SUSE-CU-2024:1263-1: Security update of suse/sle-micro/5.3/toolbox
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Apr 4 07:01:53 UTC 2024
SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1263-1
Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.1 , suse/sle-micro/5.3/toolbox:latest
Container Release : 6.8.1
Severity : critical
Type : security
References : 1029961 1044232 1105435 1107342 1114407 1119496 1124223 1125410
1126377 1131060 1131686 1138731 1138731 1154247 1157960 1158830
1166334 1170347 1170347 1173474 1173475 1174673 1176006 1176759
1177864 1181994 1186791 1186827 1188006 1188307 1190858 1194845
1196494 1196495 1197293 1198504 1199079 1200441 1200441 1202868
1203823 1204397 1204690 1204706 1206134 1206212 1206346 1206346
1206346 1206622 1206798 1208270 1208271 1208272 1208529 1209030
1209122 1211188 1211190 1211886 1212160 1212475 1212475 1212475
1212475 1212475 1212475 1212475 1212475 1214248 1215294 1215377
1215434 1215496 1215698 1216410 1216412 1216752 1217000 1217215
1217593 1217873 1218126 1218186 1218209 1218232 1218291 1218475
1218571 1218571 1218782 1218831 1219123 1219123 1219189 1219189
1219238 1219243 1219321 1219442 1219576 1220117 1220385 1220770
1220771 1221218 CVE-2018-1000654 CVE-2019-3880 CVE-2021-46848
CVE-2022-41720 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2023-1667
CVE-2023-2283 CVE-2023-24532 CVE-2023-48795 CVE-2023-6004 CVE-2023-6918
CVE-2023-7207 CVE-2023-7207 CVE-2024-0727 CVE-2024-22365 CVE-2024-25062
CVE-2024-26458 CVE-2024-26461
-----------------------------------------------------------------
The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:82-1
Released: Fri Jan 11 17:16:48 2019
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1044232
This update for suse-build-key fixes the following issues:
- Include the SUSE PTF GPG key in the key directory to avoid it being
stripped via %doc stripping in CAASP. (bsc#1044232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:207-1
Released: Tue Jan 29 20:20:24 2019
Summary: Recommended update for container-suseconnect
Type: recommended
Severity: moderate
References: 1119496
This update for container-suseconnect fixes the following issues:
container-suseconnect was updated to 2.0.0 (bsc#1119496):
- Added command line interface
- Added `ADDITIONAL_MODULES` capability to enable further extension modules during image build and run
- Added documentation about how to build docker images on non SLE distributions
- Improve documentation to clarify how container-suseconnect works in a Dockerfile
- Improve error handling on non SLE hosts
- Fix bug which makes container-suseconnect work on SLE15 based distributions
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1040-1
Released: Thu Apr 25 17:09:21 2019
Summary: Security update for samba
Type: security
Severity: important
References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880
This update for samba fixes the following issues:
Security issue fixed:
- CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060).
ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686):
- Out of bound read in ldb_wildcard_compare
- Hold at most 10 outstanding paged result cookies
- Put 'results_store' into a doubly linked list
- Refuse to build Samba against a newer minor version of ldb
Non-security issues fixed:
- Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377).
- Abide to the load_printers parameter in smb.conf (bsc#1124223).
- Provide the 32bit samba winbind PAM module and its dependend 32bit libraries.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1372-1
Released: Tue May 28 16:53:28 2019
Summary: Security update for libtasn1
Type: security
Severity: moderate
References: 1105435,CVE-2018-1000654
This update for libtasn1 fixes the following issues:
Security issue fixed:
- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2095-1
Released: Fri Aug 9 06:56:48 2019
Summary: Recommended update for container-suseconnect
Type: recommended
Severity: moderate
References: 1138731
This update for container-suseconnect fixes the following issues:
container-suseconnect was updated to 2.1.0 (bsc#1138731), fixing interacting with SCC behind proxy and SMT.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:122-1
Released: Fri Jan 17 10:56:07 2020
Summary: Recommended update for container-suseconnect
Type: recommended
Severity: moderate
References: 1138731,1154247,1157960
This update for container-suseconnect fixes the following issues:
- Fix usage with RMT and SMT. (bsc#1157960)
- Parse the /etc/products.d/*.prod files.
- Fix function comments based on best practices from Effective Go. (bsc#1138731)
- Implement interacting with SCC behind proxy and SMT. (bsc#1154247)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:690-1
Released: Fri Mar 13 17:09:28 2020
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1166334
This update for suse-build-key fixes the following issues:
- created a new security at suse.de communication key (bsc#1166334)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1112-1
Released: Fri Apr 24 16:44:20 2020
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1170347
This update for suse-build-key fixes the following issues:
- add a /usr/share/container-keys/ directory for GPG based Container
verification.
- Add the SUSE build key as 'suse-container-key.asc'. (PM-1845 bsc#1170347)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2126-1
Released: Wed Aug 5 09:26:46 2020
Summary: Recommended update for cloud-regionsrv-client
Type: recommended
Severity: moderate
References: 1173474,1173475
This update for cloud-regionsrv-client fixes the following issues:
- Introduce containerbuild-regionsrv service to allow container building tools to access
required data for accessing Public Cloud RMTs (bsc#1173474, bsc#1173475)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2148-1
Released: Thu Aug 6 13:36:17 2020
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1174673
This update for ca-certificates-mozilla fixes the following issues:
Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
Removed CAs:
* AddTrust External CA Root
* AddTrust Class 1 CA Root
* LuxTrust Global Root 2
* Staat der Nederlanden Root CA - G2
* Symantec Class 1 Public Primary Certification Authority - G4
* Symantec Class 2 Public Primary Certification Authority - G4
* VeriSign Class 3 Public Primary Certification Authority - G3
Added CAs:
* certSIGN Root CA G2
* e-Szigno Root CA 2017
* Microsoft ECC Root Certificate Authority 2017
* Microsoft RSA Root Certificate Authority 2017
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2825-1
Released: Fri Oct 2 08:44:28 2020
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1170347,1176759
This update for suse-build-key fixes the following issues:
- The SUSE Notary Container key is different from the build signing
key, include this key instead as suse-container-key. (PM-1845 bsc#1170347)
- The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3157-1
Released: Wed Nov 4 15:37:05 2020
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1177864
This update for ca-certificates-mozilla fixes the following issues:
The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864)
- Removed CAs:
- EE Certification Centre Root CA
- Taiwan GRCA
- Added CAs:
- Trustwave Global Certification Authority
- Trustwave Global ECC P256 Certification Authority
- Trustwave Global ECC P384 Certification Authority
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2191-1
Released: Mon Jun 28 18:38:12 2021
Summary: Recommended update for patterns-microos
Type: recommended
Severity: moderate
References: 1186791
This update for patterns-microos provides the following fix:
- Add zypper-migration-plugin to the default pattern. (bsc#1186791)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3274-1
Released: Fri Oct 1 10:34:17 2021
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1190858
This update for ca-certificates-mozilla fixes the following issues:
- remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires
September 30th 2021 and openssl certificate chain handling does not
handle this correctly in openssl 1.0.2 and older.
(bsc#1190858)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3382-1
Released: Tue Oct 12 14:30:17 2021
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References:
This update for ca-certificates-mozilla fixes the following issues:
- A new sub-package for minimal base containers (jsc#SLE-22162)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:71-1
Released: Thu Jan 13 15:37:28 2022
Summary: Recommended update for container-suseconnect
Type: recommended
Severity: moderate
References:
This update for container-suseconnect is a rebuild against updated
go toolchain to ensure an up to date GO runtime.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:792-1
Released: Thu Mar 10 11:58:18 2022
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1194845,1196494,1196495
This update for suse-build-key fixes the following issues:
- The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key).
- Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494)
- Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845)
- Added SUSE Container signing key in PEM format for use e.g. by cosign.
- The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1150-1
Released: Mon Apr 11 17:34:19 2022
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1197293
This update for suse-build-key fixes the following issues:
No longer install 1024bit keys by default. (bsc#1197293)
- The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package.
- The old PTF (pre March 2022) key moved to documentation directory.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1843-1
Released: Wed May 25 15:25:44 2022
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1198504
This update for suse-build-key fixes the following issues:
- still ship the old ptf key in the documentation directory (bsc#1198504)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3395-1
Released: Mon Sep 26 16:35:18 2022
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1181994,1188006,1199079,1202868
This update for ca-certificates-mozilla fixes the following issues:
Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
- Added:
- Certainly Root E1
- Certainly Root R1
- DigiCert SMIME ECC P384 Root G5
- DigiCert SMIME RSA4096 Root G5
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Removed:
- Hellenic Academic and Research Institutions RootCA 2011
Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
- Added:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- D-TRUST BR Root CA 1 2020
- D-TRUST EV Root CA 1 2020
- GlobalSign ECC Root CA R4
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- HiPKI Root CA - G1
- ISRG Root X2
- Telia Root CA v2
- vTrus ECC Root CA
- vTrus Root CA
- Removed:
- Cybertrust Global Root
- DST Root CA X3
- DigiNotar PKIoverheid CA Organisatie - G2
- GlobalSign ECC Root CA R4
- GlobalSign Root CA R2
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added:
- HARICA Client ECC Root CA 2021
- HARICA Client RSA Root CA 2021
- HARICA TLS ECC Root CA 2021
- HARICA TLS RSA Root CA 2021
- TunTrust Root CA
Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
- NAVER Global Root Certification Authority
- Removed old root CAs:
- GeoTrust Global CA
- GeoTrust Primary Certification Authority
- GeoTrust Primary Certification Authority - G3
- GeoTrust Universal CA
- GeoTrust Universal CA 2
- thawte Primary Root CA
- thawte Primary Root CA - G2
- thawte Primary Root CA - G3
- VeriSign Class 3 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G5
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3781-1
Released: Wed Oct 26 17:50:44 2022
Summary: Security update for container-suseconnect
Type: security
Severity: moderate
References: 1204397
This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3784-1
Released: Wed Oct 26 18:03:28 2022
Summary: Security update for libtasn1
Type: security
Severity: critical
References: 1204690,CVE-2021-46848
This update for libtasn1 fixes the following issues:
- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4412-1
Released: Tue Dec 13 04:47:03 2022
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1204706
This update for suse-build-key fixes the following issues:
- added /usr/share/pki/containers directory for container pem keys
(cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4458-1
Released: Tue Dec 13 13:16:04 2022
Summary: Recommended update for container-suseconnect
Type: recommended
Severity: moderate
References: 1186827
This update for container-suseconnect fixes the following issues:
container-suseconnect was updated to 2.4.0 (jsc#PED-1710):
* Fix docker build example for non-SLE hosts
* Minor fixes to --help and README
* Improve documentation when building with podman on non-SLE host
* Add flag --log-credentials-errors
* Update capture to the 1.0.0 release
* Use URL.Redacted() to avoid security scanner warning
* Regcode fix
- strip binaries (removes 4MB/25% of the uncompressed size) (bsc#1186827)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:37-1
Released: Fri Jan 6 15:35:49 2023
Summary: Security update for ca-certificates-mozilla
Type: security
Severity: important
References: 1206212,1206622
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022'
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:713-1
Released: Mon Mar 13 10:25:04 2023
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References:
This update for suse-build-key fixes the following issues:
This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise
15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch
to mid of 2023. (jsc#PED-2777)
- gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories).
- gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories).
- suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages.
- build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem:
New RSA 4096 key for the SUSE registry registry.suse.com, installed as
suse-container-key-2023.pem and suse-container-key-2023.asc
- suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem:
New PTF container signing key for registry.suse.com/ptf/ space.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:871-1
Released: Wed Mar 22 14:32:45 2023
Summary: Security update for container-suseconnect
Type: security
Severity: important
References: 1200441,1206134,1208270,1208271,1208272,1209030,CVE-2022-41720,CVE-2022-41723,CVE-2022-41724,CVE-2022-41725,CVE-2023-24532
This update of container-suseconnect fixes the following issue:
- container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7.
- CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270).
- CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271).
- CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272).
- CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030).
- CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1851-1
Released: Fri Apr 14 15:08:38 2023
Summary: Security update for container-suseconnect
Type: security
Severity: important
References:
This update for container-suseconnect fixes the following issue:
- rebuilt against current go version.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1916-1
Released: Wed Apr 19 16:17:58 2023
Summary: Recommended update for sles-release
Type: recommended
Severity: low
References: 1208529
This update for sles-release fixes the following issue:
- Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2174-1
Released: Thu May 11 13:08:09 2023
Summary: Security update for container-suseconnect
Type: security
Severity: important
References: 1200441
This update of container-suseconnect fixes the following issues:
- rebuild the package with the go 19.9 secure release (bsc#1200441).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2600-1
Released: Wed Jun 21 15:24:36 2023
Summary: Security update for container-suseconnect
Type: security
Severity: important
References: 1206346
This update of container-suseconnect fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2923-1
Released: Thu Jul 20 19:34:50 2023
Summary: Security update for container-suseconnect
Type: security
Severity: important
References: 1206346
This update of container-suseconnect fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3264-1
Released: Thu Aug 10 16:05:20 2023
Summary: Security update for container-suseconnect
Type: security
Severity: important
References: 1206346
This update of container-suseconnect fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3454-1
Released: Mon Aug 28 13:43:18 2023
Summary: Security update for ca-certificates-mozilla
Type: security
Severity: important
References: 1214248
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
Added:
- Atos TrustedRoot Root CA ECC G2 2020
- Atos TrustedRoot Root CA ECC TLS 2021
- Atos TrustedRoot Root CA RSA G2 2020
- Atos TrustedRoot Root CA RSA TLS 2021
- BJCA Global Root CA1
- BJCA Global Root CA2
- LAWtrust Root CA2 (4096)
- Sectigo Public Email Protection Root E46
- Sectigo Public Email Protection Root R46
- Sectigo Public Server Authentication Root E46
- Sectigo Public Server Authentication Root R46
- SSL.com Client ECC Root CA 2022
- SSL.com Client RSA Root CA 2022
- SSL.com TLS ECC Root CA 2022
- SSL.com TLS RSA Root CA 2022
Removed CAs:
- Chambers of Commerce Root
- E-Tugra Certification Authority
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3539-1
Released: Tue Sep 5 16:41:09 2023
Summary: Security update for container-suseconnect
Type: security
Severity: important
References: 1212475
This update of container-suseconnect fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3834-1
Released: Wed Sep 27 19:18:33 2023
Summary: Security update for container-suseconnect
Type: security
Severity: important
References: 1212475
This update of container-suseconnect fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3843-1
Released: Wed Sep 27 20:18:06 2023
Summary: Recommended update for suse-build-key
Type: recommended
Severity: important
References:
This update for suse-build-key fixes the following issues:
This update adds and runs a import-suse-build-key script.
It is run after installation with libzypp based installers. (jsc#PED-2777)
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4125-1
Released: Thu Oct 19 09:34:58 2023
Summary: Security update for container-suseconnect
Type: security
Severity: important
References: 1212475
This update of container-suseconnect fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4309-1
Released: Tue Oct 31 14:09:03 2023
Summary: Security update for container-suseconnect
Type: security
Severity: important
References: 1212475
This update of container-suseconnect fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4511-1
Released: Tue Nov 21 16:43:08 2023
Summary: Security update for container-suseconnect
Type: security
Severity: important
References: 1212475
This update of container-suseconnect fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4672-1
Released: Wed Dec 6 14:37:37 2023
Summary: Security update for suse-build-key
Type: security
Severity: important
References: 1216410,1217215
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4728-1
Released: Tue Dec 12 13:11:26 2023
Summary: Initial shipment of package sles-ltss-release
Type: recommended
Severity: important
References:
This patch ships the sles-ltss-release package to SUSE Linux Enterprise Server 15 SP4 customers
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4807-1
Released: Wed Dec 13 18:07:37 2023
Summary: Security update for container-suseconnect
Type: security
Severity: important
References: 1212475
This update of container-suseconnect fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:11-1
Released: Tue Jan 2 13:24:52 2024
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1029961,1158830,1206798,1209122
This update for procps fixes the following issues:
- Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369)
- For support up to 2048 CPU as well (bsc#1185417)
- Allow `-´ as leading character to ignore possible errors on systctl entries (bsc#1209122)
- Get the first CPU summary correct (bsc#1121753)
- Enable pidof for SLE-15 as this is provided by sysvinit-tools
- Use a check on syscall __NR_pidfd_open to decide if
the pwait tool and its manual page will be build
- Do not truncate output of w with option -n
- Prefer logind over utmp (jsc#PED-3144)
- Don't install translated man pages for non-installed binaries
(uptime, kill).
- Fix directory for Ukrainian man pages translations.
- Move localized man pages to lang package.
- Update to procps-ng-3.3.17
* library: Incremented to 8:3:0
(no removals or additions, internal changes only)
* all: properly handle utf8 cmdline translations
* kill: Pass int to signalled process
* pgrep: Pass int to signalled process
* pgrep: Check sanity of SG_ARG_MAX
* pgrep: Add older than selection
* pidof: Quiet mode
* pidof: show worker threads
* ps.1: Mention stime alias
* ps: check also match on truncated 16 char comm names
* ps: Add exe output option
* ps: A lot more sorting available
* pwait: New command waits for a process
* sysctl: Match systemd directory order
* sysctl: Document directory order
* top: ensure config file backward compatibility
* top: add command line 'e' for symmetry with 'E'
* top: add '4' toggle for two abreast cpu display
* top: add '!' toggle for combining multiple cpus
* top: fix potential SEGV involving -p switch
* vmstat: Wide mode gives wider proc columns
* watch: Add environment variable for interval
* watch: Add no linewrap option
* watch: Support more colors
* free,uptime,slabtop: complain about extra ops
- Package translations in procps-lang.
- Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited.
- Enable pidof by default
- Update to procps-ng-3.3.16
* library: Increment to 8:2:0
No removals or functions
Internal changes only, so revision is incremented.
Previous version should have been 8:1:0 not 8:0:1
* docs: Use correct symbols for -h option in free.1
* docs: ps.1 now warns about command name length
* docs: install translated man pages
* pgrep: Match on runstate
* snice: Fix matching on pid
* top: can now exploit 256-color terminals
* top: preserves 'other filters' in configuration file
* top: can now collapse/expand forest view children
* top: parent %CPU time includes collapsed children
* top: improve xterm support for vim navigation keys
* top: avoid segmentation fault at program termination
* 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:62-1
Released: Mon Jan 8 11:44:47 2024
Summary: Recommended update for libxcrypt
Type: recommended
Severity: moderate
References: 1215496
This update for libxcrypt fixes the following issues:
- fix variable name for datamember [bsc#1215496]
- added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:88-1
Released: Thu Jan 11 10:08:20 2024
Summary: Recommended update for libsolv, zypper, libzypp
Type: recommended
Severity: moderate
References: 1212160,1215294,1216412,1217593,1217873,1218291
This update for libsolv, zypper, libzypp fixes the following issues:
- Expand RepoVars in URLs downloading a .repo file (bsc#1212160)
- Fix search/info commands ignoring --ignore-unknown (bsc#1217593)
- CheckAccessDeleted: fix 'running in container' filter (bsc#1218291)
- Open rpmdb just once during execution of %posttrans scripts (bsc#1216412)
- Make sure reboot-needed is remembered until next boot (bsc#1217873)
- Stop using boost version 1 timer library (bsc#1215294)
- Updated to version 0.7.27
- Add zstd support for the installcheck tool
- Add putinowndirpool cache to make file list handling in repo_write much faster
- Do not use deprecated headerUnload with newer rpm versions
- Support complex deps in SOLVABLE_PREREQ_IGNOREINST
- Fix minimization not prefering installed packages in some cases
- Reduce memory usage in repo_updateinfoxml
- Fix lock-step interfering with architecture selection
- Fix choice rule handing for package downgrades
- Fix complex dependencies with an 'else' part sometimes leading to unsolved dependencies
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:136-1
Released: Thu Jan 18 09:53:47 2024
Summary: Security update for pam
Type: security
Severity: moderate
References: 1217000,1218475,CVE-2024-22365
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:139-1
Released: Thu Jan 18 11:33:54 2024
Summary: Recommended update for go1.21
Type: recommended
Severity: moderate
References: 1212475
This update for go1.21 fixes the following issues:
go1.21.6 (released 2024-01-09) includes fixes to the compiler,
the runtime, and the crypto/tls, maps, and runtime/pprof
packages. (bsc#1212475)
* x/build,os/signal: TestDetectNohup and TestNohup fail on replacement darwin LUCI builders
* runtime: ReadMemStats fatal error: mappedReady and other memstats are not equal
* cmd/compile: linux/s390x: inlining bug in s390x
* maps: maps.Clone reference semantics when cloning a map with large value types
* runtime: excessive memory use between 1.21.0 -> 1.21.1
* cmd/compile: max/min builtin broken when used with string(byte) conversions
* runtime/pprof: incorrect function names for generics functions
* crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3
* runtime: race condition raised with parallel tests, panic(nil) and -race
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:140-1
Released: Thu Jan 18 11:34:58 2024
Summary: Security update for libssh
Type: security
Severity: important
References: 1211188,1211190,1218126,1218186,1218209,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918
This update for libssh fixes the following issues:
Security fixes:
- CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209)
- CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126)
- CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186)
- CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188)
- CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190)
Other fixes:
- Update to version 0.9.8
- Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
- Fix several memory leaks in GSSAPI handling code
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:238-1
Released: Fri Jan 26 10:56:41 2024
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1218571,CVE-2023-7207
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed a path traversal issue that could lead to an
arbitrary file write during archive extraction (bsc#1218571).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:322-1
Released: Fri Feb 2 15:13:26 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1107342,1215434
This update for aaa_base fixes the following issues:
- Set JAVA_HOME correctly (bsc#1107342, bsc#1215434)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:444-1
Released: Fri Feb 9 16:39:32 2024
Summary: Security update for suse-build-key
Type: security
Severity: important
References: 1219123,1219189
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
Bugfix added since last update:
- run rpm commands in import script only when libzypp is not
active. bsc#1219189 bsc#1219123
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:480-1
Released: Thu Feb 15 12:35:51 2024
Summary: Recommended update for libsolv
Type: recommended
Severity: important
References: 1215698,1218782,1218831,1219442
This update for libsolv, libzypp fixes the following issues:
- build for multiple python versions [jsc#PED-6218]
- applydeltaprm: Create target directory if it does not exist (bsc#1219442)
- Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698)
- CheckAccessDeleted: fix running_in_container detection (bsc#1218782)
- Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:613-1
Released: Mon Feb 26 11:21:43 2024
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1219576,CVE-2024-25062
This update for libxml2 fixes the following issues:
- CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:614-1
Released: Mon Feb 26 11:31:18 2024
Summary: Recommended update for rpm
Type: recommended
Severity: important
References: 1216752
This update for rpm fixes the following issues:
- backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:615-1
Released: Mon Feb 26 11:32:32 2024
Summary: Recommended update for netcfg
Type: recommended
Severity: moderate
References: 1211886
This update for netcfg fixes the following issues:
- Add krb-prop entry (bsc#1211886)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:725-1
Released: Thu Feb 29 11:03:34 2024
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1219123,1219189
This update for suse-build-key fixes the following issues:
- Switch container key to be default RSA 4096bit. (jsc#PED-2777)
- run import script also in %posttrans section, but only when
libzypp is not active. bsc#1219189 bsc#1219123
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:734-1
Released: Thu Feb 29 13:16:38 2024
Summary: Recommended update for go1.21
Type: recommended
Severity: moderate
References: 1212475
This update for go1.21 fixes the following issues:
go1.21.7 (released 2024-02-06) includes fixes to the compiler,
the go command, the runtime, and the crypto/x509 package.
(bsc#1212475 go1.21 release tracking)
* go#63209 runtime: 'fatal: morestack on g0' on amd64 after upgrade to Go 1.21
* go#63768 runtime: pinner.Pin doesn't panic when it says it will
* go#64497 cmd/go: flag modcacherw does not take effect in the target package
* go#64761 staticlockranking builders failing on release branches on LUCI
* go#64935 runtime: 'traceback: unexpected SPWRITE function runtime.systemstack'
* go#65023 x/tools/go/analysis/unitchecker,slices: TestVetStdlib failing due to vet errors in panic tests
* go#65053 cmd/compile: //go:build file version ignored when calling generic fn which has related type params
* go#65323 crypto: rollback BoringCrypto fips-20220613 update
* go#65351 cmd/go: go generate fails silently when run on a package in a nested workspace module
* go#65380 crypto/x509: TestIssue51759 consistently failing on gotip-darwin-amd64_10.15 LUCI builder
* go#65449 runtime/trace: frame pointer unwinding crash on arm64 during async preemption
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:766-1
Released: Tue Mar 5 13:50:28 2024
Summary: Recommended update for libssh
Type: recommended
Severity: important
References: 1220385
This update for libssh fixes the following issues:
- Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:792-1
Released: Thu Mar 7 09:55:23 2024
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References:
This update for timezone fixes the following issues:
- Update to version 2024a
- Kazakhstan unifies on UTC+5
- Palestine springs forward a week later than previously predicted in 2024 and 2025
- Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00
- From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00
- In 1911 Miquelon adopted standard time on June 15, not May 15
- The FROM and TO columns of Rule lines can no longer be 'minimum'
- localtime no longer mishandle some timestamps
- strftime %s now uses tm_gmtoff if available
- Ittoqqortoormiit, Greenland changes time zones on 2024-03-31
- Vostok, Antarctica changed time zones on 2023-12-18
- Casey, Antarctica changed time zones five times since 2020
- Code and data fixes for Palestine timestamps starting in 2072
- A new data file zonenow.tab for timestamps starting now
- Much of Greenland changed its standard time from -03 to -02 on 2023-03-25
- localtime.c no longer mishandles TZif files that contain a single transition into a DST regime
- tzselect no longer creates temporary files
- tzselect no longer mishandles the following:
* Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION.
* TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/
* ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments
* Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension
* zic no longer mishandles data for Palestine after the year 2075
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:833-1
Released: Mon Mar 11 10:31:14 2024
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1219243,CVE-2024-0727
This update for openssl-1_1 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:305-1
Released: Mon Mar 11 14:15:37 2024
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1218571,1219238,CVE-2023-7207
This update for cpio fixes the following issues:
- Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:838-1
Released: Tue Mar 12 06:46:28 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1220117
This update for util-linux fixes the following issues:
- Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:861-1
Released: Wed Mar 13 09:12:30 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1218232
This update for aaa_base fixes the following issues:
- Silence the output in the case of broken symlinks (bsc#1218232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:907-1
Released: Fri Mar 15 08:57:38 2024
Summary: Recommended update for audit
Type: recommended
Severity: moderate
References: 1215377
This update for audit fixes the following issue:
- Fix plugin termination when using systemd service units (bsc#1215377)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:914-1
Released: Mon Mar 18 06:39:03 2024
Summary: Recommended update for shadow
Type: recommended
Severity: important
References: 1176006,1188307,1203823
This update for shadow fixes the following issues:
- Fix chage date miscalculation (bsc#1176006)
- Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307
- Remove pam_keyinit from PAM config files (bsc#1203823)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:929-1
Released: Tue Mar 19 06:36:24 2024
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1219321
This update for coreutils fixes the following issues:
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1006-1
Released: Wed Mar 27 10:48:38 2024
Summary: Security update for krb5
Type: security
Severity: important
References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461
This update for krb5 fixes the following issues:
- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1015-1
Released: Thu Mar 28 06:08:11 2024
Summary: Recommended update for sed
Type: recommended
Severity: important
References: 1221218
This update for sed fixes the following issues:
- 'sed -i' now creates temporary files with correct umask (bsc#1221218)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1091-1
Released: Tue Apr 2 12:18:46 2024
Summary: Recommended update for rpm
Type: recommended
Severity: moderate
References:
This update for rpm fixes the following issues:
- Turn on IMA/EVM file signature support, move the imaevm code that needs the
libiamevm library into a plugin, and install this plugin as part of a new
'rpm-imaevmsign' subpackage (jsc#PED-7246).
- Backport signature reserved space handling from upstream.
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated
- ca-certificates-mozilla-2.62-150200.30.1 added
- ca-certificates-2+git20210309.21162a6-2.1 added
- container-suseconnect-2.4.0-150000.4.50.2 added
- coreutils-8.32-150400.9.3.1 updated
- cpio-2.13-150400.3.6.1 updated
- curl-8.0.1-150400.5.41.1 added
- filesystem-15.0-150400.1.1 updated
- glibc-2.31-150300.68.1 updated
- krb5-1.19.2-150400.3.9.1 updated
- kubic-locale-archive-2.31-10.36 added
- libaudit1-3.0.6-150400.4.16.1 updated
- libblkid1-2.37.2-150400.8.26.1 updated
- libcrypt1-4.4.15-150300.4.7.1 updated
- libfdisk1-2.37.2-150400.8.26.1 updated
- libimaevm3-1.4-150400.3.2.1 added
- libmount1-2.37.2-150400.8.26.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.63.1 updated
- libopenssl1_1-1.1.1l-150400.7.63.1 updated
- libp11-kit0-0.23.22-150400.1.10 added
- libprocps8-3.3.17-150000.7.37.1 added
- libsmartcols1-2.37.2-150400.8.26.1 updated
- libsolv-tools-0.7.28-150400.3.16.2 updated
- libssh-config-0.9.8-150400.3.6.1 updated
- libssh4-0.9.8-150400.3.6.1 updated
- libsystemd0-249.17-150400.8.40.1 updated
- libtasn1-6-4.13-150000.4.8.1 added
- libtasn1-4.13-150000.4.8.1 added
- libudev1-249.17-150400.8.40.1 updated
- libuuid1-2.37.2-150400.8.26.1 updated
- libxml2-2-2.9.14-150400.5.28.1 updated
- libzypp-17.31.31-150400.3.52.2 updated
- login_defs-4.8.1-150400.10.15.1 updated
- netcfg-11.6-150000.3.6.1 added
- openssl-1_1-1.1.1l-150400.7.63.1 updated
- p11-kit-tools-0.23.22-150400.1.10 added
- p11-kit-0.23.22-150400.1.10 added
- pam-1.3.0-150000.6.66.1 updated
- procps-3.3.17-150000.7.37.1 updated
- rpm-ndb-4.14.3-150400.59.10.1 updated
- sed-4.4-150300.13.3.1 updated
- shadow-4.8.1-150400.10.15.1 updated
- skelcd-EULA-sles-2022.05.10-150400.2.1 added
- sles-ltss-release-15.4-150400.13.5.3 added
- sles-release-15.4-150400.58.7.3 added
- suse-build-key-12.0-150000.8.43.1 added
- timezone-2024a-150000.75.28.1 updated
- util-linux-2.37.2-150400.8.26.1 updated
- zypper-1.14.68-150400.3.40.2 updated
- container:sles15-image-15.0.0-27.14.130 removed
More information about the sle-container-updates
mailing list