SUSE-IU-2024:832-1: Security update of suse-sles-15-sp4-chost-byos-v20240809-x86_64-gen2
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat Aug 10 07:01:58 UTC 2024
SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20240809-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:832-1
Image Tags : suse-sles-15-sp4-chost-byos-v20240809-x86_64-gen2:20240809
Image Release :
Severity : important
Type : security
References : 1065729 1141157 1160293 1174585 1188441 1190569 1191949 1192107
1193983 1194288 1194869 1195775 1196869 1196956 1197915 1200313
1201308 1201489 1208149 1208690 1209627 1209657 1209799 1209834
1210335 1211592 1213551 1213863 1214960 1216124 1216702 1217083
1217169 1217515 1218148 1218447 1218668 1218917 1219004 1219224
1219559 1219680 1220485 1220492 1220492 1220664 1220783 1221044
1221400 1221563 1221645 1221854 1221958 1222011 1222015 1222075
1222075 1222086 1222254 1222559 1222619 1222678 1222721 1222976
1223057 1223084 1223107 1223111 1223138 1223191 1223384 1223384
1223390 1223430 1223469 1223481 1223501 1223505 1223512 1223520
1223532 1223626 1223715 1223766 1223894 1223921 1223922 1223923
1223924 1223929 1223931 1223932 1223934 1223941 1223948 1223952
1223953 1223957 1223962 1223963 1223964 1223996 1224020 1224085
1224099 1224137 1224174 1224242 1224282 1224323 1224438 1224482
1224488 1224494 1224511 1224592 1224611 1224664 1224678 1224679
1224682 1224685 1224696 1224703 1224730 1224736 1224749 1224763
1224764 1224765 1224766 1224816 1224895 1224898 1224900 1224901
1224902 1224903 1224904 1224905 1224907 1224909 1224910 1224911
1224912 1224913 1224914 1224915 1224920 1224928 1224931 1224932
1224935 1224937 1224942 1224944 1224945 1224947 1224956 1224988
1225000 1225003 1225005 1225009 1225022 1225031 1225032 1225036
1225044 1225076 1225077 1225082 1225086 1225092 1225095 1225096
1225098 1225106 1225108 1225109 1225118 1225121 1225122 1225123
1225125 1225126 1225127 1225129 1225131 1225132 1225145 1225151
1225153 1225156 1225158 1225160 1225161 1225164 1225167 1225180
1225183 1225184 1225186 1225187 1225189 1225190 1225191 1225192
1225193 1225195 1225198 1225201 1225203 1225205 1225206 1225207
1225208 1225209 1225210 1225214 1225223 1225224 1225225 1225227
1225228 1225229 1225230 1225232 1225233 1225235 1225236 1225237
1225238 1225239 1225240 1225241 1225242 1225243 1225244 1225245
1225246 1225247 1225248 1225249 1225250 1225251 1225252 1225253
1225254 1225255 1225256 1225257 1225258 1225259 1225260 1225261
1225262 1225263 1225268 1225301 1225303 1225304 1225306 1225316
1225318 1225320 1225321 1225322 1225323 1225326 1225327 1225328
1225329 1225330 1225331 1225332 1225333 1225334 1225335 1225336
1225337 1225338 1225339 1225341 1225342 1225344 1225346 1225347
1225351 1225353 1225354 1225355 1225357 1225358 1225360 1225361
1225366 1225367 1225368 1225369 1225370 1225372 1225373 1225374
1225375 1225376 1225377 1225379 1225380 1225383 1225384 1225386
1225387 1225388 1225390 1225392 1225393 1225396 1225400 1225404
1225405 1225409 1225410 1225411 1225425 1225427 1225431 1225435
1225436 1225437 1225438 1225439 1225441 1225445 1225446 1225447
1225450 1225453 1225455 1225461 1225463 1225464 1225466 1225467
1225471 1225472 1225478 1225479 1225482 1225483 1225486 1225487
1225488 1225490 1225492 1225495 1225499 1225500 1225501 1225508
1225510 1225518 1225529 1225530 1225532 1225534 1225549 1225550
1225551 1225553 1225554 1225557 1225559 1225560 1225565 1225566
1225569 1225570 1225571 1225572 1225577 1225583 1225584 1225588
1225589 1225590 1225591 1225592 1225595 1225599 1225611 1225732
1225737 1225749 1225840 1225866 1225912 1225946 1225963 1225976
1226125 1226128 1226145 1226192 1226211 1226212 1226270 1226419
1226447 1226448 1226469 1226587 1226595 1226634 1226664 1226758
1226785 1226786 1226789 1226953 1226962 1227067 1227106 1227150
1227186 1227187 1227429 1227681 1227711 1228256 1228257 1228258
1228322 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2019-13225
CVE-2020-36788 CVE-2021-39698 CVE-2021-4148 CVE-2021-43056 CVE-2021-43527
CVE-2021-47358 CVE-2021-47359 CVE-2021-47360 CVE-2021-47361 CVE-2021-47362
CVE-2021-47363 CVE-2021-47364 CVE-2021-47365 CVE-2021-47366 CVE-2021-47367
CVE-2021-47368 CVE-2021-47369 CVE-2021-47370 CVE-2021-47371 CVE-2021-47372
CVE-2021-47373 CVE-2021-47374 CVE-2021-47375 CVE-2021-47376 CVE-2021-47378
CVE-2021-47379 CVE-2021-47380 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383
CVE-2021-47384 CVE-2021-47385 CVE-2021-47386 CVE-2021-47387 CVE-2021-47388
CVE-2021-47389 CVE-2021-47390 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393
CVE-2021-47394 CVE-2021-47395 CVE-2021-47396 CVE-2021-47397 CVE-2021-47398
CVE-2021-47399 CVE-2021-47400 CVE-2021-47401 CVE-2021-47402 CVE-2021-47403
CVE-2021-47404 CVE-2021-47405 CVE-2021-47406 CVE-2021-47407 CVE-2021-47408
CVE-2021-47409 CVE-2021-47410 CVE-2021-47412 CVE-2021-47413 CVE-2021-47414
CVE-2021-47415 CVE-2021-47416 CVE-2021-47417 CVE-2021-47418 CVE-2021-47419
CVE-2021-47420 CVE-2021-47421 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424
CVE-2021-47425 CVE-2021-47426 CVE-2021-47427 CVE-2021-47428 CVE-2021-47429
CVE-2021-47430 CVE-2021-47431 CVE-2021-47433 CVE-2021-47434 CVE-2021-47435
CVE-2021-47436 CVE-2021-47437 CVE-2021-47438 CVE-2021-47439 CVE-2021-47440
CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445
CVE-2021-47446 CVE-2021-47447 CVE-2021-47448 CVE-2021-47449 CVE-2021-47450
CVE-2021-47451 CVE-2021-47452 CVE-2021-47453 CVE-2021-47454 CVE-2021-47455
CVE-2021-47456 CVE-2021-47457 CVE-2021-47458 CVE-2021-47459 CVE-2021-47460
CVE-2021-47461 CVE-2021-47462 CVE-2021-47463 CVE-2021-47464 CVE-2021-47465
CVE-2021-47466 CVE-2021-47467 CVE-2021-47468 CVE-2021-47469 CVE-2021-47470
CVE-2021-47471 CVE-2021-47472 CVE-2021-47473 CVE-2021-47474 CVE-2021-47475
CVE-2021-47476 CVE-2021-47477 CVE-2021-47478 CVE-2021-47479 CVE-2021-47480
CVE-2021-47481 CVE-2021-47482 CVE-2021-47483 CVE-2021-47484 CVE-2021-47485
CVE-2021-47486 CVE-2021-47488 CVE-2021-47489 CVE-2021-47490 CVE-2021-47491
CVE-2021-47492 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496
CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501
CVE-2021-47502 CVE-2021-47503 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507
CVE-2021-47509 CVE-2021-47510 CVE-2021-47511 CVE-2021-47513 CVE-2021-47514
CVE-2021-47516 CVE-2021-47518 CVE-2021-47520 CVE-2021-47521 CVE-2021-47522
CVE-2021-47523 CVE-2021-47524 CVE-2021-47525 CVE-2021-47526 CVE-2021-47528
CVE-2021-47529 CVE-2021-47533 CVE-2021-47534 CVE-2021-47535 CVE-2021-47536
CVE-2021-47537 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47544
CVE-2021-47549 CVE-2021-47550 CVE-2021-47551 CVE-2021-47553 CVE-2021-47554
CVE-2021-47555 CVE-2021-47556 CVE-2021-47558 CVE-2021-47559 CVE-2021-47560
CVE-2021-47562 CVE-2021-47563 CVE-2021-47564 CVE-2021-47565 CVE-2021-47571
CVE-2022-48632 CVE-2022-48634 CVE-2022-48636 CVE-2022-48652 CVE-2022-48662
CVE-2022-48671 CVE-2022-48672 CVE-2022-48673 CVE-2022-48675 CVE-2022-48686
CVE-2022-48687 CVE-2022-48688 CVE-2022-48692 CVE-2022-48693 CVE-2022-48694
CVE-2022-48695 CVE-2022-48697 CVE-2022-48699 CVE-2022-48700 CVE-2022-48701
CVE-2022-48702 CVE-2022-48703 CVE-2022-48704 CVE-2022-48708 CVE-2022-48709
CVE-2022-48710 CVE-2023-0160 CVE-2023-1829 CVE-2023-24023 CVE-2023-2860
CVE-2023-45288 CVE-2023-47233 CVE-2023-52425 CVE-2023-52591 CVE-2023-52654
CVE-2023-52655 CVE-2023-52670 CVE-2023-52676 CVE-2023-52686 CVE-2023-52690
CVE-2023-52702 CVE-2023-52703 CVE-2023-52707 CVE-2023-52708 CVE-2023-52730
CVE-2023-52733 CVE-2023-52736 CVE-2023-52738 CVE-2023-52739 CVE-2023-52740
CVE-2023-52741 CVE-2023-52742 CVE-2023-52743 CVE-2023-52744 CVE-2023-52745
CVE-2023-52747 CVE-2023-52752 CVE-2023-52753 CVE-2023-52754 CVE-2023-52756
CVE-2023-52759 CVE-2023-52763 CVE-2023-52764 CVE-2023-52766 CVE-2023-52774
CVE-2023-52781 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52798
CVE-2023-52799 CVE-2023-52800 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806
CVE-2023-52810 CVE-2023-52811 CVE-2023-52814 CVE-2023-52816 CVE-2023-52817
CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826
CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52837 CVE-2023-52838
CVE-2023-52840 CVE-2023-52841 CVE-2023-52844 CVE-2023-52846 CVE-2023-52847
CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52858
CVE-2023-52864 CVE-2023-52865 CVE-2023-52867 CVE-2023-52868 CVE-2023-52870
CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52875 CVE-2023-52876
CVE-2023-52877 CVE-2023-52878 CVE-2023-52880 CVE-2023-52881 CVE-2023-6531
CVE-2024-0397 CVE-2024-0450 CVE-2024-0639 CVE-2024-1737 CVE-2024-1975
CVE-2024-26739 CVE-2024-26745 CVE-2024-26764 CVE-2024-26828 CVE-2024-26840
CVE-2024-26852 CVE-2024-26862 CVE-2024-26921 CVE-2024-26923 CVE-2024-26925
CVE-2024-26928 CVE-2024-26929 CVE-2024-26930 CVE-2024-27398 CVE-2024-27413
CVE-2024-34459 CVE-2024-35789 CVE-2024-35811 CVE-2024-35815 CVE-2024-35817
CVE-2024-35861 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35867
CVE-2024-35868 CVE-2024-35869 CVE-2024-35895 CVE-2024-35904 CVE-2024-35905
CVE-2024-35914 CVE-2024-35950 CVE-2024-36894 CVE-2024-36899 CVE-2024-36904
CVE-2024-36926 CVE-2024-36940 CVE-2024-36964 CVE-2024-36971 CVE-2024-37370
CVE-2024-37371 CVE-2024-37891 CVE-2024-38428 CVE-2024-38541 CVE-2024-38545
CVE-2024-38559 CVE-2024-38560 CVE-2024-38564 CVE-2024-38578 CVE-2024-4032
CVE-2024-4076 CVE-2024-4741
-----------------------------------------------------------------
The container suse-sles-15-sp4-chost-byos-v20240809-x86_64-gen2 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2021-1
Released: Thu Jun 13 16:10:15 2024
Summary: Recommended update for iputils
Type: recommended
Severity: moderate
References:
This update for iputils fixes the following issue:
- After upstream merged the fix, update git commit hashes
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2022-1
Released: Thu Jun 13 16:13:20 2024
Summary: Recommended update for chrony
Type: recommended
Severity: moderate
References: 1213551
This update for chrony fixes the following issues:
- Use shorter NTS-KE retry interval when network is down (bsc#1213551)
- Use make quickcheck instead of make check to avoid more than 1h build
times and failures due to timeouts. This was the default before
3.2 but it changed to make tests more reliable
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2023-1
Released: Thu Jun 13 16:14:30 2024
Summary: Recommended update for socat
Type: recommended
Severity: moderate
References: 1160293
This update for socat fixes the following issues:
socat is updated to 1.8.0.0:
Primary feature is enabling TLS 1.3 support. (jsc#PED-8413)
* Support for network namespaces (option netns)
* TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success
* Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following)
* New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL
* New script socat-mux.sh allows n-to-1 / 1-to-n communications
* New script socat-broker.sh allows group communications
* Experimental socks5 client feature
* Address ACCEPT-FD for systemd 'inetd' mode
* UDP-Lite and DCCP address types
* Addresses SOCKETPAIR and SHELL
* New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes
* New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets
* Simple statistics output with Socat option --statistics and with SIGUSR1
* A couple of new options, many fixes and corrections, see file CHANGES
Update to 1.7.4.4:
* FIX: In error.c msg2() there was a stack overflow on long messages: The
terminating \0 Byte was written behind the last position.
* FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets
arrived.
* FIX: a couple of weaknesses and errors when accessing invalid or
incompatible file system entries with UNIX domain, file, and generic
addresses.
* FIX: bad parser error message on 'socat /tmp/x\'x/x -'
Update to 1.7.4.3:
* fixes the TCP_INFO issue that broke building on non-Linux platforms.
* building on AIX works again.
* A few more corrections and improvements have been added
Update to version 1.7.4.2:
* Fixes a lot of bugs, e.g., for options -r and -R.
* Further bugfixes, see the CHANGES file
Update to 1.7.4.1:
Security:
* Buffer size option (-b) is internally doubled for CR-CRLF conversion,
but not checked for integer overflow. This could lead to heap based buffer
overflow, assuming the attacker could provide this parameter.
* Many further bugfixes and new features, see the CHANGES file
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2024-1
Released: Thu Jun 13 16:15:18 2024
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References: 1209627
This update for jitterentropy fixes the following issues:
- Fixed a stack corruption on s390x: [bsc#1209627]
* Output size of the STCKE command on s390x is 16 bytes, compared
to 8 bytes of the STCK command. Fix a stack corruption in the
s390x version of jent_get_nstime(). Add some more detailed
information on the STCKE command.
Updated to 3.4.1
* add FIPS 140 hints to man page
* simplify the test tool to search for optimal configurations
* fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0
* enhancement: add ARM64 assembler code to read high-res timer
-----------------------------------------------------------------
Advisory ID: 33664
Released: Thu Jun 13 21:03:04 2024
Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings
Type: recommended
Severity: important
References: 1222086,1223430,1223766,1224242
This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues:
- Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242)
- Improve updating of installed multiversion packages
- Fix decision introspection going into an endless loop in some cases
- Split libsolv-tools into libsolv-tools-base [jsc#PED-8153]
- Improve checks against corrupt rpm
- Fixed check for outdated repo metadata as non-root user (bsc#1222086)
- Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153)
- Dynamically resolve libproxy (jsc#PED-8153)
- Fix download from gpgkey URL (bsc#1223430)
- Delay zypp lock until command options are parsed (bsc#1223766)
- Unify message format
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2085-1
Released: Wed Jun 19 11:36:00 2024
Summary: recommended update for python-requests
Type: recommended
Severity: moderate
References: 1225912
This update for python-requests fixes the following issue:
- Allow the usage of 'verify' parameter as a directory. (bsc#1225912)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2086-1
Released: Wed Jun 19 11:48:24 2024
Summary: Recommended update for gcc13
Type: recommended
Severity: moderate
References: 1188441
This update for gcc13 fixes the following issues:
Update to GCC 13.3 release
- Removed Fiji support from the GCN offload compiler as that is requiring
Code Object version 3 which is no longer supported by llvm18.
- Avoid combine spending too much compile-time and memory doing nothing
on s390x. [bsc#1188441]
- Make requirement to lld version specific to avoid requiring the
meta-package.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2089-1
Released: Wed Jun 19 12:38:06 2024
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1225551,CVE-2024-4741
This update for openssl-1_1 fixes the following issues:
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2108-1
Released: Thu Jun 20 19:35:51 2024
Summary: Security update for containerd
Type: security
Severity: important
References: 1221400,1224323,CVE-2023-45288
This update for containerd fixes the following issues:
Update to containerd v1.7.17.
- CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400).
- Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2174-1
Released: Mon Jun 24 07:20:48 2024
Summary: Security update for wget
Type: security
Severity: moderate
References: 1226419,CVE-2024-38428
This update for wget fixes the following issues:
- CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2189-1
Released: Tue Jun 25 08:34:42 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1065729,1174585,1190569,1191949,1192107,1193983,1194288,1194869,1196869,1196956,1197915,1200313,1201308,1201489,1208149,1209657,1209799,1209834,1210335,1211592,1213863,1216702,1217169,1217515,1218447,1218917,1220492,1220783,1221044,1221645,1221958,1222011,1222559,1222619,1222721,1222976,1223057,1223084,1223111,1223138,1223191,1223384,1223390,1223481,1223501,1223505,1223512,1223520,1223532,1223626,1223715,1223894,1223921,1223922,1223923,1223924,1223929,1223931,1223932,1223934,1223941,1223948,1223952,1223953,1223957,1223962,1223963,1223964,1223996,1224085,1224099,1224137,1224174,1224438,1224482,1224488,1224494,1224511,1224592,1224611,1224664,1224678,1224682,1224685,1224730,1224736,1224763,1224816,1224895,1224898,1224900,1224901,1224902,1224903,1224904,1224905,1224907,1224909,1224910,1224911,1224912,1224913,1224914,1224915,1224920,1224928,1224931,1224932,1224937,1224942,1224944,1224945,1224947,1224956,1224988,1225000,1225003,1225005,1225009,1225022,1225031,1225032,1225036,1
225044,1225076,1225077,1225082,1225086,1225092,1225095,1225096,1225106,1225108,1225109,1225118,1225121,1225122,1225123,1225125,1225126,1225127,1225129,1225131,1225132,1225145,1225151,1225153,1225156,1225158,1225160,1225161,1225164,1225167,1225180,1225183,1225184,1225186,1225187,1225189,1225190,1225191,1225192,1225193,1225195,1225198,1225201,1225203,1225205,1225206,1225207,1225208,1225209,1225210,1225214,1225223,1225224,1225225,1225227,1225228,1225229,1225230,1225232,1225233,1225235,1225236,1225237,1225238,1225239,1225240,1225241,1225242,1225243,1225244,1225245,1225246,1225247,1225248,1225249,1225250,1225251,1225252,1225253,1225254,1225255,1225256,1225257,1225258,1225259,1225260,1225261,1225262,1225263,1225268,1225301,1225303,1225304,1225306,1225316,1225318,1225320,1225321,1225322,1225323,1225326,1225327,1225328,1225329,1225330,1225331,1225332,1225333,1225334,1225335,1225336,1225337,1225338,1225339,1225341,1225342,1225344,1225346,1225347,1225351,1225353,1225354,1225355,1225357,122535
8,1225360,1225361,1225366,1225367,1225368,1225369,1225370,1225372,1225373,1225374,1225375,1225376,1225377,1225379,1225380,1225383,1225384,1225386,1225387,1225388,1225390,1225392,1225393,1225396,1225400,1225404,1225405,1225409,1225410,1225411,1225425,1225427,1225431,1225435,1225436,1225437,1225438,1225439,1225441,1225445,1225446,1225447,1225450,1225453,1225455,1225461,1225463,1225464,1225466,1225471,1225472,1225478,1225479,1225482,1225483,1225486,1225488,1225490,1225492,1225495,1225499,1225500,1225501,1225508,1225510,1225529,1225530,1225532,1225534,1225549,1225550,1225553,1225554,1225557,1225559,1225560,1225565,1225566,1225569,1225570,1225571,1225572,1225577,1225583,1225584,1225588,1225589,1225590,1225591,1225592,1225595,1225599,CVE-2020-36788,CVE-2021-39698,CVE-2021-4148,CVE-2021-43056,CVE-2021-43527,CVE-2021-47358,CVE-2021-47359,CVE-2021-47360,CVE-2021-47361,CVE-2021-47362,CVE-2021-47363,CVE-2021-47364,CVE-2021-47365,CVE-2021-47366,CVE-2021-47367,CVE-2021-47368,CVE-2021-47369,CVE-2
021-47370,CVE-2021-47371,CVE-2021-47372,CVE-2021-47373,CVE-2021-47374,CVE-2021-47375,CVE-2021-47376,CVE-2021-47378,CVE-2021-47379,CVE-2021-47380,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47384,CVE-2021-47385,CVE-2021-47386,CVE-2021-47387,CVE-2021-47388,CVE-2021-47389,CVE-2021-47390,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47394,CVE-2021-47395,CVE-2021-47396,CVE-2021-47397,CVE-2021-47398,CVE-2021-47399,CVE-2021-47400,CVE-2021-47401,CVE-2021-47402,CVE-2021-47403,CVE-2021-47404,CVE-2021-47405,CVE-2021-47406,CVE-2021-47407,CVE-2021-47408,CVE-2021-47409,CVE-2021-47410,CVE-2021-47412,CVE-2021-47413,CVE-2021-47414,CVE-2021-47415,CVE-2021-47416,CVE-2021-47417,CVE-2021-47418,CVE-2021-47419,CVE-2021-47420,CVE-2021-47421,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47427,CVE-2021-47428,CVE-2021-47429,CVE-2021-47430,CVE-2021-47431,CVE-2021-47433,CVE-2021-47434,CVE-2021-47435,CVE-2021-47436,CVE-2021-47437,CVE-2021-47438,CVE-2021-474
39,CVE-2021-47440,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47446,CVE-2021-47447,CVE-2021-47448,CVE-2021-47449,CVE-2021-47450,CVE-2021-47451,CVE-2021-47452,CVE-2021-47453,CVE-2021-47454,CVE-2021-47455,CVE-2021-47456,CVE-2021-47457,CVE-2021-47458,CVE-2021-47459,CVE-2021-47460,CVE-2021-47461,CVE-2021-47462,CVE-2021-47463,CVE-2021-47464,CVE-2021-47465,CVE-2021-47466,CVE-2021-47467,CVE-2021-47468,CVE-2021-47469,CVE-2021-47470,CVE-2021-47471,CVE-2021-47472,CVE-2021-47473,CVE-2021-47474,CVE-2021-47475,CVE-2021-47476,CVE-2021-47477,CVE-2021-47478,CVE-2021-47479,CVE-2021-47480,CVE-2021-47481,CVE-2021-47482,CVE-2021-47483,CVE-2021-47484,CVE-2021-47485,CVE-2021-47486,CVE-2021-47488,CVE-2021-47489,CVE-2021-47490,CVE-2021-47491,CVE-2021-47492,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE-
2021-47509,CVE-2021-47510,CVE-2021-47511,CVE-2021-47513,CVE-2021-47514,CVE-2021-47516,CVE-2021-47518,CVE-2021-47520,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47524,CVE-2021-47525,CVE-2021-47526,CVE-2021-47528,CVE-2021-47529,CVE-2021-47533,CVE-2021-47534,CVE-2021-47535,CVE-2021-47536,CVE-2021-47537,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47544,CVE-2021-47549,CVE-2021-47550,CVE-2021-47551,CVE-2021-47553,CVE-2021-47554,CVE-2021-47556,CVE-2021-47558,CVE-2021-47559,CVE-2021-47560,CVE-2021-47562,CVE-2021-47563,CVE-2021-47564,CVE-2021-47565,CVE-2022-48632,CVE-2022-48634,CVE-2022-48636,CVE-2022-48652,CVE-2022-48662,CVE-2022-48671,CVE-2022-48672,CVE-2022-48673,CVE-2022-48675,CVE-2022-48686,CVE-2022-48687,CVE-2022-48688,CVE-2022-48692,CVE-2022-48693,CVE-2022-48694,CVE-2022-48695,CVE-2022-48697,CVE-2022-48699,CVE-2022-48700,CVE-2022-48701,CVE-2022-48702,CVE-2022-48703,CVE-2022-48704,CVE-2022-48708,CVE-2022-48709,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-2860
,CVE-2023-47233,CVE-2023-52591,CVE-2023-52654,CVE-2023-52655,CVE-2023-52676,CVE-2023-52686,CVE-2023-52690,CVE-2023-52702,CVE-2023-52703,CVE-2023-52707,CVE-2023-52708,CVE-2023-52730,CVE-2023-52733,CVE-2023-52736,CVE-2023-52738,CVE-2023-52739,CVE-2023-52740,CVE-2023-52741,CVE-2023-52742,CVE-2023-52743,CVE-2023-52744,CVE-2023-52745,CVE-2023-52747,CVE-2023-52753,CVE-2023-52754,CVE-2023-52756,CVE-2023-52759,CVE-2023-52763,CVE-2023-52764,CVE-2023-52766,CVE-2023-52774,CVE-2023-52781,CVE-2023-52788,CVE-2023-52789,CVE-2023-52791,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52810,CVE-2023-52811,CVE-2023-52814,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52844,CVE-2023-52847,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52858,CVE-2023-52864,CVE-2023-52865,CVE-20
23-52867,CVE-2023-52868,CVE-2023-52870,CVE-2023-52871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52880,CVE-2023-6531,CVE-2024-0639,CVE-2024-26739,CVE-2024-26764,CVE-2024-26828,CVE-2024-26840,CVE-2024-26852,CVE-2024-26862,CVE-2024-26921,CVE-2024-26925,CVE-2024-26928,CVE-2024-26929,CVE-2024-26930,CVE-2024-27398,CVE-2024-27413,CVE-2024-35811,CVE-2024-35815,CVE-2024-35817,CVE-2024-35863,CVE-2024-35867,CVE-2024-35868,CVE-2024-35895,CVE-2024-35904,CVE-2024-35905,CVE-2024-35914,CVE-2024-36926
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
- CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-35863: Fix potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35867: Fix potential UAF in cifs_stats_proc_show() (bsc#1224664).
- CVE-2024-35868: Fix potential UAF in cifs_stats_proc_write() (bsc#1224678).
- CVE-2024-26928: Fix potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
- CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011).
- CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
- CVE-2024-27413: Fix incorrect allocation size (bsc#1224438).
- CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736).
- CVE-2024-35904: Avoid dereference of garbage after mount failure (bsc#1224494).
- CVE-2024-26929: Fixed double free of fcport (bsc#1223715).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626).
- CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
The following non-security bugs were fixed:
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- filemap: remove use of wait bookmarks (bsc#1224085).
- idpf: extend tx watchdog timeout (bsc#1224137).
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869).
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
- powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783).
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2196-1
Released: Tue Jun 25 12:37:11 2024
Summary: Recommended update for wicked
Type: recommended
Severity: important
References: 1218668
This update for wicked fixes the following issues:
- Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2215-1
Released: Tue Jun 25 17:15:25 2024
Summary: Recommended update for python-azure-agent
Type: recommended
Severity: moderate
References: 1225946
This update for python-azure-agent fixes the following issue:
- Use the -Z option for mv and cp in the posttrans to properly handle
SELinux context (bsc#1225946)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2222-1
Released: Tue Jun 25 18:10:29 2024
Summary: Recommended update for cloud-init
Type: recommended
Severity: important
References: 1219680,1223469
This update for cloud-init fixes the following issues:
- Brute force approach to skip renames if the device is already present
(bsc#1219680)
- Handle the existence of /usr/etc/sudoers to search for the expected
include location (bsc#1223469)
- Do not enable cloud-init on systems where there is no DMI just
because no data source has been found. No data source means
cloud-init will not run.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2232-1
Released: Wed Jun 26 08:23:03 2024
Summary: Recommended update for iputils
Type: recommended
Severity: moderate
References: 1225963
This update for iputils fixes the following issues:
- Fix exit code if receive more replies than sent (bsc#1225963)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2253-1
Released: Mon Jul 1 18:33:02 2024
Summary: Recommended update for containerd
Type: recommended
Severity: moderate
References:
This update for containerd fixes the following issues:
- Revert the noarch change for devel subpackage
Switching to noarch causes issues on SLES maintenance updates, reverting it
fixes our image builds
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2279-1
Released: Tue Jul 2 18:33:22 2024
Summary: Security update for libxml2
Type: security
Severity: low
References: 1224282,CVE-2024-34459
This update for libxml2 fixes the following issues:
- CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2024:2282-1
Released: Tue Jul 2 22:41:28 2024
Summary: Optional update for openscap, scap-security-guide
Type: optional
Severity: moderate
References:
This update for scap-security-guide and openscap provides the SCAP tooling
for SLE Micro 5.3, 5.4, 5.5.
This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2322-1
Released: Mon Jul 8 14:54:00 2024
Summary: Security update for krb5
Type: security
Severity: important
References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2325-1
Released: Mon Jul 8 15:07:46 2024
Summary: Recommended update for xfsprogs
Type: recommended
Severity: moderate
References: 1227150
This update for xfsprogs fixes the following issue:
- xfs_copy: don't use cached buffer reads until after libxfs_mount
(bsc#1227150)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2401-1
Released: Thu Jul 11 06:36:43 2024
Summary: Security update for oniguruma
Type: security
Severity: moderate
References: 1141157,CVE-2019-13225
This update for oniguruma fixes the following issues:
- CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2406-1
Released: Thu Jul 11 11:27:05 2024
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1227429
This update for suse-build-key fixes the following issue:
- Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import
them (bsc#1227429)
- gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key
- gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2479-1
Released: Mon Jul 15 10:33:22 2024
Summary: Security update for python3
Type: security
Severity: important
References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032
This update for python3 fixes the following issues:
- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2495-1
Released: Tue Jul 16 09:29:49 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1195775,1216124,1218148,1219224,1220492,1222015,1222254,1222678,1223384,1224020,1224679,1224696,1224703,1224749,1224764,1224765,1224766,1224935,1225098,1225467,1225487,1225518,1225611,1225732,1225737,1225749,1225840,1225866,1226145,1226211,1226212,1226270,1226587,1226595,1226634,1226758,1226785,1226786,1226789,1226953,1226962,CVE-2021-47555,CVE-2021-47571,CVE-2023-24023,CVE-2023-52670,CVE-2023-52752,CVE-2023-52837,CVE-2023-52846,CVE-2023-52881,CVE-2024-26745,CVE-2024-26923,CVE-2024-35789,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35869,CVE-2024-35950,CVE-2024-36894,CVE-2024-36899,CVE-2024-36904,CVE-2024-36940,CVE-2024-36964,CVE-2024-36971,CVE-2024-38541,CVE-2024-38545,CVE-2024-38559,CVE-2024-38560,CVE-2024-38564,CVE-2024-38578
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595)
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()(bsc#1224766).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
- CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
The following non-security bugs were fixed:
- Revert 'build initrd without systemd' (bsc#1195775)'
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212).
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211).
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2609-1
Released: Fri Jul 26 18:07:05 2024
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1227681
This update for suse-build-key fixes the following issue:
- fixed syntax error in auto import shell script (bsc#1227681)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2658-1
Released: Tue Jul 30 15:37:26 2024
Summary: Security update for shadow
Type: security
Severity: important
References: 916845,CVE-2013-4235
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2662-1
Released: Tue Jul 30 15:41:34 2024
Summary: Security update for python-urllib3
Type: security
Severity: moderate
References: 1226469,CVE-2024-37891
This update for python-urllib3 fixes the following issues:
- CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2671-1
Released: Tue Jul 30 21:10:57 2024
Summary: Recommended update for cups
Type: recommended
Severity: moderate
References: 1226192
This update for cups fixes the following issues:
- Require the exact matching version-release of all libcups* sub-packages (bsc#1226192)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2675-1
Released: Wed Jul 31 06:57:49 2024
Summary: Recommended update for wicked
Type: recommended
Severity: important
References: 1225976,1226125,1226664
This update for wicked fixes the following issues:
- Update to version 0.6.76
- compat-suse: warn user and create missing parent config of infiniband children
- client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125)
- ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976)
- wireless: add frequency-list in station mode (jsc#PED-8715)
- client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664)
- man: add supported bonding options to ifcfg-bonding(5) man page
- arputil: Document minimal interval for getopts
- man: (re)generate man pages from md sources
- client: warn on interface wait time reached
- compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces
- compat-suse: fix infiniband and infiniband child type detection from ifname
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2024:2688-1
Released: Thu Aug 1 06:59:29 2024
Summary: Feature update for Public Cloud
Type: feature
Severity: important
References: 1222075,1227067,1227106,1227711
This update for Public Cloud fixes the following issues:
- Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345):
* google-guest-agent (no source changes)
* google-guest-configs (no source changes)
* google-guest-oslogin (no source changes)
* google-osconfig-agent (no source changes)
* growpart-rootgrow (no source changes)
* python-azure-agent (includes bug fixes see below)
* python-cssselect (no source changes)
* python-instance-billing-flavor-check (no source changes)
* python-toml (no source changes)
* python3-lxml (inlcudes a bug fix, see below)
- python-azure-agent received the following fixes:
* Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists
(bsc#1227711)
* Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106)
* Do not package `waagent2.0` in Python 3 builds
* Do not require `wicked` in non-SUSE build environments
* Apply python3 interpreter patch in non SLE build environments (bcs#1227067)
- python3-lxml also received the following fix:
* Fixed compatibility with system libexpat in tests (bnc#1222075)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2697-1
Released: Thu Aug 1 15:28:06 2024
Summary: Recommended update for dracut
Type: recommended
Severity: moderate
References: 1208690,1217083,1220485
This update for dracut fixes the following issues:
- Version update:
* fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690)
* fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485)
* fix(dracut.sh): skip README for AMD microcode generation (bsc#1217083)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2744-1
Released: Mon Aug 5 17:53:57 2024
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: important
References: 1219004,1223107,1226128
This update for suseconnect-ng fixes the following issues:
- Version update
* Added uname as collector
* Added SAP workload detection
* Added detection of container runtimes
* Multiple fixes on ARM64 detection
* Use `read_values` for the CPU collector on Z
* Fixed data collection for ppc64le
* Grab the home directory from /etc/passwd if needed (bsc#1226128)
* Build zypper-migration and zypper-packages-search as standalone
binaries rather then one single binary
* Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004)
* Include /etc/products.d in directories whose content are backed
up and restored if a zypper-migration rollback happens (bsc#1219004)
* Add the ability to upload the system uptime logs, produced by the
suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report
(jsc#PED-7982) (jsc#PED-8018)
* Add support for third party packages in SUSEConnect
* Refactor existing system information collection implementation
self-signed SSL certificate (bsc#1223107)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2791-1
Released: Tue Aug 6 16:35:31 2024
Summary: Recommended update for various 32bit packages
Type: recommended
Severity: moderate
References: 1228322
This update of various packages delivers 32bit variants to allow running Wine
on SLE PackageHub 15 SP6.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2799-1
Released: Wed Aug 7 08:19:10 2024
Summary: Recommended update for runc
Type: recommended
Severity: important
References: 1214960
This update for runc fixes the following issues:
- Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13
- Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2804-1
Released: Wed Aug 7 09:48:29 2024
Summary: Security update for shadow
Type: security
Severity: moderate
References: 1228770,CVE-2013-4235
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2863-1
Released: Fri Aug 9 09:21:05 2024
Summary: Security update for bind
Type: security
Severity: important
References: 1228256,1228257,1228258,CVE-2024-1737,CVE-2024-1975,CVE-2024-4076
This update for bind fixes the following issues:
Update to 9.16.50:
- Bug Fixes:
* A regression in cache-cleaning code enabled memory use to grow
significantly more quickly than before, until the configured
max-cache-size limit was reached. This has been fixed.
* Using rndc flush inadvertently caused cache cleaning to become
less effective. This could ultimately lead to the configured
max-cache-size limit being exceeded and has now been fixed.
* The logic for cleaning up expired cached DNS records was
tweaked to be more aggressive. This change helps with enforcing
max-cache-ttl and max-ncache-ttl in a timely manner.
* It was possible to trigger a use-after-free assertion when the
overmem cache cleaning was initiated. This has been fixed.
New Features:
* Added RESOLVER.ARPA to the built in empty zones.
- Security Fixes:
* It is possible to craft excessively large numbers of resource
record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
adding a configurable limit to the number of records that can
be stored per name and type in a cache or zone database. The
default is 100, which can be tuned with the new
max-types-per-name option. (CVE-2024-1737, bsc#1228256)
* Validating DNS messages signed using the SIG(0) protocol (RFC
2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(CVE-2024-1975, bsc#1228257)
* When looking up the NS records of parent zones as part of
looking up DS records, it was possible for named to trigger an
assertion failure if serve-stale was enabled. This has been
fixed. (CVE-2024-4076, bsc#1228258)
The following package changes have been done:
- bind-utils-9.16.50-150400.5.43.1 updated
- chrony-pool-suse-4.1-150400.21.5.7 updated
- chrony-4.1-150400.21.5.7 updated
- cloud-init-config-suse-23.3-150100.8.82.3 updated
- cloud-init-23.3-150100.8.82.3 updated
- containerd-ctr-1.7.17-150000.114.1 updated
- containerd-1.7.17-150000.114.1 updated
- cups-config-2.2.7-150000.3.62.1 updated
- docker-25.0.6_ce-150000.203.1 updated
- dracut-055+suse.357.g905645c2-150400.3.34.2 updated
- iputils-20211215-150400.3.14.1 updated
- kernel-default-5.14.21-150400.24.125.1 updated
- krb5-1.19.2-150400.3.12.1 updated
- libassuan0-2.5.5-150000.4.7.1 updated
- libcups2-2.2.7-150000.3.62.1 updated
- libgcc_s1-13.3.0+git8781-150000.1.12.1 updated
- libjitterentropy3-3.4.1-150000.1.12.1 updated
- libonig4-6.7.0-150000.3.6.1 updated
- libopenssl1_1-1.1.1l-150400.7.69.1 updated
- libprocps8-3.3.17-150000.7.39.1 updated
- libpython3_6m1_0-3.6.15-150300.10.65.1 updated
- libsolv-tools-base-0.7.29-150400.3.22.4 added
- libsolv-tools-0.7.29-150400.3.22.4 updated
- libstdc++6-13.3.0+git8781-150000.1.12.1 updated
- libxml2-2-2.9.14-150400.5.32.1 updated
- libzypp-17.34.1-150400.3.71.7 updated
- login_defs-4.8.1-150400.10.21.1 updated
- openssl-1_1-1.1.1l-150400.7.69.1 updated
- procps-3.3.17-150000.7.39.1 updated
- python-azure-agent-config-server-2.9.1.1-150400.3.41.1 updated
- python-azure-agent-2.9.1.1-150400.3.41.1 updated
- python-instance-billing-flavor-check-0.0.6-150400.1.11.7 updated
- python3-base-3.6.15-150300.10.65.1 updated
- python3-bind-9.16.50-150400.5.43.1 updated
- python3-cssselect-1.0.3-150400.3.7.4 updated
- python3-requests-2.25.1-150300.3.12.2 updated
- python3-urllib3-1.25.10-150300.4.12.1 updated
- python3-3.6.15-150300.10.65.2 updated
- runc-1.1.13-150000.67.1 updated
- shadow-4.8.1-150400.10.21.1 updated
- socat-1.8.0.0-150400.14.3.1 updated
- suse-build-key-12.0-150000.8.49.2 updated
- suseconnect-ng-1.11.0-150400.3.36.4 updated
- wget-1.20.3-150000.3.20.1 updated
- wicked-service-0.6.76-150400.3.30.1 updated
- wicked-0.6.76-150400.3.30.1 updated
- xfsprogs-5.13.0-150400.3.10.2 updated
- zypper-1.14.73-150400.3.50.10 updated
More information about the sle-container-updates
mailing list