From sle-container-updates at lists.suse.com Fri Dec 1 08:02:59 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Dec 2023 09:02:59 +0100 (CET) Subject: SUSE-CU-2023:3921-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231201080259.04D11FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3921-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.265 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.265 Severity : moderate Type : security References : 1216591 CVE-2023-46316 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4623-1 Released: Thu Nov 30 19:22:32 2023 Summary: Security update for traceroute Type: security Severity: moderate References: 1216591,CVE-2023-46316 This update for traceroute fixes the following issues: - CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591). The following package changes have been done: - traceroute-2.0.21-150000.3.3.1 updated From sle-container-updates at lists.suse.com Fri Dec 1 08:04:01 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Dec 2023 09:04:01 +0100 (CET) Subject: SUSE-CU-2023:3923-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20231201080401.425F9FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3923-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.161 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.161 Severity : moderate Type : recommended References : 1217472 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4615-1 Released: Wed Nov 29 20:33:38 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1217472 This update of icu fixes the following issue: - missing 32bit libraries in SLES 15 SP3 were added, required by xerces-c 32bit. The following package changes have been done: - libicu-suse65_1-65.1-150200.4.10.1 updated - libicu65_1-ledata-65.1-150200.4.10.1 updated From sle-container-updates at lists.suse.com Fri Dec 1 08:04:12 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Dec 2023 09:04:12 +0100 (CET) Subject: SUSE-CU-2023:3925-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20231201080412.A2EDEF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3925-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.106 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.106 Severity : moderate Type : recommended References : 1217472 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4615-1 Released: Wed Nov 29 20:33:38 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1217472 This update of icu fixes the following issue: - missing 32bit libraries in SLES 15 SP3 were added, required by xerces-c 32bit. The following package changes have been done: - libicu-suse65_1-65.1-150200.4.10.1 updated - libicu65_1-ledata-65.1-150200.4.10.1 updated From sle-container-updates at lists.suse.com Fri Dec 1 08:05:46 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Dec 2023 09:05:46 +0100 (CET) Subject: SUSE-CU-2023:3929-1: Recommended update of suse/389-ds Message-ID: <20231201080546.C0545FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3929-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.50 , suse/389-ds:latest Container Release : 16.50 Severity : moderate Type : recommended References : 1217472 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4615-1 Released: Wed Nov 29 20:33:38 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1217472 This update of icu fixes the following issue: - missing 32bit libraries in SLES 15 SP3 were added, required by xerces-c 32bit. The following package changes have been done: - libicu65_1-ledata-65.1-150200.4.10.1 updated - libicu-suse65_1-65.1-150200.4.10.1 updated From sle-container-updates at lists.suse.com Fri Dec 1 12:07:25 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 1 Dec 2023 13:07:25 +0100 (CET) Subject: SUSE-CU-2023:3940-1: Security update of trento/trento-web Message-ID: <20231201120725.50570FBA9@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-web ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3940-1 Container Tags : trento/trento-web:2.2.0 , trento/trento-web:2.2.0-build4.27.1 , trento/trento-web:latest Container Release : 4.27.1 Severity : important Type : security References : 1107342 1196647 1198165 1206480 1206480 1206684 1206684 1210557 1210557 1211078 1211427 1211427 1211829 1212101 1212101 1212819 1212910 1213915 1213915 1214052 1214052 1214052 1214460 1214460 1215286 1215427 1215434 1215713 1215891 1216123 1216174 1216378 1216664 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-35945 CVE-2023-4039 CVE-2023-4039 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 CVE-2023-4813 ----------------------------------------------------------------- The container trento/trento-web was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3639-1 Released: Mon Sep 18 13:33:16 2023 Summary: Security update for libeconf Type: security Severity: moderate References: 1198165,1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following non-security bug was fixed: - Fixed parsing files correctly which have space characters AND none space characters as delimiters (bsc#1198165). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.20.1 updated - glibc-2.31-150300.63.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libuuid1-2.37.2-150400.8.20.1 updated - libudev1-249.16-150400.8.35.5 updated - libsmartcols1-2.37.2-150400.8.20.1 updated - libeconf0-0.5.2-150400.3.6.1 updated - libblkid1-2.37.2-150400.8.20.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libz1-1.2.11-150000.3.48.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libxml2-2-2.9.14-150400.5.25.1 updated - libsystemd0-249.16-150400.8.35.5 updated - libopenssl1_1-1.1.1l-150400.7.60.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.60.2 updated - libmount1-2.37.2-150400.8.20.1 updated - krb5-1.19.2-150400.3.6.1 updated - login_defs-4.8.1-150400.10.12.1 updated - libtirpc3-1.3.4-150300.3.20.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - sysuser-shadow-3.2-150400.3.5.3 updated - util-linux-2.37.2-150400.8.20.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated - container:bci-nodejs-16-15.0.0-27.14.122 updated - container:sles15-image-15.0.0-27.14.122 updated From sle-container-updates at lists.suse.com Sat Dec 2 08:02:47 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:02:47 +0100 (CET) Subject: SUSE-CU-2023:3941-1: Security update of suse/sle15 Message-ID: <20231202080247.2D25AF3CA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3941-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.219 , suse/sle15:15.3 , suse/sle15:15.3.17.20.219 Container Release : 17.20.219 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated From sle-container-updates at lists.suse.com Sat Dec 2 08:07:57 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:07:57 +0100 (CET) Subject: SUSE-CU-2023:3960-1: Security update of bci/openjdk-devel Message-ID: <20231202080757.4D0B8FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3960-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.92 Container Release : 10.92 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4617-1 Released: Thu Nov 30 09:37:04 2023 Summary: Recommended update for javapackages-tools Type: recommended Severity: moderate References: This update for javapackages-tools fixes the following issues: - Add requirement for `python-xml` as it is needed by some scripts - Ensure reproducibility of built binaries - Minor bug fixes ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated - javapackages-filesystem-6.2.0-150200.3.12.1 updated - javapackages-tools-6.2.0-150200.3.12.1 updated - container:bci-openjdk-11-15.5.11-11.45 updated From sle-container-updates at lists.suse.com Sat Dec 2 08:09:42 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:09:42 +0100 (CET) Subject: SUSE-CU-2023:3969-1: Security update of bci/python Message-ID: <20231202080942.6DF67FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3969-1 Container Tags : bci/python:3 , bci/python:3-12.37 , bci/python:3.11 , bci/python:3.11-12.37 , bci/python:latest Container Release : 12.37 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated - container:sles15-image-15.0.0-36.5.59 updated From sle-container-updates at lists.suse.com Sat Dec 2 08:09:46 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:09:46 +0100 (CET) Subject: SUSE-CU-2023:3970-1: Security update of suse/rmt-server Message-ID: <20231202080946.E52E4FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3970-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.41 , suse/rmt-server:latest Container Release : 11.41 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated - container:sles15-image-15.0.0-36.5.59 updated From sle-container-updates at lists.suse.com Sat Dec 2 08:09:58 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:09:58 +0100 (CET) Subject: SUSE-CU-2023:3971-1: Security update of bci/ruby Message-ID: <20231202080958.E07DBFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3971-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.40 , bci/ruby:2.5 , bci/ruby:2.5-12.40 , bci/ruby:latest Container Release : 12.40 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated - sqlite3-devel-3.44.0-150000.3.23.1 updated - container:sles15-image-15.0.0-36.5.59 updated From sle-container-updates at lists.suse.com Sat Dec 2 08:10:50 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 2 Dec 2023 09:10:50 +0100 (CET) Subject: SUSE-CU-2023:3977-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20231202081050.652ECFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3977-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.9 , suse/manager/4.3/proxy-ssh:4.3.9.9.30.14 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.9 , suse/manager/4.3/proxy-ssh:susemanager-4.3.9.9.30.14 Container Release : 9.30.14 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated From meissner at suse.de Wed Dec 6 08:03:36 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 6 Dec 2023 09:03:36 +0100 (CET) Subject: SUSE-CU-2023:3988-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20231206080336.0BB89FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3988-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.110 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.110 Severity : important Type : security References : 1210660 CVE-2023-2137 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). The following package changes have been done: - libsqlite3-0-3.44.0-150000.3.23.1 updated - container:sles15-image-15.0.0-36.5.59 updated From meissner at suse.de Thu Dec 7 08:08:18 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 09:08:18 +0100 (CET) Subject: SUSE-CU-2023:4004-1: Security update of bci/dotnet-aspnet Message-ID: <20231207080818.7E649FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4004-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-18.14 , bci/dotnet-aspnet:7.0.14 , bci/dotnet-aspnet:7.0.14-18.14 , bci/dotnet-aspnet:latest Container Release : 18.14 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Thu Dec 7 08:08:27 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 09:08:27 +0100 (CET) Subject: SUSE-CU-2023:4005-1: Recommended update of suse/registry Message-ID: <20231207080827.9B4DFFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4005-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-15.18 , suse/registry:latest Container Release : 15.18 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - system-group-hardware-20170617-150400.24.2.1 updated From meissner at suse.de Thu Dec 7 08:09:40 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 09:09:40 +0100 (CET) Subject: SUSE-CU-2023:4011-1: Security update of bci/golang Message-ID: <20231207080940.8514EFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4011-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-8.15 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-8.15 Container Release : 8.15 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Thu Dec 7 08:10:10 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 09:10:10 +0100 (CET) Subject: SUSE-CU-2023:4014-1: Security update of bci/openjdk-devel Message-ID: <20231207081010.98475FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4014-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.93 , bci/openjdk-devel:latest Container Release : 12.93 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:bci-openjdk-17-15.5.17-12.45 updated From meissner at suse.de Thu Dec 7 13:40:44 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 14:40:44 +0100 (CET) Subject: SUSE-CU-2023:4035-1: Security update of suse/postgres Message-ID: <20231207134044.4FE9EFDD7@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4035-1 Container Tags : suse/postgres:15 , suse/postgres:15-13.4 , suse/postgres:15.5 , suse/postgres:15.5-13.4 Container Release : 13.4 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Thu Dec 7 13:41:18 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 14:41:18 +0100 (CET) Subject: SUSE-CU-2023:4038-1: Security update of bci/python Message-ID: <20231207134118.079DCFDDA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4038-1 Container Tags : bci/python:3 , bci/python:3-14.40 , bci/python:3.6 , bci/python:3.6-14.40 Container Release : 14.40 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - curl-8.0.1-150400.5.36.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Thu Dec 7 13:41:24 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 14:41:24 +0100 (CET) Subject: SUSE-CU-2023:4039-1: Security update of suse/rmt-server Message-ID: <20231207134124.3C267FDDA@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4039-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.44 , suse/rmt-server:latest Container Release : 11.44 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Thu Dec 7 13:38:05 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 14:38:05 +0100 (CET) Subject: SUSE-CU-2023:4024-1: Security update of bci/golang Message-ID: <20231207133805.0A308FD1F@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4024-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.55 , bci/golang:oldstable , bci/golang:oldstable-2.4.55 Container Release : 4.55 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Thu Dec 7 13:40:28 2023 From: meissner at suse.de (meissner at suse.de) Date: Thu, 7 Dec 2023 14:40:28 +0100 (CET) Subject: SUSE-CU-2023:4034-1: Security update of bci/php Message-ID: <20231207134028.1825BFDD0@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4034-1 Container Tags : bci/php:8 , bci/php:8-8.43 Container Release : 8.43 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-user-wwwrun-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Fri Dec 8 08:04:48 2023 From: meissner at suse.de (meissner at suse.de) Date: Fri, 8 Dec 2023 09:04:48 +0100 (CET) Subject: SUSE-CU-2023:4043-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231208080448.F23A5FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4043-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.168 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.168 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - groff-1.22.4-150400.5.2.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libpipeline1-1.4.1-150000.3.2.1 updated - man-2.7.6-150100.8.5.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-man-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-27.14.125 updated From meissner at suse.de Fri Dec 8 08:09:15 2023 From: meissner at suse.de (meissner at suse.de) Date: Fri, 8 Dec 2023 09:09:15 +0100 (CET) Subject: SUSE-CU-2023:4039-1: Security update of suse/rmt-server Message-ID: <20231208080915.45F6AFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4039-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.44 , suse/rmt-server:latest Container Release : 11.44 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Fri Dec 8 08:09:34 2023 From: meissner at suse.de (meissner at suse.de) Date: Fri, 8 Dec 2023 09:09:34 +0100 (CET) Subject: SUSE-CU-2023:4046-1: Security update of bci/ruby Message-ID: <20231208080934.D3ED3FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4046-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.43 , bci/ruby:2.5 , bci/ruby:2.5-12.43 , bci/ruby:latest Container Release : 12.43 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - curl-8.0.1-150400.5.36.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Fri Dec 8 08:10:00 2023 From: meissner at suse.de (meissner at suse.de) Date: Fri, 8 Dec 2023 09:10:00 +0100 (CET) Subject: SUSE-CU-2023:4047-1: Security update of bci/rust Message-ID: <20231208081000.2D24FFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4047-1 Container Tags : bci/rust:1.73 , bci/rust:1.73-2.2.4 , bci/rust:oldstable , bci/rust:oldstable-2.2.4 Container Release : 2.4 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Fri Dec 8 08:10:20 2023 From: meissner at suse.de (meissner at suse.de) Date: Fri, 8 Dec 2023 09:10:20 +0100 (CET) Subject: SUSE-CU-2023:4048-1: Security update of bci/rust Message-ID: <20231208081020.52546FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4048-1 Container Tags : bci/rust:1.74 , bci/rust:1.74-1.2.4 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.4 Container Release : 2.4 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.61 updated From meissner at suse.de Sat Dec 9 08:03:25 2023 From: meissner at suse.de (meissner at suse.de) Date: Sat, 9 Dec 2023 09:03:25 +0100 (CET) Subject: SUSE-CU-2023:4059-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231209080325.2BD60FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4059-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.9 , suse/manager/4.3/proxy-salt-broker:4.3.9.9.30.21 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9.9.30.21 Container Release : 9.30.21 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - curl-8.0.1-150400.5.36.1 updated From meissner at suse.de Sat Dec 9 08:03:32 2023 From: meissner at suse.de (meissner at suse.de) Date: Sat, 9 Dec 2023 09:03:32 +0100 (CET) Subject: SUSE-CU-2023:4060-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231209080332.6F11FFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4060-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.19 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.19 Container Release : 9.30.19 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated From meissner at suse.de Sun Dec 10 08:02:20 2023 From: meissner at suse.de (meissner at suse.de) Date: Sun, 10 Dec 2023 09:02:20 +0100 (CET) Subject: SUSE-CU-2023:4061-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20231210080220.54018FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4061-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.9 , suse/manager/4.3/proxy-squid:4.3.9.9.39.19 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.9 , suse/manager/4.3/proxy-squid:susemanager-4.3.9.9.39.19 Container Release : 9.39.19 Severity : moderate Type : security References : 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. The following package changes have been done: - libcurl4-8.0.1-150400.5.36.1 updated - system-group-hardware-20170617-150400.24.2.1 updated From meissner at suse.de Wed Dec 13 08:07:46 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 09:07:46 +0100 (CET) Subject: SUSE-CU-2023:4087-1: Security update of bci/golang Message-ID: <20231213080746.CB42BFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4087-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.4.58 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.4.58 Container Release : 4.58 Severity : important Type : security References : 1212475 1216501 1216578 1216862 1216943 1217833 1217834 CVE-2023-39326 CVE-2023-45284 CVE-2023-45285 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4709-1 Released: Mon Dec 11 10:45:08 2023 Summary: Security update for go1.21 Type: security Severity: important References: 1212475,1216943,1217833,1217834,CVE-2023-39326,CVE-2023-45284,CVE-2023-45285 This update for go1.21 fixes the following issues: Update to go1.21.5: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). - CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). - cmd/go: go mod download needs to support toolchain upgrades - cmd/compile: invalid pointer found on stack when compiled with -race - os: NTFS deduped file changed from regular to irregular - net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux kernel < 5.1 - cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents - syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms - runtime: self-deadlock on mheap_.lock - crypto/rand: Legacy RtlGenRandom use on Windows ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - go1.21-doc-1.21.5-150000.1.18.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - git-core-2.35.3-150300.10.33.1 updated - go1.21-1.21.5-150000.1.18.1 updated - go1.21-race-1.21.5-150000.1.18.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 08:08:05 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 09:08:05 +0100 (CET) Subject: SUSE-CU-2023:4089-1: Recommended update of suse/nginx Message-ID: <20231213080805.576D7FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4089-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.51 , suse/nginx:latest Container Release : 5.51 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 08:08:17 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 09:08:17 +0100 (CET) Subject: SUSE-CU-2023:4090-1: Recommended update of bci/nodejs Message-ID: <20231213080817.7B03CFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4090-1 Container Tags : bci/node:18 , bci/node:18-12.19 , bci/nodejs:18 , bci/nodejs:18-12.19 Container Release : 12.19 Severity : moderate Type : recommended References : 1216501 1216862 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:sles15-image-15.0.0-36.5.62 updated From meissner at suse.de Wed Dec 13 08:08:18 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 09:08:18 +0100 (CET) Subject: SUSE-CU-2023:4091-1: Recommended update of bci/nodejs Message-ID: <20231213080818.CFC65FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4091-1 Container Tags : bci/node:20 , bci/node:20-2.18 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-2.18 , bci/nodejs:latest Container Release : 2.18 Severity : moderate Type : recommended References : 1216501 1216862 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:sles15-image-15.0.0-36.5.62 updated From meissner at suse.de Wed Dec 13 08:08:33 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 09:08:33 +0100 (CET) Subject: SUSE-CU-2023:4092-1: Recommended update of bci/openjdk-devel Message-ID: <20231213080833.B8915FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4092-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.111 Container Release : 10.111 Severity : moderate Type : recommended References : 1216501 1216862 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:bci-openjdk-11-15.5.11-11.53 updated From meissner at suse.de Wed Dec 13 08:08:44 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 09:08:44 +0100 (CET) Subject: SUSE-CU-2023:4093-1: Recommended update of bci/openjdk Message-ID: <20231213080844.B4219FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4093-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-11.53 Container Release : 11.53 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 08:08:57 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 09:08:57 +0100 (CET) Subject: SUSE-CU-2023:4094-1: Recommended update of bci/openjdk Message-ID: <20231213080857.22928FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4094-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.52 , bci/openjdk:latest Container Release : 12.52 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 13:55:06 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 14:55:06 +0100 (CET) Subject: SUSE-CU-2023:4095-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20231213135506.E0629FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4095-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.274 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.274 Severity : moderate Type : recommended References : 1216862 1217212 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-27.14.127 updated From meissner at suse.de Wed Dec 13 13:55:40 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 14:55:40 +0100 (CET) Subject: SUSE-CU-2023:4096-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20231213135540.68DEFFBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4096-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.172 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.172 Severity : moderate Type : recommended References : 1216862 1217212 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-27.14.127 updated From meissner at suse.de Wed Dec 13 13:55:55 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 14:55:55 +0100 (CET) Subject: SUSE-CU-2023:4097-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20231213135555.296BFFBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4097-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.117 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.117 Severity : moderate Type : security References : 1216862 1217212 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 13:57:27 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 14:57:27 +0100 (CET) Subject: SUSE-CU-2023:4098-1: Recommended update of suse/sles12sp5 Message-ID: <20231213135727.77B8CFBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4098-1 Container Tags : suse/sles12sp5:6.5.543 , suse/sles12sp5:latest Container Release : 6.5.543 Severity : moderate Type : recommended References : 1216064 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4717-1 Released: Tue Dec 12 04:59:05 2023 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1216064 This update for libzypp fixes the following issues: - Fixed handling of unmounting media. It mitigates the mount change during a package installation, for examlple a nfs.service restart that forcefully unmounts the media being accessed (bsc#1216064) - Don't download sqlite metadata that is not needed The following package changes have been done: - libzypp-16.22.10-56.1 updated From meissner at suse.de Wed Dec 13 13:59:11 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 14:59:11 +0100 (CET) Subject: SUSE-CU-2023:4099-1: Security update of suse/sle15 Message-ID: <20231213135911.CF11BFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4099-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.381 Container Release : 9.5.381 Severity : moderate Type : security References : 1217573 CVE-2023-46218 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4713-1 Released: Mon Dec 11 13:23:12 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,CVE-2023-46218 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). The following package changes have been done: - libcurl4-7.66.0-150200.4.63.1 updated From meissner at suse.de Wed Dec 13 14:00:00 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:00:00 +0100 (CET) Subject: SUSE-CU-2023:4100-1: Recommended update of bci/bci-init Message-ID: <20231213140000.D87F4FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4100-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.42 Container Release : 30.42 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-27.14.127 updated From meissner at suse.de Wed Dec 13 14:00:58 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:00:58 +0100 (CET) Subject: SUSE-CU-2023:4101-1: Recommended update of suse/pcp Message-ID: <20231213140058.CF6FEFBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4101-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.218 , suse/pcp:5.2 , suse/pcp:5.2-17.218 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.218 Container Release : 17.218 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:bci-bci-init-15.4-15.4-30.42 updated From meissner at suse.de Wed Dec 13 14:01:14 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:01:14 +0100 (CET) Subject: SUSE-CU-2023:4102-1: Recommended update of suse/389-ds Message-ID: <20231213140114.14EF2FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4102-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.59 , suse/389-ds:latest Container Release : 16.59 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 14:01:19 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:01:19 +0100 (CET) Subject: SUSE-CU-2023:4103-1: Recommended update of suse/git Message-ID: <20231213140119.1A910FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4103-1 Container Tags : suse/git:2.35 , suse/git:2.35-4.17 , suse/git:latest Container Release : 4.17 Severity : moderate Type : recommended References : 1216501 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier The following package changes have been done: - git-core-2.35.3-150300.10.33.1 updated From meissner at suse.de Wed Dec 13 14:01:31 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:01:31 +0100 (CET) Subject: SUSE-CU-2023:4104-1: Security update of bci/golang Message-ID: <20231213140131.C4EA5FBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4104-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.61 , bci/golang:oldstable , bci/golang:oldstable-2.4.61 Container Release : 4.61 Severity : important Type : security References : 1206346 1216501 1216578 1216862 1216943 1217833 1217834 CVE-2023-39326 CVE-2023-45284 CVE-2023-45285 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4708-1 Released: Mon Dec 11 10:44:30 2023 Summary: Security update for go1.20 Type: security Severity: important References: 1206346,1216943,1217833,1217834,CVE-2023-39326,CVE-2023-45284,CVE-2023-45285 This update for go1.20 fixes the following issues: Update to go1.20.12: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). - CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). - cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents - cmd/go: TestScript/mod_get_direct fails with 'Filename too long' on Windows ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - go1.20-doc-1.20.12-150000.1.35.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - git-core-2.35.3-150300.10.33.1 updated - go1.20-1.20.12-150000.1.35.1 updated - go1.20-race-1.20.12-150000.1.35.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 14:01:39 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:01:39 +0100 (CET) Subject: SUSE-CU-2023:4105-1: Recommended update of bci/golang Message-ID: <20231213140139.7C131FBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4105-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-8.21 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-8.21 Container Release : 8.21 Severity : moderate Type : recommended References : 1216501 1216578 1216862 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 14:01:59 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:01:59 +0100 (CET) Subject: SUSE-CU-2023:4107-1: Recommended update of bci/openjdk-devel Message-ID: <20231213140159.B6F25FBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4107-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.104 , bci/openjdk-devel:latest Container Release : 12.104 Severity : moderate Type : recommended References : 1216501 1216862 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:bci-openjdk-17-15.5.17-12.52 updated From meissner at suse.de Wed Dec 13 14:02:14 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:02:14 +0100 (CET) Subject: SUSE-CU-2023:4094-1: Recommended update of bci/openjdk Message-ID: <20231213140214.52CB7FBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4094-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.52 , bci/openjdk:latest Container Release : 12.52 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 14:02:34 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:02:34 +0100 (CET) Subject: SUSE-CU-2023:4108-1: Recommended update of suse/pcp Message-ID: <20231213140234.66E76FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4108-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.92 , suse/pcp:5.2 , suse/pcp:5.2-15.92 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.92 , suse/pcp:latest Container Release : 15.92 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - container:bci-bci-init-15.5-15.5-10.52 updated From meissner at suse.de Wed Dec 13 14:02:49 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:02:49 +0100 (CET) Subject: SUSE-CU-2023:4109-1: Recommended update of bci/php-apache Message-ID: <20231213140249.6387AFBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4109-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.48 Container Release : 8.48 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - container:sles15-image-15.0.0-36.5.62 updated From meissner at suse.de Wed Dec 13 14:03:04 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:03:04 +0100 (CET) Subject: SUSE-CU-2023:4110-1: Recommended update of bci/php-fpm Message-ID: <20231213140304.A4C91FBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4110-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.51 Container Release : 8.51 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - container:sles15-image-15.0.0-36.5.63 updated From meissner at suse.de Wed Dec 13 14:03:18 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:03:18 +0100 (CET) Subject: SUSE-CU-2023:4111-1: Recommended update of bci/php Message-ID: <20231213140318.6B707FBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4111-1 Container Tags : bci/php:8 , bci/php:8-8.47 Container Release : 8.47 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - container:sles15-image-15.0.0-36.5.62 updated From meissner at suse.de Wed Dec 13 14:03:33 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:03:33 +0100 (CET) Subject: SUSE-CU-2023:4112-1: Recommended update of suse/postgres Message-ID: <20231213140333.2C116FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4112-1 Container Tags : suse/postgres:15 , suse/postgres:15-13.7 , suse/postgres:15.5 , suse/postgres:15.5-13.7 Container Release : 13.7 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-36.5.62 updated From meissner at suse.de Wed Dec 13 14:03:34 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:03:34 +0100 (CET) Subject: SUSE-CU-2023:4113-1: Recommended update of suse/postgres Message-ID: <20231213140334.338BEFBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4113-1 Container Tags : suse/postgres:16 , suse/postgres:16-2.6 , suse/postgres:16.1 , suse/postgres:16.1-2.6 , suse/postgres:latest Container Release : 2.6 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-36.5.62 updated From meissner at suse.de Wed Dec 13 14:03:51 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:03:51 +0100 (CET) Subject: SUSE-CU-2023:4114-1: Recommended update of bci/python Message-ID: <20231213140351.49700FBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4114-1 Container Tags : bci/python:3 , bci/python:3-12.46 , bci/python:3.11 , bci/python:3.11-12.46 , bci/python:latest Container Release : 12.46 Severity : moderate Type : recommended References : 1216501 1216578 1216862 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:sles15-image-15.0.0-36.5.62 updated From meissner at suse.de Wed Dec 13 14:04:08 2023 From: meissner at suse.de (meissner at suse.de) Date: Wed, 13 Dec 2023 15:04:08 +0100 (CET) Subject: SUSE-CU-2023:4115-1: Recommended update of bci/python Message-ID: <20231213140408.A66F2FBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4115-1 Container Tags : bci/python:3 , bci/python:3-14.46 , bci/python:3.6 , bci/python:3.6-14.46 Container Release : 14.46 Severity : moderate Type : recommended References : 1216501 1216578 1216862 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:sles15-image-15.0.0-36.5.62 updated From sle-container-updates at lists.suse.com Wed Dec 13 14:14:15 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:14:15 +0100 (CET) Subject: SUSE-CU-2023:4115-1: Recommended update of bci/python Message-ID: <20231213141415.22C77FBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4115-1 Container Tags : bci/python:3 , bci/python:3-14.46 , bci/python:3.6 , bci/python:3.6-14.46 Container Release : 14.46 Severity : moderate Type : recommended References : 1216501 1216578 1216862 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:sles15-image-15.0.0-36.5.62 updated From sle-container-updates at lists.suse.com Wed Dec 13 14:14:32 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:14:32 +0100 (CET) Subject: SUSE-CU-2023:4116-1: Recommended update of bci/ruby Message-ID: <20231213141432.9B833FBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4116-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.47 , bci/ruby:2.5 , bci/ruby:2.5-12.47 , bci/ruby:latest Container Release : 12.47 Severity : moderate Type : recommended References : 1216501 1216862 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - git-core-2.35.3-150300.10.33.1 updated - container:sles15-image-15.0.0-36.5.62 updated From sle-container-updates at lists.suse.com Wed Dec 13 14:14:48 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:14:48 +0100 (CET) Subject: SUSE-CU-2023:4117-1: Recommended update of bci/rust Message-ID: <20231213141448.C30CBFBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4117-1 Container Tags : bci/rust:1.73 , bci/rust:1.73-2.2.8 , bci/rust:oldstable , bci/rust:oldstable-2.2.8 Container Release : 2.8 Severity : moderate Type : recommended References : 1216578 1216862 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - container:sles15-image-15.0.0-36.5.62 updated From sle-container-updates at lists.suse.com Wed Dec 13 14:15:06 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:15:06 +0100 (CET) Subject: SUSE-CU-2023:4118-1: Recommended update of bci/rust Message-ID: <20231213141506.13824FBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4118-1 Container Tags : bci/rust:1.74 , bci/rust:1.74-1.2.8 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.8 Container Release : 2.8 Severity : moderate Type : recommended References : 1216578 1216862 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - container:sles15-image-15.0.0-36.5.62 updated From sle-container-updates at lists.suse.com Wed Dec 13 14:15:19 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:15:19 +0100 (CET) Subject: SUSE-CU-2023:4119-1: Security update of suse/sle15 Message-ID: <20231213141519.9927FFBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4119-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.63 , suse/sle15:15.5 , suse/sle15:15.5.36.5.63 Container Release : 36.5.63 Severity : important Type : security References : 1216410 1216862 1217212 1217215 1217573 1217574 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - curl-8.0.1-150400.5.36.1 updated - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - suse-build-key-12.0-150000.8.37.1 updated - system-group-hardware-20170617-150400.24.2.1 updated From sle-container-updates at lists.suse.com Wed Dec 13 14:15:35 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:15:35 +0100 (CET) Subject: SUSE-CU-2023:4120-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20231213141535.B612AFBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4120-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.24 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.24 Container Release : 9.40.24 Severity : moderate Type : recommended References : 1216862 1217212 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - gpg2-2.2.27-150300.3.8.1 updated From sle-container-updates at lists.suse.com Wed Dec 13 14:15:45 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:15:45 +0100 (CET) Subject: SUSE-CU-2023:4121-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231213141545.DECCDFBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4121-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.9 , suse/manager/4.3/proxy-salt-broker:4.3.9.9.30.25 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.9.9.30.25 Container Release : 9.30.25 Severity : moderate Type : recommended References : 1216862 1217212 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - gpg2-2.2.27-150300.3.8.1 updated From sle-container-updates at lists.suse.com Wed Dec 13 14:15:57 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:15:57 +0100 (CET) Subject: SUSE-CU-2023:4122-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20231213141557.045A4FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4122-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.9 , suse/manager/4.3/proxy-squid:4.3.9.9.39.22 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.9 , suse/manager/4.3/proxy-squid:susemanager-4.3.9.9.39.22 Container Release : 9.39.22 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated From sle-container-updates at lists.suse.com Wed Dec 13 14:16:05 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:16:05 +0100 (CET) Subject: SUSE-CU-2023:4123-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20231213141605.ECF1DFBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4123-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.9 , suse/manager/4.3/proxy-ssh:4.3.9.9.30.20 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.9 , suse/manager/4.3/proxy-ssh:susemanager-4.3.9.9.30.20 Container Release : 9.30.20 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated From sle-container-updates at lists.suse.com Wed Dec 13 14:16:17 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:16:17 +0100 (CET) Subject: SUSE-CU-2023:4124-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20231213141617.03323FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4124-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.9 , suse/manager/4.3/proxy-tftpd:4.3.9.9.30.22 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.9.9.30.22 Container Release : 9.30.22 Severity : moderate Type : recommended References : 1216862 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated From sle-container-updates at lists.suse.com Wed Dec 13 14:18:10 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 13 Dec 2023 15:18:10 +0100 (CET) Subject: SUSE-CU-2023:4126-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231213141810.C1EEFFBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4126-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.333 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.333 Severity : moderate Type : security References : 1216862 1217212 1217573 CVE-2023-46218 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4713-1 Released: Mon Dec 11 13:23:12 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,CVE-2023-46218 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-7.66.0-150200.4.63.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-17.20.225 updated From sle-container-updates at lists.suse.com Thu Dec 14 08:01:06 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:01:06 +0100 (CET) Subject: SUSE-IU-2023:857-1: Security update of suse-sles-15-sp4-chost-byos-v20231212-hvm-ssd-x86_64 Message-ID: <20231214080106.B7FB3FBA9@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20231212-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:857-1 Image Tags : suse-sles-15-sp4-chost-byos-v20231212-hvm-ssd-x86_64:20231212 Image Release : Severity : important Type : security References : 1170267 1192986 1200528 1210660 1212799 1214781 1216410 1216862 1217031 1217212 1217215 1217573 1217574 CVE-2022-1996 CVE-2023-2137 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20231212-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4602-1 Released: Wed Nov 29 08:41:17 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1170267,1212799,1214781 This update for suseconnect-ng fixes the following issues: - Update to version 1.4.0~git0.b0f7c25bfdfa - Added EULA display for addons (bsc#1170267) - Fix zypper argument for auto-agreeing licenses (bsc#1214781) - Enable building on SLE12 SP5 (jsc#PED-3179) - Fixed `provides` to work with yast2-registration on SLE15 SP4 (bsc#1212799) - Improve error message if product set more than once ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4705-1 Released: Mon Dec 11 07:21:46 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1192986,1217031 This update for dracut fixes the following issues: - Update to version 055+suse.351.g30f0cda6 - Fix network device naming in udev-rules (bsc#1192986) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 The following package changes have been done: - containerd-ctr-1.7.8-150000.103.1 updated - containerd-1.7.8-150000.103.1 updated - curl-8.0.1-150400.5.36.1 updated - dracut-055+suse.351.g30f0cda6-150400.3.31.1 updated - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - runc-1.1.10-150000.55.1 updated - suse-build-key-12.0-150000.8.37.1 updated - suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-kvm-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-lp-20170617-150400.24.2.1 updated - system-user-nobody-20170617-150400.24.2.1 updated From sle-container-updates at lists.suse.com Thu Dec 14 08:01:15 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:01:15 +0100 (CET) Subject: SUSE-IU-2023:858-1: Security update of sles-15-sp4-chost-byos-v20231212-arm64 Message-ID: <20231214080116.0071DFBA9@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20231212-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:858-1 Image Tags : sles-15-sp4-chost-byos-v20231212-arm64:20231212 Image Release : Severity : important Type : security References : 1170267 1192986 1200528 1210660 1212418 1212759 1212799 1213639 1214546 1214572 1214781 1216410 1216576 1216862 1217031 1217212 1217215 1217573 1217574 CVE-2022-1996 CVE-2023-2137 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20231212-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4602-1 Released: Wed Nov 29 08:41:17 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1170267,1212799,1214781 This update for suseconnect-ng fixes the following issues: - Update to version 1.4.0~git0.b0f7c25bfdfa - Added EULA display for addons (bsc#1170267) - Fix zypper argument for auto-agreeing licenses (bsc#1214781) - Enable building on SLE12 SP5 (jsc#PED-3179) - Fixed `provides` to work with yast2-registration on SLE15 SP4 (bsc#1212799) - Improve error message if product set more than once ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4610-1 Released: Wed Nov 29 14:04:12 2023 Summary: Recommended update for google-guest-configs Type: recommended Severity: moderate References: 1212418,1212759,1214546,1214572 This update for google-guest-configs fixes the following issues: - Update to version 20230808.00 (bsc#1214546, bsc#1214572, bsc#1212418, bsc#1212759) - Replace xxd with dd for google_nvme_id - Setup irq binding for a3 8g vm - dracut: Add a new dracut module for gcp udev rules - src/lib/udev: only create symlinks for GCP devices - Set hostname: consider fully qualified static hostname - Support multiple local SSD controllers - Update OWNERS file - DHCP hostname: don't reset hostname if the hostname hasn't changed ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4620-1 Released: Thu Nov 30 11:13:43 2023 Summary: Recommended update for libhugetlbfs Type: recommended Severity: moderate References: 1213639,1216576 This update for libhugetlbfs fixes the following issue: - Add patch for upstream issue (bsc#1216576, bsc#1213639) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4705-1 Released: Mon Dec 11 07:21:46 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1192986,1217031 This update for dracut fixes the following issues: - Update to version 055+suse.351.g30f0cda6 - Fix network device naming in udev-rules (bsc#1192986) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 The following package changes have been done: - containerd-ctr-1.7.8-150000.103.1 updated - containerd-1.7.8-150000.103.1 updated - curl-8.0.1-150400.5.36.1 updated - dracut-055+suse.351.g30f0cda6-150400.3.31.1 updated - google-guest-configs-20230808.00-150400.13.6.1 updated - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libhugetlbfs-2.20-150000.3.8.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - runc-1.1.10-150000.55.1 updated - suse-build-key-12.0-150000.8.37.1 updated - suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-kvm-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-lp-20170617-150400.24.2.1 updated - system-user-nobody-20170617-150400.24.2.1 updated From sle-container-updates at lists.suse.com Thu Dec 14 08:04:31 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:04:31 +0100 (CET) Subject: SUSE-CU-2023:4129-1: Security update of suse/sle15 Message-ID: <20231214080431.79299FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4129-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.854 Container Release : 6.2.854 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.46.1 updated From sle-container-updates at lists.suse.com Thu Dec 14 08:05:30 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:05:30 +0100 (CET) Subject: SUSE-CU-2023:4130-1: Security update of suse/sle15 Message-ID: <20231214080530.E6723FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4130-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.382 Container Release : 9.5.382 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.46.1 updated From sle-container-updates at lists.suse.com Thu Dec 14 08:06:18 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:06:18 +0100 (CET) Subject: SUSE-CU-2023:4131-1: Security update of suse/sle15 Message-ID: <20231214080618.5948CFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4131-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.226 , suse/sle15:15.3 , suse/sle15:15.3.17.20.226 Container Release : 17.20.226 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.46.1 updated From sle-container-updates at lists.suse.com Thu Dec 14 08:08:16 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:08:16 +0100 (CET) Subject: SUSE-CU-2023:4136-1: Security update of suse/sle15 Message-ID: <20231214080816.61AC8FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4136-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.128 , suse/sle15:15.4 , suse/sle15:15.4.27.14.128 Container Release : 27.14.128 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.46.1 updated From sle-container-updates at lists.suse.com Thu Dec 14 08:13:14 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:13:14 +0100 (CET) Subject: SUSE-CU-2023:4168-1: Security update of suse/sle15 Message-ID: <20231214081314.265FAFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4168-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.66 , suse/sle15:15.5 , suse/sle15:15.5.36.5.66 Container Release : 36.5.66 Severity : important Type : security References : 1212475 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.46.1 updated From sle-container-updates at lists.suse.com Thu Dec 14 08:13:24 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 14 Dec 2023 09:13:24 +0100 (CET) Subject: SUSE-CU-2023:4169-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231214081324.5B94BFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4169-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.2 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.2 Container Release : 9.43.2 Severity : important Type : security References : 1191143 1191143 1204235 1204235 1207012 1207012 1207532 1207532 1210928 1210928 1210930 1210930 1211355 1211355 1211560 1211560 1211649 1211649 1212695 1212695 1212904 1212904 1213469 1213469 1214186 1214186 1214471 1214471 1214601 1214601 1214759 1214759 1215209 1215209 1215514 1215514 1215949 1215949 1216030 1216030 1216041 1216041 1216085 1216085 1216128 1216128 1216380 1216380 1216506 1216506 1216555 1216555 1216690 1216690 1216754 1216754 1217038 1217038 1217223 1217223 1217224 1217224 CVE-2023-22644 CVE-2023-22644 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4737-1 Released: Wed Dec 13 10:20:03 2023 Summary: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Type: security Severity: important References: 1191143,1204235,1207012,1207532,1210928,1210930,1211355,1211560,1211649,1212695,1212904,1213469,1214186,1214471,1214601,1214759,1215209,1215514,1215949,1216030,1216041,1216085,1216128,1216380,1216506,1216555,1216690,1216754,1217038,1217223,1217224,CVE-2023-22644 Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4758-1 Released: Wed Dec 13 10:33:58 2023 Summary: Security update for SUSE Manager 4.3.10 Release Notes Type: security Severity: important References: 1191143,1204235,1207012,1207532,1210928,1210930,1211355,1211560,1211649,1212695,1212904,1213469,1214186,1214471,1214601,1214759,1215209,1215514,1215949,1216030,1216041,1216085,1216128,1216380,1216506,1216555,1216690,1216754,1217038,1217223,1217224,CVE-2023-22644 Security update for SUSE Manager 4.3.10 Release Notes: - This is a codestream only update The following package changes have been done: - release-notes-susemanager-proxy-4.3.10-150400.3.72.1 updated - apache2-mod_wsgi-4.7.1-150400.3.9.4 updated - spacewalk-backend-4.3.25-150400.3.33.7 updated - python3-spacewalk-client-tools-4.3.17-150400.3.21.6 updated - spacewalk-client-tools-4.3.17-150400.3.21.6 updated - spacewalk-proxy-package-manager-4.3.17-150400.3.23.5 updated - spacewalk-proxy-common-4.3.17-150400.3.23.5 updated - spacewalk-proxy-broker-4.3.17-150400.3.23.5 updated - susemanager-tftpsync-recv-4.3.9-150400.3.9.5 updated - spacewalk-proxy-redirect-4.3.17-150400.3.23.5 updated From sle-container-updates at lists.suse.com Fri Dec 15 08:01:06 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Dec 2023 09:01:06 +0100 (CET) Subject: SUSE-IU-2023:870-1: Security update of suse-sles-15-sp4-chost-byos-v20231212-x86_64-gen2 Message-ID: <20231215080106.92B0FFBAC@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20231212-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:870-1 Image Tags : suse-sles-15-sp4-chost-byos-v20231212-x86_64-gen2:20231212 Image Release : Severity : important Type : security References : 1170267 1192986 1200528 1210660 1212799 1214781 1216410 1216862 1217031 1217212 1217215 1217573 1217574 CVE-2022-1996 CVE-2023-2137 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20231212-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4602-1 Released: Wed Nov 29 08:41:17 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1170267,1212799,1214781 This update for suseconnect-ng fixes the following issues: - Update to version 1.4.0~git0.b0f7c25bfdfa - Added EULA display for addons (bsc#1170267) - Fix zypper argument for auto-agreeing licenses (bsc#1214781) - Enable building on SLE12 SP5 (jsc#PED-3179) - Fixed `provides` to work with yast2-registration on SLE15 SP4 (bsc#1212799) - Improve error message if product set more than once ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4705-1 Released: Mon Dec 11 07:21:46 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1192986,1217031 This update for dracut fixes the following issues: - Update to version 055+suse.351.g30f0cda6 - Fix network device naming in udev-rules (bsc#1192986) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 The following package changes have been done: - containerd-ctr-1.7.8-150000.103.1 updated - containerd-1.7.8-150000.103.1 updated - curl-8.0.1-150400.5.36.1 updated - dracut-055+suse.351.g30f0cda6-150400.3.31.1 updated - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - runc-1.1.10-150000.55.1 updated - suse-build-key-12.0-150000.8.37.1 updated - suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150400.3.16.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-kvm-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-lp-20170617-150400.24.2.1 updated - system-user-nobody-20170617-150400.24.2.1 updated From sle-container-updates at lists.suse.com Fri Dec 15 08:01:09 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Dec 2023 09:01:09 +0100 (CET) Subject: SUSE-IU-2023:871-1: Security update of suse-sles-15-sp5-chost-byos-v20231213-x86_64-gen2 Message-ID: <20231215080109.AD0B7FBAC@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20231213-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:871-1 Image Tags : suse-sles-15-sp5-chost-byos-v20231213-x86_64-gen2:20231213 Image Release : Severity : important Type : security References : 1041742 1111622 1170175 1176785 1184753 1199282 1200528 1203760 1206480 1206667 1206684 1207325 1209998 1210286 1210557 1210660 1211427 1212101 1212422 1213915 1214052 1214460 1215427 1215947 1215979 1216091 1216377 1216410 1216419 1216664 1216862 1217212 1217215 1217573 1217574 CVE-2022-1996 CVE-2022-40897 CVE-2023-2137 CVE-2023-22745 CVE-2023-38470 CVE-2023-38473 CVE-2023-4039 CVE-2023-45803 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20231213-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:526-1 Released: Mon Feb 27 13:52:39 2023 Summary: Security update for tpm2-0-tss Type: security Severity: moderate References: 1207325,CVE-2023-22745 This update for tpm2-0-tss fixes the following issues: - CVE-2023-22745: Fixed a memory safety issue that could be exploited by local attackers with TPM access (bsc#1207325). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4460-1 Released: Thu Nov 16 15:00:20 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 The following package changes have been done: - containerd-ctr-1.7.8-150000.103.1 updated - containerd-1.7.8-150000.103.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - curl-8.0.1-150400.5.36.1 updated - dracut-055+suse.375.g1167ed75-150500.3.15.1 updated - gpg2-2.2.27-150300.3.8.1 updated - grub2-i386-pc-2.06-150500.29.11.1 updated - grub2-x86_64-efi-2.06-150500.29.11.1 updated - grub2-2.06-150500.29.11.1 updated - kernel-default-5.14.21-150500.55.39.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - libavahi-common3-0.8-150400.7.10.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libopeniscsiusr0-0.2.0-150500.46.3.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libtss2-esys0-3.1.0-150400.3.3.1 added - libtss2-fapi1-3.1.0-150400.3.3.1 added - libtss2-mu0-3.1.0-150400.3.3.1 added - libtss2-rc0-3.1.0-150400.3.3.1 added - libtss2-sys1-3.1.0-150400.3.3.1 added - libtss2-tctildr0-3.1.0-150400.3.3.1 added - libxml2-2-2.10.3-150500.5.11.1 updated - libzypp-17.31.22-150400.3.43.1 updated - open-iscsi-2.1.9-150500.46.3.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - python3-requests-2.25.1-150300.3.6.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - python3-urllib3-1.25.10-150300.4.9.1 updated - rsyslog-module-relp-8.2306.0-150400.5.21.1 updated - rsyslog-8.2306.0-150400.5.21.1 updated - runc-1.1.10-150000.55.1 updated - samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1 updated - suse-build-key-12.0-150000.8.37.1 updated - suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-kvm-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-nobody-20170617-150400.24.2.1 updated - tpm2.0-tools-5.2-150400.4.6 added - vim-data-common-9.0.2103-150500.20.6.1 updated - vim-9.0.2103-150500.20.6.1 updated - xen-libs-4.17.2_08-150500.3.15.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-container-updates at lists.suse.com Fri Dec 15 08:01:11 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Dec 2023 09:01:11 +0100 (CET) Subject: SUSE-IU-2023:872-1: Security update of suse-sles-15-sp5-chost-byos-v20231213-hvm-ssd-x86_64 Message-ID: <20231215080111.B3794FBAC@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20231213-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:872-1 Image Tags : suse-sles-15-sp5-chost-byos-v20231213-hvm-ssd-x86_64:20231213 Image Release : Severity : important Type : security References : 1041742 1111622 1170175 1176785 1184753 1199282 1200528 1203760 1206480 1206667 1206684 1207325 1209998 1210286 1210557 1210660 1211427 1212101 1212422 1213915 1214052 1214460 1215427 1215947 1215979 1216091 1216377 1216410 1216419 1216664 1216862 1217212 1217215 1217573 1217574 CVE-2022-1996 CVE-2022-40897 CVE-2023-2137 CVE-2023-22745 CVE-2023-38470 CVE-2023-38473 CVE-2023-4039 CVE-2023-45803 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20231213-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:526-1 Released: Mon Feb 27 13:52:39 2023 Summary: Security update for tpm2-0-tss Type: security Severity: moderate References: 1207325,CVE-2023-22745 This update for tpm2-0-tss fixes the following issues: - CVE-2023-22745: Fixed a memory safety issue that could be exploited by local attackers with TPM access (bsc#1207325). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4460-1 Released: Thu Nov 16 15:00:20 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 The following package changes have been done: - containerd-ctr-1.7.8-150000.103.1 updated - containerd-1.7.8-150000.103.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - curl-8.0.1-150400.5.36.1 updated - dracut-055+suse.375.g1167ed75-150500.3.15.1 updated - gpg2-2.2.27-150300.3.8.1 updated - grub2-i386-pc-2.06-150500.29.11.1 updated - grub2-x86_64-efi-2.06-150500.29.11.1 updated - grub2-x86_64-xen-2.06-150500.29.11.1 updated - grub2-2.06-150500.29.11.1 updated - kernel-default-5.14.21-150500.55.39.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - libavahi-common3-0.8-150400.7.10.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libopeniscsiusr0-0.2.0-150500.46.3.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libtss2-esys0-3.1.0-150400.3.3.1 added - libtss2-fapi1-3.1.0-150400.3.3.1 added - libtss2-mu0-3.1.0-150400.3.3.1 added - libtss2-rc0-3.1.0-150400.3.3.1 added - libtss2-sys1-3.1.0-150400.3.3.1 added - libtss2-tctildr0-3.1.0-150400.3.3.1 added - libxml2-2-2.10.3-150500.5.11.1 updated - libzypp-17.31.22-150400.3.43.1 updated - open-iscsi-2.1.9-150500.46.3.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - python3-requests-2.25.1-150300.3.6.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - python3-urllib3-1.25.10-150300.4.9.1 updated - rsyslog-module-relp-8.2306.0-150400.5.21.1 updated - rsyslog-8.2306.0-150400.5.21.1 updated - runc-1.1.10-150000.55.1 updated - samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1 updated - suse-build-key-12.0-150000.8.37.1 updated - suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-kvm-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-nobody-20170617-150400.24.2.1 updated - tpm2.0-tools-5.2-150400.4.6 added - vim-data-common-9.0.2103-150500.20.6.1 updated - vim-9.0.2103-150500.20.6.1 updated - xen-libs-4.17.2_08-150500.3.15.1 updated - xen-tools-domU-4.17.2_08-150500.3.15.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-container-updates at lists.suse.com Fri Dec 15 08:01:15 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Dec 2023 09:01:15 +0100 (CET) Subject: SUSE-IU-2023:873-1: Security update of sles-15-sp5-chost-byos-v20231213-arm64 Message-ID: <20231215080115.D7214FBAC@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20231213-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:873-1 Image Tags : sles-15-sp5-chost-byos-v20231213-arm64:20231213 Image Release : Severity : important Type : security References : 1041742 1111622 1170175 1176785 1184753 1199282 1200528 1203760 1206480 1206667 1206684 1207325 1209998 1210286 1210557 1210660 1211427 1212101 1212418 1212422 1212759 1213639 1213915 1214052 1214460 1214546 1214572 1215427 1215947 1215979 1216091 1216377 1216410 1216419 1216576 1216664 1216862 1217212 1217215 1217573 1217574 CVE-2022-1996 CVE-2022-40897 CVE-2023-2137 CVE-2023-22745 CVE-2023-38470 CVE-2023-38473 CVE-2023-4039 CVE-2023-45803 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20231213-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:526-1 Released: Mon Feb 27 13:52:39 2023 Summary: Security update for tpm2-0-tss Type: security Severity: moderate References: 1207325,CVE-2023-22745 This update for tpm2-0-tss fixes the following issues: - CVE-2023-22745: Fixed a memory safety issue that could be exploited by local attackers with TPM access (bsc#1207325). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes the following issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4460-1 Released: Thu Nov 16 15:00:20 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4610-1 Released: Wed Nov 29 14:04:12 2023 Summary: Recommended update for google-guest-configs Type: recommended Severity: moderate References: 1212418,1212759,1214546,1214572 This update for google-guest-configs fixes the following issues: - Update to version 20230808.00 (bsc#1214546, bsc#1214572, bsc#1212418, bsc#1212759) - Replace xxd with dd for google_nvme_id - Setup irq binding for a3 8g vm - dracut: Add a new dracut module for gcp udev rules - src/lib/udev: only create symlinks for GCP devices - Set hostname: consider fully qualified static hostname - Support multiple local SSD controllers - Update OWNERS file - DHCP hostname: don't reset hostname if the hostname hasn't changed ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4620-1 Released: Thu Nov 30 11:13:43 2023 Summary: Recommended update for libhugetlbfs Type: recommended Severity: moderate References: 1213639,1216576 This update for libhugetlbfs fixes the following issue: - Add patch for upstream issue (bsc#1216576, bsc#1213639) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 The following package changes have been done: - containerd-ctr-1.7.8-150000.103.1 updated - containerd-1.7.8-150000.103.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - curl-8.0.1-150400.5.36.1 updated - dracut-055+suse.375.g1167ed75-150500.3.15.1 updated - google-guest-configs-20230808.00-150400.13.6.1 updated - gpg2-2.2.27-150300.3.8.1 updated - grub2-i386-pc-2.06-150500.29.11.1 updated - grub2-x86_64-efi-2.06-150500.29.11.1 updated - grub2-2.06-150500.29.11.1 updated - kernel-default-5.14.21-150500.55.39.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - libavahi-common3-0.8-150400.7.10.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libhugetlbfs-2.20-150000.3.8.1 updated - libopeniscsiusr0-0.2.0-150500.46.3.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libtss2-esys0-3.1.0-150400.3.3.1 added - libtss2-fapi1-3.1.0-150400.3.3.1 added - libtss2-mu0-3.1.0-150400.3.3.1 added - libtss2-rc0-3.1.0-150400.3.3.1 added - libtss2-sys1-3.1.0-150400.3.3.1 added - libtss2-tctildr0-3.1.0-150400.3.3.1 added - libxml2-2-2.10.3-150500.5.11.1 updated - libzypp-17.31.22-150400.3.43.1 updated - nvme-cli-2.4+31.gf7ec09-150500.4.12.1 updated - open-iscsi-2.1.9-150500.46.3.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - python3-requests-2.25.1-150300.3.6.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - python3-urllib3-1.25.10-150300.4.9.1 updated - rsyslog-module-relp-8.2306.0-150400.5.21.1 updated - rsyslog-8.2306.0-150400.5.21.1 updated - runc-1.1.10-150000.55.1 updated - samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1 updated - suse-build-key-12.0-150000.8.37.1 updated - suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-kvm-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-nobody-20170617-150400.24.2.1 updated - tpm2.0-tools-5.2-150400.4.6 added - vim-data-common-9.0.2103-150500.20.6.1 updated - vim-9.0.2103-150500.20.6.1 updated - xen-libs-4.17.2_08-150500.3.15.1 updated - zypper-1.14.66-150400.3.35.1 updated From sle-container-updates at lists.suse.com Fri Dec 15 08:03:22 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Dec 2023 09:03:22 +0100 (CET) Subject: SUSE-CU-2023:4179-1: Security update of suse/389-ds Message-ID: <20231215080322.B6151FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4179-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.67 , suse/389-ds:latest Container Release : 16.67 Severity : moderate Type : security References : 1217592 CVE-2023-49083 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4843-1 Released: Thu Dec 14 12:22:44 2023 Summary: Security update for python3-cryptography Type: security Severity: moderate References: 1217592,CVE-2023-49083 This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). The following package changes have been done: - python3-cryptography-3.3.2-150400.23.1 updated From sle-container-updates at lists.suse.com Fri Dec 15 08:03:38 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Dec 2023 09:03:38 +0100 (CET) Subject: SUSE-CU-2023:4181-1: Security update of suse/nginx Message-ID: <20231215080338.49D2EFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4181-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.59 , suse/nginx:latest Container Release : 5.59 Severity : important Type : security References : 1199483 1210231 1211478 1212398 1214680 CVE-2022-1622 CVE-2022-40090 CVE-2023-1916 CVE-2023-26965 CVE-2023-2731 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4869-1 Released: Thu Dec 14 16:26:23 2023 Summary: Security update for tiff Type: security Severity: important References: 1199483,1210231,1211478,1212398,1214680,CVE-2022-1622,CVE-2022-40090,CVE-2023-1916,CVE-2023-26965,CVE-2023-2731 This update for tiff fixes the following issues: - CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478). - CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231). - CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398). - CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680). The following package changes have been done: - libtiff5-4.0.9-150000.45.35.1 updated From sle-container-updates at lists.suse.com Fri Dec 15 08:03:54 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 15 Dec 2023 09:03:54 +0100 (CET) Subject: SUSE-CU-2023:4183-1: Recommended update of suse/rmt-server Message-ID: <20231215080354.59D0BFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4183-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.53 , suse/rmt-server:latest Container Release : 11.53 Severity : moderate Type : recommended References : 1216862 1217212 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - gpg2-2.2.27-150300.3.8.1 updated - container:sles15-image-15.0.0-36.5.66 updated From sle-container-updates at lists.suse.com Mon Dec 18 09:05:01 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Dec 2023 10:05:01 +0100 (CET) Subject: SUSE-CU-2023:4184-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231218090501.6AF95FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4184-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.4 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.4 Container Release : 9.43.4 Severity : moderate Type : security References : 1217592 CVE-2023-49083 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4843-1 Released: Thu Dec 14 12:22:44 2023 Summary: Security update for python3-cryptography Type: security Severity: moderate References: 1217592,CVE-2023-49083 This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). The following package changes have been done: - python3-cryptography-3.3.2-150400.23.1 updated From sle-container-updates at lists.suse.com Mon Dec 18 09:06:03 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 18 Dec 2023 10:06:03 +0100 (CET) Subject: SUSE-CU-2023:4187-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231218090603.27E52FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4187-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.512 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.512 Severity : moderate Type : security References : 1216862 1217212 1217573 CVE-2023-46218 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4713-1 Released: Mon Dec 11 13:23:12 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,CVE-2023-46218 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - gpg2-2.2.27-150300.3.8.1 updated - libcurl4-7.66.0-150200.4.63.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - container:sles15-image-15.0.0-17.20.226 updated From sle-container-updates at lists.suse.com Tue Dec 19 08:04:48 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 09:04:48 +0100 (CET) Subject: SUSE-CU-2023:4191-1: Recommended update of suse/sles12sp5 Message-ID: <20231219080448.2F0C6FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4191-1 Container Tags : suse/sles12sp5:6.5.544 , suse/sles12sp5:latest Container Release : 6.5.544 Severity : low Type : recommended References : 1215594 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4889-1 Released: Mon Dec 18 10:24:14 2023 Summary: Recommended update for pam Type: recommended Severity: low References: 1215594 This update for pam fixes the following issue: - Add no_pass_expiry option to ignore password expiration (bsc#1215594) The following package changes have been done: - pam-1.1.8-24.53.1 updated From sle-container-updates at lists.suse.com Tue Dec 19 08:05:33 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 09:05:33 +0100 (CET) Subject: SUSE-CU-2023:4192-1: Security update of bci/dotnet-aspnet Message-ID: <20231219080533.95115FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4192-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-18.24 , bci/dotnet-aspnet:6.0.25 , bci/dotnet-aspnet:6.0.25-18.24 Container Release : 18.24 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 08:05:50 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 09:05:50 +0100 (CET) Subject: SUSE-CU-2023:4193-1: Security update of bci/dotnet-aspnet Message-ID: <20231219080550.A54BCFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4193-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-18.25 , bci/dotnet-aspnet:7.0.14 , bci/dotnet-aspnet:7.0.14-18.25 , bci/dotnet-aspnet:latest Container Release : 18.25 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 08:06:09 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 09:06:09 +0100 (CET) Subject: SUSE-CU-2023:4194-1: Security update of bci/dotnet-sdk Message-ID: <20231219080609.B2788FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4194-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-17.25 , bci/dotnet-sdk:6.0.25 , bci/dotnet-sdk:6.0.25-17.25 Container Release : 17.25 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 08:06:30 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 09:06:30 +0100 (CET) Subject: SUSE-CU-2023:4195-1: Security update of bci/dotnet-sdk Message-ID: <20231219080630.B164BFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4195-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-19.24 , bci/dotnet-sdk:7.0.14 , bci/dotnet-sdk:7.0.14-19.24 , bci/dotnet-sdk:latest Container Release : 19.24 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 08:06:46 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 09:06:46 +0100 (CET) Subject: SUSE-CU-2023:4196-1: Security update of bci/dotnet-runtime Message-ID: <20231219080646.08550FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4196-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-17.25 , bci/dotnet-runtime:6.0.25 , bci/dotnet-runtime:6.0.25-17.25 Container Release : 17.25 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 08:07:04 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 09:07:04 +0100 (CET) Subject: SUSE-CU-2023:4197-1: Security update of bci/dotnet-runtime Message-ID: <20231219080704.CA703FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4197-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-19.25 , bci/dotnet-runtime:7.0.14 , bci/dotnet-runtime:7.0.14-19.25 , bci/dotnet-runtime:latest Container Release : 19.25 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:42:42 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:42:42 +0100 (CET) Subject: SUSE-CU-2023:4199-1: Security update of bci/bci-init Message-ID: <20231219164242.A9A5AFBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4199-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.44 Container Release : 30.44 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-27.14.129 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:42:53 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:42:53 +0100 (CET) Subject: SUSE-CU-2023:4200-1: Security update of bci/bci-micro Message-ID: <20231219164253.36592FBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4200-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.23.5 Container Release : 23.5 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:43:05 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:43:05 +0100 (CET) Subject: SUSE-CU-2023:4201-1: Security update of bci/bci-minimal Message-ID: <20231219164305.95E2BFBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4201-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.24.15 Container Release : 24.15 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:micro-image-15.4.0-23.5 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:43:35 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:43:35 +0100 (CET) Subject: SUSE-CU-2023:4202-1: Security update of bci/nodejs Message-ID: <20231219164335.95324FBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4202-1 Container Tags : bci/node:16 , bci/node:16-18.40 , bci/nodejs:16 , bci/nodejs:16-18.40 Container Release : 18.40 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-27.14.129 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:43:51 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:43:51 +0100 (CET) Subject: SUSE-CU-2023:4203-1: Security update of suse/postgres Message-ID: <20231219164351.AC1CBFBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4203-1 Container Tags : suse/postgres:14 , suse/postgres:14-24.29 , suse/postgres:14.10 , suse/postgres:14.10-24.29 Container Release : 24.29 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-27.14.129 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:44:32 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:44:32 +0100 (CET) Subject: SUSE-CU-2023:4204-1: Security update of bci/python Message-ID: <20231219164432.426CFFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4204-1 Container Tags : bci/python:3 , bci/python:3-16.43 , bci/python:3.10 , bci/python:3.10-16.43 Container Release : 16.43 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-27.14.129 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:45:07 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:45:07 +0100 (CET) Subject: SUSE-CU-2023:4205-1: Security update of suse/sle15 Message-ID: <20231219164507.0AD59FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4205-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.129 , suse/sle15:15.4 , suse/sle15:15.4.27.14.129 Container Release : 27.14.129 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:45:17 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:45:17 +0100 (CET) Subject: SUSE-CU-2023:4206-1: Security update of suse/git Message-ID: <20231219164517.4AD8EFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4206-1 Container Tags : suse/git:2.35 , suse/git:2.35-4.26 , suse/git:latest Container Release : 4.26 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:micro-image-15.5.0-12.8 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:45:33 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:45:33 +0100 (CET) Subject: SUSE-CU-2023:4208-1: Security update of bci/golang Message-ID: <20231219164533.4FDCBFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4208-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-8.29 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-8.29 Container Release : 8.29 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:45:26 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:45:26 +0100 (CET) Subject: SUSE-CU-2023:4207-1: Security update of bci/golang Message-ID: <20231219164526.1DF8CFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4207-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-8.29 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-8.29 Container Release : 8.29 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:45:48 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:45:48 +0100 (CET) Subject: SUSE-CU-2023:4209-1: Security update of bci/bci-init Message-ID: <20231219164548.49E33FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4209-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.10.61 , bci/bci-init:latest Container Release : 10.61 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:45:58 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:45:58 +0100 (CET) Subject: SUSE-CU-2023:4211-1: Security update of bci/bci-minimal Message-ID: <20231219164558.33AB5FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4211-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.13.21 , bci/bci-minimal:latest Container Release : 13.21 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:micro-image-15.5.0-12.8 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:46:08 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:46:08 +0100 (CET) Subject: SUSE-CU-2023:4212-1: Security update of suse/nginx Message-ID: <20231219164608.D6DDBFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4212-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.60 , suse/nginx:latest Container Release : 5.60 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:45:51 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:45:51 +0100 (CET) Subject: SUSE-CU-2023:4210-1: Security update of bci/bci-micro Message-ID: <20231219164551.E5F05FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4210-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.12.8 , bci/bci-micro:latest Container Release : 12.8 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:46:11 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:46:11 +0100 (CET) Subject: SUSE-CU-2023:4213-1: Security update of bci/nodejs Message-ID: <20231219164611.EBB93FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4213-1 Container Tags : bci/node:20 , bci/node:20-2.25 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-2.25 , bci/nodejs:latest Container Release : 2.25 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:46:46 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:46:46 +0100 (CET) Subject: SUSE-CU-2023:4215-1: Security update of bci/openjdk Message-ID: <20231219164646.48D1CFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4215-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-11.60 Container Release : 11.60 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:46:31 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:46:31 +0100 (CET) Subject: SUSE-CU-2023:4214-1: Security update of bci/openjdk-devel Message-ID: <20231219164631.635F2FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4214-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.122 Container Release : 10.122 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:bci-openjdk-11-15.5.11-11.60 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:47:16 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:47:16 +0100 (CET) Subject: SUSE-CU-2023:4217-1: Security update of bci/php-apache Message-ID: <20231219164716.11298FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4217-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.55 Container Release : 8.55 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:47:00 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:47:00 +0100 (CET) Subject: SUSE-CU-2023:4216-1: Security update of bci/openjdk Message-ID: <20231219164700.D4174FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4216-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.59 , bci/openjdk:latest Container Release : 12.59 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:47:31 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:47:31 +0100 (CET) Subject: SUSE-CU-2023:4218-1: Security update of bci/php-fpm Message-ID: <20231219164731.6339FFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4218-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.60 Container Release : 8.60 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:47:57 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:47:57 +0100 (CET) Subject: SUSE-CU-2023:4219-1: Security update of bci/php Message-ID: <20231219164757.64108FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4219-1 Container Tags : bci/php:8 , bci/php:8-8.55 Container Release : 8.55 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:52:18 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:52:18 +0100 (CET) Subject: SUSE-CU-2023:4220-1: Security update of suse/registry Message-ID: <20231219165218.027C6FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4220-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-15.30 , suse/registry:latest Container Release : 15.30 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:micro-image-15.5.0-12.8 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:52:30 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:52:30 +0100 (CET) Subject: SUSE-CU-2023:4219-1: Security update of bci/php Message-ID: <20231219165230.D1E7AFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4219-1 Container Tags : bci/php:8 , bci/php:8-8.55 Container Release : 8.55 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:52:44 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:52:44 +0100 (CET) Subject: SUSE-CU-2023:4221-1: Security update of suse/postgres Message-ID: <20231219165244.78822FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4221-1 Container Tags : suse/postgres:15 , suse/postgres:15-13.14 , suse/postgres:15.5 , suse/postgres:15.5-13.14 Container Release : 13.14 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Tue Dec 19 16:52:55 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 19 Dec 2023 17:52:55 +0100 (CET) Subject: SUSE-CU-2023:4222-1: Security update of suse/sle15 Message-ID: <20231219165255.8B867FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4222-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.67 , suse/sle15:15.5 , suse/sle15:15.5.36.5.67 Container Release : 36.5.67 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated From sle-container-updates at lists.suse.com Wed Dec 20 08:03:29 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Dec 2023 09:03:29 +0100 (CET) Subject: SUSE-CU-2023:4225-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20231220080329.69153FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4225-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.121 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.121 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Wed Dec 20 08:03:59 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Dec 2023 09:03:59 +0100 (CET) Subject: SUSE-CU-2023:4226-1: Security update of suse/rmt-server Message-ID: <20231220080359.D3C5FFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4226-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.54 , suse/rmt-server:latest Container Release : 11.54 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Wed Dec 20 08:04:12 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Dec 2023 09:04:12 +0100 (CET) Subject: SUSE-CU-2023:4227-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20231220080412.12593FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4227-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.6 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.6 Container Release : 9.43.6 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated From sle-container-updates at lists.suse.com Wed Dec 20 08:04:19 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Dec 2023 09:04:19 +0100 (CET) Subject: SUSE-CU-2023:4228-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231220080419.2B116FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4228-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.10 , suse/manager/4.3/proxy-salt-broker:4.3.10.9.33.5 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.10 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.10.9.33.5 Container Release : 9.33.5 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated From sle-container-updates at lists.suse.com Wed Dec 20 08:04:28 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Dec 2023 09:04:28 +0100 (CET) Subject: SUSE-CU-2023:4229-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20231220080428.A009AFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4229-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.10 , suse/manager/4.3/proxy-squid:4.3.10.9.42.4 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.10 , suse/manager/4.3/proxy-squid:susemanager-4.3.10.9.42.4 Container Release : 9.42.4 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated From sle-container-updates at lists.suse.com Wed Dec 20 08:04:36 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Dec 2023 09:04:36 +0100 (CET) Subject: SUSE-CU-2023:4230-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20231220080436.E9077FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4230-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.10 , suse/manager/4.3/proxy-ssh:4.3.10.9.33.5 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.10 , suse/manager/4.3/proxy-ssh:susemanager-4.3.10.9.33.5 Container Release : 9.33.5 Severity : important Type : security References : 1201384 1214788 1217950 1218014 CVE-2023-48795 CVE-2023-50495 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4902-1 Released: Tue Dec 19 13:09:42 2023 Summary: Security update for openssh Type: security Severity: important References: 1214788,1217950,CVE-2023-48795 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - openssh-common-8.4p1-150300.3.27.1 updated - openssh-fips-8.4p1-150300.3.27.1 updated - openssh-server-8.4p1-150300.3.27.1 updated - openssh-clients-8.4p1-150300.3.27.1 updated - openssh-8.4p1-150300.3.27.1 updated From sle-container-updates at lists.suse.com Wed Dec 20 08:04:46 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Dec 2023 09:04:46 +0100 (CET) Subject: SUSE-CU-2023:4231-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20231220080446.179C6FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4231-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.10 , suse/manager/4.3/proxy-tftpd:4.3.10.9.33.5 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.10 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.10.9.33.5 Container Release : 9.33.5 Severity : moderate Type : security References : 1201384 1217592 1218014 CVE-2023-49083 CVE-2023-50495 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4843-1 Released: Thu Dec 14 12:22:44 2023 Summary: Security update for python3-cryptography Type: security Severity: moderate References: 1217592,CVE-2023-49083 This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - python3-cryptography-3.3.2-150400.23.1 updated From sle-container-updates at lists.suse.com Wed Dec 20 16:36:30 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Dec 2023 17:36:30 +0100 (CET) Subject: SUSE-CU-2023:4235-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20231220163630.3FEDEFBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4235-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.177 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.177 Severity : important Type : security References : 1201384 1215229 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4916-1 Released: Wed Dec 20 08:49:04 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1215229 This update for lvm2 fixes the following issues: - Fixed error creating linux volume on SAN device lvmlockd (bsc#1215229) The following package changes have been done: - libdevmapper1_03-2.03.05_1.02.163-150400.191.1 updated - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-27.14.129 updated From sle-container-updates at lists.suse.com Wed Dec 20 16:37:24 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 20 Dec 2023 17:37:24 +0100 (CET) Subject: SUSE-CU-2023:4236-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20231220163724.4EA84FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4236-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.7 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.7 Container Release : 9.43.7 Severity : important Type : recommended References : 1215229 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4916-1 Released: Wed Dec 20 08:49:04 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1215229 This update for lvm2 fixes the following issues: - Fixed error creating linux volume on SAN device lvmlockd (bsc#1215229) The following package changes have been done: - libdevmapper1_03-2.03.05_1.02.163-150400.191.1 updated From sle-container-updates at lists.suse.com Thu Dec 21 13:25:59 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Dec 2023 14:25:59 +0100 (CET) Subject: SUSE-CU-2023:4239-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20231221132559.DB78AFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4239-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.279 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.279 Severity : important Type : security References : 1201384 1215229 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4916-1 Released: Wed Dec 20 08:49:04 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1215229 This update for lvm2 fixes the following issues: - Fixed error creating linux volume on SAN device lvmlockd (bsc#1215229) The following package changes have been done: - libdevmapper1_03-2.03.05_1.02.163-150400.191.1 updated - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-27.14.129 updated From sle-container-updates at lists.suse.com Thu Dec 21 13:28:02 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 21 Dec 2023 14:28:02 +0100 (CET) Subject: SUSE-CU-2023:4240-1: Security update of suse/sles12sp5 Message-ID: <20231221132802.72E75FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4240-1 Container Tags : suse/sles12sp5:6.5.545 , suse/sles12sp5:latest Container Release : 6.5.545 Severity : moderate Type : security References : 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4892-1 Released: Mon Dec 18 16:33:21 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) The following package changes have been done: - libncurses5-5.9-85.1 updated - libncurses6-5.9-85.1 updated - ncurses-utils-5.9-85.1 updated - terminfo-base-5.9-85.1 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:32:01 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:32:01 +0100 (CET) Subject: SUSE-CU-2023:4242-1: Security update of suse/sle15 Message-ID: <20231222123201.BF032FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4242-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.384 Container Release : 9.5.384 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:33:25 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:33:25 +0100 (CET) Subject: SUSE-CU-2023:4243-1: Security update of suse/sle15 Message-ID: <20231222123325.2978EFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4243-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.228 , suse/sle15:15.3 , suse/sle15:15.3.17.20.228 Container Release : 17.20.228 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:34:19 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:34:19 +0100 (CET) Subject: SUSE-CU-2023:4244-1: Recommended update of bci/bci-init Message-ID: <20231222123419.2EC71FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4244-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.45 Container Release : 30.45 Severity : important Type : recommended References : 1215229 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4916-1 Released: Wed Dec 20 08:49:04 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1215229 This update for lvm2 fixes the following issues: - Fixed error creating linux volume on SAN device lvmlockd (bsc#1215229) The following package changes have been done: - libdevmapper1_03-2.03.05_1.02.163-150400.191.1 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:34:39 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:34:39 +0100 (CET) Subject: SUSE-CU-2023:4245-1: Security update of suse/389-ds Message-ID: <20231222123439.D05E5FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4245-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.70 , suse/389-ds:latest Container Release : 16.70 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:34:56 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:34:56 +0100 (CET) Subject: SUSE-CU-2023:4246-1: Security update of bci/golang Message-ID: <20231222123456.CCEC2FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4246-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.69 , bci/golang:oldstable , bci/golang:oldstable-2.4.69 Container Release : 4.69 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:35:07 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:35:07 +0100 (CET) Subject: SUSE-CU-2023:4247-1: Security update of bci/golang Message-ID: <20231222123507.5B5CDFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4247-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-8.30 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-8.30 Container Release : 8.30 Severity : important Type : security References : 1206346 1216943 1217833 1217834 CVE-2023-39326 CVE-2023-45284 CVE-2023-45285 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4930-1 Released: Wed Dec 20 15:25:13 2023 Summary: Security update for go1.20-openssl Type: security Severity: important References: 1206346,1216943,1217833,1217834,CVE-2023-39326,CVE-2023-45284,CVE-2023-45285 This update for go1.20-openssl fixes the following issues: Update to version 1.20.12.1: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). - CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). - cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents - cmd/go: TestScript/mod_get_direct fails with 'Filename too long' on Windows The following package changes have been done: - go1.20-openssl-doc-1.20.12.1-150000.1.17.1 updated - go1.20-openssl-1.20.12.1-150000.1.17.1 updated - go1.20-openssl-race-1.20.12.1-150000.1.17.1 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:35:24 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:35:24 +0100 (CET) Subject: SUSE-CU-2023:4248-1: Security update of bci/golang Message-ID: <20231222123524.86D16FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4248-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.4.67 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.4.67 Container Release : 4.67 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:35:33 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:35:33 +0100 (CET) Subject: SUSE-CU-2023:4249-1: Security update of bci/golang Message-ID: <20231222123533.642EEFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4249-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-8.30 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-8.30 Container Release : 8.30 Severity : important Type : security References : 1212475 1216943 1217833 1217834 CVE-2023-39326 CVE-2023-45284 CVE-2023-45285 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4931-1 Released: Wed Dec 20 15:25:42 2023 Summary: Security update for go1.21-openssl Type: security Severity: important References: 1212475,1216943,1217833,1217834,CVE-2023-39326,CVE-2023-45284,CVE-2023-45285 This update for go1.21-openssl fixes the following issues: Update to version 1.21.5.1: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). - CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). - cmd/go: go mod download needs to support toolchain upgrades - cmd/compile: invalid pointer found on stack when compiled with -race - os: NTFS deduped file changed from regular to irregular - net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux kernel < 5.1 - cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents - syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms - runtime: self-deadlock on mheap_.lock - crypto/rand: Legacy RtlGenRandom use on Windows The following package changes have been done: - go1.21-openssl-doc-1.21.5.1-150000.1.8.1 updated - go1.21-openssl-1.21.5.1-150000.1.8.1 updated - go1.21-openssl-race-1.21.5.1-150000.1.8.1 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:35:39 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:35:39 +0100 (CET) Subject: SUSE-CU-2023:4250-1: Security update of suse/helm Message-ID: <20231222123539.A06ACFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4250-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-3.28 , suse/helm:latest Container Release : 3.28 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:micro-image-15.5.0-12.8 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:35:56 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:35:56 +0100 (CET) Subject: SUSE-CU-2023:4251-1: Security update of bci/nodejs Message-ID: <20231222123556.E9780FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4251-1 Container Tags : bci/node:18 , bci/node:18-12.27 , bci/nodejs:18 , bci/nodejs:18-12.27 Container Release : 12.27 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:36:19 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:36:19 +0100 (CET) Subject: SUSE-CU-2023:4252-1: Security update of bci/openjdk-devel Message-ID: <20231222123619.E5CD0FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4252-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.117 , bci/openjdk-devel:latest Container Release : 12.117 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:bci-openjdk-17-15.5.17-12.59 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:36:41 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:36:41 +0100 (CET) Subject: SUSE-CU-2023:4253-1: Security update of suse/pcp Message-ID: <20231222123641.B0C8BFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4253-1 Container Tags : suse/pcp:5 , suse/pcp:5-18.5 , suse/pcp:5.2 , suse/pcp:5.2-18.5 , suse/pcp:5.2.5 , suse/pcp:5.2.5-18.5 , suse/pcp:latest Container Release : 18.5 Severity : moderate Type : security References : 1201384 1216853 1218014 CVE-2023-38472 CVE-2023-50495 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4901-1 Released: Tue Dec 19 11:25:47 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1216853,CVE-2023-38472 This update for avahi fixes the following issues: - CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853). The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - libavahi-common3-0.8-150400.7.13.1 updated - libavahi-client3-0.8-150400.7.13.1 updated - container:bci-bci-init-15.5-15.5-10.61 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:36:44 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:36:44 +0100 (CET) Subject: SUSE-CU-2023:4254-1: Security update of suse/postgres Message-ID: <20231222123644.222DBFBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4254-1 Container Tags : suse/postgres:16 , suse/postgres:16-2.13 , suse/postgres:16.1 , suse/postgres:16.1-2.13 , suse/postgres:latest Container Release : 2.13 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:37:03 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:37:03 +0100 (CET) Subject: SUSE-CU-2023:4255-1: Security update of bci/python Message-ID: <20231222123703.91DC4FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4255-1 Container Tags : bci/python:3 , bci/python:3-12.54 , bci/python:3.11 , bci/python:3.11-12.54 , bci/python:latest Container Release : 12.54 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:37:23 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:37:23 +0100 (CET) Subject: SUSE-CU-2023:4256-1: Security update of bci/python Message-ID: <20231222123723.B7473FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4256-1 Container Tags : bci/python:3 , bci/python:3-14.54 , bci/python:3.6 , bci/python:3.6-14.54 Container Release : 14.54 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:37:43 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:37:43 +0100 (CET) Subject: SUSE-CU-2023:4257-1: Security update of bci/ruby Message-ID: <20231222123743.49F5AFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4257-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.54 , bci/ruby:2.5 , bci/ruby:2.5-12.54 , bci/ruby:latest Container Release : 12.54 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:38:00 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:38:00 +0100 (CET) Subject: SUSE-CU-2023:4258-1: Security update of bci/rust Message-ID: <20231222123800.A5168FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4258-1 Container Tags : bci/rust:1.73 , bci/rust:1.73-2.2.15 , bci/rust:oldstable , bci/rust:oldstable-2.2.15 Container Release : 2.15 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Fri Dec 22 12:38:17 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 22 Dec 2023 13:38:17 +0100 (CET) Subject: SUSE-CU-2023:4259-1: Security update of bci/rust Message-ID: <20231222123817.B686EFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4259-1 Container Tags : bci/rust:1.74 , bci/rust:1.74-1.2.15 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.15 Container Release : 2.15 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:06:20 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:06:20 +0100 (CET) Subject: SUSE-CU-2023:4262-1: Recommended update of suse/sle15 Message-ID: <20231223080620.13455FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4262-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.229 , suse/sle15:15.3 , suse/sle15:15.3.17.20.229 Container Release : 17.20.229 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4963-1 Released: Fri Dec 22 14:37:08 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) The following package changes have been done: - curl-7.66.0-150200.4.66.1 updated - libcurl4-7.66.0-150200.4.66.1 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:07:14 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:07:14 +0100 (CET) Subject: SUSE-CU-2023:4263-1: Recommended update of bci/bci-init Message-ID: <20231223080714.8B8E2FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4263-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.30.46 Container Release : 30.46 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-27.14.130 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:07:49 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:07:49 +0100 (CET) Subject: SUSE-CU-2023:4264-1: Recommended update of bci/nodejs Message-ID: <20231223080749.434F3FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4264-1 Container Tags : bci/node:16 , bci/node:16-18.41 , bci/nodejs:16 , bci/nodejs:16-18.41 Container Release : 18.41 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-27.14.130 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:08:10 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:08:10 +0100 (CET) Subject: SUSE-CU-2023:4265-1: Recommended update of suse/postgres Message-ID: <20231223080810.89892FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4265-1 Container Tags : suse/postgres:14 , suse/postgres:14-24.30 , suse/postgres:14.10 , suse/postgres:14.10-24.30 Container Release : 24.30 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-27.14.130 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:09:00 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:09:00 +0100 (CET) Subject: SUSE-CU-2023:4266-1: Recommended update of bci/python Message-ID: <20231223080900.75FC6FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4266-1 Container Tags : bci/python:3 , bci/python:3-16.44 , bci/python:3.10 , bci/python:3.10-16.44 Container Release : 16.44 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - curl-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-27.14.130 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:09:45 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:09:45 +0100 (CET) Subject: SUSE-CU-2023:4267-1: Recommended update of suse/sle15 Message-ID: <20231223080945.0AAB5FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4267-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.130 , suse/sle15:15.4 , suse/sle15:15.4.27.14.130 Container Release : 27.14.130 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - curl-8.0.1-150400.5.41.1 updated - libcurl4-8.0.1-150400.5.41.1 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:10:05 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:10:05 +0100 (CET) Subject: SUSE-CU-2023:4268-1: Recommended update of suse/389-ds Message-ID: <20231223081005.A1AE8FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4268-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.71 , suse/389-ds:latest Container Release : 16.71 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:10:26 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:10:26 +0100 (CET) Subject: SUSE-CU-2023:4269-1: Recommended update of bci/dotnet-aspnet Message-ID: <20231223081026.CA4B1FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4269-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-18.25 , bci/dotnet-aspnet:6.0.25 , bci/dotnet-aspnet:6.0.25-18.25 Container Release : 18.25 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:10:47 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:10:47 +0100 (CET) Subject: SUSE-CU-2023:4270-1: Recommended update of bci/dotnet-aspnet Message-ID: <20231223081047.C02F0FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4270-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-18.26 , bci/dotnet-aspnet:7.0.14 , bci/dotnet-aspnet:7.0.14-18.26 , bci/dotnet-aspnet:latest Container Release : 18.26 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:11:13 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:11:13 +0100 (CET) Subject: SUSE-CU-2023:4271-1: Recommended update of bci/dotnet-sdk Message-ID: <20231223081113.A8F34FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4271-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-17.26 , bci/dotnet-sdk:6.0.25 , bci/dotnet-sdk:6.0.25-17.26 Container Release : 17.26 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:11:38 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:11:38 +0100 (CET) Subject: SUSE-CU-2023:4272-1: Recommended update of bci/dotnet-sdk Message-ID: <20231223081138.7F839FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4272-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-19.25 , bci/dotnet-sdk:7.0.14 , bci/dotnet-sdk:7.0.14-19.25 , bci/dotnet-sdk:latest Container Release : 19.25 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:11:56 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:11:56 +0100 (CET) Subject: SUSE-CU-2023:4273-1: Recommended update of bci/dotnet-runtime Message-ID: <20231223081156.AE446FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4273-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-17.26 , bci/dotnet-runtime:6.0.25 , bci/dotnet-runtime:6.0.25-17.26 Container Release : 17.26 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:12:14 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:12:14 +0100 (CET) Subject: SUSE-CU-2023:4274-1: Recommended update of bci/dotnet-runtime Message-ID: <20231223081214.E7C2BFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4274-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-19.26 , bci/dotnet-runtime:7.0.14 , bci/dotnet-runtime:7.0.14-19.26 , bci/dotnet-runtime:latest Container Release : 19.26 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:12:21 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:12:21 +0100 (CET) Subject: SUSE-CU-2023:4275-1: Recommended update of suse/git Message-ID: <20231223081221.BA170FBA4@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4275-1 Container Tags : suse/git:2.35 , suse/git:2.35-4.27 , suse/git:latest Container Release : 4.27 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:12:33 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:12:33 +0100 (CET) Subject: SUSE-CU-2023:4276-1: Recommended update of bci/golang Message-ID: <20231223081233.4DD7EFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4276-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-8.31 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-8.31 Container Release : 8.31 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:12:51 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:12:51 +0100 (CET) Subject: SUSE-CU-2023:4277-1: Recommended update of bci/golang Message-ID: <20231223081251.1CD8BFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4277-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.4.68 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.4.68 Container Release : 4.68 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:13:02 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:13:02 +0100 (CET) Subject: SUSE-CU-2023:4278-1: Recommended update of bci/golang Message-ID: <20231223081302.1F144FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4278-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-8.31 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-8.31 Container Release : 8.31 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:13:20 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:13:20 +0100 (CET) Subject: SUSE-CU-2023:4279-1: Recommended update of bci/bci-init Message-ID: <20231223081320.8A78BFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4279-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.10.62 , bci/bci-init:latest Container Release : 10.62 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:13:32 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:13:32 +0100 (CET) Subject: SUSE-CU-2023:4280-1: Recommended update of suse/nginx Message-ID: <20231223081332.B4326FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4280-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.61 , suse/nginx:latest Container Release : 5.61 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:13:36 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:13:36 +0100 (CET) Subject: SUSE-CU-2023:4281-1: Recommended update of bci/nodejs Message-ID: <20231223081336.C3128FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4281-1 Container Tags : bci/node:20 , bci/node:20-2.26 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-2.26 , bci/nodejs:latest Container Release : 2.26 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sat Dec 23 08:14:03 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 23 Dec 2023 09:14:03 +0100 (CET) Subject: SUSE-CU-2023:4282-1: Recommended update of bci/openjdk-devel Message-ID: <20231223081403.0CC9EFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4282-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.124 Container Release : 10.124 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:bci-openjdk-11-15.5.11-11.61 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:02:25 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:02:25 +0100 (CET) Subject: SUSE-CU-2023:4283-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20231224080225.27FFFFBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4283-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.281 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.281 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-27.14.130 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:03:03 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:03:03 +0100 (CET) Subject: SUSE-CU-2023:4284-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20231224080303.651C7FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4284-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.179 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.179 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-27.14.130 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:03:23 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:03:23 +0100 (CET) Subject: SUSE-CU-2023:4285-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20231224080323.22EF6FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4285-1 Container Tags : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.123 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.123 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:05:24 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:05:24 +0100 (CET) Subject: SUSE-CU-2023:4286-1: Recommended update of suse/sles12sp5 Message-ID: <20231224080524.D744FFBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4286-1 Container Tags : suse/sles12sp5:6.5.546 , suse/sles12sp5:latest Container Release : 6.5.546 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4964-1 Released: Fri Dec 22 14:38:31 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) The following package changes have been done: - libcurl4-8.0.1-11.83.2 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:08:00 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:08:00 +0100 (CET) Subject: SUSE-CU-2023:4287-1: Security update of suse/sle15 Message-ID: <20231224080800.CD783FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4287-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.857 Container Release : 6.2.857 Severity : moderate Type : security References : 1201384 1208143 1217277 1218014 CVE-2023-0361 CVE-2023-50495 CVE-2023-5981 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4952-1 Released: Thu Dec 21 15:08:30 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1208143,1217277,CVE-2023-0361,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143). - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). The following package changes have been done: - libgnutls30-3.6.7-150000.6.50.1 updated - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:09:59 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:09:59 +0100 (CET) Subject: SUSE-CU-2023:4288-1: Recommended update of suse/sle15 Message-ID: <20231224080959.BB324FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4288-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.385 Container Release : 9.5.385 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4963-1 Released: Fri Dec 22 14:37:08 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) The following package changes have been done: - libcurl4-7.66.0-150200.4.66.1 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:10:33 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:10:33 +0100 (CET) Subject: SUSE-CU-2023:4282-1: Recommended update of bci/openjdk-devel Message-ID: <20231224081033.7F01AFBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4282-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-10.124 Container Release : 10.124 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:bci-openjdk-11-15.5.11-11.61 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:10:57 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:10:57 +0100 (CET) Subject: SUSE-CU-2023:4289-1: Recommended update of bci/openjdk Message-ID: <20231224081057.3BC2DFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4289-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-11.61 Container Release : 11.61 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:11:28 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:11:28 +0100 (CET) Subject: SUSE-CU-2023:4290-1: Recommended update of bci/openjdk-devel Message-ID: <20231224081128.B6EB4FBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4290-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.119 , bci/openjdk-devel:latest Container Release : 12.119 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:bci-openjdk-17-15.5.17-12.60 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:12:11 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:12:11 +0100 (CET) Subject: SUSE-CU-2023:4291-1: Recommended update of suse/pcp Message-ID: <20231224081211.23392FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4291-1 Container Tags : suse/pcp:5 , suse/pcp:5-18.7 , suse/pcp:5.2 , suse/pcp:5.2-18.7 , suse/pcp:5.2.5 , suse/pcp:5.2.5-18.7 , suse/pcp:latest Container Release : 18.7 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:bci-bci-init-15.5-15.5-10.62 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:12:34 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:12:34 +0100 (CET) Subject: SUSE-CU-2023:4292-1: Recommended update of bci/php-apache Message-ID: <20231224081234.52578FBAC@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4292-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.56 Container Release : 8.56 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:12:57 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:12:57 +0100 (CET) Subject: SUSE-CU-2023:4293-1: Recommended update of bci/php-fpm Message-ID: <20231224081257.55C70FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4293-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.61 Container Release : 8.61 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:13:19 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:13:19 +0100 (CET) Subject: SUSE-CU-2023:4294-1: Recommended update of bci/php Message-ID: <20231224081319.2A469FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4294-1 Container Tags : bci/php:8 , bci/php:8-8.56 Container Release : 8.56 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:13:42 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:13:42 +0100 (CET) Subject: SUSE-CU-2023:4295-1: Recommended update of suse/postgres Message-ID: <20231224081342.9CE07FBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4295-1 Container Tags : suse/postgres:15 , suse/postgres:15-13.15 , suse/postgres:15.5 , suse/postgres:15.5-13.15 Container Release : 13.15 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:13:45 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:13:45 +0100 (CET) Subject: SUSE-CU-2023:4296-1: Recommended update of suse/postgres Message-ID: <20231224081345.C7559FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4296-1 Container Tags : suse/postgres:16 , suse/postgres:16-2.14 , suse/postgres:16.1 , suse/postgres:16.1-2.14 , suse/postgres:latest Container Release : 2.14 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:14:10 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:14:10 +0100 (CET) Subject: SUSE-CU-2023:4297-1: Recommended update of bci/python Message-ID: <20231224081410.EBC95FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4297-1 Container Tags : bci/python:3 , bci/python:3-14.55 , bci/python:3.6 , bci/python:3.6-14.55 Container Release : 14.55 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - curl-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:14:20 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:14:20 +0100 (CET) Subject: SUSE-CU-2023:4298-1: Recommended update of suse/rmt-server Message-ID: <20231224081420.D3A2AFBAC@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4298-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.55 , suse/rmt-server:latest Container Release : 11.55 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:14:44 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:14:44 +0100 (CET) Subject: SUSE-CU-2023:4299-1: Recommended update of bci/ruby Message-ID: <20231224081444.D0087FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4299-1 Container Tags : bci/ruby:2 , bci/ruby:2-12.55 , bci/ruby:2.5 , bci/ruby:2.5-12.55 , bci/ruby:latest Container Release : 12.55 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - curl-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:15:07 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:15:07 +0100 (CET) Subject: SUSE-CU-2023:4300-1: Recommended update of bci/rust Message-ID: <20231224081507.C5073FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4300-1 Container Tags : bci/rust:1.73 , bci/rust:1.73-2.2.16 , bci/rust:oldstable , bci/rust:oldstable-2.2.16 Container Release : 2.16 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:15:30 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:15:30 +0100 (CET) Subject: SUSE-CU-2023:4301-1: Recommended update of bci/rust Message-ID: <20231224081530.8DD46FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4301-1 Container Tags : bci/rust:1.74 , bci/rust:1.74-1.2.16 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.16 Container Release : 2.16 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Sun Dec 24 08:15:50 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 24 Dec 2023 09:15:50 +0100 (CET) Subject: SUSE-CU-2023:4302-1: Recommended update of suse/sle15 Message-ID: <20231224081550.B770BFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4302-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.68 , suse/sle15:15.5 , suse/sle15:15.5.36.5.68 Container Release : 36.5.68 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - curl-8.0.1-150400.5.41.1 updated - libcurl4-8.0.1-150400.5.41.1 updated From sle-container-updates at lists.suse.com Mon Dec 25 08:02:10 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:02:10 +0100 (CET) Subject: SUSE-CU-2023:4302-1: Recommended update of suse/sle15 Message-ID: <20231225080210.0C2B1FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4302-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.68 , suse/sle15:15.5 , suse/sle15:15.5.36.5.68 Container Release : 36.5.68 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - curl-8.0.1-150400.5.41.1 updated - libcurl4-8.0.1-150400.5.41.1 updated From sle-container-updates at lists.suse.com Mon Dec 25 08:02:23 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:02:23 +0100 (CET) Subject: SUSE-CU-2023:4303-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20231225080223.CCFD2FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4303-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.9 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.9 Container Release : 9.43.9 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - curl-8.0.1-150400.5.41.1 updated From sle-container-updates at lists.suse.com Mon Dec 25 08:02:32 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:02:32 +0100 (CET) Subject: SUSE-CU-2023:4304-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20231225080232.DA87CFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4304-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.10 , suse/manager/4.3/proxy-salt-broker:4.3.10.9.33.8 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.10 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.10.9.33.8 Container Release : 9.33.8 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - curl-8.0.1-150400.5.41.1 updated From sle-container-updates at lists.suse.com Mon Dec 25 08:02:42 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:02:42 +0100 (CET) Subject: SUSE-CU-2023:4305-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20231225080242.19511FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4305-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.10 , suse/manager/4.3/proxy-squid:4.3.10.9.42.6 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.10 , suse/manager/4.3/proxy-squid:susemanager-4.3.10.9.42.6 Container Release : 9.42.6 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated From sle-container-updates at lists.suse.com Mon Dec 25 08:02:50 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:02:50 +0100 (CET) Subject: SUSE-CU-2023:4306-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20231225080250.7BA2BFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4306-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.10 , suse/manager/4.3/proxy-ssh:4.3.10.9.33.7 , suse/manager/4.3/proxy-ssh:latest , suse/manager/4.3/proxy-ssh:susemanager-4.3.10 , suse/manager/4.3/proxy-ssh:susemanager-4.3.10.9.33.7 Container Release : 9.33.7 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated From sle-container-updates at lists.suse.com Mon Dec 25 08:02:59 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:02:59 +0100 (CET) Subject: SUSE-CU-2023:4307-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20231225080259.D272AFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4307-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.10 , suse/manager/4.3/proxy-tftpd:4.3.10.9.33.7 , suse/manager/4.3/proxy-tftpd:latest , suse/manager/4.3/proxy-tftpd:susemanager-4.3.10 , suse/manager/4.3/proxy-tftpd:susemanager-4.3.10.9.33.7 Container Release : 9.33.7 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated From sle-container-updates at lists.suse.com Mon Dec 25 08:03:27 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:03:27 +0100 (CET) Subject: SUSE-CU-2023:4308-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20231225080327.F0B03FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4308-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.517 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.517 Severity : important Type : security References : 1201384 1216987 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4963-1 Released: Fri Dec 22 14:37:08 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) The following package changes have been done: - libcurl4-7.66.0-150200.4.66.1 updated - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-17.20.229 updated From sle-container-updates at lists.suse.com Mon Dec 25 08:04:53 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 25 Dec 2023 09:04:53 +0100 (CET) Subject: SUSE-CU-2023:4310-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20231225080453.A78C4FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4310-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.339 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.339 Severity : important Type : security References : 1201384 1216987 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4963-1 Released: Fri Dec 22 14:37:08 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) The following package changes have been done: - libcurl4-7.66.0-150200.4.66.1 updated - libncurses6-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-17.20.229 updated From sle-container-updates at lists.suse.com Tue Dec 26 08:02:46 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:02:46 +0100 (CET) Subject: SUSE-CU-2023:4311-1: Recommended update of bci/nodejs Message-ID: <20231226080246.69077FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4311-1 Container Tags : bci/node:16 , bci/node:16-18.42 , bci/nodejs:16 , bci/nodejs:16-18.42 Container Release : 18.42 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From sle-container-updates at lists.suse.com Tue Dec 26 08:03:10 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:03:10 +0100 (CET) Subject: SUSE-CU-2023:4312-1: Recommended update of bci/dotnet-aspnet Message-ID: <20231226080310.8E74CFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4312-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-18.26 , bci/dotnet-aspnet:6.0.25 , bci/dotnet-aspnet:6.0.25-18.26 Container Release : 18.26 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From sle-container-updates at lists.suse.com Tue Dec 26 08:03:28 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:03:28 +0100 (CET) Subject: SUSE-CU-2023:4313-1: Recommended update of bci/dotnet-aspnet Message-ID: <20231226080328.551DBFBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4313-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-18.27 , bci/dotnet-aspnet:7.0.14 , bci/dotnet-aspnet:7.0.14-18.27 , bci/dotnet-aspnet:latest Container Release : 18.27 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From sle-container-updates at lists.suse.com Tue Dec 26 08:03:55 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:03:55 +0100 (CET) Subject: SUSE-CU-2023:4314-1: Recommended update of bci/dotnet-sdk Message-ID: <20231226080355.4F095FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4314-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-17.27 , bci/dotnet-sdk:6.0.25 , bci/dotnet-sdk:6.0.25-17.27 Container Release : 17.27 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From sle-container-updates at lists.suse.com Tue Dec 26 08:04:19 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:04:19 +0100 (CET) Subject: SUSE-CU-2023:4315-1: Recommended update of bci/dotnet-sdk Message-ID: <20231226080419.9949AFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4315-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-19.26 , bci/dotnet-sdk:7.0.14 , bci/dotnet-sdk:7.0.14-19.26 , bci/dotnet-sdk:latest Container Release : 19.26 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From sle-container-updates at lists.suse.com Tue Dec 26 08:04:37 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:04:37 +0100 (CET) Subject: SUSE-CU-2023:4316-1: Recommended update of bci/dotnet-runtime Message-ID: <20231226080437.A8BF3FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4316-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-17.27 , bci/dotnet-runtime:6.0.25 , bci/dotnet-runtime:6.0.25-17.27 Container Release : 17.27 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From sle-container-updates at lists.suse.com Tue Dec 26 08:05:00 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:05:00 +0100 (CET) Subject: SUSE-CU-2023:4317-1: Recommended update of bci/dotnet-runtime Message-ID: <20231226080500.054B8FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4317-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-19.27 , bci/dotnet-runtime:7.0.14 , bci/dotnet-runtime:7.0.14-19.27 , bci/dotnet-runtime:latest Container Release : 19.27 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From sle-container-updates at lists.suse.com Tue Dec 26 08:05:13 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:05:13 +0100 (CET) Subject: SUSE-CU-2023:4318-1: Security update of suse/nginx Message-ID: <20231226080513.C212BFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4318-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-5.62 , suse/nginx:latest Container Release : 5.62 Severity : low Type : security References : 1198146 CVE-2022-1210 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4968-1 Released: Mon Dec 25 09:12:49 2023 Summary: Security update for jbigkit Type: security Severity: low References: 1198146,CVE-2022-1210 This update for jbigkit fixes the following issues: - CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146). The following package changes have been done: - libjbig2-2.1-150000.3.5.1 updated From sle-container-updates at lists.suse.com Tue Dec 26 08:05:17 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 26 Dec 2023 09:05:17 +0100 (CET) Subject: SUSE-CU-2023:4319-1: Recommended update of bci/nodejs Message-ID: <20231226080517.094A3FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4319-1 Container Tags : bci/node:20 , bci/node:20-2.27 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-2.27 , bci/nodejs:latest Container Release : 2.27 Severity : moderate Type : recommended References : 1217354 1217479 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 updated - libicu73_2-73.2-150000.1.7.1 updated From sle-container-updates at lists.suse.com Wed Dec 27 08:02:22 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 27 Dec 2023 09:02:22 +0100 (CET) Subject: SUSE-CU-2023:4320-1: Security update of suse/registry Message-ID: <20231227080222.D256BFBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4320-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-15.31 , suse/registry:latest Container Release : 15.31 Severity : moderate Type : security References : 1216491 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4974-1 Released: Tue Dec 26 05:02:31 2023 Summary: Security update for distribution Type: security Severity: moderate References: 1216491 This update for distribution fixes the following issues: distribution was updated to 2.8.3 (bsc#1216491): * Pass `BUILDTAGS` argument to `go build` * Enable Go build tags * `reference`: replace deprecated function `SplitHostname` * Dont parse errors as JSON unless Content-Type is set to JSON * update to go 1.20.8 * Set `Content-Type` header in registry client `ReadFrom` * deprecate reference package, migrate to github.com/distribution/reference * `digestset`: deprecate package in favor of `go-digest/digestset` * Do not close HTTP request body in HTTP handler The following package changes have been done: - distribution-registry-2.8.3-150400.9.24.1 updated From sle-container-updates at lists.suse.com Thu Dec 28 08:03:19 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 28 Dec 2023 09:03:19 +0100 (CET) Subject: SUSE-CU-2023:4323-1: Recommended update of bci/golang Message-ID: <20231228080319.3B5D5FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4323-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.72 , bci/golang:oldstable , bci/golang:oldstable-2.4.72 Container Release : 4.72 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Fri Dec 29 08:03:34 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:03:34 +0100 (CET) Subject: SUSE-CU-2023:4324-1: Recommended update of suse/sles12sp5 Message-ID: <20231229080334.C4E58FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4324-1 Container Tags : suse/sles12sp5:6.5.548 , suse/sles12sp5:latest Container Release : 6.5.548 Severity : moderate Type : recommended References : 1216825 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4977-1 Released: Wed Dec 27 10:35:46 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1216825 This update for procps fixes the following issue: - Avoid SIGSEGV in case of sending SIGTERM to a top command running in batch mode (bsc#1216825) The following package changes have been done: - libprocps3-3.3.9-11.30.1 updated - procps-3.3.9-11.30.1 updated From sle-container-updates at lists.suse.com Fri Dec 29 08:05:41 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:05:41 +0100 (CET) Subject: SUSE-CU-2023:4325-1: Security update of suse/sle15 Message-ID: <20231229080541.322E0FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4325-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.387 Container Release : 9.5.387 Severity : moderate Type : security References : 1217277 CVE-2023-5981 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4986-1 Released: Thu Dec 28 16:05:33 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1217277,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). The following package changes have been done: - libgnutls30-hmac-3.6.7-150200.14.28.1 updated - libgnutls30-3.6.7-150200.14.28.1 updated From sle-container-updates at lists.suse.com Fri Dec 29 08:07:27 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:07:27 +0100 (CET) Subject: SUSE-CU-2023:4329-1: Recommended update of bci/openjdk Message-ID: <20231229080727.100B8FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4329-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.62 , bci/openjdk:latest Container Release : 12.62 Severity : important Type : recommended References : 1216987 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Fri Dec 29 08:08:11 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:08:11 +0100 (CET) Subject: SUSE-CU-2023:4331-1: Security update of bci/php-apache Message-ID: <20231229080811.15CF5FBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4331-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.59 Container Release : 8.59 Severity : moderate Type : security References : 1217277 CVE-2023-5981 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4983-1 Released: Thu Dec 28 14:21:40 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1217277,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). The following package changes have been done: - libgnutls30-3.7.3-150400.4.38.1 updated - libgnutls30-hmac-3.7.3-150400.4.38.1 updated From sle-container-updates at lists.suse.com Fri Dec 29 08:08:31 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:08:31 +0100 (CET) Subject: SUSE-CU-2023:4332-1: Security update of bci/php-fpm Message-ID: <20231229080831.2EC7BFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4332-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-8.64 Container Release : 8.64 Severity : moderate Type : security References : 1217277 CVE-2023-5981 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4983-1 Released: Thu Dec 28 14:21:40 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1217277,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). The following package changes have been done: - libgnutls30-3.7.3-150400.4.38.1 updated - libgnutls30-hmac-3.7.3-150400.4.38.1 updated From sle-container-updates at lists.suse.com Fri Dec 29 08:08:50 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:08:50 +0100 (CET) Subject: SUSE-CU-2023:4333-1: Security update of bci/php Message-ID: <20231229080850.C5E1BFBA9@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4333-1 Container Tags : bci/php:8 , bci/php:8-8.59 Container Release : 8.59 Severity : moderate Type : security References : 1217277 CVE-2023-5981 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4983-1 Released: Thu Dec 28 14:21:40 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1217277,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). The following package changes have been done: - libgnutls30-3.7.3-150400.4.38.1 updated - libgnutls30-hmac-3.7.3-150400.4.38.1 updated From sle-container-updates at lists.suse.com Fri Dec 29 08:09:11 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:09:11 +0100 (CET) Subject: SUSE-CU-2023:4334-1: Security update of bci/python Message-ID: <20231229080911.6BF61FBA4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4334-1 Container Tags : bci/python:3 , bci/python:3-12.58 , bci/python:3.11 , bci/python:3.11-12.58 , bci/python:latest Container Release : 12.58 Severity : important Type : security References : 1216987 1217353 CVE-2023-5752 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4962-1 Released: Fri Dec 22 13:45:06 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) This update also ships curl to the INSTALLER channel. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4988-1 Released: Thu Dec 28 16:06:49 2023 Summary: Security update for python-pip Type: security Severity: low References: 1217353,CVE-2023-5752 This update for python-pip fixes the following issues: - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter (bsc#1217353). The following package changes have been done: - libcurl4-8.0.1-150400.5.41.1 updated - curl-8.0.1-150400.5.41.1 updated - python311-pip-22.3.1-150400.17.12.1 updated - container:sles15-image-15.0.0-36.5.68 updated From sle-container-updates at lists.suse.com Fri Dec 29 08:09:20 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 29 Dec 2023 09:09:20 +0100 (CET) Subject: SUSE-CU-2023:4335-1: Recommended update of suse/rmt-server Message-ID: <20231229080920.22C95FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4335-1 Container Tags : suse/rmt-server:2.14 , suse/rmt-server:2.14-11.58 , suse/rmt-server:latest Container Release : 11.58 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4976-1 Released: Wed Dec 27 10:34:15 2023 Summary: Recommended update for mariadb-connector-c Type: recommended Severity: moderate References: This update for mariadb-connector-c fixes the following issue: - Update to release 3.1.22: The following package changes have been done: - libmariadb3-3.1.22-150000.3.36.1 updated From sle-container-updates at lists.suse.com Sat Dec 30 08:02:23 2023 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 30 Dec 2023 09:02:23 +0100 (CET) Subject: SUSE-CU-2023:4336-1: Security update of suse/389-ds Message-ID: <20231230080223.AFA02FBA9@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4336-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-16.74 , suse/389-ds:latest Container Release : 16.74 Severity : moderate Type : security References : 1030253 1095425 1103893 1112183 1146907 1158955 1159131 1161007 1162882 1166844 1167603 1182252 1182645 1192935 1193951 1217354 1217479 354372 437293 824262 CVE-2020-10531 CVE-2020-21913 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3563-1 Released: Fri Sep 8 15:28:17 2023 Summary: Security update for icu73_2 Type: security Severity: moderate References: 1030253,1095425,1103893,1112183,1146907,1158955,1159131,1161007,1162882,1166844,1167603,1182252,1182645,1192935,1193951,354372,437293,824262,CVE-2020-10531,CVE-2020-21913 This update for icu73_2 fixes the following issues: - Update to release 73.2 * CLDR extends the support for ???short??? Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine - Update to release 73.1 * Improved Japanese and Korean short-text line breaking * Reduction of C++ memory use in date formatting - Update to release 72.1 * Support for Unicode 15, including new characters, scripts, emoji, and corresponding API constants. * Support for CLDR 42 locale data with various additions and corrections. * Shift to tzdb 2022e. Pre-1970 data for a number of timezones has been removed. - bump library packagename to libicu71 to match the version. - update to 71.1: * updates to CLDR 41 locale data with various additions and corrections. * phrase-based line breaking for Japanese. Existing line breaking methods follow standards and conventions for body text but do not work well for short Japanese text, such as in titles and headings. This new feature is optimized for these use cases. * support for Hindi written in Latin letters (hi_Latn). The CLDR data for this increasingly popular locale has been significantly revised and expanded. Note that based on user expectations, hi_Latn incorporates a large amount of English, and can also be referred to as ???Hinglish???. * time zone data updated to version 2022a. Note that pre-1970 data for a number of time zones has been removed, as has been the case in the upstream tzdata release since 2021b. - ICU-21793 Fix ucptrietest golden diff [bsc#1192935] - Update to release 70.1: * Unicode 14 (new characters, scripts, emoji, and API constants) * CLDR 40 (many additions and corrections) * Fixes for measurement unit formatting * Can now be built with up to C++20 compilers - ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder - Update to release 69.1 * CLDR 39 * For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. * Binary prefixes in measurement units (KiB, MiB, etc.) * Time zone offsets from local time: New APIs BasicTimeZone::getOffsetFromLocal() (C++) and ucal_getTimeZoneOffsetFromLocal() - Backport ICU-21366 (bsc#1182645) - Update to release 68.2 * Fix memory problem in FormattedStringBuilder * Fix assertion when setKeywordValue w/ long value. * Fix UBSan breakage on 8bit of rbbi * fix int32_t overflow in listFormat * Fix memory handling in MemoryPool::operator=() * Fix memory leak in AliasReplacer - Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 - Update to release 68.1 * CLDR 38 * Measurement unit preferences * PluralRules selection for ranges of numbers * Locale ID canonicalization now conforms to the CLDR spec including edge cases * DateIntervalFormat supports output options such as capitalization * Measurement units are normalized in skeleton string output * Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 * Unicode 13 (ICU-20893, same as in ICU 66) + Total of 5930 new characters + 4 new scripts + 55 new emoji characters, plus additional new sequences + New CJK extension, first characters in plane 3: U+30000..U+3134A * CLDR 37 + New language at Modern coverage: Nigerian Pidgin + New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese + Region containment: EU no longer includes GB + Unicode 13 root collation data and Chinese data for collation and transliteration * DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442) * Various other improvements for ECMA-402 conformance * Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418) * Currency formatting options for formal and other currency display name variants (ICU-20854) * ListFormatter: new public API to select the style & type (ICU-12863) * ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew (ICU-21016) * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) * LocaleMatcher: New option to ignore one-way matches (ICU-20936), and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) * Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073) * Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. * Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531). - Update to version 66.1 * Unicode 13 support * Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. (ICU-20972) * use LocalMemory for cmd to prevent use after free (bsc#1193951 CVE-2020-21913). - Remove /usr/lib(64)/icu/current [bsc#1158955]. - Update to release 65.1 (jsc#SLE-11118). * Updated to CLDR 36 locale data with many additions and corrections, and some new measurement units. * The Java LocaleMatcher API is improved, and ported to C++. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4970-1 Released: Mon Dec 25 09:48:21 2023 Summary: Recommended update for icu73_2 Type: recommended Severity: moderate References: 1217354,1217479 This update for icu73_2 fixes the following issue: - ships 32bit icu library on SLES 15 SP3 to complement the ICU 69 32bit libraries. The following package changes have been done: - libicu73_2-ledata-73.2-150000.1.7.1 added - libicu73_2-73.2-150000.1.7.1 added - libsvrcore0-2.2.8~git51.3688d68-150500.3.14.1 updated - lib389-2.2.8~git51.3688d68-150500.3.14.1 updated - 389-ds-2.2.8~git51.3688d68-150500.3.14.1 updated - libicu-suse65_1-65.1-150200.4.10.1 removed - libicu65_1-ledata-65.1-150200.4.10.1 removed