SUSE-CU-2024:2966-1: Security update of bci/openjdk-devel
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Jul 2 10:48:27 UTC 2024
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:2966-1
Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-21.2
Container Release : 21.2
Severity : important
Type : security
References : 1029961 1092100 1121753 1158830 1158830 1158830 1181475 1181976
1185417 1195468 1206412 1206798 1209122 1209122 1214025 1214290
CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126
CVE-2023-4016 CVE-2023-4156
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2730-1
Released: Mon Oct 21 16:04:57 2019
Summary: Security update for procps
Type: security
Severity: important
References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126
This update for procps fixes the following issues:
procps was updated to 3.3.15. (bsc#1092100)
Following security issues were fixed:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
Also this non-security issue was fixed:
- Fix CPU summary showing old data. (bsc#1121753)
The update to 3.3.15 contains the following fixes:
* library: Increment to 8:0:1
No removals, no new functions
Changes: slab and pid structures
* library: Just check for SIGLOST and don't delete it
* library: Fix integer overflow and LPE in file2strvec CVE-2018-1124
* library: Use size_t for alloc functions CVE-2018-1126
* library: Increase comm size to 64
* pgrep: Fix stack-based buffer overflow CVE-2018-1125
* pgrep: Remove >15 warning as comm can be longer
* ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123
* ps: Increase command name selection field to 64
* top: Don't use cwd for location of config CVE-2018-1122
* update translations
* library: build on non-glibc systems
* free: fix scaling on 32-bit systems
* Revert 'Support running with child namespaces'
* library: Increment to 7:0:1
No changes, no removals
New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler
* doc: Document I idle state in ps.1 and top.1
* free: fix some of the SI multiples
* kill: -l space between name parses correctly
* library: dont use vm_min_free on non Linux
* library: don't strip off wchan prefixes (ps & top)
* pgrep: warn about 15+ char name only if -f not used
* pgrep/pkill: only match in same namespace by default
* pidof: specify separator between pids
* pkill: Return 0 only if we can kill process
* pmap: fix duplicate output line under '-x' option
* ps: avoid eip/esp address truncations
* ps: recognizes SCHED_DEADLINE as valid CPU scheduler
* ps: display NUMA node under which a thread ran
* ps: Add seconds display for cputime and time
* ps: Add LUID field
* sysctl: Permit empty string for value
* sysctl: Don't segv when file not available
* sysctl: Read and write large buffers
* top: add config file support for XDG specification
* top: eliminated minor libnuma memory leak
* top: show fewer memory decimal places (configurable)
* top: provide command line switch for memory scaling
* top: provide command line switch for CPU States
* top: provides more accurate cpu usage at startup
* top: display NUMA node under which a thread ran
* top: fix argument parsing quirk resulting in SEGV
* top: delay interval accepts non-locale radix point
* top: address a wishlist man page NLS suggestion
* top: fix potential distortion in 'Mem' graph display
* top: provide proper multi-byte string handling
* top: startup defaults are fully customizable
* watch: define HOST_NAME_MAX where not defined
* vmstat: Fix alignment for disk partition format
* watch: Support ANSI 39,49 reset sequences
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:225-1
Released: Fri Jan 24 06:49:07 2020
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1158830
This update for procps fixes the following issues:
- Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2958-1
Released: Tue Oct 20 12:24:55 2020
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1158830
This update for procps fixes the following issues:
- Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1169-1
Released: Tue Apr 13 15:01:42 2021
Summary: Recommended update for procps
Type: recommended
Severity: low
References: 1181976
This update for procps fixes the following issues:
- Corrected a statement in the man page about processor pinning via taskset (bsc#1181976)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1549-1
Released: Mon May 10 13:48:00 2021
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1185417
This update for procps fixes the following issues:
- Support up to 2048 CPU as well. (bsc#1185417)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:808-1
Released: Fri Mar 11 06:07:58 2022
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1195468
This update for procps fixes the following issues:
- Stop registering signal handler for SIGURG, to avoid `ps` failure if
someone sends such signal. Without the signal handler, SIGURG will
just be ignored. (bsc#1195468)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:181-1
Released: Thu Jan 26 21:55:43 2023
Summary: Recommended update for procps
Type: recommended
Severity: low
References: 1206412
This update for procps fixes the following issues:
- Improve memory handling/usage (bsc#1206412)
- Make sure that correct library version is installed (bsc#1206412)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2104-1
Released: Thu May 4 21:05:30 2023
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1209122
This update for procps fixes the following issue:
- Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3440-1
Released: Mon Aug 28 08:57:10 2023
Summary: Security update for gawk
Type: security
Severity: low
References: 1214025,CVE-2023-4156
This update for gawk fixes the following issues:
- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3472-1
Released: Tue Aug 29 10:55:16 2023
Summary: Security update for procps
Type: security
Severity: low
References: 1214290,CVE-2023-4016
This update for procps fixes the following issues:
- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:11-1
Released: Tue Jan 2 13:24:52 2024
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1029961,1158830,1206798,1209122
This update for procps fixes the following issues:
- Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369)
- For support up to 2048 CPU as well (bsc#1185417)
- Allow `-´ as leading character to ignore possible errors on systctl entries (bsc#1209122)
- Get the first CPU summary correct (bsc#1121753)
- Enable pidof for SLE-15 as this is provided by sysvinit-tools
- Use a check on syscall __NR_pidfd_open to decide if
the pwait tool and its manual page will be build
- Do not truncate output of w with option -n
- Prefer logind over utmp (jsc#PED-3144)
- Don't install translated man pages for non-installed binaries
(uptime, kill).
- Fix directory for Ukrainian man pages translations.
- Move localized man pages to lang package.
- Update to procps-ng-3.3.17
* library: Incremented to 8:3:0
(no removals or additions, internal changes only)
* all: properly handle utf8 cmdline translations
* kill: Pass int to signalled process
* pgrep: Pass int to signalled process
* pgrep: Check sanity of SG_ARG_MAX
* pgrep: Add older than selection
* pidof: Quiet mode
* pidof: show worker threads
* ps.1: Mention stime alias
* ps: check also match on truncated 16 char comm names
* ps: Add exe output option
* ps: A lot more sorting available
* pwait: New command waits for a process
* sysctl: Match systemd directory order
* sysctl: Document directory order
* top: ensure config file backward compatibility
* top: add command line 'e' for symmetry with 'E'
* top: add '4' toggle for two abreast cpu display
* top: add '!' toggle for combining multiple cpus
* top: fix potential SEGV involving -p switch
* vmstat: Wide mode gives wider proc columns
* watch: Add environment variable for interval
* watch: Add no linewrap option
* watch: Support more colors
* free,uptime,slabtop: complain about extra ops
- Package translations in procps-lang.
- Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited.
- Enable pidof by default
- Update to procps-ng-3.3.16
* library: Increment to 8:2:0
No removals or functions
Internal changes only, so revision is incremented.
Previous version should have been 8:1:0 not 8:0:1
* docs: Use correct symbols for -h option in free.1
* docs: ps.1 now warns about command name length
* docs: install translated man pages
* pgrep: Match on runstate
* snice: Fix matching on pid
* top: can now exploit 256-color terminals
* top: preserves 'other filters' in configuration file
* top: can now collapse/expand forest view children
* top: parent %CPU time includes collapsed children
* top: improve xterm support for vim navigation keys
* top: avoid segmentation fault at program termination
* 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2255-1
Released: Tue Jul 2 05:25:54 2024
Summary: Recommended update for Java
Type: recommended
Severity: moderate
References:
This update for Java fixes the following issues:
maven-file-management:
- Use sisu-plexus instead of plexus-containers-container-default
- Added dependency on plexus-xml where relevant
- Removed unnecessary dependency on xmvn tools and parent pom
maven-shared-io:
- Do not add PROVIDED dependency on plexus-container-default
- Use sisu-plexus instead of plexus-containers-container-default
- Removed unnecessary dependency on xmvn tools and parent pom
maven2:
- Use sisu-plexus instead of plexus-containers-container-default
- Fixed build with both sisu-plexus and plexus-containers-container-default
- Require the new plexus-xml package to fix build
maven-shared-utils was updated to version 3.3.4:
- Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact in
order to avoid conflict/choise of providers
- Checked exception converted to raw runtime
- PrettyPrintXmlWriter output is platform dependent
- Deprecated StringUtils.unifyLineSeparator
- Fixed environment variable with null value
- Dependencies upgraded:
* Upgraded Jansi to 2.0.1
* Upgraded Jansi to 2.2.0
plexus-ant-factory:
- Use the org.eclipse.sisu:org.eclipse.sisu.plexus to avoid
conflict/choise of providers
- Use sisu-plexus instead of plexus-containers-container-default
- Fixed the code to build both with sisu-plexus and plexus-containers-container-default.
plexus-bsh-factory:
- Use the org.eclipse.sisu:org.eclipse.sisu.plexus to avoid
conflict/choise of providers
- Use sisu-plexus instead of plexus-containers-container-default
plexus-cli:
- Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers
plexus-i18n:
- Use sisu-plexus instead of plexus-containers-container-default
plexus-resources:
- Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid
conflict/choise of providers
- Use sisu-plexus instead of plexus-containers-container-default
plexus-sec-dispatcher:
- Removed unnecessary dependency on plexus-containers-container-default
- Add dependency on plexus-xml where relevant
- Build with source and target levels 8
plexus-velocity:
- Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to
avoid conflict/choise of providers
- Use sisu-plexus instead of plexus-containers-container-default
tesla-polyglot:
- Fixed build with maven-plugin-plugin
- Fixed build with snakeyaml 2.2
The following package changes have been done:
- libgpg-error0-1.42-150400.1.101 added
- libgcrypt20-1.9.4-150500.10.19 added
- libgcrypt20-hmac-1.9.4-150500.10.19 added
- curl-8.0.1-150400.5.44.1 added
- liblz4-1-1.9.3-150400.1.7 added
- libsystemd0-249.17-150400.8.40.1 added
- libprocps8-3.3.17-150000.7.37.1 added
- procps-3.3.17-150000.7.37.1 added
- gawk-4.2.1-150000.3.3.1 added
- maven-shared-utils-3.3.4-150200.3.7.2 updated
- plexus-sec-dispatcher-2.0-150200.3.7.3 updated
More information about the sle-container-updates
mailing list