SUSE-CU-2024:3462-1: Security update of bci/nodejs
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Aug 7 07:19:01 UTC 2024
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:3462-1
Container Tags : bci/node:20 , bci/node:20-33.3 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-33.3 , bci/nodejs:latest
Container Release : 33.3
Severity : important
Type : security
References : 1227888 1228535 1228548 CVE-2024-6197 CVE-2024-7264
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2779-1
Released: Tue Aug 6 14:35:49 2024
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1228548
This update for permissions fixes the following issue:
* cockpit: moved setuid executable (bsc#1228548)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2784-1
Released: Tue Aug 6 14:58:38 2024
Summary: Security update for curl
Type: security
Severity: important
References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888)
The following package changes have been done:
- libcurl4-8.6.0-150600.4.3.1 updated
- permissions-20240801-150600.10.4.1 updated
- curl-8.6.0-150600.4.3.1 updated
- container:sles15-image-15.6.0-47.11.4 updated
More information about the sle-container-updates
mailing list