SUSE-CU-2024:6241-1: Security update of bci/kiwi

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Dec 11 13:58:05 UTC 2024 

SUSE Container Update Advisory: bci/kiwi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:6241-1
Container Tags        : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-19.10 , bci/kiwi:latest
Container Release     : 19.10
Severity              : important
Type                  : security
References            : 1225451 1231463 1231463 1231795 1233196 1233282 1233307 1233699
                        CVE-2024-11168 CVE-2024-52533 
-----------------------------------------------------------------

The container bci/kiwi was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4193-1
Released:    Thu Dec  5 12:01:40 2024
Summary:     Security update for python3
Type:        security
Severity:    low
References:  1231795,1233307,CVE-2024-11168
This update for python3 fixes the following issues:

- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)

Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4200-1
Released:    Thu Dec  5 14:48:33 2024
Summary:     Recommended update for libsolv, libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1225451
This update for libsolv, libzypp, zypper fixes the following issues:

- Fix replaces_installed_package using the wrong solvable id when checking the noupdate map
- Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- Add rpm_query_idarray query function
- Support rpm's 'orderwithrequires' dependency
- BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451)
- RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4224-1
Released:    Fri Dec  6 10:24:50 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1233699
This update for glibc fixes the following issue:

- Remove nss-systemd from default nsswitch.conf (bsc#1233699).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4238-1
Released:    Fri Dec  6 12:42:49 2024
Summary:     Recommended update for python-kiwi
Type:        recommended
Severity:    important
References:  1233196
This update for python-kiwi fixes the following issues:

- Fixed boot support for ISO media on Power PC architecture
- Update documentation configuration to match with latest theme
- Set grub-bls default to false for SUSE Linux Enterprise 15 (bsc#1233196)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4244-1
Released:    Fri Dec  6 14:04:39 2024
Summary:     Recommended update for shared-mime-info
Type:        recommended
Severity:    moderate
References:  1231463
This update for shared-mime-info fixes the following issue:

- Uninstall silently if update-mime-database is not present (bsc#1231463).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4254-1
Released:    Fri Dec  6 18:03:05 2024
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1231463,1233282,CVE-2024-52533
This update for glib2 fixes the following issues:

Security issues fixed:

- CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282).

Non-security issue fixed:

- Fix error when uninstalling packages (bsc#1231463).



The following package changes have been done:

- glibc-2.38-150600.14.17.2 updated
- libglib-2_0-0-2.78.6-150600.4.8.1 updated
- libsolv-tools-base-0.7.31-150600.8.7.2 updated
- libzypp-17.35.14-150600.3.32.2 updated
- zypper-1.14.78-150600.10.16.3 updated
- glibc-locale-base-2.38-150600.14.17.2 updated
- kiwi-tools-9.24.43-150100.3.90.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.8.1 updated
- libgobject-2_0-0-2.78.6-150600.4.8.1 updated
- libgthread-2_0-0-2.78.6-150600.4.8.1 updated
- shared-mime-info-2.4-150600.3.3.2 updated
- python3-base-3.6.15-150300.10.78.1 updated
- libpython3_6m1_0-3.6.15-150300.10.78.1 updated
- kiwi-systemdeps-core-9.24.43-150100.3.90.1 updated
- glibc-devel-2.38-150600.14.17.2 updated
- libgio-2_0-0-2.78.6-150600.4.8.1 updated
- glib2-tools-2.78.6-150600.4.8.1 updated
- python3-3.6.15-150300.10.78.1 updated
- python3-devel-3.6.15-150300.10.78.1 updated
- dracut-kiwi-lib-9.24.43-150100.3.90.1 updated
- kiwi-systemdeps-filesystems-9.24.43-150100.3.90.1 updated
- dracut-kiwi-oem-repart-9.24.43-150100.3.90.1 updated
- glib2-devel-2.78.6-150600.4.8.1 updated
- python3-kiwi-9.24.43-150100.3.90.1 updated
- container:registry.suse.com-bci-bci-base-15.6-648eddfe4d6457ffc41f6a9177e39a26fd3a42ad869bc818d42d2d13dd951944-0 updated

More information about the sle-container-updates mailing list