SUSE-CU-2024:6523-1: Security update of suse/manager/4.3/proxy-httpd

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Dec 19 16:33:33 UTC 2024 

SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:6523-1
Container Tags        : suse/manager/4.3/proxy-httpd:4.3.14 , suse/manager/4.3/proxy-httpd:4.3.14.9.60.12 , suse/manager/4.3/proxy-httpd:latest
Container Release     : 9.60.12
Severity              : moderate
Type                  : security
References            : 1225451 1233393 1234068 CVE-2024-11053 
-----------------------------------------------------------------

The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4201-1
Released:    Thu Dec  5 14:49:22 2024
Summary:     Recommended update for libsolv, libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1225451,1233393
This update for libsolv, libzypp, zypper fixes the following issues:

- Fix replaces_installed_package using the wrong solvable id when checking the noupdate map
- Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- Add rpm_query_idarray query function
- Support rpm's 'orderwithrequires' dependency
- BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451)
- RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451)
- The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393)
- Don't try to download missing raw metadata if cache is not writable (bsc#1225451)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4359-1
Released:    Tue Dec 17 14:19:32 2024
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1234068,CVE-2024-11053
This update for curl fixes the following issues:

 - CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4363-1
Released:    Tue Dec 17 16:12:41 2024
Summary:     Recommended update for hwdata
Type:        recommended
Severity:    moderate
References:  
This update for hwdata fixes the following issue:

- Version update v0.390
  * Update pci and vendor ids


The following package changes have been done:

- libudev1-249.17-150400.8.46.1 updated
- libcurl4-8.0.1-150400.5.59.1 updated
- libsolv-tools-base-0.7.31-150400.3.32.2 updated
- libsolv-tools-0.7.31-150400.3.32.2 updated
- libzypp-17.35.15-150400.3.101.1 updated
- zypper-1.14.78-150400.3.67.3 updated
- curl-8.0.1-150400.5.59.1 updated
- libsystemd0-249.17-150400.8.46.1 updated
- hwdata-0.390-150000.3.74.2 updated
- container:sles15-ltss-image-15.4.0-2.11 updated

More information about the sle-container-updates mailing list