SUSE-CU-2024:6121-1: Security update of trento/trento-web
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Dec 6 08:26:35 UTC 2024
SUSE Container Update Advisory: trento/trento-web
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:6121-1
Container Tags : trento/trento-web:2.4.0 , trento/trento-web:2.4.0-build4.46.1 , trento/trento-web:latest
Container Release : 4.46.1
Severity : important
Type : security
References : 1082216 1082233 1107342 1159034 1175825 1188441 1188441 1194818
1194818 1195391 1198165 1201519 1202870 1204844 1205161 1207778
1207789 1209627 1210004 1210959 1210959 1211078 1211418 1211419
1211721 1211886 1213240 1213638 1214140 1214915 1214934 1215377
1215434 1215496 1216378 1217000 1217450 1217667 1218232 1218475
1218492 1218571 1218571 1218609 1218609 1219031 1219031 1219238
1219321 1219520 1220061 1220117 1220262 1220523 1220690 1220693
1220696 1220724 1220724 1221239 1221361 1221361 1221365 1221407
1221482 1221601 1221632 1221751 1221752 1221753 1221760 1221786
1221787 1221821 1221822 1221824 1221827 1221831 1222285 1222547
1222899 1223336 1223428 1223596 1223605 1224388 1225291 1225551
1225598 1226463 1227100 1227138 1227186 1227187 1227807 1227888
1228042 1228535 1228548 1228770 1228968 1229028 1229329 1229465
1229476 1230093 1230111 1230135 1230145 1230516 1230638 1230698
1230972 1231051 1231833 1232528 916845 CVE-2013-4235 CVE-2013-4235
CVE-2018-6798 CVE-2018-6913 CVE-2020-8927 CVE-2023-22652 CVE-2023-2602
CVE-2023-2603 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2023-45853
CVE-2023-45918 CVE-2023-50782 CVE-2023-7207 CVE-2023-7207 CVE-2024-22365
CVE-2024-28085 CVE-2024-37370 CVE-2024-37371 CVE-2024-41996 CVE-2024-4603
CVE-2024-4741 CVE-2024-5535 CVE-2024-6119 CVE-2024-6197 CVE-2024-7264
CVE-2024-8096 CVE-2024-9681
-----------------------------------------------------------------
The container trento/trento-web was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3942-1
Released: Mon Dec 6 14:46:05 2021
Summary: Security update for brotli
Type: security
Severity: moderate
References: 1175825,CVE-2020-8927
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2796-1
Released: Fri Aug 12 14:34:31 2022
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References:
This update for jitterentropy fixes the following issues:
jitterentropy is included in version 3.4.0 (jsc#SLE-24941):
This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library,
used by other FIPS libraries.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3328-1
Released: Wed Sep 21 12:48:56 2022
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References: 1202870
This update for jitterentropy fixes the following issues:
- Hide the non-GNUC constructs that are library internal from the
exported header, to make it usable in builds with strict C99
compliance. (bsc#1202870)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4135-1
Released: Mon Nov 21 00:13:40 2022
Summary: Recommended update for libeconf
Type: recommended
Severity: moderate
References: 1198165
This update for libeconf fixes the following issues:
- Update to version 0.4.6+git
- econftool:
Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter.
- libeconf:
Parse files correctly on space characters (1198165)
- Update to version 0.4.5+git
- econftool:
New call 'syntax' for checking the configuration files only. Returns an error string with line number if error.
New options '--comment' and '--delimeters'
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:617-1
Released: Fri Mar 3 16:49:06 2023
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References: 1207789
This update for jitterentropy fixes the following issues:
- build jitterentropy library with debuginfo (bsc#1207789)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2765-1
Released: Mon Jul 3 20:28:14 2023
Summary: Security update for libcap
Type: security
Severity: moderate
References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603
This update for libcap fixes the following issues:
- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2847-1
Released: Mon Jul 17 08:40:42 2023
Summary: Recommended update for audit
Type: recommended
Severity: moderate
References: 1210004
This update for audit fixes the following issues:
- Check for AF_UNIX unnamed sockets (bsc#1210004)
- Enable livepatching on main library on x86_64
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3410-1
Released: Thu Aug 24 06:56:32 2023
Summary: Recommended update for audit
Type: recommended
Severity: moderate
References: 1201519,1204844
This update for audit fixes the following issues:
- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
- Fix rules not loaded when restarting auditd.service (bsc#1204844)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3611-1
Released: Fri Sep 15 09:28:36 2023
Summary: Recommended update for sysuser-tools
Type: recommended
Severity: moderate
References: 1195391,1205161,1207778,1213240,1214140
This update for sysuser-tools fixes the following issues:
- Update to version 3.2
- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
- Add 'quilt setup' friendly hint to %sysusers_requires usage
- Use append so if a pre file already exists it isn't overridden
- Invoke bash for bash scripts (bsc#1195391)
- Remove all systemd requires not supported on SLE15 (bsc#1214140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3954-1
Released: Tue Oct 3 20:09:47 2023
Summary: Security update for libeconf
Type: security
Severity: important
References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4215-1
Released: Thu Oct 26 12:19:25 2023
Summary: Security update for zlib
Type: security
Severity: moderate
References: 1216378,CVE-2023-45853
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4671-1
Released: Wed Dec 6 14:33:41 2023
Summary: Recommended update for man
Type: recommended
Severity: moderate
References:
This update of man fixes the following problem:
- The 'man' commands is delivered to SUSE Linux Enterprise Micro
to allow browsing man pages.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:62-1
Released: Mon Jan 8 11:44:47 2024
Summary: Recommended update for libxcrypt
Type: recommended
Severity: moderate
References: 1215496
This update for libxcrypt fixes the following issues:
- fix variable name for datamember [bsc#1215496]
- added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:136-1
Released: Thu Jan 18 09:53:47 2024
Summary: Security update for pam
Type: security
Severity: moderate
References: 1217000,1218475,CVE-2024-22365
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:238-1
Released: Fri Jan 26 10:56:41 2024
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1218571,CVE-2023-7207
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed a path traversal issue that could lead to an
arbitrary file write during archive extraction (bsc#1218571).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:322-1
Released: Fri Feb 2 15:13:26 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1107342,1215434
This update for aaa_base fixes the following issues:
- Set JAVA_HOME correctly (bsc#1107342, bsc#1215434)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:615-1
Released: Mon Feb 26 11:32:32 2024
Summary: Recommended update for netcfg
Type: recommended
Severity: moderate
References: 1211886
This update for netcfg fixes the following issues:
- Add krb-prop entry (bsc#1211886)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:305-1
Released: Mon Mar 11 14:15:37 2024
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1218571,1219238,CVE-2023-7207
This update for cpio fixes the following issues:
- Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:861-1
Released: Wed Mar 13 09:12:30 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1218232
This update for aaa_base fixes the following issues:
- Silence the output in the case of broken symlinks (bsc#1218232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:907-1
Released: Fri Mar 15 08:57:38 2024
Summary: Recommended update for audit
Type: recommended
Severity: moderate
References: 1215377
This update for audit fixes the following issue:
- Fix plugin termination when using systemd service units (bsc#1215377)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:929-1
Released: Tue Mar 19 06:36:24 2024
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1219321
This update for coreutils fixes the following issues:
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1133-1
Released: Mon Apr 8 11:29:02 2024
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1220061,CVE-2023-45918
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1253-1
Released: Fri Apr 12 08:15:18 2024
Summary: Recommended update for gcc13
Type: recommended
Severity: moderate
References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239
This update for gcc13 fixes the following issues:
- Fix unwinding for JIT code. [bsc#1221239]
- Revert libgccjit dependency change. [bsc#1220724]
- Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
breaks them. [bsc#1219520]
- Add support for -fmin-function-alignment. [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Fix for building TVM. [bsc#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
- Fixed building mariadb on i686. [bsc#1217667]
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
%product_libs_llvm_ver where available and adjust tool discovery
accordingly. This should also properly trigger re-builds when
the patchlevel version of llvmVER changes, possibly changing
the binary names we link to. [bsc#1217450]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1487-1
Released: Thu May 2 10:43:53 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1211721,1221361,1221407,1222547
This update for aaa_base fixes the following issues:
- home and end button not working from ssh client (bsc#1221407)
- use autosetup in prep stage of specfile
- drop the stderr redirection for csh (bsc#1221361)
- drop sysctl.d/50-default-s390.conf (bsc#1211721)
- make sure the script does not exit with 1 if a file with content is found (bsc#1222547)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1665-1
Released: Thu May 16 08:00:09 2024
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1221632
This update for coreutils fixes the following issues:
- ls: avoid triggering automounts (bsc#1221632)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1762-1
Released: Wed May 22 16:14:17 2024
Summary: Security update for perl
Type: security
Severity: important
References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
Non-security issue fixed:
- make Net::FTP work with TLS 1.3 (bsc#1213638)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1876-1
Released: Fri May 31 06:47:32 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1221361
This update for aaa_base fixes the following issues:
- Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1943-1
Released: Fri Jun 7 17:04:06 2024
Summary: Security update for util-linux
Type: security
Severity: important
References: 1218609,1220117,1221831,1223605,CVE-2024-28085
This update for util-linux fixes the following issues:
- CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1954-1
Released: Fri Jun 7 18:01:06 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1221482
This update for glibc fixes the following issues:
- Also include stat64 in the 32-bit libc_nonshared.a workaround
(bsc#1221482)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1997-1
Released: Tue Jun 11 17:24:32 2024
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1223596
This update for e2fsprogs fixes the following issues:
- EA Inode handling fixes:
- e2fsck: add more checks for ea inode consistency (bsc#1223596)
- e2fsck: fix golden output of several tests (bsc#1223596)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2024-1
Released: Thu Jun 13 16:15:18 2024
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References: 1209627
This update for jitterentropy fixes the following issues:
- Fixed a stack corruption on s390x: [bsc#1209627]
* Output size of the STCKE command on s390x is 16 bytes, compared
to 8 bytes of the STCK command. Fix a stack corruption in the
s390x version of jent_get_nstime(). Add some more detailed
information on the STCKE command.
Updated to 3.4.1
* add FIPS 140 hints to man page
* simplify the test tool to search for optimal configurations
* fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0
* enhancement: add ARM64 assembler code to read high-res timer
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2066-1
Released: Tue Jun 18 13:16:09 2024
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741
This update for openssl-3 fixes the following issues:
Security issues fixed:
- CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388)
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
Other issues fixed:
- Enable livepatching support (bsc#1223428)
- Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2086-1
Released: Wed Jun 19 11:48:24 2024
Summary: Recommended update for gcc13
Type: recommended
Severity: moderate
References: 1188441
This update for gcc13 fixes the following issues:
Update to GCC 13.3 release
- Removed Fiji support from the GCN offload compiler as that is requiring
Code Object version 3 which is no longer supported by llvm18.
- Avoid combine spending too much compile-time and memory doing nothing
on s390x. [bsc#1188441]
- Make requirement to lld version specific to avoid requiring the
meta-package.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2214-1
Released: Tue Jun 25 17:11:26 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1225598
This update for util-linux fixes the following issue:
- Fix hang of lscpu -e (bsc#1225598)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2307-1
Released: Fri Jul 5 12:04:34 2024
Summary: Security update for krb5
Type: security
Severity: important
References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2630-1
Released: Tue Jul 30 09:12:44 2024
Summary: Security update for shadow
Type: security
Severity: important
References: 916845,CVE-2013-4235
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2635-1
Released: Tue Jul 30 09:14:09 2024
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1222899,1223336,1226463,1227138,CVE-2024-5535
This update for openssl-3 fixes the following issues:
Security fixes:
- CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
- Build with enabled sm2 and sm4 support (bsc#1222899)
- Fix non-reproducibility issue (bsc#1223336)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2779-1
Released: Tue Aug 6 14:35:49 2024
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1228548
This update for permissions fixes the following issue:
* cockpit: moved setuid executable (bsc#1228548)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2784-1
Released: Tue Aug 6 14:58:38 2024
Summary: Security update for curl
Type: security
Severity: important
References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2808-1
Released: Wed Aug 7 09:49:32 2024
Summary: Security update for shadow
Type: security
Severity: moderate
References: 1228770,CVE-2013-4235
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2888-1
Released: Tue Aug 13 11:07:41 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1159034,1194818,1218609,1222285
This update for util-linux fixes the following issues:
- agetty: Prevent login cursor escape (bsc#1194818).
- Document unexpected side effects of lazy destruction (bsc#1159034).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them (bsc#1222285).
- Improved man page for chcpu (bsc#1218609).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2967-1
Released: Mon Aug 19 15:41:29 2024
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1194818
This update for pam fixes the following issue:
- Prevent cursor escape from the login prompt (bsc#1194818).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3106-1
Released: Tue Sep 3 17:00:40 2024
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119
This update for openssl-3 fixes the following issues:
- CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)
Other fixes:
- FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365).
- FIPS: RSA keygen PCT requirements.
- FIPS: Check that the fips provider is available before setting
it as the default provider in FIPS mode (bsc#1220523).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: Block non-Approved Elliptic Curves (bsc#1221786).
- FIPS: Service Level Indicator (bsc#1221365).
- FIPS: Output the FIPS-validation name and module version which uniquely
identify the FIPS validated module (bsc#1221751).
- FIPS: Add required selftests: (bsc#1221760).
- FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821).
- FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827).
- FIPS: Zero initialization required (bsc#1221752).
- FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696).
- FIPS: NIST SP 800-56Brev2 (bsc#1221824).
- FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: NIST SP 800-56Arev3 (bsc#1221822).
- FIPS: Error state has to be enforced (bsc#1221753).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3132-1
Released: Tue Sep 3 17:43:10 2024
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1228968,1229329
This update for permissions fixes the following issues:
- Update to version 20240826:
* permissions: remove outdated entries (bsc#1228968)
- Update to version 20240826:
* cockpit: revert path change (bsc#1229329)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3166-1
Released: Mon Sep 9 12:25:30 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1228042
This update for glibc fixes the following issue:
- s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3204-1
Released: Wed Sep 11 10:55:22 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1230093,CVE-2024-8096
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3239-1
Released: Fri Sep 13 12:00:58 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1229476
This update for util-linux fixes the following issue:
- Skip aarch64 decode path for rest of the architectures (bsc#1229476).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3300-1
Released: Wed Sep 18 14:27:53 2024
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References: 1229028
This update for ncurses fixes the following issues:
- Allow the terminal description based on static fallback entries to be freed (bsc#1229028)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3476-1
Released: Fri Sep 27 15:16:38 2024
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1230516
This update for curl fixes the following issue:
- Make special characters in URL work with aws-sigv4 (bsc#1230516).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3501-1
Released: Tue Oct 1 16:03:34 2024
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1230698,CVE-2024-41996
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3504-1
Released: Tue Oct 1 16:22:27 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1230638
This update for glibc fixes the following issue:
- Use nss-systemd by default also in SLE (bsc#1230638).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3528-1
Released: Fri Oct 4 15:31:43 2024
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1230145
This update for e2fsprogs fixes the following issue:
- resize2fs: Check number of group descriptors only if meta_bg is disabled
(bsc#1230145).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3589-1
Released: Thu Oct 10 16:39:07 2024
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1230111
This update for cyrus-sasl fixes the following issues:
- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 )
RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3597-1
Released: Fri Oct 11 10:39:52 2024
Summary: Recommended update for bash
Type: recommended
Severity: moderate
References: 1227807
This update for bash fixes the following issues:
- Load completion file eveh if a brace expansion is in the
command line included (bsc#1227807).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3609-1
Released: Mon Oct 14 11:39:13 2024
Summary: Recommended update for SLES-release
Type: recommended
Severity: moderate
References: 1227100,1230135
This update for SLES-release fixes the following issues:
- update codestream end date (bsc#1227100)
- added weakremover(libsemanage1) (bsc#1230135)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3659-1
Released: Wed Oct 16 15:12:47 2024
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1188441,1210959,1214915,1219031,1220724,1221601
This update for gcc14 fixes the following issues:
This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 13 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc14 compilers use:
- install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages.
- override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages.
For a full changelog with all new GCC14 features, check out
https://gcc.gnu.org/gcc-14/changes.html
- Add libquadmath0-devel-gcc14 sub-package to allow installing
quadmath.h and SO link without installing the fortran frontend
- Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441]
- Remove timezone Recommends from the libstdc++6 package. [bsc#1221601]
- Revert libgccjit dependency change. [bsc#1220724]
- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Re-enable AutoReqProv for cross packages but filter files processed
via __requires_exclude_from and __provides_exclude_from.
[bsc#1219031]
- Package m2rte.so plugin in the gcc14-m2 sub-package rather than
in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs
are linked against libstdc++6.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3726-1
Released: Fri Oct 18 11:56:40 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1231051
This update for glibc fixes the following issue:
- Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3865-1
Released: Fri Nov 1 16:10:37 2024
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1231833
This update for gcc14 fixes the following issues:
- Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3896-1
Released: Mon Nov 4 12:08:29 2024
Summary: Recommended update for shadow
Type: recommended
Severity: moderate
References: 1230972
This update for shadow fixes the following issues:
- Add useradd warnings when requested UID is outside the default range (bsc#1230972)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3925-1
Released: Wed Nov 6 11:14:28 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1232528,CVE-2024-9681
This update for curl fixes the following issues:
- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3943-1
Released: Thu Nov 7 11:12:00 2024
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1220262,CVE-2023-50782
This update for openssl-3 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4045-1
Released: Mon Nov 25 08:33:05 2024
Summary: Recommended update for patterns-base
Type: recommended
Severity: moderate
References:
This update for patterns-base fixes the following issue:
- Updated patterns-base, removing plymouth recommendation on s390x archs.
Our certification team run into an issue (jsc#PED-10532), when they
run bare metal installation with fully encrypted disk.
If the whole disk is crypted, the prompt for the password is sent to
plymouth, which is obviously showing nothing because for booting bare
metal (LPAR) is used terminal in HMC.
The following package changes have been done:
- cracklib-dict-small-2.9.11-150600.1.90 updated
- crypto-policies-20230920.570ea89-150600.1.9 added
- libldap-data-2.4.46-150600.23.21 updated
- libsemanage-conf-3.5-150600.1.48 added
- libssh-config-0.9.8-150600.9.1 updated
- glibc-2.38-150600.14.14.2 updated
- libuuid1-2.39.3-150600.4.12.2 updated
- libsmartcols1-2.39.3-150600.4.12.2 updated
- libsasl2-3-2.1.28-150600.7.3.1 updated
- libcom_err2-1.47.0-150600.4.6.2 updated
- libblkid1-2.39.3-150600.4.12.2 updated
- libfdisk1-2.39.3-150600.4.12.2 updated
- libzstd1-1.5.5-150600.1.3 updated
- libsepol2-3.5-150600.1.49 added
- libpcre2-8-0-10.42-150600.1.26 added
- libnghttp2-14-1.40.0-150600.23.2 updated
- liblzma5-5.4.1-150600.1.2 updated
- libgpg-error0-1.47-150600.1.3 updated
- libselinux1-3.5-150600.1.46 updated
- libgcrypt20-1.10.3-150600.1.23 updated
- libz1-1.2.13-150500.4.3.1 updated
- libcrypt1-4.4.15-150300.4.7.1 updated
- perl-base-5.26.1-150300.17.17.1 added
- libbrotlicommon1-1.0.7-3.3.1 added
- libbrotlidec1-1.0.7-3.3.1 added
- libaudit1-3.0.6-150400.4.16.1 updated
- libjitterentropy3-3.4.1-150000.1.12.1 added
- libgcc_s1-14.2.0+git10526-150000.1.6.1 updated
- libstdc++6-14.2.0+git10526-150000.1.6.1 updated
- libncurses6-6.1-150000.5.27.1 updated
- terminfo-base-6.1-150000.5.27.1 updated
- ncurses-utils-6.1-150000.5.27.1 updated
- libmount1-2.39.3-150600.4.12.2 updated
- libopenssl3-3.1.4-150600.5.21.1 added
- libopenssl-3-fips-provider-3.1.4-150600.5.21.1 added
- krb5-1.20.1-150600.11.3.1 updated
- patterns-base-fips-20200124-150600.32.3.2 updated
- libsemanage2-3.5-150600.1.48 added
- libldap-2_4-2-2.4.46-150600.23.21 updated
- libssh4-0.9.8-150600.9.1 updated
- libreadline7-7.0-150400.27.3.2 updated
- bash-4.4-150400.27.3.2 updated
- bash-sh-4.4-150400.27.3.2 added
- cpio-2.13-150400.3.6.1 updated
- libcurl4-8.6.0-150600.4.12.1 updated
- login_defs-4.8.1-150600.17.9.1 updated
- libcrack2-2.9.11-150600.1.90 updated
- cracklib-2.9.11-150600.1.90 updated
- sed-4.9-150600.1.4 updated
- coreutils-8.32-150400.9.6.1 updated
- sles-release-15.6-150600.64.3.1 updated
- permissions-20240826-150600.10.9.1 updated
- pam-1.3.0-150000.6.71.2 updated
- shadow-4.8.1-150600.17.9.1 updated
- util-linux-2.39.3-150600.4.12.2 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated
- netcfg-11.6-150000.3.6.1 updated
- container:registry.suse.com-bci-nodejs-20-0fe22d4c030e2498f68dab4b8addfe10dc8719c895a9b27f7802df3dbbc5d9f0-0 added
- container:registry.suse.com-bci-bci-base-15.6-0fe22d4c030e2498f68dab4b8addfe10dc8719c895a9b27f7802df3dbbc5d9f0-0 added
- container:bci-nodejs-16-15.0.0-27.14.130 removed
- container:sles15-image-15.0.0-27.14.130 removed
- libdw1-0.185-150400.5.3.1 removed
- libelf1-0.185-150400.5.3.1 removed
- libgcrypt20-hmac-1.9.4-150400.6.8.1 removed
- liblua5_3-5-5.3.6-3.6.1 removed
- liblz4-1-1.9.3-150400.1.7 removed
- libopenssl1_1-1.1.1l-150400.7.60.2 removed
- libopenssl1_1-hmac-1.1.1l-150400.7.60.2 removed
- libpopt0-1.16-3.22 removed
- libsemanage1-3.1-150400.1.65 removed
- libsepol1-3.1-150400.1.70 removed
- libsystemd0-249.16-150400.8.35.5 removed
- libudev1-249.16-150400.8.35.5 removed
- rpm-config-SUSE-1-150400.14.3.1 removed
More information about the sle-container-updates
mailing list