", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201689", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204254", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205126", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205385", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205386", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206504", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206546", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-20251/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2031/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32742/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32744/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32745/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32746/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3437/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37966/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37967/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-38023/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-42898/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-32744" + ], + "summary": "\nThis update for samba fixes the following issues:\n\n- CVE-2021-20251: Fixed an issue where the bad password count would\n not be properly incremented, which could allow attackers to brute\n force a user's password (bsc#1206546).\n\n- Updated to version 4.15.13:\n - CVE-2022-37966: Fixed an issue where a weak cipher would be\n selected to encrypt session keys, which could lead to privilege\n escalation (bsc#1205385).\n - CVE-2022-37967: Fixed a potential privilege escalation issue via\n constrained delegation due to weak a cryptographic algorithm\n being selected (bsc#1205386).\n - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon\n Secure channel (bsc#1206504).\n\n- Updated to version 4.15.12:\n - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on\n 32-bit systems (bsc#1205126).\n\n- Updated to version 4.15.11:\n - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3()\n (bsc#1204254).\n\n- Updated to version 4.15.10:\n - Fixed a potential crash due to a concurrency issue (bsc#1200102).\n\n- Updated to version 4.15.9:\n - CVE-2022-32742: Fixed an information leak that could be triggered\n via SMB1 (bsc#1201496).\n - CVE-2022-32746: Fixed a memory corruption issue in database\n audit logging (bsc#1201490).\n - CVE-2022-2031: Fixed AD restrictions bypass associated with\n changing passwords (bsc#1201495).\n - CVE-2022-32745: Fixed a remote server crash that could be\n triggered with certain LDAP requests (bsc#1201492).\n - CVE-2022-32744: Fixed an issue where AD users could have forged\n password change requests on behalf of other users (bsc#1201493).\n\nOther fixes:\n\n- Fixed a problem when using bind as samba-ad-dc backend related to\n the named service (bsc#1201689).\n\nThis patch is currently in QA and not yet available for download.\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1200102", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201490", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201492", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201493", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201495", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201496", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201689", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204254", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205126", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205385", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205386", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206504", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206546", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-20251/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2031/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32742/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32744/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32745/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32746/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3437/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37966/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37967/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-38023/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-42898/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-32745" + ], + "summary": "\nThis update for samba fixes the following issues:\n\n- CVE-2021-20251: Fixed an issue where the bad password count would\n not be properly incremented, which could allow attackers to brute\n force a user's password (bsc#1206546).\n\n- Updated to version 4.15.13:\n - CVE-2022-37966: Fixed an issue where a weak cipher would be\n selected to encrypt session keys, which could lead to privilege\n escalation (bsc#1205385).\n - CVE-2022-37967: Fixed a potential privilege escalation issue via\n constrained delegation due to weak a cryptographic algorithm\n being selected (bsc#1205386).\n - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon\n Secure channel (bsc#1206504).\n\n- Updated to version 4.15.12:\n - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on\n 32-bit systems (bsc#1205126).\n\n- Updated to version 4.15.11:\n - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3()\n (bsc#1204254).\n\n- Updated to version 4.15.10:\n - Fixed a potential crash due to a concurrency issue (bsc#1200102).\n\n- Updated to version 4.15.9:\n - CVE-2022-32742: Fixed an information leak that could be triggered\n via SMB1 (bsc#1201496).\n - CVE-2022-32746: Fixed a memory corruption issue in database\n audit logging (bsc#1201490).\n - CVE-2022-2031: Fixed AD restrictions bypass associated with\n changing passwords (bsc#1201495).\n - CVE-2022-32745: Fixed a remote server crash that could be\n triggered with certain LDAP requests (bsc#1201492).\n - CVE-2022-32744: Fixed an issue where AD users could have forged\n password change requests on behalf of other users (bsc#1201493).\n\nOther fixes:\n\n- Fixed a problem when using bind as samba-ad-dc backend related to\n the named service (bsc#1201689).\n\nThis patch is currently in QA and not yet available for download.\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1200102", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201490", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201492", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201493", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201495", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201496", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201689", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204254", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205126", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205385", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205386", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206504", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206546", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-20251/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2031/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32742/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32744/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32745/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32746/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3437/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37966/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37967/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-38023/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-42898/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-32746" + ], + "summary": "\nThis update for samba fixes the following issues:\n\n- CVE-2021-20251: Fixed an issue where the bad password count would\n not be properly incremented, which could allow attackers to brute\n force a user's password (bsc#1206546).\n\n- Updated to version 4.15.13:\n - CVE-2022-37966: Fixed an issue where a weak cipher would be\n selected to encrypt session keys, which could lead to privilege\n escalation (bsc#1205385).\n - CVE-2022-37967: Fixed a potential privilege escalation issue via\n constrained delegation due to weak a cryptographic algorithm\n being selected (bsc#1205386).\n - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon\n Secure channel (bsc#1206504).\n\n- Updated to version 4.15.12:\n - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on\n 32-bit systems (bsc#1205126).\n\n- Updated to version 4.15.11:\n - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3()\n (bsc#1204254).\n\n- Updated to version 4.15.10:\n - Fixed a potential crash due to a concurrency issue (bsc#1200102).\n\n- Updated to version 4.15.9:\n - CVE-2022-32742: Fixed an information leak that could be triggered\n via SMB1 (bsc#1201496).\n - CVE-2022-32746: Fixed a memory corruption issue in database\n audit logging (bsc#1201490).\n - CVE-2022-2031: Fixed AD restrictions bypass associated with\n changing passwords (bsc#1201495).\n - CVE-2022-32745: Fixed a remote server crash that could be\n triggered with certain LDAP requests (bsc#1201492).\n - CVE-2022-32744: Fixed an issue where AD users could have forged\n password change requests on behalf of other users (bsc#1201493).\n\nOther fixes:\n\n- Fixed a problem when using bind as samba-ad-dc backend related to\n the named service (bsc#1201689).\n\nThis patch is currently in QA and not yet available for download.\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1200102", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201490", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201492", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201493", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201495", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201496", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201689", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204254", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205126", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205385", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205386", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206504", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206546", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-20251/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2031/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32742/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32744/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32745/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32746/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3437/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37966/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37967/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-38023/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-42898/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-3437" + ], + "summary": "\nThis update for samba fixes the following issues:\n\n- CVE-2021-20251: Fixed an issue where the bad password count would\n not be properly incremented, which could allow attackers to brute\n force a user's password (bsc#1206546).\n\n- Updated to version 4.15.13:\n - CVE-2022-37966: Fixed an issue where a weak cipher would be\n selected to encrypt session keys, which could lead to privilege\n escalation (bsc#1205385).\n - CVE-2022-37967: Fixed a potential privilege escalation issue via\n constrained delegation due to weak a cryptographic algorithm\n being selected (bsc#1205386).\n - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon\n Secure channel (bsc#1206504).\n\n- Updated to version 4.15.12:\n - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on\n 32-bit systems (bsc#1205126).\n\n- Updated to version 4.15.11:\n - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3()\n (bsc#1204254).\n\n- Updated to version 4.15.10:\n - Fixed a potential crash due to a concurrency issue (bsc#1200102).\n\n- Updated to version 4.15.9:\n - CVE-2022-32742: Fixed an information leak that could be triggered\n via SMB1 (bsc#1201496).\n - CVE-2022-32746: Fixed a memory corruption issue in database\n audit logging (bsc#1201490).\n - CVE-2022-2031: Fixed AD restrictions bypass associated with\n changing passwords (bsc#1201495).\n - CVE-2022-32745: Fixed a remote server crash that could be\n triggered with certain LDAP requests (bsc#1201492).\n - CVE-2022-32744: Fixed an issue where AD users could have forged\n password change requests on behalf of other users (bsc#1201493).\n\nOther fixes:\n\n- Fixed a problem when using bind as samba-ad-dc backend related to\n the named service (bsc#1201689).\n\nThis patch is currently in QA and not yet available for download.\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1200102", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201490", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201492", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201493", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201495", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201496", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201689", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204254", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205126", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205385", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205386", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206504", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206546", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-20251/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2031/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32742/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32744/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32745/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32746/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3437/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37966/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37967/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-38023/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-42898/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-37966" + ], + "summary": "\nThis update for samba fixes the following issues:\n\n- CVE-2021-20251: Fixed an issue where the bad password count would\n not be properly incremented, which could allow attackers to brute\n force a user's password (bsc#1206546).\n\n- Updated to version 4.15.13:\n - CVE-2022-37966: Fixed an issue where a weak cipher would be\n selected to encrypt session keys, which could lead to privilege\n escalation (bsc#1205385).\n - CVE-2022-37967: Fixed a potential privilege escalation issue via\n constrained delegation due to weak a cryptographic algorithm\n being selected (bsc#1205386).\n - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon\n Secure channel (bsc#1206504).\n\n- Updated to version 4.15.12:\n - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on\n 32-bit systems (bsc#1205126).\n\n- Updated to version 4.15.11:\n - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3()\n (bsc#1204254).\n\n- Updated to version 4.15.10:\n - Fixed a potential crash due to a concurrency issue (bsc#1200102).\n\n- Updated to version 4.15.9:\n - CVE-2022-32742: Fixed an information leak that could be triggered\n via SMB1 (bsc#1201496).\n - CVE-2022-32746: Fixed a memory corruption issue in database\n audit logging (bsc#1201490).\n - CVE-2022-2031: Fixed AD restrictions bypass associated with\n changing passwords (bsc#1201495).\n - CVE-2022-32745: Fixed a remote server crash that could be\n triggered with certain LDAP requests (bsc#1201492).\n - CVE-2022-32744: Fixed an issue where AD users could have forged\n password change requests on behalf of other users (bsc#1201493).\n\nOther fixes:\n\n- Fixed a problem when using bind as samba-ad-dc backend related to\n the named service (bsc#1201689).\n\nThis patch is currently in QA and not yet available for download.\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1200102", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201490", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201492", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201493", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201495", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201496", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201689", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204254", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205126", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205385", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205386", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206504", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206546", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-20251/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2031/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32742/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32744/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32745/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32746/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3437/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37966/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37967/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-38023/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-42898/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-37967" + ], + "summary": "\nThis update for samba fixes the following issues:\n\n- CVE-2021-20251: Fixed an issue where the bad password count would\n not be properly incremented, which could allow attackers to brute\n force a user's password (bsc#1206546).\n\n- Updated to version 4.15.13:\n - CVE-2022-37966: Fixed an issue where a weak cipher would be\n selected to encrypt session keys, which could lead to privilege\n escalation (bsc#1205385).\n - CVE-2022-37967: Fixed a potential privilege escalation issue via\n constrained delegation due to weak a cryptographic algorithm\n being selected (bsc#1205386).\n - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon\n Secure channel (bsc#1206504).\n\n- Updated to version 4.15.12:\n - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on\n 32-bit systems (bsc#1205126).\n\n- Updated to version 4.15.11:\n - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3()\n (bsc#1204254).\n\n- Updated to version 4.15.10:\n - Fixed a potential crash due to a concurrency issue (bsc#1200102).\n\n- Updated to version 4.15.9:\n - CVE-2022-32742: Fixed an information leak that could be triggered\n via SMB1 (bsc#1201496).\n - CVE-2022-32746: Fixed a memory corruption issue in database\n audit logging (bsc#1201490).\n - CVE-2022-2031: Fixed AD restrictions bypass associated with\n changing passwords (bsc#1201495).\n - CVE-2022-32745: Fixed a remote server crash that could be\n triggered with certain LDAP requests (bsc#1201492).\n - CVE-2022-32744: Fixed an issue where AD users could have forged\n password change requests on behalf of other users (bsc#1201493).\n\nOther fixes:\n\n- Fixed a problem when using bind as samba-ad-dc backend related to\n the named service (bsc#1201689).\n\nThis patch is currently in QA and not yet available for download.\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1200102", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201490", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201492", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201493", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201495", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201496", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201689", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1204254", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205126", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205385", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205386", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206504", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206546", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2021-20251/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-2031/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32742/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32744/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32745/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-32746/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-3437/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37966/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-37967/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-38023/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-42898/", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, + { + "aliases": [ + "CVE-2022-38023" + ], + "summary": "\nThis update for samba fixes the following issues:\n\n- CVE-2021-20251: Fixed an issue where the bad password count would\n not be properly incremented, which could allow attackers to brute\n force a user's password (bsc#1206546).\n\n- Updated to version 4.15.13:\n - CVE-2022-37966: Fixed an issue where a weak cipher would be\n selected to encrypt session keys, which could lead to privilege\n escalation (bsc#1205385).\n - CVE-2022-37967: Fixed a potential privilege escalation issue via\n constrained delegation due to weak a cryptographic algorithm\n being selected (bsc#1205386).\n - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon\n Secure channel (bsc#1206504).\n\n- Updated to version 4.15.12:\n - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on\n 32-bit systems (bsc#1205126).\n\n- Updated to version 4.15.11:\n - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3()\n (bsc#1204254).\n\n- Updated to version 4.15.10:\n - Fixed a potential crash due to a concurrency issue (bsc#1200102).\n\n- Updated to version 4.15.9:\n - CVE-2022-32742: Fixed an information leak that could be triggered\n via SMB1 (bsc#1201496).\n - CVE-2022-32746: Fixed a memory corruption issue in database\n audit logging (bsc#1201490).\n - CVE-2022-2031: Fixed AD restrictions bypass associated with\n changing passwords (bsc#1201495).\n - CVE-2022-32745: Fixed a remote server crash that could be\n triggered with certain LDAP requests (bsc#1201492).\n - CVE-2022-32744: Fixed an issue where AD users could have forged\n password change requests on behalf of other users (bsc#1201493).\n\nOther fixes:\n\n- Fixed a problem when using bind as samba-ad-dc backend related to\n the named service (bsc#1201689).\n\nThis patch is currently in QA and not yet available for download.\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1200102", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201490", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201492", + "severities": [ + { + "system": "generic_textual", + "value": "Important", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1201493", "severities": [ { "system": "generic_textual", @@ -1955,7 +13046,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1206077", + "url": "https://bugzilla.suse.com/1201495", "severities": [ { "system": "generic_textual", @@ -1966,7 +13057,7 @@ }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013353.html", + "url": "https://bugzilla.suse.com/1201496", "severities": [ { "system": "generic_textual", @@ -1977,7 +13068,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3491/", + "url": "https://bugzilla.suse.com/1201689", "severities": [ { "system": "generic_textual", @@ -1988,7 +13079,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3520/", + "url": "https://bugzilla.suse.com/1204254", "severities": [ { "system": "generic_textual", @@ -1999,7 +13090,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3591/", + "url": "https://bugzilla.suse.com/1205126", "severities": [ { "system": "generic_textual", @@ -2010,7 +13101,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3705/", + "url": "https://bugzilla.suse.com/1205385", "severities": [ { "system": "generic_textual", @@ -2021,7 +13112,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-4141/", + "url": "https://bugzilla.suse.com/1205386", "severities": [ { "system": "generic_textual", @@ -2032,7 +13123,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-4292/", + "url": "https://bugzilla.suse.com/1206504", "severities": [ { "system": "generic_textual", @@ -2043,7 +13134,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-4293/", + "url": "https://bugzilla.suse.com/1206546", "severities": [ { "system": "generic_textual", @@ -2051,91 +13142,43 @@ "scoring_elements": "" } ] - } - ], - "date_published": "2023-01-18T06:56:54+00:00", - "weaknesses": [] - }, - { - "aliases": [ - "CVE-2022-1708" - ], - "summary": "\nThis update for conmon fixes the following issues:\n\nconmon was updated to version 2.1.5:\n\n* don't leak syslog_identifier\n* logging: do not read more that the buf size\n* logging: fix error handling\n* Makefile: Fix install for FreeBSD\n* signal: Track changes to get_signal_descriptor in the FreeBSD version\n* Packit: initial enablement\n\nUpdate to version 2.1.4:\n\n* Fix a bug where conmon crashed when it got a SIGCHLD\n\nupdate to 2.1.3:\n\n* Stop using g_unix_signal_add() to avoid threads\n* Rename CLI optionlog-size-global-max to log-global-size-max\n\nUpdate to version 2.1.2:\n\n* add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285)\n* journald: print tag and name if both are specified\n* drop some logs to debug level\n\nUpdate to version 2.1.0\n\n* logging: buffer partial messages to journald\n* exit: close all fds >= 3\n* fix: cgroup: Free memory_cgroup_file_path if open fails.\n\nUpdate to version 2.0.32\n\n* Fix: Avoid mainfd_std{in,out} sharing the same file descriptor.\n* exit_command: Fix: unset subreaper attribute before running exit command\n\nUpdate to version 2.0.31\n* logging: new mode -l passthrough\n* ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald\n* conmon: Fix: free userdata files before exec cleanup\n\t\t", - "affected_packages": [ - { - "package": { - "type": "rpm", - "namespace": "opensuse", - "name": "openSUSE-release", - "version": null, - "qualifiers": null, - "subpath": null - }, - "affected_version_range": "vers:rpm/5.3", - "fixed_version": null - } - ], - "references": [ + }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1200285", + "url": "https://www.suse.com/security/cve/CVE-2021-20251/", "severities": [ { "system": "generic_textual", - "value": "Moderate", + "value": "Important", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013379.html", + "url": "https://www.suse.com/security/cve/CVE-2022-2031/", "severities": [ { "system": "generic_textual", - "value": "Moderate", + "value": "Important", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-1708/", + "url": "https://www.suse.com/security/cve/CVE-2022-32742/", "severities": [ { "system": "generic_textual", - "value": "Moderate", + "value": "Important", "scoring_elements": "" } ] - } - ], - "date_published": "2023-01-18T06:56:54+00:00", - "weaknesses": [] - }, - { - "aliases": [ - "CVE-2022-23491" - ], - "summary": "\nThis update for python-certifi fixes the following issues:\n\n- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle\n certs (bsc#1206212 CVE-2022-23491)\n - TrustCor RootCert CA-1\n - TrustCor RootCert CA-2\n - TrustCor ECA-1\n- Add removeTrustCor.patch\n\nThis patch is currently in QA and not yet available for download.\n\t\t", - "affected_packages": [ - { - "package": { - "type": "rpm", - "namespace": "opensuse", - "name": "openSUSE-release", - "version": null, - "qualifiers": null, - "subpath": null - }, - "affected_version_range": "vers:rpm/5.3", - "fixed_version": null - } - ], - "references": [ + }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1206212", + "url": "https://www.suse.com/security/cve/CVE-2022-32744/", "severities": [ { "system": "generic_textual", @@ -2146,7 +13189,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-23491/", + "url": "https://www.suse.com/security/cve/CVE-2022-32745/", "severities": [ { "system": "generic_textual", @@ -2154,80 +13197,32 @@ "scoring_elements": "" } ] - } - ], - "date_published": "2023-01-18T06:56:54+00:00", - "weaknesses": [] - }, - { - "aliases": [ - "CVE-2022-40897" - ], - "summary": "\nThis update for python-setuptools fixes the following issues:\n\n- CVE-2022-40897: Fixed an excessive CPU usage that could be triggered\n by fetching a malicious HTML document (bsc#1206667).\n\nThis patch is currently in QA and not yet available for download.\n\t\t", - "affected_packages": [ - { - "package": { - "type": "rpm", - "namespace": "opensuse", - "name": "openSUSE-release", - "version": null, - "qualifiers": null, - "subpath": null - }, - "affected_version_range": "vers:rpm/5.3", - "fixed_version": null - } - ], - "references": [ + }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1206667", + "url": "https://www.suse.com/security/cve/CVE-2022-32746/", "severities": [ { "system": "generic_textual", - "value": "Moderate", + "value": "Important", "scoring_elements": "" } ] }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-40897/", + "url": "https://www.suse.com/security/cve/CVE-2022-3437/", "severities": [ { "system": "generic_textual", - "value": "Moderate", + "value": "Important", "scoring_elements": "" } ] - } - ], - "date_published": "2023-01-18T06:56:54+00:00", - "weaknesses": [] - }, - { - "aliases": [ - "CVE-2022-23491" - ], - "summary": "\nThis update for mozilla-nss fixes the following issues:\n\n- CVE-2022-3479: Fixed a potential crash that could be triggered when\n a server requested a client authentication certificate, but the\n client had no certificates stored (bsc#1204272).\n- Updated to version 3.79.3 (bsc#1207038):\n - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor.\n\nThis patch is currently in QA and not yet available for download.\n\t\t", - "affected_packages": [ - { - "package": { - "type": "rpm", - "namespace": "opensuse", - "name": "openSUSE-release", - "version": null, - "qualifiers": null, - "subpath": null - }, - "affected_version_range": "vers:rpm/5.3", - "fixed_version": null - } - ], - "references": [ + }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1204272", + "url": "https://www.suse.com/security/cve/CVE-2022-37966/", "severities": [ { "system": "generic_textual", @@ -2238,7 +13233,7 @@ }, { "reference_id": "", - "url": "https://bugzilla.suse.com/1207038", + "url": "https://www.suse.com/security/cve/CVE-2022-37967/", "severities": [ { "system": "generic_textual", @@ -2249,7 +13244,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-23491/", + "url": "https://www.suse.com/security/cve/CVE-2022-38023/", "severities": [ { "system": "generic_textual", @@ -2260,7 +13255,7 @@ }, { "reference_id": "", - "url": "https://www.suse.com/security/cve/CVE-2022-3479/", + "url": "https://www.suse.com/security/cve/CVE-2022-42898/", "severities": [ { "system": "generic_textual", @@ -2275,7 +13270,7 @@ }, { "aliases": [ - "CVE-2021-20251" + "CVE-2022-42898" ], "summary": "\nThis update for samba fixes the following issues:\n\n- CVE-2021-20251: Fixed an issue where the bad password count would\n not be properly incremented, which could allow attackers to brute\n force a user's password (bsc#1206546).\n\n- Updated to version 4.15.13:\n - CVE-2022-37966: Fixed an issue where a weak cipher would be\n selected to encrypt session keys, which could lead to privilege\n escalation (bsc#1205385).\n - CVE-2022-37967: Fixed a potential privilege escalation issue via\n constrained delegation due to weak a cryptographic algorithm\n being selected (bsc#1205386).\n - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon\n Secure channel (bsc#1206504).\n\n- Updated to version 4.15.12:\n - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on\n 32-bit systems (bsc#1205126).\n\n- Updated to version 4.15.11:\n - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3()\n (bsc#1204254).\n\n- Updated to version 4.15.10:\n - Fixed a potential crash due to a concurrency issue (bsc#1200102).\n\n- Updated to version 4.15.9:\n - CVE-2022-32742: Fixed an information leak that could be triggered\n via SMB1 (bsc#1201496).\n - CVE-2022-32746: Fixed a memory corruption issue in database\n audit logging (bsc#1201490).\n - CVE-2022-2031: Fixed AD restrictions bypass associated with\n changing passwords (bsc#1201495).\n - CVE-2022-32745: Fixed a remote server crash that could be\n triggered with certain LDAP requests (bsc#1201492).\n - CVE-2022-32744: Fixed an issue where AD users could have forged\n password change requests on behalf of other users (bsc#1201493).\n\nOther fixes:\n\n- Fixed a problem when using bind as samba-ad-dc backend related to\n the named service (bsc#1201689).\n\nThis patch is currently in QA and not yet available for download.\n\t\t", "affected_packages": [ @@ -2822,6 +13817,107 @@ "date_published": "2023-01-18T06:56:54+00:00", "weaknesses": [] }, + { + "aliases": [ + "CVE-2022-44793" + ], + "summary": "\nThis update for net-snmp fixes the following issues:\n\n- CVE-2022-44793: Fixed a NULL pointer dereference issue that could\n allow a remote attacker with write access to crash the server\n instance (bsc#1205148).\n- CVE-2022-44792: Fixed a NULL pointer dereference issue that could\n allow a remote attacker with write access to crash the server\n instance (bsc#1205150).\n\nOther fixes:\n- Enabled AES-192 and AES-256 privacy protocols (bsc#1206828).\n- Fixed an incorrect systemd hardening that caused home directory\n size and allocation to be listed incorrectly (bsc#1206044)\n\t\t", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "opensuse", + "name": "openSUSE-release", + "version": null, + "qualifiers": null, + "subpath": null + }, + "affected_version_range": "vers:rpm/5.3", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205148", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1205150", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206044", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://bugzilla.suse.com/1206828", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013464.html", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-44792/", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + }, + { + "reference_id": "", + "url": "https://www.suse.com/security/cve/CVE-2022-44793/", + "severities": [ + { + "system": "generic_textual", + "value": "Moderate", + "scoring_elements": "" + } + ] + } + ], + "date_published": "2023-01-18T06:56:54+00:00", + "weaknesses": [] + }, { "aliases": [ "CVE-2022-40899"