SUSE-CU-2024:3479-1: Security update of bci/spack

[sle-container-updates at lists.suse.com]

SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:3479-1
Container Tags        : bci/spack:0.21 , bci/spack:0.21-3.9 , bci/spack:0.21.2 , bci/spack:0.21.2-3.9 , bci/spack:latest
Container Release     : 3.9
Severity              : important
Type                  : security
References            : 1167721 1227574 1227888 1228322 1228535 1228548 CVE-2019-20633
                        CVE-2024-6197 CVE-2024-7264 
-----------------------------------------------------------------

The container bci/spack was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2779-1
Released:    Tue Aug  6 14:35:49 2024
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1228548

This update for permissions fixes the following issue:

* cockpit: moved setuid executable (bsc#1228548)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2780-1
Released:    Tue Aug  6 14:36:01 2024
Summary:     Security update for patch
Type:        security
Severity:    low
References:  1167721,CVE-2019-20633
This update for patch fixes the following issues:

- CVE-2019-20633: Fixed double-free/OOB read in pch.c (bsc#1167721)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2784-1
Released:    Tue Aug  6 14:58:38 2024
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1227888,1228535,CVE-2024-6197,CVE-2024-7264
This update for curl fixes the following issues:

- CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2788-1
Released:    Tue Aug  6 15:50:29 2024
Summary:     Recommended update for sudo
Type:        recommended
Severity:    moderate
References:  1227574
This update for sudo fixes the following issue:

- Fix Wrong permissions on /usr/share/polkit-1/rules.d (bsc#1227574).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2791-1
Released:    Tue Aug  6 16:35:06 2024
Summary:     Recommended update for various 32bit packages
Type:        recommended
Severity:    moderate
References:  1228322

This update of various packages delivers 32bit variants to allow running Wine
on SLE PackageHub 15 SP6.


The following package changes have been done:

- libassuan0-2.5.5-150000.4.7.1 updated
- libcurl4-8.6.0-150600.4.3.1 updated
- permissions-20240801-150600.10.4.1 updated
- curl-8.6.0-150600.4.3.1 updated
- patch-2.7.6-150000.5.6.1 updated
- sudo-1.9.15p5-150600.3.6.2 updated
- libcurl-devel-8.6.0-150600.4.3.1 updated
- container:sles15-image-15.6.0-47.11.4 updated