Bug 1097158 (CVE-2018-0732) - VUL-0: CVE-2018-0732: openssl1,openssl,compat-openssl098: Reject excessively large primes in DH key generation.
Summary: VUL-0: CVE-2018-0732: openssl1,openssl,compat-openssl098: Reject excessively ...
Status: RESOLVED FIXED
Alias: CVE-2018-0732
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2018-08-29
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/207862/
Whiteboard: CVSSv3:SUSE:CVE-2018-0732:5.3:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-12 09:37 UTC by Marcus Meissner
Modified: 2022-02-16 20:53 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-06-12 09:37:59 UTC
CVE-2018-0732

from openssl git:

commit 3984ef0b72831da8b3ece4745cac4f8575b19098                                                                                                                                              
Author: Guido Vranken <guidovranken@gmail.com>                                                                                                                                               
Date:   Mon Jun 11 19:38:54 2018 +0200                                                                                                                                                       
                                                                                                                                                                                             
    Reject excessively large primes in DH key generation.                                                                                                                                    
                                                                                                                                                                                             
    CVE-2018-0732                                                                                                                                                                            
                                                                                                                                                                                             
    Signed-off-by: Guido Vranken <guidovranken@gmail.com>                                                                                                                                    
                                                                                                                                                                                             
    (cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)                                                                                                                     
                                                                                                                                                                                             
    Reviewed-by: Tim Hudson <tjh@openssl.org>                                                                                                                                                
    Reviewed-by: Matt Caswell <matt@openssl.org>                                                                                                                                             
    (Merged from https://github.com/openssl/openssl/pull/6457)                                                                                                                               


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0732
Comment 1 Marcus Meissner 2018-06-12 14:12:31 UTC
OpenSSL Security Advisory [12 June 2018]
========================================

Client DoS due to large DH parameter (CVE-2018-0732)
====================================================

Severity: Low

During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a key
for this prime resulting in a hang until the client has finished. This could be
exploited in a Denial Of Service attack.

Due to the low severity of this issue we are not issuing a new release of
OpenSSL 1.1.0 or 1.0.2 at this time. The fix will be included in OpenSSL 1.1.0i
and OpenSSL 1.0.2p when they become available. The fix is also available in
commit ea7abeeab (for 1.1.0) and commit 3984ef0b7 (for 1.0.2) in the OpenSSL git
repository.

This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken who also
developed the fix.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20180612.txt
Comment 8 Andreas Stieger 2018-06-29 19:27:25 UTC
Also affects libressl in openSUSE:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt

  * Reject excessively large primes in DH key generation. Problem
    reported by Guido Vranken to OpenSSL
    (https://github.com/openssl/openssl/pull/6457) and based on his
    diff.
Comment 9 Swamp Workflow Management 2018-07-05 10:15:36 UTC
SUSE-SU-2018:1887-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1097158,1097624,1098592
CVE References: CVE-2018-0732
Sources used:
SUSE OpenStack Cloud 7 (src):    openssl-1.0.2j-60.30.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    openssl-1.0.2j-60.30.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    openssl-1.0.2j-60.30.1
SUSE Linux Enterprise Server 12-SP3 (src):    openssl-1.0.2j-60.30.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    openssl-1.0.2j-60.30.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    openssl-1.0.2j-60.30.1
SUSE Enterprise Storage 4 (src):    openssl-1.0.2j-60.30.1
SUSE CaaS Platform ALL (src):    openssl-1.0.2j-60.30.1
OpenStack Cloud Magnum Orchestration 7 (src):    openssl-1.0.2j-60.30.1
Comment 10 Swamp Workflow Management 2018-07-06 22:09:31 UTC
openSUSE-SU-2018:1906-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1097158,1097624,1098592
CVE References: CVE-2018-0732
Sources used:
openSUSE Leap 42.3 (src):    openssl-1.0.2j-25.1
Comment 11 Swamp Workflow Management 2018-07-16 10:10:40 UTC
SUSE-SU-2018:1968-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1097158,1097624,1098592
CVE References: CVE-2018-0732
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    openssl-1.0.1i-54.14.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    openssl-1.0.1i-54.14.1
Comment 12 Swamp Workflow Management 2018-07-23 13:08:19 UTC
SUSE-SU-2018:2036-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1097158,1097624,1098592
CVE References: CVE-2018-0732
Sources used:
SUSE Linux Enterprise Module for Basesystem 15 (src):    openssl-1_1-1.1.0h-4.3.1
Comment 13 Swamp Workflow Management 2018-07-23 13:12:20 UTC
SUSE-SU-2018:2041-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1097158,1097624,1098592
CVE References: CVE-2018-0732
Sources used:
SUSE Linux Enterprise Module for Legacy Software 15 (src):    openssl-1_0_0-1.0.2n-3.3.1
Comment 16 Swamp Workflow Management 2018-07-28 13:09:31 UTC
openSUSE-SU-2018:2117-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1097158,1097624,1098592
CVE References: CVE-2018-0732
Sources used:
openSUSE Leap 15.0 (src):    openssl-1_1-1.1.0h-lp150.3.3.1
Comment 17 Swamp Workflow Management 2018-07-28 14:03:48 UTC
openSUSE-SU-2018:2129-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1097158,1097624,1098592
CVE References: CVE-2018-0732
Sources used:
openSUSE Leap 15.0 (src):    openssl-1_0_0-1.0.2n-lp150.2.3.1
Comment 20 Swamp Workflow Management 2018-08-06 13:10:47 UTC
SUSE-SU-2018:2207-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1097158,1097624,1098592
CVE References: CVE-2018-0732
Sources used:
SUSE Studio Onsite 1.3 (src):    openssl-0.9.8j-0.106.12.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    openssl-0.9.8j-0.106.12.1
SUSE Linux Enterprise Server 11-SP4 (src):    openssl-0.9.8j-0.106.12.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    openssl-0.9.8j-0.106.12.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    openssl-0.9.8j-0.106.12.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openssl-0.9.8j-0.106.12.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    openssl-0.9.8j-0.106.12.1
Comment 26 Swamp Workflow Management 2018-08-14 15:20:05 UTC
This is an autogenerated message for OBS integration:
This bug (1097158) was mentioned in
https://build.opensuse.org/request/show/629239 Factory / openssl-1_1
Comment 27 Swamp Workflow Management 2018-08-15 07:26:37 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-08-29.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64102
Comment 28 Swamp Workflow Management 2018-08-15 08:06:46 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-08-29.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64106
Comment 29 Swamp Workflow Management 2018-08-15 08:23:16 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-08-29.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64108
Comment 34 Swamp Workflow Management 2018-08-20 10:50:06 UTC
This is an autogenerated message for OBS integration:
This bug (1097158) was mentioned in
https://build.opensuse.org/request/show/630497 Factory / nodejs6
https://build.opensuse.org/request/show/630498 Factory / nodejs8
Comment 35 Swamp Workflow Management 2018-08-20 13:09:20 UTC
SUSE-SU-2018:2449-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1097158,1097624,1098592
CVE References: CVE-2018-0732
Sources used:
SUSE CaaS Platform 3.0 (src):    openssl-1.0.2j-60.34.1
Comment 39 Swamp Workflow Management 2018-08-28 13:08:39 UTC
SUSE-SU-2018:2534-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1065363,1087102,1097158
CVE References: CVE-2018-0732,CVE-2018-0739
Sources used:
SUSE Linux Enterprise Server for SAP 11-SP4 (src):    compat-openssl097g-0.9.7g-146.22.51.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    compat-openssl097g-0.9.7g-146.22.51.5.1
Comment 40 Swamp Workflow Management 2018-08-28 19:10:49 UTC
SUSE-SU-2018:2545-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1089039,1097158,1097624,1098592
CVE References: CVE-2018-0732,CVE-2018-0737
Sources used:
SUSE Linux Enterprise Server 11-SECURITY (src):    openssl1-1.0.1g-0.58.12.1
Comment 42 Swamp Workflow Management 2018-09-07 13:10:11 UTC
SUSE-SU-2018:2647-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1082318,1091764,1097158,1097748,1105019
CVE References: CVE-2018-0732,CVE-2018-12115
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    nodejs4-4.9.1-15.14.1
SUSE Enterprise Storage 4 (src):    nodejs4-4.9.1-15.14.1
Comment 43 Swamp Workflow Management 2018-09-08 10:15:29 UTC
openSUSE-SU-2018:2667-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1082318,1091764,1097158,1097748,1105019
CVE References: CVE-2018-0732,CVE-2018-12115
Sources used:
openSUSE Leap 42.3 (src):    nodejs4-4.9.1-17.1
Comment 44 Swamp Workflow Management 2018-09-10 14:50:06 UTC
This is an autogenerated message for OBS integration:
This bug (1097158) was mentioned in
https://build.opensuse.org/request/show/634765 Factory / nodejs10
Comment 45 Swamp Workflow Management 2018-09-10 19:14:59 UTC
SUSE-SU-2018:2683-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1087102,1089039,1097158,1097624,1098592
CVE References: CVE-2018-0732,CVE-2018-0737,CVE-2018-0739
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    compat-openssl098-0.9.8j-106.6.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    compat-openssl098-0.9.8j-106.6.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    compat-openssl098-0.9.8j-106.6.1
SUSE Linux Enterprise Module for Legacy Software 12 (src):    compat-openssl098-0.9.8j-106.6.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    compat-openssl098-0.9.8j-106.6.1
Comment 46 Swamp Workflow Management 2018-09-12 10:10:13 UTC
openSUSE-SU-2018:2695-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1087102,1089039,1097158,1097624,1098592
CVE References: CVE-2018-0732,CVE-2018-0737,CVE-2018-0739
Sources used:
openSUSE Leap 42.3 (src):    compat-openssl098-0.9.8j-24.1
Comment 47 Swamp Workflow Management 2018-09-21 19:49:22 UTC
SUSE-SU-2018:2796-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1097158,1097748,1105019
CVE References: CVE-2018-0732,CVE-2018-12115
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    nodejs6-6.14.4-11.18.1
SUSE OpenStack Cloud 7 (src):    nodejs6-6.14.4-11.18.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    nodejs6-6.14.4-11.18.1
SUSE Enterprise Storage 4 (src):    nodejs6-6.14.4-11.18.1
Comment 48 Swamp Workflow Management 2018-09-24 10:11:16 UTC
SUSE-SU-2018:2812-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1097158,1097748,1105019
CVE References: CVE-2018-0732,CVE-2018-12115
Sources used:
SUSE Linux Enterprise Module for Web Scripting 15 (src):    nodejs8-8.11.4-3.8.2
Comment 49 Swamp Workflow Management 2018-09-24 10:16:09 UTC
openSUSE-SU-2018:2816-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1097158,1097748,1105019
CVE References: CVE-2018-0732,CVE-2018-12115
Sources used:
openSUSE Leap 42.3 (src):    nodejs6-6.14.4-15.1
Comment 50 Swamp Workflow Management 2018-09-25 13:12:48 UTC
openSUSE-SU-2018:2855-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1097158,1097748,1105019
CVE References: CVE-2018-0732,CVE-2018-12115
Sources used:
openSUSE Leap 15.0 (src):    nodejs8-8.11.4-lp150.2.6.1
Comment 51 Swamp Workflow Management 2018-09-30 16:09:18 UTC
SUSE-SU-2018:2956-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1097158,1101470
CVE References: CVE-2018-0732
Sources used:
SUSE Linux Enterprise Module for Basesystem 15 (src):    openssl-1.1.0i-3.3.1, openssl-1_1-1.1.0i-4.9.2
Comment 52 Swamp Workflow Management 2018-10-01 19:12:08 UTC
SUSE-SU-2018:2965-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1089039,1097158,1101470,1104789,1106197
CVE References: CVE-2018-0732,CVE-2018-0737
Sources used:
SUSE Linux Enterprise Module for Legacy Software 15 (src):    openssl-1_0_0-1.0.2p-3.8.1
Comment 53 Swamp Workflow Management 2018-10-05 10:08:59 UTC
openSUSE-SU-2018:3013-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1097158,1101470
CVE References: CVE-2018-0732
Sources used:
openSUSE Leap 15.0 (src):    openssl-1.1.0i-lp150.2.3.1, openssl-1_1-1.1.0i-lp150.3.9.1
Comment 54 Swamp Workflow Management 2018-10-05 10:11:39 UTC
openSUSE-SU-2018:3015-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1089039,1097158,1101470,1104789,1106197
CVE References: CVE-2018-0732,CVE-2018-0737
Sources used:
openSUSE Leap 15.0 (src):    openssl-1_0_0-1.0.2p-lp150.2.6.1
Comment 55 Swamp Workflow Management 2018-10-17 10:41:22 UTC
This is an autogenerated message for OBS integration:
This bug (1097158) was mentioned in
https://build.opensuse.org/request/show/642571 42.3+Backports:SLE-12 / nodejs8
Comment 56 Swamp Workflow Management 2018-10-18 16:10:34 UTC
SUSE-SU-2018:1887-2: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1097158,1097624,1098592
CVE References: CVE-2018-0732
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    openssl-1.0.2j-60.30.1
Comment 57 Swamp Workflow Management 2018-10-19 12:40:39 UTC
This is an autogenerated message for OBS integration:
This bug (1097158) was mentioned in
https://build.opensuse.org/request/show/643179 42.3 / nodejs10
Comment 58 Marcus Meissner 2018-11-09 06:57:27 UTC
done
Comment 59 Swamp Workflow Management 2018-11-16 14:01:34 UTC
This is an autogenerated message for OBS integration:
This bug (1097158) was mentioned in
https://build.opensuse.org/request/show/649577 Backports:SLE-12-SP2 / nodejs8
Comment 60 Swamp Workflow Management 2019-01-02 17:40:13 UTC
This is an autogenerated message for OBS integration:
This bug (1097158) was mentioned in
https://build.opensuse.org/request/show/662509 Factory / openssl-1_0_0
Comment 63 Swamp Workflow Management 2019-06-18 23:14:12 UTC
SUSE-SU-2019:1553-1: An update that solves 6 vulnerabilities and has 7 fixes is now available.

Category: security (moderate)
Bug References: 1089039,1097158,1097624,1098592,1101470,1104789,1106197,1110018,1113534,1113652,1117951,1127080,1131291
CVE References: CVE-2016-8610,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-5407,CVE-2019-1559
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    openssl-1.0.1i-27.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 65 Swamp Workflow Management 2019-12-11 20:25:03 UTC
SUSE-SU-2019:14246-1: An update that fixes 118 vulnerabilities is now available.

Category: security (important)
Bug References: 1000036,1001652,1025108,1029377,1029902,1040164,104105,1042670,1043008,1044946,1047925,1047936,1048299,1049186,1050653,1056058,1058013,1066242,1066953,1070738,1070853,1072320,1072322,1073796,1073798,1073799,1073803,1073808,1073818,1073823,1073829,1073830,1073832,1073846,1074235,1077230,1079761,1081750,1082318,1087453,1087459,1087463,1088573,1091764,1094814,1097158,1097375,1097401,1097404,1097748,1104841,1105019,1107030,1109465,1117473,1117626,1117627,1117629,1117630,1120644,1122191,1123482,1124525,1127532,1129346,1130694,1130840,1133452,1133810,1134209,1138459,1140290,1140868,1141853,1144919,1145665,1146090,1146091,1146093,1146094,1146095,1146097,1146099,1146100,1149323,1153423,1154738,1447070,1447409,744625,744629,845955,865853,905528,917607,935856,937414,947747,948045,948602,955142,957814,957815,961254,962297,966076,966077,985201,986541,991344,998743
CVE References: CVE-2013-2882,CVE-2013-6639,CVE-2013-6640,CVE-2013-6668,CVE-2014-0224,CVE-2015-3193,CVE-2015-3194,CVE-2015-5380,CVE-2015-7384,CVE-2016-2086,CVE-2016-2178,CVE-2016-2183,CVE-2016-2216,CVE-2016-5172,CVE-2016-5325,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7099,CVE-2017-1000381,CVE-2017-10686,CVE-2017-11111,CVE-2017-11499,CVE-2017-14228,CVE-2017-14849,CVE-2017-14919,CVE-2017-15896,CVE-2017-15897,CVE-2017-17810,CVE-2017-17811,CVE-2017-17812,CVE-2017-17813,CVE-2017-17814,CVE-2017-17815,CVE-2017-17816,CVE-2017-17817,CVE-2017-17818,CVE-2017-17819,CVE-2017-17820,CVE-2017-18207,CVE-2017-3735,CVE-2017-3736,CVE-2017-3738,CVE-2018-0732,CVE-2018-1000168,CVE-2018-12115,CVE-2018-12116,CVE-2018-12121,CVE-2018-12122,CVE-2018-12123,CVE-2018-20406,CVE-2018-20852,CVE-2018-7158,CVE-2018-7159,CVE-2018-7160,CVE-2018-7161,CVE-2018-7167,CVE-2019-10160,CVE-2019-11709,CVE-2019-11710,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11714,CVE-2019-11715,CVE-2019-11716,CVE-2019-11717,CVE-2019-11718,CVE-2019-11719,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11729,CVE-2019-11730,CVE-2019-11733,CVE-2019-11735,CVE-2019-11736,CVE-2019-11738,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11747,CVE-2019-11748,CVE-2019-11749,CVE-2019-11750,CVE-2019-11751,CVE-2019-11752,CVE-2019-11753,CVE-2019-11757,CVE-2019-11758,CVE-2019-11759,CVE-2019-11760,CVE-2019-11761,CVE-2019-11762,CVE-2019-11763,CVE-2019-11764,CVE-2019-13173,CVE-2019-15903,CVE-2019-5010,CVE-2019-5737,CVE-2019-9511,CVE-2019-9512,CVE-2019-9513,CVE-2019-9514,CVE-2019-9515,CVE-2019-9516,CVE-2019-9517,CVE-2019-9518,CVE-2019-9636,CVE-2019-9811,CVE-2019-9812,CVE-2019-9947
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    MozillaFirefox-68.2.0-78.51.4, MozillaFirefox-branding-SLED-68-21.9.8, firefox-atk-2.26.1-2.8.4, firefox-cairo-1.15.10-2.13.4, firefox-gcc5-5.3.1+r233831-14.1, firefox-gcc8-8.2.1+r264010-2.5.1, firefox-gdk-pixbuf-2.36.11-2.8.4, firefox-glib2-2.54.3-2.14.7, firefox-gtk3-3.10.9-2.15.3, firefox-harfbuzz-1.7.5-2.7.4, firefox-libffi-3.2.1.git259-2.3.3, firefox-libffi-gcc5-5.3.1+r233831-14.1, firefox-pango-1.40.14-2.7.4, mozilla-nspr-4.21-29.6.1, mozilla-nss-3.45-38.9.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 71 Swamp Workflow Management 2022-02-16 20:53:49 UTC
SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668
CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 12-BETA (src):    venv-salt-minion-3002.2-3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.