SUSE-IU-2024:2009-1: Security update of suse-sles-15-sp6-chost-byos-v20241211-x86_64-gen2

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Dec 13 07:29:27 UTC 2024 

SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20241211-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:2009-1
Image Tags        : suse-sles-15-sp6-chost-byos-v20241211-x86_64-gen2:20241211
Image Release     : 
Severity          : important
Type              : security
References        : 1027519 1219724 1225451 1225462 1229010 1229072 1229449 1229684
                        1230366 1230914 1231185 1231328 1231414 1231463 1231463 1231795
                        1232063 1232542 1232622 1232624 1233282 1233307 1233420 1233699
                        1233773 1234068 15280 15590 15624 15696 15699 15700 CVE-2024-10524
                        CVE-2024-11053 CVE-2024-11168 CVE-2024-24806 CVE-2024-45817 CVE-2024-45818
                        CVE-2024-45819 CVE-2024-52533 CVE-2024-52616 CVE-2024-54661 
-----------------------------------------------------------------

The container suse-sles-15-sp6-chost-byos-v20241211-x86_64-gen2 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4043-1
Released:    Mon Nov 25 08:22:47 2024
Summary:     Recommended update for nfs-utils
Type:        recommended
Severity:    moderate
References:  1230914
This update for nfs-utils fixes the following issues:

- nfsd: Revert 'nfsd: Remove the ability to enable NFS v2.'
  (bsc#1230914).
- mount.nfs: Revert 'mount: Remove NFS v2 support from mount.nfs'
  (bsc#1230914).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4044-1
Released:    Mon Nov 25 08:28:17 2024
Summary:     Recommended update for hwdata
Type:        recommended
Severity:    moderate
References:  
This update for hwdata fixes the following issue:

- Version update to v0.389:
  * Update pci, usb and vendor ids

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4067-1
Released:    Tue Nov 26 11:33:47 2024
Summary:     Recommended update for openssh
Type:        recommended
Severity:    moderate
References:  1229010,1229072,1229449
This update for openssh fixes the following issues:

- Fixed a regression introduced in 9.6 that makes X11 forwarding very slow. (bsc#1229449)
- Fixed RFC4256 implementation so that keyboard-interactive authentication method can send
  instructions and sshd shows them to users even before a prompt
  is requested. This fixes MFA push notifications (bsc#1229010).
- Fix a dbus connection leaked in the logind patch that was missing a sd_bus_unref call.
- Fixed a small memory leak when parsing the subsystem configuration option.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4109-1
Released:    Thu Nov 28 17:15:36 2024
Summary:     Security update for libuv
Type:        security
Severity:    moderate
References:  1219724,CVE-2024-24806
This update for libuv fixes the following issues:

- CVE-2024-24806: Fixed improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4130-1
Released:    Mon Dec  2 10:56:25 2024
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1232063
This update for dracut fixes the following issue:

- Version update: 059+suse.543.g98d7f037
  * fix: removing systemd 59-persistent-storage-dm.rules (bsc#1232063).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4145-1
Released:    Tue Dec  3 10:07:28 2024
Summary:     Security update for wget
Type:        security
Severity:    moderate
References:  1233773,CVE-2024-10524
This update for wget fixes the following issues:

- CVE-2024-10524: Fixed SSRF via shorthand HTTP URL (bsc#1233773)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4163-1
Released:    Wed Dec  4 08:57:12 2024
Summary:     Security update for xen
Type:        security
Severity:    important
References:  1027519,1230366,1232542,1232622,1232624,CVE-2024-45817,CVE-2024-45818,CVE-2024-45819
This update for xen fixes the following issues:

Security issues fixed:

- CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling (bsc#1232622)
- CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables (bsc#1232624)
- CVE-2024-45817: xen: x86: Deadlock in vlapic_error() (bsc#1230366)

Non-security issues fixed:

- Removed usage of net-tools-deprecated from supportconfig plugin (bsc#1232542)
- Upstream bug fixes (bsc#1027519)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4171-1
Released:    Wed Dec  4 15:25:41 2024
Summary:     Recommended update for ldb, samba
Type:        recommended
Severity:    moderate
References:  1229684,1231414,15280,15590,15624,15696,15699,15700
This update for ldb, samba fixes the following issues:

ldb:

- Update to 2.8.2
  * libldb: fix performance issue with indexes (bso#15590)

samba:

- Update to 4.19.9
  * DH reconnect error handling can lead to stale sharemode entries (bso#15624)
  * Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated (bso#15699, bsc#1229684)
  * irpc_destructor may crash during shutdown (bso#15280)
  * Compound SMB2 requests don't return NT_STATUS_NETWORK_SESSION_EXPIRED for
    all requests, confuses MacOSX clients (bso#15696)
  * Crash when readlinkat fails (bso#15700)

-  Adjust spec to split out rpcd_* binaries into a separate sub package
   (bsc#1231414, jsc#PED-11015)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4181-1
Released:    Thu Dec  5 05:59:03 2024
Summary:     Recommended update for suseconnect-ng
Type:        recommended
Severity:    moderate
References:  1231185,1231328
This update for suseconnect-ng fixes the following issues:

- Integrating uptime-tracker
- Honor auto-import-gpg-keys flag on migration (bsc#1231328)
- Only send labels if targetting SCC
- Skip the docker auth generation on RMT (bsc#1231185)
- Add --set-labels to register command to set labels at registration time on SCC
- Add a new function to display suse-uptime-tracker version
- Add a command to show the info being gathered

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4193-1
Released:    Thu Dec  5 12:01:40 2024
Summary:     Security update for python3
Type:        security
Severity:    low
References:  1231795,1233307,CVE-2024-11168
This update for python3 fixes the following issues:

- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)

Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4196-1
Released:    Thu Dec  5 13:56:06 2024
Summary:     Security update for avahi
Type:        security
Severity:    moderate
References:  1233420,CVE-2024-52616
This update for avahi fixes the following issues:

- CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4200-1
Released:    Thu Dec  5 14:48:33 2024
Summary:     Recommended update for libsolv, libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1225451
This update for libsolv, libzypp, zypper fixes the following issues:

- Fix replaces_installed_package using the wrong solvable id when checking the noupdate map
- Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- Add rpm_query_idarray query function
- Support rpm's 'orderwithrequires' dependency
- BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451)
- RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4224-1
Released:    Fri Dec  6 10:24:50 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1233699
This update for glibc fixes the following issue:

- Remove nss-systemd from default nsswitch.conf (bsc#1233699).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4244-1
Released:    Fri Dec  6 14:04:39 2024
Summary:     Recommended update for shared-mime-info
Type:        recommended
Severity:    moderate
References:  1231463
This update for shared-mime-info fixes the following issue:

- Uninstall silently if update-mime-database is not present (bsc#1231463).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4254-1
Released:    Fri Dec  6 18:03:05 2024
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1231463,1233282,CVE-2024-52533
This update for glib2 fixes the following issues:

Security issues fixed:

- CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282).

Non-security issue fixed:

- Fix error when uninstalling packages (bsc#1231463).


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released:    Wed Dec 11 09:31:32 2024
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1234068,CVE-2024-11053
This update for curl fixes the following issues:

  - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4295-1
Released:    Wed Dec 11 15:40:56 2024
Summary:     Security update for socat
Type:        security
Severity:    moderate
References:  1225462,CVE-2024-54661
This update for socat fixes the following issues:

- CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory in socat readline.sh (bsc#1225462)  


The following package changes have been done:

- dracut-059+suse.543.g98d7f037-150600.3.14.2 updated
- glib2-tools-2.78.6-150600.4.8.1 updated
- glibc-locale-base-2.38-150600.14.17.2 updated
- glibc-locale-2.38-150600.14.17.2 updated
- glibc-2.38-150600.14.17.2 updated
- hwdata-0.389-150000.3.71.2 updated
- libavahi-client3-0.8-150600.15.6.1 updated
- libavahi-common3-0.8-150600.15.6.1 updated
- libcurl4-8.6.0-150600.4.15.1 updated
- libgio-2_0-0-2.78.6-150600.4.8.1 updated
- libglib-2_0-0-2.78.6-150600.4.8.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.8.1 updated
- libgobject-2_0-0-2.78.6-150600.4.8.1 updated
- libldb2-2.8.2-150600.3.6.1 updated
- libnfsidmap1-1.0-150600.28.6.2 updated
- libpython3_6m1_0-3.6.15-150300.10.78.1 updated
- libsolv-tools-base-0.7.31-150600.8.7.2 updated
- libuv1-1.44.2-150500.3.5.1 updated
- libzypp-17.35.14-150600.3.32.2 updated
- nfs-client-2.6.4-150600.28.6.2 updated
- openssh-clients-9.6p1-150600.6.12.1 updated
- openssh-common-9.6p1-150600.6.12.1 updated
- openssh-server-9.6p1-150600.6.12.1 updated
- openssh-9.6p1-150600.6.12.1 updated
- python3-base-3.6.15-150300.10.78.1 updated
- python3-3.6.15-150300.10.78.1 updated
- samba-client-libs-4.19.8+git.399.71536ca297e-150600.3.9.6 updated
- shared-mime-info-2.4-150600.3.3.2 updated
- socat-1.8.0.0-150600.20.6.1 updated
- suseconnect-ng-1.13.0-150600.3.11.1 updated
- wget-1.20.3-150600.19.9.1 updated
- xen-libs-4.18.3_06-150600.3.12.1 updated
- zypper-1.14.78-150600.10.16.3 updated

More information about the sle-container-updates mailing list