SUSE-CU-2024:3890-1: Security update of suse/sl-micro/6.0/toolbox
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Aug 28 07:05:26 UTC 2024
SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:3890-1
Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-6.4 , suse/sl-micro/6.0/toolbox:latest
Container Release : 6.4
Severity : important
Type : security
References : 1174091 1189495 1221399 1221854 1226447 1226448 1227378 1228780
831629 CVE-2019-20907 CVE-2019-9947 CVE-2020-15523 CVE-2020-15801
CVE-2022-25236 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-28182
CVE-2024-4032 CVE-2024-6923
-----------------------------------------------------------------
The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 18
Released: Tue Aug 20 13:47:06 2024
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1221399,CVE-2024-28182
This update for nghttp2 fixes the following issues:
- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)
-----------------------------------------------------------------
Advisory ID: 23
Released: Tue Aug 27 18:49:42 2024
Summary: Security update for python311, python-rpm-macros
Type: security
Severity: important
References: 1174091,1189495,1221854,1226447,1226448,1227378,1228780,831629,CVE-2019-20907,CVE-2019-9947,CVE-2020-15523,CVE-2020-15801,CVE-2022-25236,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032,CVE-2024-6923
This update for python311, python-rpm-macros fixes the following issues:
python311:
- CVE-2024-0450: Fixed zipfile module vulnerability with 'quoted-overlap' zipbomb (bsc#1221854)
- CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges (bsc#1226448)
- CVE-2024-0397: Fixed memory race condition in ssl.SSLContext certificate store methods (bsc#1226447)
- CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780)
- Fixed executable bits for /usr/bin/idle* (bsc#1227378).
python-rpm-macros:
- Update to version 20240618.c146b29:
* Add %FLAVOR_pytest and %FLAVOR_pyunittest variants
- Update to version 20240618.1e386da:
* Fix python_clone sed regex
- Update to version 20240614.02920b8:
* Make sure that RPM_BUILD_ROOT env is set
* don't eliminate any cmdline arguments in the shebang line
* Create python313 macros
- Update to version 20240415.c664b45:
* Fix typo 310 -> 312 in default-prjconf
- Update to version 20240202.501440e:
* SPEC0: Drop python39, add python312 to buildset (#169)
- Update to version 20231220.98427f3:
* fix python2_compile macro
- Update to version 20231207.46c2ec3:
* make FLAVOR_compile compatible with python2
- Update to version 20231204.dd64e74:
* Combine fix_shebang in one line
* New macro FLAVOR_fix_shebang_path
* Use realpath in %python_clone macro shebang replacement
* Compile and fix_shebang in %python_install macros
- Update to version 20231010.0a1f0d9:
* Revert 'Compile and fix_shebang in %python_install macros'
* gh#openSUSE/python-rpm-macros#163
- Update to version 20231010.a32e110:
* Compile and fix_shebang in %python_install macros
- Update to version 20231005.bf2d3ab:
* Fix shebang also in sbin with macro _fix_shebang
The following package changes have been done:
- SL-Micro-release-6.0-24.7 updated
- libnghttp2-14-1.52.0-5.1 updated
- libpython3_11-1_0-3.11.8-3.1 updated
- python311-base-3.11.8-3.1 updated
- skelcd-EULA-SL-Micro-2024.01.19-7.13 updated
More information about the sle-container-updates
mailing list