SUSE-IU-2024:839-1: Security update of suse-sles-15-sp5-chost-byos-v20240809-x86_64-gen2
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sun Aug 11 07:01:24 UTC 2024
SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240809-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:839-1
Image Tags : suse-sles-15-sp5-chost-byos-v20240809-x86_64-gen2:20240809
Image Release :
Severity : important
Type : security
References : 1208690 1226412 1226529 1228256 1228257 1228258 CVE-2024-1737
CVE-2024-1975 CVE-2024-4076
-----------------------------------------------------------------
The container suse-sles-15-sp5-chost-byos-v20240809-x86_64-gen2 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2696-1
Released: Thu Aug 1 15:20:51 2024
Summary: Recommended update for dracut
Type: recommended
Severity: moderate
References: 1208690,1226412,1226529
This update for dracut fixes the following issues:
- Version update:
* feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529)
* fix(mdraid): try to assemble the missing raid device (bsc#1226412)
* fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2862-1
Released: Fri Aug 9 09:20:34 2024
Summary: Security update for bind
Type: security
Severity: important
References: 1228256,1228257,1228258,CVE-2024-1737,CVE-2024-1975,CVE-2024-4076
This update for bind fixes the following issues:
Update to 9.16.50:
- Bug Fixes:
* A regression in cache-cleaning code enabled memory use to grow
significantly more quickly than before, until the configured
max-cache-size limit was reached. This has been fixed.
* Using rndc flush inadvertently caused cache cleaning to become
less effective. This could ultimately lead to the configured
max-cache-size limit being exceeded and has now been fixed.
* The logic for cleaning up expired cached DNS records was
tweaked to be more aggressive. This change helps with enforcing
max-cache-ttl and max-ncache-ttl in a timely manner.
* It was possible to trigger a use-after-free assertion when the
overmem cache cleaning was initiated. This has been fixed.
New Features:
* Added RESOLVER.ARPA to the built in empty zones.
- Security Fixes:
* It is possible to craft excessively large numbers of resource
record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
adding a configurable limit to the number of records that can
be stored per name and type in a cache or zone database. The
default is 100, which can be tuned with the new
max-types-per-name option. (CVE-2024-1737, bsc#1228256)
* Validating DNS messages signed using the SIG(0) protocol (RFC
2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(CVE-2024-1975, bsc#1228257)
* When looking up the NS records of parent zones as part of
looking up DS records, it was possible for named to trigger an
assertion failure if serve-stale was enabled. This has been
fixed. (CVE-2024-4076, bsc#1228258)
The following package changes have been done:
- bind-utils-9.16.50-150500.8.21.1 updated
- docker-25.0.6_ce-150000.203.1 updated
- dracut-055+suse.388.g70c21afa-150500.3.21.2 updated
- gettext-runtime-0.20.2-1.43 removed
- glibc-2.31-150300.83.1 removed
- glibc-locale-2.31-150300.83.1 removed
- glibc-locale-base-2.31-150300.83.1 removed
- gpg2-2.2.27-150300.3.8.1 removed
- gptfdisk-1.0.8-150400.1.7 removed
- grep-3.1-150000.4.6.1 removed
- growpart-0.31-5.9.3 removed
- grub2-2.06-150500.29.25.12 removed
- grub2-i386-pc-2.06-150500.29.25.12 removed
- grub2-x86_64-efi-2.06-150500.29.25.12 removed
- gzip-1.10-150200.10.1 removed
- haveged-1.9.14-150400.3.3.1 removed
- hostname-3.16-2.22 removed
- hwdata-0.380-150000.3.68.1 removed
- hwinfo-21.85-150500.3.3.1 removed
- hyper-v-8-150200.14.8.1 removed
- info-6.5-4.17 removed
- iproute2-5.14-150400.1.8 removed
- iptables-1.8.7-1.1 removed
- iputils-20221126-150500.3.8.2 removed
- jq-1.6-3.3.1 removed
- kbd-2.4.0-150400.5.6.1 removed
- kbd-legacy-2.4.0-150400.5.6.1 removed
- kdump-1.0.2+git47.g28549ab-150500.3.6.1 removed
- kernel-default-5.14.21-150500.55.68.1 removed
- kexec-tools-2.0.20-150500.18.3 removed
- keyutils-1.6.3-5.6.1 removed
- kmod-29-4.15.1 removed
- krb5-1.20.1-150500.3.9.1 removed
- less-590-150400.3.9.1 removed
- libabsl2401_0_0-20240116.1-150500.13.7.8 removed
- libacl1-2.2.52-4.3.1 removed
- libapparmor1-3.0.4-150500.11.9.1 removed
- libargon2-1-0.0+git20171227.670229c-2.14 removed
- libasm1-0.185-150400.5.3.1 removed
- libassuan0-2.5.5-150000.4.5.2 removed
- libattr1-2.4.47-2.19 removed
- libaudit1-3.0.6-150400.4.16.1 removed
- libaugeas0-1.12.0-150400.3.3.6 removed
- libauparse0-3.0.6-150400.4.16.1 removed
- libavahi-client3-0.8-150400.7.16.1 removed
- libavahi-common3-0.8-150400.7.16.1 removed
- libblkid1-2.37.4-150500.9.11.1 removed
- libblogger2-2.26-150300.4.6.1 removed
- libboost_system1_66_0-1.66.0-12.3.1 removed
- libboost_thread1_66_0-1.66.0-12.3.1 removed
- libbrotlicommon1-1.0.7-3.3.1 removed
- libbrotlidec1-1.0.7-3.3.1 removed
- libbz2-1-1.0.8-150400.1.122 removed
- libcap-ng0-0.7.9-4.37 removed
- libcap2-2.63-150400.3.3.1 removed
- libcares2-1.19.1-150000.3.26.1 removed
- libcbor0-0.5.0-150100.4.6.1 removed
- libcom_err2-1.46.4-150400.3.6.2 removed
- libcpupower0-5.14-150500.9.3.1 removed
- libcrack2-2.9.7-11.6.1 removed
- libcrypt1-4.4.15-150300.4.7.1 removed
- libcryptsetup12-2.4.3-150400.3.3.1 removed
- libcurl4-8.0.1-150400.5.44.1 removed
- libdbus-1-3-1.12.2-150400.18.8.1 removed
- libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 removed
- libdw1-0.185-150400.5.3.1 removed
- libeconf0-0.5.2-150400.3.6.1 removed
- libedit0-3.1.snap20150325-2.12 removed
- libefivar1-37-6.12.1 removed
- libelf1-0.185-150400.5.3.1 removed
- libesmtp-1.0.6-150.4.1 removed
- libestr0-0.1.10-1.25 removed
- libevent-2_1-8-2.1.8-2.23 removed
- libexpat1-2.4.4-150400.3.17.1 removed
- libext2fs2-1.46.4-150400.3.6.2 removed
- libfastjson4-0.99.9-150400.3.3.1 removed
- libfdisk1-2.37.4-150500.9.11.1 removed
- libffi7-3.2.1.git259-10.8 removed
- libfido2-1-1.13.0-150400.5.6.1 removed
- libfipscheck1-1.4.1-3.3.1 removed
- libfreetype6-2.10.4-150000.4.15.1 removed
- libfstrm0-0.6.1-150300.9.5.1 removed
- libfuse2-2.9.7-3.3.1 removed
- libgcc_s1-13.3.0+git8781-150000.1.12.1 removed
- libgcrypt20-1.9.4-150500.10.19 removed
- libgdbm4-1.12-1.418 removed
- libglib-2_0-0-2.70.5-150400.3.11.1 removed
- libgmp10-6.1.2-4.9.1 removed
- libgnutls30-3.7.3-150400.4.44.1 removed
- libgpg-error0-1.42-150400.1.101 removed
- libgpgme11-1.16.0-150400.1.80 removed
- libhavege2-1.9.14-150400.3.3.1 removed
- libhidapi-hidraw0-0.10.1-150300.3.2.1 removed
- libhogweed6-3.8.1-150500.2.25 removed
- libidn2-0-2.2.0-3.6.1 removed
- libinih0-53-150400.1.7 removed
- libip4tc2-1.8.7-1.1 removed
- libip6tc2-1.8.7-1.1 removed
- libjitterentropy3-3.4.1-150000.1.12.1 removed
- libjq1-1.6-3.3.1 removed
- libjson-c3-0.13-3.3.1 removed
- libkeyutils1-1.6.3-5.6.1 removed
- libkmod2-29-4.15.1 removed
- libksba8-1.3.5-150000.4.6.1 removed
- libldap-2_4-2-2.4.46-150200.14.17.1 removed
- libldap-data-2.4.46-150200.14.17.1 removed
- libldb2-2.6.2-150500.1.1 removed
- liblmdb-0_9_30-0.9.30-150500.1.1 removed
- liblogging0-1.0.6-3.21 removed
- liblognorm5-2.0.6-150000.3.3.1 removed
- liblua5_3-5-5.3.6-3.6.1 removed
- liblz4-1-1.9.3-150400.1.7 removed
- liblzma5-5.2.3-150000.4.7.1 removed
- liblzo2-2-2.10-2.22 removed
- libmagic1-5.32-7.14.1 removed
- libmaxminddb0-1.4.3-150000.1.8.1 removed
- libmetalink3-0.1.3-150000.3.2.1 removed
- libmnl0-1.0.4-1.25 removed
- libmount1-2.37.4-150500.9.11.1 removed
- libncurses6-6.1-150000.5.24.1 removed
- libnetfilter_conntrack3-1.0.7-1.38 removed
- libnetfilter_cthelper0-1.0.0-1.21 removed
- libnetfilter_cttimeout1-1.0.0-1.22 removed
- libnettle8-3.8.1-150500.2.25 removed
- libnfnetlink0-1.0.1-2.11 removed
- libnftnl11-1.2.0-150400.1.6 removed
- libnghttp2-14-1.40.0-150200.17.1 removed
- libnl-config-3.3.0-1.29 removed
- libnl3-200-3.3.0-1.29 removed
- libnpth0-1.5-2.11 removed
- libnscd1-2.0.2-3.21 removed
- libnsl2-1.2.0-2.44 removed
- libnss_usrfiles2-2.25-2.12 removed
- libonig4-6.7.0-150000.3.6.1 removed
- libopeniscsiusr0-0.2.0-150500.46.3.1 removed
- libopenssl1_1-1.1.1l-150500.17.31.1 removed
- libp11-kit0-0.23.22-150500.8.3.1 removed
- libparted0-3.2-150300.21.3.1 removed
- libpcap1-1.10.1-150400.1.7 removed
- libpci3-3.5.6-150300.13.6.1 removed
- libpcre1-8.45-150000.20.13.1 removed
- libpcre2-8-0-10.39-150400.4.9.1 removed
- libpng16-16-1.6.34-3.9.1 removed
- libpopt0-1.16-3.22 removed
- libprocps8-3.3.17-150000.7.39.1 removed
- libprotobuf-c1-1.3.2-150200.3.9.1 removed
- libprotobuf-lite25_1_0-25.1-150500.12.2.2 removed
- libproxy1-0.4.17-150400.1.8 removed
- libpsl5-0.20.1-150000.3.3.1 removed
- libpython3_6m1_0-3.6.15-150300.10.65.1 removed
- librdkafka1-0.11.6-1.8.1 removed
- libreadline7-7.0-150400.25.22 removed
- librelp0-1.11.0-150000.3.3.1 removed
- libsasl2-3-2.1.28-150500.1.1 removed
- libseccomp2-2.5.3-150400.2.4 removed
- libselinux1-3.1-150400.1.69 removed
- libsemanage1-3.1-150400.3.4.2 removed
- libsepol1-3.1-150400.1.70 removed
- libsigc-2_0-0-2.10.7-150400.3.3.1 removed
- libsmartcols1-2.37.4-150500.9.11.1 removed
- libsmi-0.4.8-1.29 removed
- libsmi2-0.4.8-1.29 removed
- libsnappy1-1.1.8-3.3.1 removed
- libsolv-tools-0.7.29-150400.3.22.4 removed
- libsolv-tools-base-0.7.29-150400.3.22.4 removed
- libsqlite3-0-3.44.0-150000.3.23.1 removed
- libssh-config-0.9.8-150400.3.6.1 removed
- libssh4-0.9.8-150400.3.6.1 removed
- libstdc++6-13.3.0+git8781-150000.1.12.1 removed
- libsystemd0-249.17-150400.8.40.1 removed
- libtalloc2-2.3.4-150500.1.1 removed
- libtasn1-4.13-150000.4.8.1 removed
- libtasn1-6-4.13-150000.4.8.1 removed
- libtdb1-1.4.7-150500.1.1 removed
- libtevent0-0.13.0-150500.1.1 removed
- libtextstyle0-0.20.2-1.43 removed
- libtirpc-netconfig-1.3.4-150300.3.23.1 removed
- libtirpc3-1.3.4-150300.3.23.1 removed
- libtss2-esys0-3.1.0-150400.3.6.1 removed
- libtss2-fapi1-3.1.0-150400.3.6.1 removed
- libtss2-mu0-3.1.0-150400.3.6.1 removed
- libtss2-rc0-3.1.0-150400.3.6.1 removed
- libtss2-sys1-3.1.0-150400.3.6.1 removed
- libtss2-tctildr0-3.1.0-150400.3.6.1 removed
- libudev1-249.17-150400.8.40.1 removed
- libunistring2-0.9.10-1.1 removed
- libusb-1_0-0-1.0.24-150400.3.3.1 removed
- libutempter0-1.1.6-3.42 removed
- libuuid1-2.37.4-150500.9.11.1 removed
- libuv1-1.44.2-150500.3.2.1 removed
- libverto1-0.2.6-3.20 removed
- libwrap0-7.6-1.433 removed
- libx86emu3-3.1-1.23 removed
- libxml2-2-2.10.3-150500.5.17.1 removed
- libxslt1-1.1.34-150400.3.3.1 removed
- libxtables12-1.8.7-1.1 removed
- libyajl2-2.1.0-150000.4.6.1 removed
- libyaml-cpp0_6-0.6.3-150400.4.3.1 removed
- libz1-1.2.13-150500.4.3.1 removed
- libzck1-1.1.16-150400.3.7.1 removed
- libzio1-1.06-2.20 removed
- libzstd1-1.5.0-150400.3.3.1 removed
- libzypp-17.34.1-150500.6.2.1 removed
- login_defs-4.8.1-150400.10.15.1 removed
- logrotate-3.18.1-150400.3.7.1 removed
- makedumpfile-1.7.0-150400.4.3.1 removed
- mokutil-0.5.0-150400.3.3.1 removed
- ncurses-utils-6.1-150000.5.24.1 removed
- net-tools-2.0+git20170221.479bb4a-3.11 removed
- netcfg-11.6-150000.3.6.1 removed
- nfs-client-2.1.1-150500.22.3.1 removed
- nfsidmap-0.26-150000.3.7.1 removed
- open-iscsi-2.1.9-150500.46.3.1 removed
- openssh-8.4p1-150300.3.37.1 removed
- openssh-clients-8.4p1-150300.3.37.1 removed
- openssh-common-8.4p1-150300.3.37.1 removed
- openssh-server-8.4p1-150300.3.37.1 removed
- openssl-1.1.1l-150400.1.5 removed
- openssl-1_1-1.1.1l-150500.17.31.1 removed
- p11-kit-0.23.22-150500.8.3.1 removed
- p11-kit-tools-0.23.22-150500.8.3.1 removed
- pam-1.3.0-150000.6.66.1 removed
- pam-config-1.1-150200.3.6.1 removed
- parted-3.2-150300.21.3.1 removed
- pciutils-3.5.6-150300.13.6.1 removed
- perl-5.26.1-150300.17.17.1 removed
- perl-Bootloader-0.947-150400.3.12.1 removed
- perl-base-5.26.1-150300.17.17.1 removed
- permissions-20201225-150400.5.16.1 removed
- pigz-2.3.3-1.28 removed
- pinentry-1.1.0-4.3.1 removed
- pkg-config-0.29.2-1.436 removed
- procps-3.3.17-150000.7.39.1 removed
- python-azure-agent-2.9.1.1-150100.3.37.3 removed
- python-azure-agent-config-server-2.9.1.1-150100.3.37.3 removed
- python-instance-billing-flavor-check-0.0.6-150000.1.9.1 removed
- python3-3.6.15-150300.10.65.2 removed
- python3-Babel-2.8.0-3.3.1 removed
- python3-Jinja2-2.10.1-150000.3.13.1 removed
- python3-MarkupSafe-1.0-1.29 removed
- python3-PyJWT-2.4.0-150200.3.8.1 removed
- python3-PyYAML-5.4.1-1.1 removed
- python3-apipkg-2.1.0-150500.1.1 removed
- python3-appdirs-1.4.3-1.21 removed
- python3-asn1crypto-0.24.0-3.2.1 removed
- python3-attrs-19.3.0-150200.3.6.1 removed
- python3-base-3.6.15-150300.10.65.1 removed
- python3-bind-9.16.48-150500.8.16.1 removed
- python3-blinker-1.4-150000.3.6.1 removed
- python3-certifi-2018.1.18-150000.3.3.1 removed
- python3-cffi-1.13.2-3.2.5 removed
- python3-chardet-3.0.4-150000.5.3.1 removed
- python3-configobj-5.0.6-150000.3.3.1 removed
- python3-cryptography-3.3.2-150400.23.1 removed
- python3-cssselect-1.0.3-150000.3.5.1 removed
- python3-distro-1.5.0-3.5.1 removed
- python3-idna-2.6-150000.3.3.1 removed
- python3-importlib-metadata-1.5.0-150100.3.5.1 removed
- python3-iniconfig-1.1.1-150000.1.11.1 removed
- python3-jsonpatch-1.23-150100.3.5.1 removed
- python3-jsonpointer-1.14-150000.3.2.1 removed
- python3-jsonschema-3.2.0-150200.9.5.1 removed
- python3-lxml-4.9.1-150500.1.2 removed
- python3-more-itertools-8.10.0-150400.7.1 removed
- python3-netifaces-0.10.6-150000.3.2.1 removed
- python3-oauthlib-2.0.6-150000.3.6.1 removed
- python3-ordered-set-4.0.2-150400.8.34 removed
- python3-packaging-21.3-150200.3.3.1 removed
- python3-passlib-1.7.4-150300.3.2.1 removed
- python3-ply-3.10-150000.3.5.1 removed
- python3-py-1.10.0-150100.5.12.1 removed
- python3-pyOpenSSL-21.0.0-150400.7.62 removed
- python3-pyasn1-0.4.2-150000.3.5.1 removed
- python3-pycparser-2.17-3.2.1 removed
- python3-pyparsing-2.4.7-1.24 removed
- python3-pyrsistent-0.14.4-150100.3.4.1 removed
- python3-pyserial-3.4-150000.3.4.1 removed
- python3-pytz-2022.1-150300.3.6.1 removed
- python3-requests-2.25.1-150300.3.12.2 removed
- python3-setuptools-44.1.1-150400.9.6.1 removed
- python3-six-1.14.0-12.1 removed
- python3-urllib3-1.25.10-150300.4.9.1 removed
- python3-zipp-0.6.0-150100.3.5.1 removed
- rpcbind-0.2.3-5.9.2 removed
- rpm-config-SUSE-1-150400.14.3.1 removed
- rpm-ndb-4.14.3-150400.59.16.1 removed
- rsyslog-8.2306.0-150400.5.27.1 removed
- rsyslog-module-relp-8.2306.0-150400.5.27.1 removed
- runc-1.1.12-150000.64.1 removed
- samba-client-libs-4.17.12+git.462.df636292e62-150500.3.23.7 removed
- sed-4.4-150300.13.3.1 removed
- shadow-4.8.1-150400.10.15.1 removed
- shim-15.8-150300.4.20.2 removed
- sle-module-basesystem-release-15.5-150500.43.2 removed
- sle-module-containers-release-15.5-150500.43.2 removed
- sle-module-public-cloud-release-15.5-150500.43.2 removed
- sle-module-server-applications-release-15.5-150500.43.2 removed
- sles-release-15.5-150500.43.4 removed
- socat-1.8.0.0-150400.14.3.1 removed
- sudo-1.9.12p1-150500.7.10.1 removed
- supportutils-3.1.30-150300.7.35.30.1 removed
- supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1 removed
- suse-build-key-12.0-150000.8.49.2 removed
- suse-module-tools-15.5.5-150500.3.12.2 removed
- suseconnect-ng-1.9.0-150500.3.21.2 removed
- sysconfig-0.85.9-150200.12.1 removed
- sysconfig-netconfig-0.85.9-150200.12.1 removed
- syslog-service-2.0-11.2 removed
- system-group-audit-3.0.6-150400.4.16.1 removed
- system-group-hardware-20170617-150400.24.2.1 removed
- system-group-kvm-20170617-150400.24.2.1 removed
- system-group-wheel-20170617-150400.24.2.1 removed
- system-user-nobody-20170617-150400.24.2.1 removed
- system-user-root-20190513-3.3.1 removed
- systemd-249.17-150400.8.40.1 removed
- systemd-default-settings-0.10-150300.3.7.1 removed
- systemd-default-settings-branding-SLE-0.10-150300.3.7.1 removed
- systemd-presets-branding-SLE-15.1-150100.20.14.1 removed
- systemd-presets-common-SUSE-15-150500.20.6.1 removed
- systemd-rpm-macros-15-150000.7.39.1 removed
- systemd-sysvinit-249.17-150400.8.40.1 removed
- sysuser-shadow-3.2-150400.3.5.3 removed
- sysvinit-tools-2.99-1.1 removed
- tar-1.34-150000.3.34.1 removed
- tcpdump-4.99.1-150400.1.8 removed
- terminfo-6.1-150000.5.24.1 removed
- terminfo-base-6.1-150000.5.24.1 removed
- timezone-2024a-150000.75.28.1 removed
- tpm2.0-tools-5.2-150400.6.3.1 removed
- udev-249.17-150400.8.40.1 removed
- update-alternatives-1.19.0.4-150000.4.4.1 removed
- util-linux-2.37.4-150500.9.11.1 removed
- util-linux-systemd-2.37.4-150500.9.11.1 removed
- vim-9.1.0330-150500.20.12.1 removed
- vim-data-common-9.1.0330-150500.20.12.1 removed
- wget-1.20.3-150000.3.20.1 removed
- which-2.21-2.20 removed
- wicked-0.6.75-150500.3.29.1 removed
- wicked-service-0.6.75-150500.3.29.1 removed
- xen-libs-4.17.4_02-150500.3.30.1 removed
- xfsprogs-5.13.0-150400.3.10.2 removed
- xtables-plugins-1.8.7-1.1 removed
- xz-5.2.3-150000.4.7.1 removed
- zstd-1.5.0-150400.3.3.1 removed
- zypper-1.14.73-150500.6.2.1 removed
More information about the sle-container-updates
mailing list