SUSE-IU-2024:2037-1: Security update of sles-15-sp5-chost-byos-v20241216-arm64
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Dec 17 08:02:37 UTC 2024
SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20241216-arm64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:2037-1
Image Tags : sles-15-sp5-chost-byos-v20241216-arm64:20241216
Image Release :
Severity : important
Type : security
References : 1213607 1219724 1221168 1223345 1225451 1225462 1229238 1229684
1230984 1231185 1231328 1231373 1231414 1231775 1231776 1231795
1232579 1233282 1233307 1233393 1233499 1233773 CVE-2024-10524
CVE-2024-11168 CVE-2024-24806 CVE-2024-43374 CVE-2024-47814 CVE-2024-50602
CVE-2024-52533 CVE-2024-54661
-----------------------------------------------------------------
The container sles-15-sp5-chost-byos-v20241216-arm64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4035-1
Released: Mon Nov 18 16:22:57 2024
Summary: Security update for expat
Type: security
Severity: moderate
References: 1232579,CVE-2024-50602
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4044-1
Released: Mon Nov 25 08:28:17 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update to v0.389:
* Update pci, usb and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4046-1
Released: Mon Nov 25 09:25:58 2024
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1230984
This update for rsyslog fixes the following issue:
- restart daemon after update at the end of the transaction (bsc#1230984)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4065-1
Released: Tue Nov 26 11:10:58 2024
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1233499
This update for crypto-policies ships the missing crypto-policies scripts to SUSE Linux Enterprise Micro,
which allows configuration of the policies. (bsc#1233499)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4078-1
Released: Wed Nov 27 13:53:14 2024
Summary: Security update for glib2
Type: security
Severity: important
References: 1233282,CVE-2024-52533
This update for glib2 fixes the following issues:
- CVE-2024-52533: Fixed a single byte buffer overflow (bsc#1233282).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4087-1
Released: Thu Nov 28 08:38:52 2024
Summary: Recommended update for google-guest-agent, google-guest-configs, google-osconfig-agent
Type: recommended
Severity: moderate
References: 1231775,1231776
This update for google-guest-agent, google-guest-configs, google-osconfig-agent fixes the following issues:
- Update to version 20241011.01 (bsc#1231775, bsc#1231776)
- Set enable regardless of previous check failed or not
- Avoid unnecessary reloads, check before overwriting configs
- network/netplan: Do generate instead of apply
- Skip SetupInterfaces if configs are already applied
- Repeated logging could be mistaken for a recurring issue, log mds mtls endpoint error only once
- Retry MDS PUT operation, reload netplan/networkctl only if configs are changed
- Log interface state after setting up network
- network: Debian 12 rollback only if default netplan is ok
- Change mtls mds defaults, update log message to assure error is harmless
- network: Restore Debian 12 netplan configuration
- network: Remove primary NIC left over configs
- Update VLAN interfaces format to match with MDS
- Fix panics in agent when setting up VLAN with netplan
- Add VLAN NIC support for NetworkManager
- Fix debian12 netplan config issue, use ptr receiver
- Introduce a configuration toggle for enabling/disabling cloud logging
- Adapt and update config key to be consistent with MDS
- Allow users to enable/disable the mds mtls via metadata key
- Make primary nic management config consistent across all network managers
- Avoid writing configuration files when they already exist on wicked
- Fix where agent panics on nil event
- Update NIC management strategy
- Only release dhclient leases for an interface if the respective dhclient is still running
- Disable OS Login without pruning off any extra suffix
- Skip root cert rotation if installed once
- Add ipv6 support to guest agent
- Update google-startup-scripts.service to enable logging
- Network subsystem remove os rules
- oslogin: Don't remove sshca watcher when oslogin is disabled
- Network manager netplan implementation
- Log current available routes on error
- Fix command monitor bugs
- windows account: Ignore 'user already belongs to group' error
- Add more error logging in snapshot handling requests, use common retry util
- All non-200 status code from MDS should raise error
- Change metadata key to enable-oslogin-certificates
- Update dhclient pid/lease file directory to abide apparmor rules
- Add require-oslogin-certificates logic to disable keys
- systemd-networkd: Support Debian 12's version
- NetworkManager: Only set secondary interfaces as up
- address manager: Make sure we check for oldMetadata
- network: Early setup network
- NetworkManager: Fix ipv6 and ipv4 mode attribute
- Network Manager: Make sure we clean up ifcfg files
- metadata script runner: Fix script download
- oslogin: Avoid adding extra empty line at the end of /etc/security/group.conf
- Dynamic vlan
- Check for nil response
- Create NetworkManager implementation
- Skip interface manager on Windows
- network: Remove ignore setup
- Create wicked network service implementation and its respective unit
- Update metadata script runner, add tests
- Refactor guest-agent to use common retry util
- Flush logs before exiting
- Implement retry util
- Refactor utils package to not dump everything unrelated into one file
- Set version on metadata script runner
- Implement cleanup of deprecated configuration directives
- Ignore DHCP offered routes only for secondary nics
- Deprecate DHClient in favor of systemd-networkd
- Generate windows and linux licenses
- Remove quintonamore from OWNERS
- Delete integration tests
- Add configuration toggle to enable/disable use of OS native certificate stores
- Avoid writing configuration files when they already exist on wicked and NetworkManager
- Get rid of deprecated dependencies in snapshot service generate code
- Configure primary nic if only set in cfg file
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4109-1
Released: Thu Nov 28 17:15:36 2024
Summary: Security update for libuv
Type: security
Severity: moderate
References: 1219724,CVE-2024-24806
This update for libuv fixes the following issues:
- CVE-2024-24806: Fixed improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4138-1
Released: Mon Dec 2 13:29:57 2024
Summary: Security update for wget
Type: security
Severity: moderate
References: 1233773,CVE-2024-10524
This update for wget fixes the following issues:
- CVE-2024-10524: Fixed SSRF via shorthand HTTP URL (bsc#1233773)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4172-1
Released: Wed Dec 4 15:28:38 2024
Summary: Recommended update for samba
Type: recommended
Severity: moderate
References: 1213607,1221168,1223345,1229684,1231414
This update for samba fixes the following issues:
- Adjust spec to split out rpcd_* binaries into a separate
sub package (bsc#1231414).
- Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated
(bsc#1229684).
- Fix regression DFS not working with widelinks=true, updated to
fix DFS link enumeration (bsc#1213607).
- Fix: use-after-free in aio_del_req_from_fsp() during smbd shutdown
after failed IPC FSCTL_PIPE_TRANSCEIVE (bsc#1223345).
- Reduce winbind error msg to debug for a PDC/NT4 domain
(bsc#1221168).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4182-1
Released: Thu Dec 5 05:59:14 2024
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: moderate
References: 1231185,1231328
This update for suseconnect-ng fixes the following issues:
- Integrating uptime-tracker
- Honor auto-import-gpg-keys flag on migration (bsc#1231328)
- Only send labels if targetting SCC
- Skip the docker auth generation on RMT (bsc#1231185)
- Add --set-labels to register command to set labels at registration time on SCC
- Add a new function to display suse-uptime-tracker version
- Add a command to show the info being gathered
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4193-1
Released: Thu Dec 5 12:01:40 2024
Summary: Security update for python3
Type: security
Severity: low
References: 1231795,1233307,CVE-2024-11168
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)
Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4198-1
Released: Thu Dec 5 14:46:19 2024
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: moderate
References: 1225451,1233393
This update for libsolv, libzypp, zypper fixes the following issues:
- Fix replaces_installed_package using the wrong solvable id when checking the noupdate map
- Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- Add rpm_query_idarray query function
- Support rpm's 'orderwithrequires' dependency
- BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451)
- RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451)
- The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393)
- Don't try to download missing raw metadata if cache is not writable (bsc#1225451)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4302-1
Released: Thu Dec 12 09:51:03 2024
Summary: Security update for socat
Type: security
Severity: moderate
References: 1225462,CVE-2024-54661
This update for socat fixes the following issues:
- CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory (bsc#1225462)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4330-1
Released: Mon Dec 16 14:17:15 2024
Summary: Security update for vim
Type: security
Severity: low
References: 1229238,1231373,CVE-2024-43374,CVE-2024-47814
This update for vim fixes the following issues:
- CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373)
- CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238)
Other fixes:
- Updated to version 9.1.0836
The following package changes have been done:
- crypto-policies-20210917.c9d86d1-150400.3.8.1 updated
- google-guest-agent-20241011.01-150000.1.51.1 updated
- google-osconfig-agent-20240926.03-150000.1.38.1 updated
- hwdata-0.389-150000.3.71.2 updated
- libexpat1-2.4.4-150400.3.25.1 updated
- libglib-2_0-0-2.70.5-150400.3.17.1 updated
- libpython3_6m1_0-3.6.15-150300.10.78.1 updated
- libsolv-tools-base-0.7.31-150500.6.5.1 updated
- libsolv-tools-0.7.31-150500.6.5.1 updated
- libuv1-1.44.2-150500.3.5.1 updated
- libzypp-17.35.14-150500.6.24.1 updated
- python3-base-3.6.15-150300.10.78.1 updated
- python3-3.6.15-150300.10.78.1 updated
- rsyslog-module-relp-8.2306.0-150400.5.33.1 updated
- rsyslog-8.2306.0-150400.5.33.1 updated
- samba-client-libs-4.17.12+git.485.dd39ea0501e-150500.3.26.5 updated
- socat-1.8.0.0-150400.14.6.1 updated
- suseconnect-ng-1.13.0-150500.3.32.1 updated
- vim-data-common-9.1.0836-150500.20.15.1 updated
- vim-9.1.0836-150500.20.15.1 updated
- wget-1.20.3-150000.3.26.1 updated
- zypper-1.14.78-150500.6.14.1 updated
More information about the sle-container-updates
mailing list