SUSE-CU-2024:3706-1: Security update of suse/sles/15.7/cdi-importer
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Aug 14 16:54:21 UTC 2024
SUSE Container Update Advisory: suse/sles/15.7/cdi-importer
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:3706-1
Container Tags : suse/sles/15.7/cdi-importer:1.58.0 , suse/sles/15.7/cdi-importer:1.58.0-150700.7.4 , suse/sles/15.7/cdi-importer:1.58.0.28.11
Container Release : 28.11
Severity : important
Type : security
References : 1222899 1223336 1226463 1227138 1227888 1228535 1228548 1228770
1228872 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 CVE-2024-6197
CVE-2024-7264 CVE-2024-7383
-----------------------------------------------------------------
The container suse/sles/15.7/cdi-importer was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2630-1
Released: Tue Jul 30 09:12:44 2024
Summary: Security update for shadow
Type: security
Severity: important
References: 916845,CVE-2013-4235
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2635-1
Released: Tue Jul 30 09:14:09 2024
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1222899,1223336,1226463,1227138,CVE-2024-5535
This update for openssl-3 fixes the following issues:
Security fixes:
- CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
- Build with enabled sm2 and sm4 support (bsc#1222899)
- Fix non-reproducibility issue (bsc#1223336)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2637-1
Released: Tue Jul 30 09:17:25 2024
Summary: Recommended update for qemu
Type: recommended
Severity: moderate
References:
This update for qemu fixes the following issues:
qemu was updated to version 8.2.5:
- For the full list of changes (from the various releases) please consult the following:
* https://lore.kernel.org/qemu-devel/1718081047.648425.1238605.nullmailer@tls.msk.ru/
- Main changes:
* disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs
* dockerfiles: Added 'MAKE' env variable to remaining containers
* gitlab: Update msys2-64bit runner tags
* gitlab: Use 'setarch -R' to workaround tsan bug
* gitlab: Use $MAKE instead of 'make'
* hvf: arm: Fixed encodings for ID_AA64PFR1_EL1 and debug System registers
* hw/intc/arm_gic: Fixed handling of NS view of GICC_APR<n>
* hw/intc/riscv_aplic: APLICs should add child earlier than realize
* iotests: test NBD+TLS+iothread
* qio: Inherit follow_coroutine_ctx across TLS
* target/arm: Disable SVE extensions when SVE is disabled
* target/i386: Fixed SSE and SSE2 feature check
* target/i386: Fixed xsave.flat from kvm-unit-tests
* target/i386: No single-step exception after MOV or POP SS
* target/loongarch: Fixed a wrong print in cpu dump
* target/riscv: Do not set mtval2 for non guest-page faults
* target/riscv: Fixed the element agnostic function problem
* target/riscv: Prioritize pmp errors in raise_mmu_exception()
* target/riscv: rvv: Check single width operator for vector fp widen instructions
* target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w
* target/riscv: rvv: Fixed Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions
* target/riscv: rvv: Removed redudant SEW checking for vector fp narrow/widen instructions
* target/riscv: rvzicbo: Fixed CBO extension register calculation
* target/riscv/cpu.c: Fixed Zvkb extension config
* target/riscv/kvm: Tolerate KVM disable ext errors
* target/riscv/kvm.c: Fixed the hart bit setting of AIA
* ui/sdl2: Allow host to power down screen
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2779-1
Released: Tue Aug 6 14:35:49 2024
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1228548
This update for permissions fixes the following issue:
* cockpit: moved setuid executable (bsc#1228548)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2784-1
Released: Tue Aug 6 14:58:38 2024
Summary: Security update for curl
Type: security
Severity: important
References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2808-1
Released: Wed Aug 7 09:49:32 2024
Summary: Security update for shadow
Type: security
Severity: moderate
References: 1228770,CVE-2013-4235
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2813-1
Released: Wed Aug 7 12:01:37 2024
Summary: Security update for libnbd
Type: security
Severity: important
References: 1228872,CVE-2024-7383
This update for libnbd fixes the following issues:
- CVE-2024-7383: Fixed incorrect verification of a NBD server's certificate when using TLS to connect to the server (bsc#1228872)
Other fixes:
- Update to version 1.18.5.
The following package changes have been done:
- libopenssl3-3.1.4-150600.5.10.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated
- login_defs-4.8.1-150600.17.6.1 updated
- libcurl4-8.6.0-150600.4.3.1 updated
- permissions-20240801-150600.10.4.1 updated
- shadow-4.8.1-150600.17.6.1 updated
- curl-8.6.0-150600.4.3.1 updated
- qemu-img-8.2.5-150600.3.6.1 updated
- libnbd0-1.18.5-150600.18.3.1 updated
- containerized-data-importer-importer-1.58.0-150700.7.4 updated
- container:sles15-image-15.0.0-50.8 updated
More information about the sle-container-updates
mailing list