-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.3111
                    Security update for go1.18-openssl
                                1 June 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           go1.18-openssl
Publisher:         SUSE
Operating System:  SUSE
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-41725 CVE-2022-41724 CVE-2022-41723
                   CVE-2022-41720 CVE-2022-41717 CVE-2022-41716
                   CVE-2022-41715 CVE-2022-32189 CVE-2022-32148
                   CVE-2022-30635 CVE-2022-30634 CVE-2022-30633
                   CVE-2022-30632 CVE-2022-30631 CVE-2022-30630
                   CVE-2022-30629 CVE-2022-30580 CVE-2022-29804
                   CVE-2022-29526 CVE-2022-28327 CVE-2022-28131
                   CVE-2022-27664 CVE-2022-27536 CVE-2022-24675
                   CVE-2022-2880 CVE-2022-2879 CVE-2022-1962
                   CVE-2022-1705  

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2023/suse-su-20232312-1

Comment: CVSS (Max):  7.5 CVE-2022-41724 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
         CVSS Source: [SUSE], Red Hat
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

Security update for go1.18-openssl

Announcement ID:  SUSE-SU-2023:2312-1
     Rating:      important
                    o #1183043
                    o #1193742
                    o #1198423
                    o #1198424
                    o #1198427
                    o #1199413
                    o #1200134
                    o #1200135
                    o #1200136
                    o #1200137
                    o #1201434
                    o #1201436
                    o #1201437
                    o #1201440
                    o #1201443
   References:      o #1201444
                    o #1201445
                    o #1201447
                    o #1201448
                    o #1202035
                    o #1203185
                    o #1204023
                    o #1204024
                    o #1204025
                    o #1204941
                    o #1206134
                    o #1206135
                    o #1208270
                    o #1208271
                    o #1208272
                    o #1208491

                    o CVE-2022-1705
                    o CVE-2022-1962
                    o CVE-2022-24675
                    o CVE-2022-27536
                    o CVE-2022-27664
                    o CVE-2022-28131
                    o CVE-2022-28327
                    o CVE-2022-2879
                    o CVE-2022-2880
                    o CVE-2022-29526
                    o CVE-2022-29804
                    o CVE-2022-30580
                    o CVE-2022-30629
                    o CVE-2022-30630
Cross-References:   o CVE-2022-30631
                    o CVE-2022-30632
                    o CVE-2022-30633
                    o CVE-2022-30634
                    o CVE-2022-30635
                    o CVE-2022-32148
                    o CVE-2022-32189
                    o CVE-2022-41715
                    o CVE-2022-41716
                    o CVE-2022-41717
                    o CVE-2022-41720
                    o CVE-2022-41723
                    o CVE-2022-41724
                    o CVE-2022-41725

                    o CVE-2022-1705 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:L/A:N
                    o CVE-2022-1705 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:L/I:L/A:N
                    o CVE-2022-1962 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-1962 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-24675 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-24675 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-27536 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-27536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-27664 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-27664 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-28131 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-28131 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-28327 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-28327 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-2879 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-2879 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-2880 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/
                      S:U/C:H/I:H/A:H
                    o CVE-2022-2880 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:H/A:N
                    o CVE-2022-29526 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-29526 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:L/I:N/A:N
                    o CVE-2022-29804 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N
                      /S:U/C:L/I:L/A:N
                    o CVE-2022-29804 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:H/I:N/A:N
                    o CVE-2022-30580 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R
                      /S:U/C:H/I:H/A:H
                    o CVE-2022-30580 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                      S:U/C:H/I:H/A:H
                    o CVE-2022-30629 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N
                      /S:U/C:L/I:N/A:N
                    o CVE-2022-30629 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/
                      S:U/C:L/I:N/A:N
                    o CVE-2022-30630 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-30630 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
  CVSS scores:        S:U/C:N/I:N/A:H
                    o CVE-2022-30631 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-30631 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-30632 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-30632 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-30633 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-30633 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-30634 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N
                      /S:U/C:N/I:N/A:L
                    o CVE-2022-30634 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-30635 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-30635 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-32148 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
                      /S:U/C:L/I:N/A:N
                    o CVE-2022-32148 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:L/I:L/A:N
                    o CVE-2022-32189 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-32189 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-41715 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-41715 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-41716 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N
                      /S:U/C:N/I:N/A:N
                    o CVE-2022-41716 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:H/A:N
                    o CVE-2022-41717 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-41717 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:L
                    o CVE-2022-41720 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:H/I:N/A:N
                    o CVE-2022-41723 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-41723 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-41724 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-41724 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H
                    o CVE-2022-41725 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N
                      /S:U/C:N/I:N/A:H
                    o CVE-2022-41725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                      S:U/C:N/I:N/A:H

                    o Development Tools Module 15-SP4
                    o openSUSE Leap 15.4
                    o openSUSE Leap 15.5
                    o SUSE Enterprise Storage 7.1
                    o SUSE Linux Enterprise Desktop 15 SP4
                    o SUSE Linux Enterprise High Performance Computing 15 SP3
                    o SUSE Linux Enterprise High Performance Computing 15 SP4
                    o SUSE Linux Enterprise High Performance Computing ESPOS 15
                      SP3
    Affected        o SUSE Linux Enterprise High Performance Computing LTSS 15
    Products:         SP3
                    o SUSE Linux Enterprise Real Time 15 SP3
                    o SUSE Linux Enterprise Real Time 15 SP4
                    o SUSE Linux Enterprise Server 15 SP3
                    o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
                    o SUSE Linux Enterprise Server 15 SP4
                    o SUSE Linux Enterprise Server for SAP Applications 15 SP3
                    o SUSE Linux Enterprise Server for SAP Applications 15 SP4
                    o SUSE Manager Proxy 4.3
                    o SUSE Manager Retail Branch Server 4.3
                    o SUSE Manager Server 4.3

An update that solves 28 vulnerabilities, contains one feature and has three
fixes can now be installed.

Description:

This update for go1.18-openssl fixes the following issues:

  o Add subpackage go1.x-libstd compiled shared object libstd.so (jsc#PED-1962)
  o Main go1.x package included libstd.so in previous versions
  o Split libstd.so into subpackage that can be installed standalone
  o Continues the slimming down of main go1.x package by 40 Mb
  o Experimental and not recommended for general use, Go currently has no ABI
  o Upstream Go has not committed to support buildmode=shared long-term
  o Do not use in packaging, build static single binaries (the default)
  o Upstream Go go1.x binary releases do not include libstd.so
  o go1.x Suggests go1.x-libstd so not installed by default Recommends
  o go1.x-libstd does not Require: go1.x so can install standalone
  o Provides go-libstd unversioned package name
  o Fix build step -buildmode=shared std to omit -linkshared
  o Packaging improvements:
  o go1.x Suggests go1.x-doc so not installed by default Recommends
  o Use Group: Development/Languages/Go instead of Other

  o Improvements to go1.x packaging spec:

  o On Tumbleweed bootstrap with current default gcc13 and gccgo118
  o On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap using go1.x
    package (%bcond_without gccgo). This is no longer needed on current
    SLE-12:Update and removing will consolidate the build configurations used.
  o Change source URLs to go.dev as per Go upstream
  o On x86_64 export GOAMD64=v1 as per the current baseline. At this time forgo
    GOAMD64=v3 option for x86_64_v3 support.
  o On x86_64 %define go_amd64=v1 as current instruction baseline

  o Update to version 1.18.10.1 cut from the go1.18-openssl-fips branch at the
    revision tagged go1.18.10-1-openssl-fips.

  o Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips
  o Merge go1.18.10 into dev.boringcrypto.go1.18

  o go1.18.10 (released 2023-01-10) includes fixes to cgo, the compiler, the
    linker, and the crypto/x509, net/http, and syscall packages. Refs bsc#
    1193742 go1.18 release tracking

  o go#57705 misc/cgo: backport needed for dlltool fix
  o go#57426 crypto/x509: Verify on macOS does not return typed errors
  o go#57344 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32
    function needs to sign extend its "old" argument.
  o go#57338 syscall, internal/poll: accept4-to-accept fallback removal broke
    Go code on Synology DSM 6.2 ARM devices
  o go#57213 os: TestLstat failure on Linux Aarch64
  o go#57211 reflect: sort.SliceStable sorts incorrectly on arm64 with less
    function created with reflect.MakeFunc and slice of sufficient length
  o go#57057 cmd/go: remove test dependency on gopkg.in service
  o go#57054 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on
    linux longtest builders
  o go#57044 cgo: malformed DWARF TagVariable entry
  o go#57028 cmd/cgo: Wrong types in compiler errors with clang 14
  o go#56833 cmd/link/internal/ppc64: too-far trampoline is reused
  o go#56711 net: reenable TestLookupDotsWithRemoteSource and
    TestLookupGoogleSRV with a different target
  o go#56323 net/http: bad handling of HEAD requests with a body

Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o openSUSE Leap 15.4
    zypper in -t patch openSUSE-SLE-15.4-2023-2312=1
  o openSUSE Leap 15.5
    zypper in -t patch openSUSE-SLE-15.5-2023-2312=1
  o Development Tools Module 15-SP4
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2312=1
  o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2312=1
  o SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2312=1
  o SUSE Linux Enterprise Real Time 15 SP3
    zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2312=1
  o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2312=1
  o SUSE Linux Enterprise Server for SAP Applications 15 SP3
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2312=1
  o SUSE Enterprise Storage 7.1
    zypper in -t patch SUSE-Storage-7.1-2023-2312=1

Package List:

  o openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
       go1.18-openssl-1.18.10.1-150000.1.9.1
       go1.18-openssl-doc-1.18.10.1-150000.1.9.1
  o openSUSE Leap 15.4 (aarch64 x86_64)
       go1.18-openssl-race-1.18.10.1-150000.1.9.1
  o openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
       go1.18-openssl-1.18.10.1-150000.1.9.1
       go1.18-openssl-doc-1.18.10.1-150000.1.9.1
  o openSUSE Leap 15.5 (aarch64 x86_64)
       go1.18-openssl-race-1.18.10.1-150000.1.9.1
  o Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
       go1.18-openssl-1.18.10.1-150000.1.9.1
       go1.18-openssl-doc-1.18.10.1-150000.1.9.1
  o Development Tools Module 15-SP4 (aarch64 x86_64)
       go1.18-openssl-race-1.18.10.1-150000.1.9.1
  o SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
    x86_64)
       go1.18-openssl-1.18.10.1-150000.1.9.1
       go1.18-openssl-race-1.18.10.1-150000.1.9.1
       go1.18-openssl-doc-1.18.10.1-150000.1.9.1
  o SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
    x86_64)
       go1.18-openssl-1.18.10.1-150000.1.9.1
       go1.18-openssl-race-1.18.10.1-150000.1.9.1
       go1.18-openssl-doc-1.18.10.1-150000.1.9.1
  o SUSE Linux Enterprise Real Time 15 SP3 (x86_64)
       go1.18-openssl-1.18.10.1-150000.1.9.1
       go1.18-openssl-race-1.18.10.1-150000.1.9.1
       go1.18-openssl-doc-1.18.10.1-150000.1.9.1
  o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
    x86_64)
       go1.18-openssl-1.18.10.1-150000.1.9.1
       go1.18-openssl-doc-1.18.10.1-150000.1.9.1
  o SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64)
       go1.18-openssl-race-1.18.10.1-150000.1.9.1
  o SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
       go1.18-openssl-1.18.10.1-150000.1.9.1
       go1.18-openssl-doc-1.18.10.1-150000.1.9.1
  o SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
       go1.18-openssl-race-1.18.10.1-150000.1.9.1
  o SUSE Enterprise Storage 7.1 (aarch64 x86_64)
       go1.18-openssl-1.18.10.1-150000.1.9.1
       go1.18-openssl-race-1.18.10.1-150000.1.9.1
       go1.18-openssl-doc-1.18.10.1-150000.1.9.1

References:

  o https://www.suse.com/security/cve/CVE-2022-1705.html
  o https://www.suse.com/security/cve/CVE-2022-1962.html
  o https://www.suse.com/security/cve/CVE-2022-24675.html
  o https://www.suse.com/security/cve/CVE-2022-27536.html
  o https://www.suse.com/security/cve/CVE-2022-27664.html
  o https://www.suse.com/security/cve/CVE-2022-28131.html
  o https://www.suse.com/security/cve/CVE-2022-28327.html
  o https://www.suse.com/security/cve/CVE-2022-2879.html
  o https://www.suse.com/security/cve/CVE-2022-2880.html
  o https://www.suse.com/security/cve/CVE-2022-29526.html
  o https://www.suse.com/security/cve/CVE-2022-29804.html
  o https://www.suse.com/security/cve/CVE-2022-30580.html
  o https://www.suse.com/security/cve/CVE-2022-30629.html
  o https://www.suse.com/security/cve/CVE-2022-30630.html
  o https://www.suse.com/security/cve/CVE-2022-30631.html
  o https://www.suse.com/security/cve/CVE-2022-30632.html
  o https://www.suse.com/security/cve/CVE-2022-30633.html
  o https://www.suse.com/security/cve/CVE-2022-30634.html
  o https://www.suse.com/security/cve/CVE-2022-30635.html
  o https://www.suse.com/security/cve/CVE-2022-32148.html
  o https://www.suse.com/security/cve/CVE-2022-32189.html
  o https://www.suse.com/security/cve/CVE-2022-41715.html
  o https://www.suse.com/security/cve/CVE-2022-41716.html
  o https://www.suse.com/security/cve/CVE-2022-41717.html
  o https://www.suse.com/security/cve/CVE-2022-41720.html
  o https://www.suse.com/security/cve/CVE-2022-41723.html
  o https://www.suse.com/security/cve/CVE-2022-41724.html
  o https://www.suse.com/security/cve/CVE-2022-41725.html
  o https://bugzilla.suse.com/show_bug.cgiid=1183043
  o https://bugzilla.suse.com/show_bug.cgiid=1193742
  o https://bugzilla.suse.com/show_bug.cgiid=1198423
  o https://bugzilla.suse.com/show_bug.cgiid=1198424
  o https://bugzilla.suse.com/show_bug.cgiid=1198427
  o https://bugzilla.suse.com/show_bug.cgiid=1199413
  o https://bugzilla.suse.com/show_bug.cgiid=1200134
  o https://bugzilla.suse.com/show_bug.cgiid=1200135
  o https://bugzilla.suse.com/show_bug.cgiid=1200136
  o https://bugzilla.suse.com/show_bug.cgiid=1200137
  o https://bugzilla.suse.com/show_bug.cgiid=1201434
  o https://bugzilla.suse.com/show_bug.cgiid=1201436
  o https://bugzilla.suse.com/show_bug.cgiid=1201437
  o https://bugzilla.suse.com/show_bug.cgiid=1201440
  o https://bugzilla.suse.com/show_bug.cgiid=1201443
  o https://bugzilla.suse.com/show_bug.cgiid=1201444
  o https://bugzilla.suse.com/show_bug.cgiid=1201445
  o https://bugzilla.suse.com/show_bug.cgiid=1201447
  o https://bugzilla.suse.com/show_bug.cgiid=1201448
  o https://bugzilla.suse.com/show_bug.cgiid=1202035
  o https://bugzilla.suse.com/show_bug.cgiid=1203185
  o https://bugzilla.suse.com/show_bug.cgiid=1204023
  o https://bugzilla.suse.com/show_bug.cgiid=1204024
  o https://bugzilla.suse.com/show_bug.cgiid=1204025
  o https://bugzilla.suse.com/show_bug.cgiid=1204941
  o https://bugzilla.suse.com/show_bug.cgiid=1206134
  o https://bugzilla.suse.com/show_bug.cgiid=1206135
  o https://bugzilla.suse.com/show_bug.cgiid=1208270
  o https://bugzilla.suse.com/show_bug.cgiid=1208271
  o https://bugzilla.suse.com/show_bug.cgiid=1208272
  o https://bugzilla.suse.com/show_bug.cgiid=1208491
  o https://jira.suse.com/browse/PED-1962

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBZHf5TckNZI30y1K9AQi7AQ/7Bsyo86gVd8NJuSXLDUzlZ9jZ8qnpUtjP
IBqpur9+RcvOmeIA9+7EH3QXl2hEhqDjqy99srXl1rhnco1p9glxBMuAYeRwKmES
U7Wyw1U5z4J6twyBFDy2QGoUY5yjjgx1q/K5xC4g8QwAinMvhkMwwyhqAwJImoA5
iJ2LVc+UhP/WS/19rn0kJcMCDo/vkk+xLyChQGl704TrFq0sBMTwov9/oOXkJBj5
RROEoLtmLIQs32taSQzTWz06TfMhiekx4Ayyuix/94iAtKTQDtra7owd7eOowtbX
QhMzubwPcekkQOQiHW8kD8xnHWXMLTGwMlRwU/EU7JixvFaoBBGOI01qftbyI4jb
hqgY9KYIdggl08yIcZH1AgfO21oy4Td3Pu64D2LlpRpYn9NzdXzbDGcH0kgovEb6
WYeoWVnJN61HHCrMHRc2XgALrq9F/gb0I6JP7vssEsKLxBFlvX2mAq0eEfxlLh3l
3XVO2Q9SW39C1OnToQLJ0Y11mhmxR90H5MqkAyyV3sP4DdkoQd/itGCPlYLA06Rf
kI35oR9QdoFeAtT2rX8HrD2H9SVKFY/L9AVNSfuvlisSlTIsIfxVaqDb5shbl+Nc
3FDVHXPLYWyw+R2RNfROg6N4TVjz2HPz5TdHDMirOwNRMDHTnkzXfWVy//I7QY2m
LMrI7NiGpJQ=
=Phyw
-----END PGP SIGNATURE-----