SUSE-CU-2024:474-1: Security update of suse/sle-micro-iso/5.5
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Feb 7 08:01:48 UTC 2024
SUSE Container Update Advisory: suse/sle-micro-iso/5.5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:474-1
Container Tags : suse/sle-micro-iso/5.5:2.0.2 , suse/sle-micro-iso/5.5:2.0.2-4.2.27 , suse/sle-micro-iso/5.5:latest
Container Release : 4.2.27
Severity : important
Type : security
References : 1201627 1207534 1211124 1211430 1212475 1212496 1212613 1213472
1213487 1213517 1213853 1214054 1214071 1214458 1214768 1215215
1215291 1215596 1216006 1216378 CVE-2022-4304 CVE-2023-2650 CVE-2023-3446
CVE-2023-36054 CVE-2023-3817 CVE-2023-39615 CVE-2023-45853
-----------------------------------------------------------------
The container suse/sle-micro-iso/5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 29171
Released: Tue Jun 20 12:29:00 2023
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- Update further expiring certificates that affect tests (bsc#1201627)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2901-1
Released: Thu Jul 20 09:49:16 2023
Summary: Recommended update for lvm2
Type: recommended
Severity: important
References: 1212613
This update for lvm2 fixes the following issues:
- multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2934-1
Released: Fri Jul 21 12:46:57 2023
Summary: Recommended update for libcontainers-common
Type: recommended
Severity: moderate
References: 1211124
This update for libcontainers-common fixes the following issues:
- New subpackage libcontainers-sles-mounts which adds SLE-specific mounts on SLE systems (bsc#1211124)
- Own /etc/containers/systemd and /usr/share/containers/systemd for podman quadlet
- Remove container-storage-driver.sh to default to the overlay driver instead of btrfs
- Remove obsolete Requires(post): util-linux-systemd
- Add registry.suse.com to the unqualified-search-registries
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2965-1
Released: Tue Jul 25 12:30:22 2023
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1213487,CVE-2023-3446
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2966-1
Released: Tue Jul 25 14:26:14 2023
Summary: Recommended update for libxml2
Type: recommended
Severity: moderate
References:
This update for libxml2 fixes the following issues:
- Build also for modern python version (jsc#PED-68)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3088-1
Released: Tue Aug 1 09:52:03 2023
Summary: Recommended update for systemd-presets-common-SUSE
Type: recommended
Severity: moderate
References: 1212496
This update for systemd-presets-common-SUSE fixes the following issues:
- Fix systemctl being called with an empty argument (bsc#1212496)
- Don't call systemctl list-unit-files with an empty argument (bsc#1212496)
- Add wtmpdb-update-boot.service and wtmpdb-rotate.timer
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3102-1
Released: Tue Aug 1 14:11:53 2023
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1213517
This update for openssl-1_1 fixes the following issues:
- Dont pass zero length input to EVP_Cipher (bsc#1213517)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3242-1
Released: Tue Aug 8 18:19:40 2023
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1213853,CVE-2023-3817
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3276-1
Released: Fri Aug 11 10:20:40 2023
Summary: Recommended update for apparmor
Type: recommended
Severity: moderate
References: 1213472
This update for apparmor fixes the following issues:
- Add pam_apparmor README (bsc#1213472)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3325-1
Released: Wed Aug 16 08:26:08 2023
Summary: Security update for krb5
Type: security
Severity: important
References: 1214054,CVE-2023-36054
This update for krb5 fixes the following issues:
- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3485-1
Released: Tue Aug 29 14:20:56 2023
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1214071
This update for lvm2 fixes the following issues:
- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3666-1
Released: Mon Sep 18 21:52:18 2023
Summary: Security update for libxml2
Type: security
Severity: important
References: 1214768,CVE-2023-39615
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3717-1
Released: Thu Sep 21 06:51:51 2023
Summary: Recommended update for apparmor
Type: recommended
Severity: moderate
References: 1214458
This update for apparmor fixes the following issues:
- Update zgrep profile to allow egrep helper use (bsc#1214458)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3798-1
Released: Wed Sep 27 10:32:31 2023
Summary: Recommended update for libcontainers-common
Type: recommended
Severity: important
References: 1215291
This update for libcontainers-common fixes the following issues:
- Require libcontainers-sles-mounts for *all* SLE products,
and not just SLES. (bsc#1215291)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4003-1
Released: Mon Oct 9 08:29:33 2023
Summary: Recommended update for apparmor
Type: recommended
Severity: moderate
References: 1215596
This update for apparmor fixes the following issues:
- Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4073-1
Released: Fri Oct 13 11:40:26 2023
Summary: Recommended update for rpm
Type: recommended
Severity: low
References:
This update for rpm fixes the following issue:
- Enables build for all python modules (jsc#PED-68, jsc#PED-1988)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4076-1
Released: Fri Oct 13 14:02:51 2023
Summary: Security update for cni
Type: security
Severity: important
References: 1212475,1216006
This update of cni fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4105-1
Released: Wed Oct 18 08:15:40 2023
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1215215
This update for openssl-1_1 fixes the following issues:
- Displays 'fips' in the version string (bsc#1215215)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4215-1
Released: Thu Oct 26 12:19:25 2023
Summary: Security update for zlib
Type: security
Severity: moderate
References: 1216378,CVE-2023-45853
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
The following package changes have been done:
- filesystem-15.0-150500.1.1 updated
- libsemanage-conf-3.4-150500.1.12 updated
- libz1-1.2.13-150500.4.3.1 updated
- libuuid1-2.37.4-150500.9.3.1 updated
- libsmartcols1-2.37.4-150500.9.3.1 updated
- libsepol2-3.4-150500.1.18 updated
- libblkid1-2.37.4-150500.9.3.1 updated
- libapparmor1-3.0.4-150500.11.9.1 updated
- libselinux1-3.4-150500.1.12 updated
- libxml2-2-2.10.3-150500.5.11.1 updated
- libopenssl1_1-1.1.1l-150500.17.22.1 updated
- libgcrypt20-1.9.4-150500.10.19 updated
- libp11-kit0-0.23.22-150500.8.3.1 updated
- libfdisk1-2.37.4-150500.9.3.1 updated
- libsemanage2-3.4-150500.1.12 updated
- libmount1-2.37.4-150500.9.3.1 updated
- krb5-1.20.1-150500.3.3.1 updated
- login_defs-4.8.1-150500.1.10 updated
- libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 updated
- systemd-presets-common-SUSE-15-150500.20.3.1 updated
- rpm-4.14.3-150400.59.3.1 added
- shadow-4.8.1-150500.1.10 updated
- util-linux-2.37.4-150500.9.3.1 updated
- libsasl2-3-2.1.28-150500.1.1 updated
- cni-1.1.2-150500.3.2.1 updated
- libcontainers-sles-mounts-20230214-150500.4.6.1 updated
- libslirp0-4.7.0+44-150500.2.1 updated
- runc-1.1.10-150000.55.1 updated
- libcontainers-common-20230214-150500.4.6.1 updated
- perl-5.26.1-150300.17.14.1 added
- slirp4netns-1.2.0-150500.1.1 updated
- container:suse-sle-micro-5.5-latest-- added
- container:bci-bci-busybox-15.5-- added
- container:bci-bci-busybox-15.4-- removed
- container:rancher-elemental-teal-5.4-latest-- removed
- libicu-suse65_1-65.1-150200.4.10.1 removed
- libicu65_1-ledata-65.1-150200.4.10.1 removed
More information about the sle-container-updates
mailing list