SUSE-CU-2024:1698-1: Security update of rancher/elemental-teal/5.4
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Apr 25 07:01:20 UTC 2024
SUSE Container Update Advisory: rancher/elemental-teal/5.4
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1698-1
Container Tags : rancher/elemental-teal/5.4:1.2.3 , rancher/elemental-teal/5.4:1.2.3-3.2.153 , rancher/elemental-teal/5.4:latest
Container Release : 3.2.153
Severity : important
Type : security
References : 1107342 1144060 1176006 1188307 1190495 1190495 1192051 1203823
1205502 1206627 1207987 1210507 1210959 1211886 1213189 1213418
1214934 1215377 1215434 1216198 1217445 1217450 1217589 1217667
1217964 1218232 1218492 1218571 1218842 1218866 1218894 1219031
1219238 1219243 1219321 1219520 1219559 1219563 1219576 1219767
1219975 1220061 1220117 1220117 1220385 1220441 1220568 1220724
1220770 1220771 1221050 1221218 1221239 1221289 1221399 1221470
1221665 1221667 1221677 1221677 1221831 CVE-2023-29383 CVE-2023-45918
CVE-2023-52160 CVE-2023-52425 CVE-2023-5388 CVE-2023-7207 CVE-2024-0727
CVE-2024-1753 CVE-2024-1753 CVE-2024-2004 CVE-2024-21626 CVE-2024-2398
CVE-2024-25062 CVE-2024-26458 CVE-2024-26461 CVE-2024-28085 CVE-2024-28182
CVE-2024-28757
-----------------------------------------------------------------
The container rancher/elemental-teal/5.4 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:322-1
Released: Fri Feb 2 15:13:26 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1107342,1215434
This update for aaa_base fixes the following issues:
- Set JAVA_HOME correctly (bsc#1107342, bsc#1215434)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:459-1
Released: Tue Feb 13 15:28:56 2024
Summary: Security update for runc
Type: security
Severity: important
References: 1218894,CVE-2024-21626
This update for runc fixes the following issues:
- Update to runc v1.1.12 (bsc#1218894)
The following CVE was already fixed with the previous release.
- CVE-2024-21626: Fixed container breakout.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:597-1
Released: Thu Feb 22 20:07:11 2024
Summary: Security update for mozilla-nss
Type: security
Severity: important
References: 1216198,CVE-2023-5388
This update for mozilla-nss fixes the following issues:
Update to NSS 3.90.2:
- CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:613-1
Released: Mon Feb 26 11:21:43 2024
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1219576,CVE-2024-25062
This update for libxml2 fixes the following issues:
- CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:615-1
Released: Mon Feb 26 11:32:32 2024
Summary: Recommended update for netcfg
Type: recommended
Severity: moderate
References: 1211886
This update for netcfg fixes the following issues:
- Add krb-prop entry (bsc#1211886)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:766-1
Released: Tue Mar 5 13:50:28 2024
Summary: Recommended update for libssh
Type: recommended
Severity: important
References: 1220385
This update for libssh fixes the following issues:
- Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:792-1
Released: Thu Mar 7 09:55:23 2024
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References:
This update for timezone fixes the following issues:
- Update to version 2024a
- Kazakhstan unifies on UTC+5
- Palestine springs forward a week later than previously predicted in 2024 and 2025
- Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00
- From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00
- In 1911 Miquelon adopted standard time on June 15, not May 15
- The FROM and TO columns of Rule lines can no longer be 'minimum'
- localtime no longer mishandle some timestamps
- strftime %s now uses tm_gmtoff if available
- Ittoqqortoormiit, Greenland changes time zones on 2024-03-31
- Vostok, Antarctica changed time zones on 2023-12-18
- Casey, Antarctica changed time zones five times since 2020
- Code and data fixes for Palestine timestamps starting in 2072
- A new data file zonenow.tab for timestamps starting now
- Much of Greenland changed its standard time from -03 to -02 on 2023-03-25
- localtime.c no longer mishandles TZif files that contain a single transition into a DST regime
- tzselect no longer creates temporary files
- tzselect no longer mishandles the following:
* Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION.
* TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/
* ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments
* Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension
* zic no longer mishandles data for Palestine after the year 2075
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:819-1
Released: Fri Mar 8 12:05:12 2024
Summary: Security update for wpa_supplicant
Type: security
Severity: important
References: 1219975,CVE-2023-52160
This update for wpa_supplicant fixes the following issues:
- CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:833-1
Released: Mon Mar 11 10:31:14 2024
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1219243,CVE-2024-0727
This update for openssl-1_1 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:305-1
Released: Mon Mar 11 14:15:37 2024
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1218571,1219238,CVE-2023-7207
This update for cpio fixes the following issues:
- Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:838-1
Released: Tue Mar 12 06:46:28 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1220117
This update for util-linux fixes the following issues:
- Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:861-1
Released: Wed Mar 13 09:12:30 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1218232
This update for aaa_base fixes the following issues:
- Silence the output in the case of broken symlinks (bsc#1218232)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:870-1
Released: Wed Mar 13 13:05:14 2024
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1217445,1217589,1218866
This update for glibc fixes the following issues:
Security issues fixed:
- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)
Other issues fixed:
- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:907-1
Released: Fri Mar 15 08:57:38 2024
Summary: Recommended update for audit
Type: recommended
Severity: moderate
References: 1215377
This update for audit fixes the following issue:
- Fix plugin termination when using systemd service units (bsc#1215377)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:929-1
Released: Tue Mar 19 06:36:24 2024
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1219321
This update for coreutils fixes the following issues:
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:939-1
Released: Wed Mar 20 09:03:37 2024
Summary: Security update for shadow
Type: security
Severity: moderate
References: 1144060,1176006,1188307,1203823,1205502,1206627,1210507,1213189,CVE-2023-29383
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
The following non-security bugs were fixed:
- bsc#1176006: Fix chage date miscalculation
- bsc#1188307: Fix passwd segfault
- bsc#1203823: Remove pam_keyinit from PAM config files
- bsc#1213189: Change lock mechanism to file locking to prevent
lock files after power interruptions
- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
- bsc#1205502: useradd audit event user id field cannot be interpretedd
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:980-1
Released: Mon Mar 25 06:18:28 2024
Summary: Recommended update for pam-config
Type: recommended
Severity: moderate
References: 1219767
This update for pam-config fixes the following issues:
- Fix pam_gnome_keyring module for AUTH (bsc#1219767)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:982-1
Released: Mon Mar 25 12:56:33 2024
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: moderate
References: 1217964
This update for systemd-rpm-macros fixes the following issue:
- Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:984-1
Released: Mon Mar 25 16:04:44 2024
Summary: Recommended update for runc
Type: recommended
Severity: important
References: 1192051,1221050
This update for runc fixes the following issues:
- Add upstream patch <https://github.com/opencontainers/runc/pull/4219> to
properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050
This allows running 15 SP6 containers on older distributions.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1006-1
Released: Wed Mar 27 10:48:38 2024
Summary: Security update for krb5
Type: security
Severity: important
References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461
This update for krb5 fixes the following issues:
- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1010-1
Released: Wed Mar 27 16:07:37 2024
Summary: Recommended update for perl-Bootloader
Type: recommended
Severity: important
References: 1218842,1221470
This update for perl-Bootloader fixes the following issues:
- Log grub2-install errors correctly (bsc#1221470)
- Update to version 0.947
- Support old grub versions that used /usr/lib (bsc#1218842)
- Create EFI boot fallback directory if necessary
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1015-1
Released: Thu Mar 28 06:08:11 2024
Summary: Recommended update for sed
Type: recommended
Severity: important
References: 1221218
This update for sed fixes the following issues:
- 'sed -i' now creates temporary files with correct umask (bsc#1221218)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1058-1
Released: Thu Mar 28 14:50:41 2024
Summary: Security update for podman
Type: security
Severity: important
References: 1221677,CVE-2024-1753
This update for podman fixes the following issues:
- CVE-2024-1753: Fixed full container escape at build time (bsc#1221677).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1080-1
Released: Tue Apr 2 06:50:10 2024
Summary: Recommended update for xfsprogs-scrub
Type: recommended
Severity: low
References: 1190495
This update for xfsprogs-scrub fixes the following issues:
- Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 and SLE-15-SP4 (bsc#1190495)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1104-1
Released: Wed Apr 3 14:29:58 2024
Summary: Recommended update for docker, containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs
Type: recommended
Severity: important
References:
This update for docker fixes the following issues:
- Overlay files are world-writable (bsc#1220339)
- Allow disabling apparmor support (some products only support SELinux)
The other packages in the update (containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs)
are no-change rebuilds required because the corresponding binary packages were missing in a number
of repositories, thus making docker not installable on some products.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1129-1
Released: Mon Apr 8 09:12:08 2024
Summary: Security update for expat
Type: security
Severity: important
References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757
This update for expat fixes the following issues:
- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559)
- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1133-1
Released: Mon Apr 8 11:29:02 2024
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1220061,CVE-2023-45918
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1144-1
Released: Mon Apr 8 11:33:47 2024
Summary: Security update for buildah
Type: security
Severity: important
References: 1219563,1220568,1221677,CVE-2024-1753
This update for buildah fixes the following issues:
- CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677)
- Update to version 1.34.1 for compatibility with Docker 25.0
(which is not in SLES yet, but will eventually be) (bsc#1219563).
See the corresponding release notes:
* https://github.com/containers/buildah/releases/tag/v1.34.1
* https://github.com/containers/buildah/releases/tag/v1.34.0
* https://github.com/containers/buildah/releases/tag/v1.33.0
* https://github.com/containers/buildah/releases/tag/v1.32.0
* https://github.com/containers/buildah/releases/tag/v1.31.0
* https://github.com/containers/buildah/releases/tag/v1.30.0
- Require cni-plugins (bsc#1220568)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1151-1
Released: Mon Apr 8 11:36:23 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398
This update for curl fixes the following issues:
- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1167-1
Released: Mon Apr 8 15:11:11 2024
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1221399,CVE-2024-28182
This update for nghttp2 fixes the following issues:
- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1169-1
Released: Tue Apr 9 09:50:32 2024
Summary: Security update for util-linux
Type: security
Severity: important
References: 1207987,1220117,1221831,CVE-2024-28085
This update for util-linux fixes the following issues:
- CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1201-1
Released: Thu Apr 11 10:47:59 2024
Summary: Recommended update for xfsprogs-scrub and jctools
Type: recommended
Severity: low
References: 1190495,1213418
This update for xfsprogs-scrub fixes the following issues:
- Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 (bsc#1190495)
- Added missing jctools to Package Hub for SLE-15-SP5 (bsc#1213418)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1231-1
Released: Thu Apr 11 15:20:40 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1220441
This update for glibc fixes the following issues:
- duplocale: protect use of global locale (bsc#1220441, BZ #23970)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1253-1
Released: Fri Apr 12 08:15:18 2024
Summary: Recommended update for gcc13
Type: recommended
Severity: moderate
References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239
This update for gcc13 fixes the following issues:
- Fix unwinding for JIT code. [bsc#1221239]
- Revert libgccjit dependency change. [bsc#1220724]
- Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
breaks them. [bsc#1219520]
- Add support for -fmin-function-alignment. [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Fix for building TVM. [bsc#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
- Fixed building mariadb on i686. [bsc#1217667]
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
%product_libs_llvm_ver where available and adjust tool discovery
accordingly. This should also properly trigger re-builds when
the patchlevel version of llvmVER changes, possibly changing
the binary names we link to. [bsc#1217450]
The following package changes have been done:
- libssh-config-0.9.8-150400.3.6.1 updated
- glibc-2.31-150300.71.1 updated
- libnghttp2-14-1.40.0-150200.17.1 updated
- libuuid1-2.37.2-150400.8.29.1 updated
- libsmartcols1-2.37.2-150400.8.29.1 updated
- libexpat1-2.4.4-150400.3.17.1 updated
- libblkid1-2.37.2-150400.8.29.1 updated
- libaudit1-3.0.6-150400.4.16.1 updated
- libfdisk1-2.37.2-150400.8.29.1 updated
- libgcc_s1-13.2.1+git8285-150000.1.9.1 updated
- catatonit-0.1.7-150300.10.5.2 updated
- mozilla-nss-certs-3.90.2-150400.3.39.1 updated
- libxml2-2-2.9.14-150400.5.28.1 updated
- libfreebl3-3.90.2-150400.3.39.1 updated
- libmount1-2.37.2-150400.8.29.1 updated
- libsoftokn3-3.90.2-150400.3.39.1 updated
- mozilla-nss-3.90.2-150400.3.39.1 updated
- libstdc++6-13.2.1+git8285-150000.1.9.1 updated
- libncurses6-6.1-150000.5.24.1 updated
- terminfo-base-6.1-150000.5.24.1 updated
- coreutils-8.32-150400.9.3.1 updated
- timezone-2024a-150000.75.28.1 updated
- systemd-rpm-macros-15-150000.7.39.1 updated
- netcfg-11.6-150000.3.6.1 updated
- ncurses-utils-6.1-150000.5.24.1 updated
- glibc-locale-base-2.31-150300.71.1 updated
- login_defs-4.8.1-150400.3.6.1 updated
- perl-Bootloader-0.947-150400.3.12.1 updated
- cpio-2.13-150400.3.6.1 updated
- sed-4.4-150300.13.3.1 updated
- libopenssl1_1-1.1.1l-150400.7.63.1 updated
- krb5-1.19.2-150400.3.9.1 updated
- libssh4-0.9.8-150400.3.6.1 updated
- libcurl4-8.0.1-150400.5.44.1 updated
- pam-config-1.1-150200.3.6.1 updated
- shadow-4.8.1-150400.3.6.1 updated
- util-linux-2.37.2-150400.8.29.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated
- util-linux-systemd-2.37.2-150400.8.29.1 updated
- wpa_supplicant-2.9-150000.4.39.1 updated
- runc-1.1.12-150000.64.1 updated
- cni-0.7.1-150100.3.18.1 updated
- cni-plugins-0.8.6-150100.3.22.3 updated
- fuse-overlayfs-1.1.2-150100.3.11.1 updated
- xfsprogs-5.13.0-150400.3.7.1 updated
- slirp4netns-1.2.0-150300.8.7.1 updated
- podman-4.4.4-150400.4.22.1 updated
- hostname-3.16-2.22 removed
- iproute2-5.14-150400.1.8 removed
- libltdl7-2.4.6-3.4.1 removed
- libmspack0-0.6-3.14.1 removed
- libxslt1-1.1.34-150400.3.3.1 removed
- system-user-nobody-20170617-150400.24.2.1 removed
- tar-1.34-150000.3.34.1 removed
- which-2.21-2.20 removed
More information about the sle-container-updates
mailing list