SUSE-CU-2024:3628-1: Security update of suse/sle15
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat Aug 10 07:23:06 UTC 2024
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:3628-1
Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.6 , suse/sle15:15.6 , suse/sle15:15.6.47.11.6
Container Release : 47.11.6
Severity : important
Type : security
References : 1220356 1227525 1227888 1228322 1228535 1228548 1228770 CVE-2013-4235
CVE-2024-6197 CVE-2024-7264
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2779-1
Released: Tue Aug 6 14:35:49 2024
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1228548
This update for permissions fixes the following issue:
* cockpit: moved setuid executable (bsc#1228548)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2784-1
Released: Tue Aug 6 14:58:38 2024
Summary: Security update for curl
Type: security
Severity: important
References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2791-1
Released: Tue Aug 6 16:35:06 2024
Summary: Recommended update for various 32bit packages
Type: recommended
Severity: moderate
References: 1228322
This update of various packages delivers 32bit variants to allow running Wine
on SLE PackageHub 15 SP6.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2808-1
Released: Wed Aug 7 09:49:32 2024
Summary: Security update for shadow
Type: security
Severity: moderate
References: 1228770,CVE-2013-4235
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2869-1
Released: Fri Aug 9 15:59:29 2024
Summary: Security update for ca-certificates-mozilla
Type: security
Severity: important
References: 1220356,1227525
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
The following package changes have been done:
- ca-certificates-mozilla-2.68-150200.33.1 updated
- curl-8.6.0-150600.4.3.1 updated
- libassuan0-2.5.5-150000.4.7.1 updated
- libcurl4-8.6.0-150600.4.3.1 updated
- libgpgme11-1.23.0-150600.3.2.1 updated
- login_defs-4.8.1-150600.17.6.1 updated
- permissions-20240801-150600.10.4.1 updated
- shadow-4.8.1-150600.17.6.1 updated
More information about the sle-container-updates
mailing list