SUSE-SU-2022:1040-1

MEDIUM5.5

Security update for protobuf

Published Mar 30, 2022

Modified 4 years ago

Fix available

Details

Description of the patch:

This update for protobuf fixes the following issues:

CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).

Affected Packages

libprotobuf-lite20

SUSE Enterprise Storage 7SUSE Enterprise Storage 7.1SUSE Linux Enterprise Desktop 15 SP2SUSE Linux Enterprise Desktop 15 SP3SUSE Linux Enterprise High Performance Computing 15 SP2

Fixed in:

3.9.2-4.12.1

libprotobuf20

SUSE Enterprise Storage 7.1SUSE Linux Enterprise Desktop 15 SP3SUSE Linux Enterprise High Performance Computing 15 SP3SUSE Linux Enterprise Module for Basesystem 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

3.9.2-4.12.1

libprotoc20

SUSE Linux Enterprise Module for Development Tools 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

3.9.2-4.12.1

protobuf-devel

SUSE Linux Enterprise Module for Development Tools 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

3.9.2-4.12.1

python2-protobuf

SUSE Linux Enterprise Module for Package Hub 15 SP3SUSE Linux Enterprise Module for Package Hub 15 SP4

Fixed in:

3.9.2-4.12.1

python3-protobuf

SUSE Linux Enterprise Module for Package Hub 15 SP3SUSE Linux Enterprise Module for Package Hub 15 SP4SUSE Linux Enterprise Module for Public Cloud 15 SP2SUSE Linux Enterprise Module for Public Cloud 15 SP3

Fixed in:

3.9.2-4.12.1

protobuf-java

SUSE Manager Server Module 4.1SUSE Manager Server Module 4.2

Fixed in:

3.9.2-4.12.1

References

ADVISORY

https://bugzilla.suse.com/1195258

ADVISORY

https://lists.suse.com/pipermail/sle-security-updates/2022-March/010568.html

ADVISORY