SUSE-CU-2024:1720-1: Security update of suse/sles/15.6/virt-launcher
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Apr 25 07:05:53 UTC 2024
SUSE Container Update Advisory: suse/sles/15.6/virt-launcher
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1720-1
Container Tags : suse/sles/15.6/virt-launcher:1.1.1 , suse/sles/15.6/virt-launcher:1.1.1-150600.2.5 , suse/sles/15.6/virt-launcher:1.1.1.28.21
Container Release : 28.21
Severity : important
Type : security
References : 1059627 1173034 1176932 1177039 1178481 1179020 1182661 1183012
1183051 1186282 1187332 1201590 1208079 1210959 1211272 1214934
1215005 1217316 1217320 1217321 1217324 1217326 1217329 1217330
1217432 1217450 1217667 1217964 1218492 1219031 1219321 1219520
1219559 1219581 1220061 1220724 1221239 1221289 CVE-2023-45918
CVE-2023-4750 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234
CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-52425
CVE-2024-22667 CVE-2024-28757
-----------------------------------------------------------------
The container suse/sles/15.6/virt-launcher was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2735-1
Released: Thu Sep 24 13:32:25 2020
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: moderate
References: 1173034
This update for systemd-rpm-macros fixes the following issues:
- Introduce macro '%service_del_postun_without_restart' to resolve blocking new releases based on this. (bsc#1173034)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2782-1
Released: Tue Sep 29 11:40:22 2020
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: important
References: 1176932
This update for systemd-rpm-macros fixes the following issues:
- Backport missing macros of directory paths from upstream
+ %_environmentdir
+ %_modulesloaddir
+ %_modprobedir
- Make sure %_restart_on_update_never and %_stop_on_removal_never don't expand to the
empty string. (bsc#1176932)
Otherwise sequences like the following code:
if [ ... ]; then
%_restart_on_update_never
fi
would result in the following incorrect shell syntax:
if [ ... ]; then
fi
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2020:3795-1
Released: Mon Dec 14 17:43:26 2020
Summary: Optional update for systemd-rpm-macros
Type: optional
Severity: low
References: 1059627,1178481,1179020
This update for systemd-rpm-macros fixes the following issues:
- Deprecate '-f'/'-n' options
When used with %service_del_preun, support for these options will be
dropped as DISABLE_STOP_ON_REMOVAL support will be removed on the
next version of SLE (jsc#SLE-8968)
When used with %service_del_postun, they should be replaced with
their counterpart
%service_del_postun_with_restart/%service_del_postun_without_restart
- Introduced %service_del_postun_with_restart()
It's the counterpart of %service_del_postun_without_restart() and
replaces the '-f' option of %service_del_postun().
- Does no longer apply presets when migrating from a disabled initscript (bsc#1178481)
- Fix importing of %{_unitdir}
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:707-1
Released: Thu Mar 4 09:19:36 2021
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: moderate
References: 1177039
This update for systemd-rpm-macros fixes the following issues:
- Bump to version 6
- Make upstream '%systemd_{pre,post,preun,postun}' aliases to their SUSE counterparts.
Packagers can now choose to use the upstream or the SUSE variants
indifferently. For consistency the SUSE variants should be preferred
since almost all SUSE packages already use them but the upstream
versions might be usefull in certain cases where packages need to
support multiple distros based on RPM.
- Improve the logic used to apply the presets. (bsc#1177039)
Before presests were applied at a) package installation b) new units
introduced via a package update (but after making sure that it was
not a SysV initscript being converted).
The problem is that a) didn't handle package a renaming or split
properly since the package with the new name is installed rather
being updated and therefore the presets were applied even if they
were already with the old name.
We now cover this case (and the other ones) by applying presets only
if the units are new and the services are not being migrated. This
regardless of whether this happens during an install or an update.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:795-1
Released: Tue Mar 16 10:28:02 2021
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: low
References: 1182661,1183012,1183051
This update for systemd-rpm-macros fixes the following issues:
- Added a %systemd_user_pre macro (bsc#1183051, bsc#1183012)
- Fixed an issue with %systemd_user_post, where the --global parameter was treated like if
it was another service (bsc#1183051, bsc#1182661)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2899-1
Released: Wed Sep 1 08:30:58 2021
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: moderate
References: 1186282,1187332
This update for systemd-rpm-macros fixes the following issues:
- Fixed an issue whe zypper ignores the ordering constraints. (bsc#1187332)
- Introduce '%sysusers_create_package': '%sysusers_create' and '%sysusers_create_inline' are now deprecated and the new macro should be used instead.
- %sysusers_create_inline: use here-docs instead of echo (bsc#1186282)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4009-1
Released: Mon Dec 13 11:24:43 2021
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: low
References:
This update for systemd-rpm-macros fixes the following issues:
- Introduce rpm macro %_systemd_util_dir
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:353-1
Released: Tue Feb 8 17:41:48 2022
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: moderate
References:
This update for systemd-rpm-macros fixes the following issues:
- Bump version to 10
- %sysusers_create_inline was wrongly marked as deprecated
- %sysusers_create can be useful in certain cases and won't go away until we'll
move to file triggers. So don't mark it as deprecated too
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4062-1
Released: Fri Nov 18 09:05:07 2022
Summary: Recommended update for libusb-1_0
Type: recommended
Severity: moderate
References: 1201590
This update for libusb-1_0 fixes the following issues:
- Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1880-1
Released: Tue Apr 18 11:11:27 2023
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: low
References: 1208079
This update for systemd-rpm-macros fixes the following issue:
- Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2482-1
Released: Mon Jun 12 07:19:53 2023
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: moderate
References: 1211272
This update for systemd-rpm-macros fixes the following issues:
- Adjust functions so they are disabled when called from a chroot (bsc#1211272)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4138-1
Released: Thu Oct 19 17:15:38 2023
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: moderate
References:
This update for systemd-rpm-macros fixes the following issues:
- Switch to `systemd-hwdb` tool when updating the HW database. It's been
introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:929-1
Released: Tue Mar 19 06:36:24 2024
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1219321
This update for coreutils fixes the following issues:
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:982-1
Released: Mon Mar 25 12:56:33 2024
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: moderate
References: 1217964
This update for systemd-rpm-macros fixes the following issue:
- Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1129-1
Released: Mon Apr 8 09:12:08 2024
Summary: Security update for expat
Type: security
Severity: important
References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757
This update for expat fixes the following issues:
- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559)
- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1133-1
Released: Mon Apr 8 11:29:02 2024
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1220061,CVE-2023-45918
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1253-1
Released: Fri Apr 12 08:15:18 2024
Summary: Recommended update for gcc13
Type: recommended
Severity: moderate
References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239
This update for gcc13 fixes the following issues:
- Fix unwinding for JIT code. [bsc#1221239]
- Revert libgccjit dependency change. [bsc#1220724]
- Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
breaks them. [bsc#1219520]
- Add support for -fmin-function-alignment. [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Fix for building TVM. [bsc#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
- Fixed building mariadb on i686. [bsc#1217667]
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
%product_libs_llvm_ver where available and adjust tool discovery
accordingly. This should also properly trigger re-builds when
the patchlevel version of llvmVER changes, possibly changing
the binary names we link to. [bsc#1217450]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1287-1
Released: Mon Apr 15 15:03:40 2024
Summary: Security update for vim
Type: security
Severity: important
References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667
This update for vim fixes the following issues:
Updated to version 9.1.0111, fixes the following security problems
- CVE-2023-48231: Use-After-Free in win_close() (bsc#1217316).
- CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320).
- CVE-2023-48233: overflow with count for :s command (bsc#1217321).
- CVE-2023-48234: overflow in nv_z_get_count (bsc#1217324).
- CVE-2023-48235: overflow in ex address parsing (CVE-2023-48235).
- CVE-2023-48236: overflow in get_number (bsc#1217329).
- CVE-2023-48237: overflow in shift_line (bsc#1217330).
- CVE-2023-48706: heap-use-after-free in ex_substitute (bsc#1217432).
- CVE-2024-22667: stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).
- CVE-2023-4750: Heap use-after-free in function bt_quickfix (bsc#1215005).
The following package changes have been done:
- libldap-data-2.4.46-150600.23.14 updated
- libssh-config-0.9.8-150600.9.1 updated
- glibc-2.38-150600.9.2 updated
- libnghttp2-14-1.40.0-150600.23.1 updated
- libgcrypt20-1.10.3-150600.1.17 updated
- libgcc_s1-13.2.1+git8285-150000.1.9.1 updated
- libstdc++6-13.2.1+git8285-150000.1.9.1 updated
- libncurses6-6.1-150000.5.24.1 updated
- terminfo-base-6.1-150000.5.24.1 updated
- ncurses-utils-6.1-150000.5.24.1 updated
- libexpat1-2.4.4-150400.3.17.1 updated
- libopenssl3-3.1.4-150600.2.17 updated
- libudev1-254.10-150600.1.2 updated
- libsystemd0-254.10-150600.1.2 updated
- libopenssl-3-fips-provider-3.1.4-150600.2.17 updated
- libldap-2_4-2-2.4.46-150600.23.14 updated
- libssh4-0.9.8-150600.9.1 updated
- libusb-1_0-0-1.0.24-150400.3.3.1 added
- coreutils-8.32-150400.9.3.1 updated
- sles-release-15.6-150600.33.1 updated
- kubevirt-container-disk-1.1.1-150600.2.5 updated
- libnettle8-3.9.1-150600.1.40 updated
- libssh2-1-1.11.0-150600.18.1 updated
- qemu-accel-tcg-x86-8.2.1-150600.3.25 updated
- qemu-hw-usb-host-8.2.1-150600.3.25 added
- qemu-ipxe-8.2.1-150600.3.25 updated
- qemu-seabios-8.2.11.16.3_3_ga95067eb-150600.3.25 updated
- qemu-vgabios-8.2.11.16.3_3_ga95067eb-150600.3.25 updated
- systemd-rpm-macros-15-150000.7.39.1 updated
- vim-data-common-9.1.0111-150500.20.9.1 updated
- libhogweed6-3.9.1-150600.1.40 updated
- virtiofsd-1.10.1-150600.2.4 updated
- qemu-hw-usb-redirect-8.2.1-150600.3.25 updated
- vim-small-9.1.0111-150500.20.9.1 updated
- libgnutls30-3.8.3-150600.2.6 updated
- xen-libs-4.18.2_02-150600.1.3 updated
- systemd-254.10-150600.1.2 updated
- qemu-img-8.2.1-150600.3.25 updated
- libvirt-libs-10.0.0-150600.6.1 updated
- gnutls-3.8.3-150600.2.6 updated
- udev-254.10-150600.1.2 updated
- systemd-container-254.10-150600.1.2 updated
- libvirt-daemon-log-10.0.0-150600.6.1 updated
- kubevirt-virt-launcher-1.1.1-150600.2.5 updated
- libvirt-client-10.0.0-150600.6.1 updated
- libvirt-daemon-common-10.0.0-150600.6.1 updated
- qemu-ovmf-x86_64-202308-150600.2.2 updated
- qemu-x86-8.2.1-150600.3.25 updated
- qemu-8.2.1-150600.3.25 updated
- libvirt-daemon-driver-qemu-10.0.0-150600.6.1 updated
- container:sles15-image-15.0.0-45.10 updated
More information about the sle-container-updates
mailing list