SUSE-CU-2024:1685-1: Security update of suse/manager/5.0/x86_64/proxy-squid

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Apr 24 09:31:29 UTC 2024 

SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-squid
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1685-1
Container Tags        : suse/manager/5.0/x86_64/proxy-squid:5.0.0-beta2 , suse/manager/5.0/x86_64/proxy-squid:5.0.0-beta2.3.32 , suse/manager/5.0/x86_64/proxy-squid:latest
Container Release     : 3.32
Severity              : important
Type                  : security
References            : 1196025 1196026 1196168 1196169 1196171 1196784 1203438 1204708
                        1210959 1214934 1215377 1217450 1217667 1218492 1219031 1219321
                        1219520 1219559 1220061 1220724 1221239 1221289 CVE-2022-25235
                        CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-40674
                        CVE-2022-43680 CVE-2023-45918 CVE-2023-52425 CVE-2024-28757 
-----------------------------------------------------------------

The container suse/manager/5.0/x86_64/proxy-squid was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2294-1
Released:    Wed Jul  6 13:34:15 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315
This update for expat fixes the following issues:

- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3489-1
Released:    Sat Oct  1 13:35:24 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1203438,CVE-2022-40674
This update for expat fixes the following issues:

- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3884-1
Released:    Mon Nov  7 10:59:26 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1204708,CVE-2022-43680
This update for expat fixes the following issues:

  - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:907-1
Released:    Fri Mar 15 08:57:38 2024
Summary:     Recommended update for audit
Type:        recommended
Severity:    moderate
References:  1215377
This update for audit fixes the following issue:

- Fix plugin termination when using systemd service units (bsc#1215377)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:929-1
Released:    Tue Mar 19 06:36:24 2024
Summary:     Recommended update for coreutils
Type:        recommended
Severity:    moderate
References:  1219321
This update for coreutils fixes the following issues:

- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1129-1
Released:    Mon Apr  8 09:12:08 2024
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1219559,1221289,CVE-2023-52425,CVE-2024-28757
This update for expat fixes the following issues:

- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) 
- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1133-1
Released:    Mon Apr  8 11:29:02 2024
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1220061,CVE-2023-45918
This update for ncurses fixes the following issues:

- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1253-1
Released:    Fri Apr 12 08:15:18 2024
Summary:     Recommended update for gcc13
Type:        recommended
Severity:    moderate
References:  1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239
This update for gcc13 fixes the following issues:

- Fix unwinding for JIT code.  [bsc#1221239] 
- Revert libgccjit dependency change.  [bsc#1220724]
- Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
  breaks them.  [bsc#1219520]
- Add support for -fmin-function-alignment.  [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Fix for building TVM.  [bsc#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
  [bsc#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel.  [bsc#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
- Fixed building mariadb on i686.  [bsc#1217667]
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
  cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
  %product_libs_llvm_ver where available and adjust tool discovery
  accordingly.  This should also properly trigger re-builds when
  the patchlevel version of llvmVER changes, possibly changing
  the binary names we link to.  [bsc#1217450]


The following package changes have been done:

- cracklib-dict-small-2.9.11-150600.1.89 updated
- crypto-policies-20230920.570ea89-150600.1.9 updated
- libldap-data-2.4.46-150600.23.15 updated
- libsemanage-conf-3.5-150600.1.48 updated
- glibc-2.38-150600.9.2 updated
- libsepol2-3.5-150600.1.48 updated
- libsasl2-3-2.1.28-150600.5.2 updated
- libpcre2-8-0-10.42-150600.1.25 updated
- liblzma5-5.4.1-150600.1.1 updated
- libcom_err2-1.47.0-150600.2.25 updated
- libselinux1-3.5-150600.1.45 updated
- libgcc_s1-13.2.1+git8285-150000.1.9.1 updated
- libstdc++6-13.2.1+git8285-150000.1.9.1 updated
- libncurses6-6.1-150000.5.24.1 updated
- terminfo-base-6.1-150000.5.24.1 updated
- libexpat1-2.4.4-150400.3.17.1 added
- libaudit1-3.0.6-150400.4.16.1 updated
- libopenssl3-3.1.4-150600.2.18 updated
- libsemanage2-3.5-150600.1.48 updated
- libopenssl-3-fips-provider-3.1.4-150600.2.18 updated
- libldap-2_4-2-2.4.46-150600.23.15 updated
- krb5-1.20.1-150600.9.1 updated
- patterns-base-fips-20200124-150600.29.2 updated
- coreutils-8.32-150400.9.3.1 updated
- login_defs-4.8.1-150600.15.44 updated
- libcrack2-2.9.11-150600.1.89 updated
- cracklib-2.9.11-150600.1.89 updated
- sed-4.9-150600.1.3 updated
- shadow-4.8.1-150600.15.44 updated
- container:sles15-image-15.0.0-45.12 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed
- cpio-2.13-150400.3.6.1 removed
- file-magic-5.32-7.14.1 removed
- findutils-4.8.0-1.20 removed
- gzip-1.10-150200.10.1 removed
- libblkid1-2.39.3-150600.1.14 removed
- libbrotlicommon1-1.0.7-3.3.1 removed
- libbrotlidec1-1.0.7-3.3.1 removed
- libcap-ng0-0.7.9-4.37 removed
- libcurl4-8.0.1-150600.10.1 removed
- libdw1-0.185-150400.5.3.1 removed
- libelf1-0.185-150400.5.3.1 removed
- libfdisk1-2.39.3-150600.1.14 removed
- libgcrypt20-1.10.3-150600.1.7 removed
- libgpg-error0-1.47-150600.1.1 removed
- libidn2-0-2.2.0-3.6.1 removed
- liblua5_3-5-5.3.6-3.6.1 removed
- liblz4-1-1.9.4-150600.1.2 removed
- libmagic1-5.32-7.14.1 removed
- libmount1-2.39.3-150600.1.14 removed
- libnghttp2-14-1.40.0-150600.22.1 removed
- libpopt0-1.16-3.22 removed
- libpsl5-0.20.1-150000.3.3.1 removed
- libsmartcols1-2.39.3-150600.1.14 removed
- libssh-config-0.9.8-150600.8.1 removed
- libssh4-0.9.8-150600.8.1 removed
- libsystemd0-254.9-150600.2.4 removed
- libunistring2-0.9.10-1.1 removed
- libutempter0-1.1.6-3.42 removed
- libuuid1-2.39.3-150600.1.14 removed
- libzstd1-1.5.5-150600.1.1 removed
- ncurses-utils-6.1-150000.5.20.1 removed
- rpm-config-SUSE-1-150400.14.3.1 removed
- sles-release-15.6-150600.26.1 removed
- system-group-hardware-20170617-150400.24.2.1 removed
- tar-1.34-150000.3.34.1 removed
- timezone-2023c-150000.75.23.1 removed
- util-linux-2.39.3-150600.1.14 removed

More information about the sle-container-updates mailing list