SUSE-CU-2024:6389-1: Security update of suse/sle15

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Dec 13 07:37:56 UTC 2024 

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:6389-1
Container Tags        : bci/bci-base:15.7 , bci/bci-base:15.7-1.2 , suse/sle15:15.7 , suse/sle15:15.7-1.2
Container Release     : 1.2
Severity              : important
Type                  : security
References            : 1225451 1231463 1233282 1233699 CVE-2024-52533 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4200-1
Released:    Thu Dec  5 14:48:33 2024
Summary:     Recommended update for libsolv, libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1225451
This update for libsolv, libzypp, zypper fixes the following issues:

- Fix replaces_installed_package using the wrong solvable id when checking the noupdate map
- Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- Add rpm_query_idarray query function
- Support rpm's 'orderwithrequires' dependency
- BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451)
- RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4224-1
Released:    Fri Dec  6 10:24:50 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1233699
This update for glibc fixes the following issue:

- Remove nss-systemd from default nsswitch.conf (bsc#1233699).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4254-1
Released:    Fri Dec  6 18:03:05 2024
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1231463,1233282,CVE-2024-52533
This update for glib2 fixes the following issues:

Security issues fixed:

- CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282).

Non-security issue fixed:

- Fix error when uninstalling packages (bsc#1231463).



The following package changes have been done:

- glibc-2.38-150600.14.17.2 updated
- libgcrypt20-1.11.0-150700.2.2 updated
- libglib-2_0-0-2.78.6-150600.4.8.1 updated
- libopenssl-3-fips-provider-3.2.3-150700.1.4 updated
- libopenssl3-3.2.3-150700.1.4 updated
- libsolv-tools-base-0.7.31-150600.8.7.2 updated
- libzypp-17.35.14-150600.3.32.2 updated
- openssl-3-3.2.3-150700.1.4 updated
- sle-module-basesystem-release-15.7-150700.14.1 updated
- sle-module-python3-release-15.7-150700.14.1 updated
- sle-module-server-applications-release-15.7-150700.14.1 updated
- sles-release-15.7-150700.14.1 updated
- zypper-1.14.78-150600.10.16.3 updated

More information about the sle-container-updates mailing list