SUSE-CU-2024:1245-1: Security update of bci/bci-minimal
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Apr 3 07:09:50 UTC 2024
SUSE Container Update Advisory: bci/bci-minimal
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1245-1
Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.18.3 , bci/bci-minimal:latest
Container Release : 18.3
Severity : important
Type : security
References : 1201627 1202870 1207534 1207789 1211430 1213487 1213517 1213853
1215215 1216922 1219243 CVE-2022-4304 CVE-2023-2650 CVE-2023-3446
CVE-2023-3817 CVE-2023-5678 CVE-2024-0727
-----------------------------------------------------------------
The container bci/bci-minimal was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2796-1
Released: Fri Aug 12 14:34:31 2022
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References:
This update for jitterentropy fixes the following issues:
jitterentropy is included in version 3.4.0 (jsc#SLE-24941):
This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library,
used by other FIPS libraries.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3328-1
Released: Wed Sep 21 12:48:56 2022
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References: 1202870
This update for jitterentropy fixes the following issues:
- Hide the non-GNUC constructs that are library internal from the
exported header, to make it usable in builds with strict C99
compliance. (bsc#1202870)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:617-1
Released: Fri Mar 3 16:49:06 2023
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References: 1207789
This update for jitterentropy fixes the following issues:
- build jitterentropy library with debuginfo (bsc#1207789)
-----------------------------------------------------------------
Advisory ID: 29171
Released: Tue Jun 20 12:29:00 2023
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- Update further expiring certificates that affect tests (bsc#1201627)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2965-1
Released: Tue Jul 25 12:30:22 2023
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1213487,CVE-2023-3446
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3102-1
Released: Tue Aug 1 14:11:53 2023
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1213517
This update for openssl-1_1 fixes the following issues:
- Dont pass zero length input to EVP_Cipher (bsc#1213517)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3242-1
Released: Tue Aug 8 18:19:40 2023
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1213853,CVE-2023-3817
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4105-1
Released: Wed Oct 18 08:15:40 2023
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1215215
This update for openssl-1_1 fixes the following issues:
- Displays 'fips' in the version string (bsc#1215215)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4518-1
Released: Tue Nov 21 17:35:30 2023
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1216922,CVE-2023-5678
This update for openssl-1_1 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:549-1
Released: Tue Feb 20 17:05:52 2024
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1219243,CVE-2024-0727
This update for openssl-1_1 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1091-1
Released: Tue Apr 2 12:18:46 2024
Summary: Recommended update for rpm
Type: recommended
Severity: moderate
References:
This update for rpm fixes the following issues:
- Turn on IMA/EVM file signature support, move the imaevm code that needs the
libiamevm library into a plugin, and install this plugin as part of a new
'rpm-imaevmsign' subpackage (jsc#PED-7246).
- Backport signature reserved space handling from upstream.
The following package changes have been done:
- libimaevm3-1.4-150400.3.2.1 added
- libjitterentropy3-3.4.0-150000.1.9.1 added
- libopenssl1_1-1.1.1l-150500.17.25.1 added
- rpm-ndb-4.14.3-150400.59.10.1 updated
- container:micro-image-15.5.0-17.1 updated
More information about the sle-container-updates
mailing list