SUSE-CU-2024:3196-1: Security update of bci/openjdk
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Jul 18 07:05:19 UTC 2024
SUSE Container Update Advisory: bci/openjdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:3196-1
Container Tags : bci/openjdk:11 , bci/openjdk:11-24.1
Container Release : 24.1
Severity : important
Type : security
References : 1029961 1092100 1121753 1158830 1158830 1158830 1168930 1181400
1181475 1181976 1183026 1183580 1185417 1192023 1193722 1195468
1198234 1199232 1199235 1201431 1204455 1204456 1206412 1206798
1207032 1207033 1207815 1208027 1208028 1209122 1209122 1210686
1213514 1214025 1214290 1215533 1216501 1216545 1219901 1220770
1220771 1220772 1221399 1221665 1221667 1222849 1223596 1224168
1224170 1224171 1224172 1224173 1227186 1227187 CVE-2018-1122
CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2021-21300
CVE-2022-1586 CVE-2022-1587 CVE-2022-23521 CVE-2022-24765 CVE-2022-29187
CVE-2022-39253 CVE-2022-39260 CVE-2022-41409 CVE-2022-41903 CVE-2022-46663
CVE-2022-48624 CVE-2023-22490 CVE-2023-23946 CVE-2023-25652 CVE-2023-25815
CVE-2023-29007 CVE-2023-4016 CVE-2023-4156 CVE-2024-2004 CVE-2024-2398
CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 CVE-2024-28182 CVE-2024-32002
CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 CVE-2024-32487
CVE-2024-37370 CVE-2024-37371
-----------------------------------------------------------------
The container bci/openjdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2730-1
Released: Mon Oct 21 16:04:57 2019
Summary: Security update for procps
Type: security
Severity: important
References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126
This update for procps fixes the following issues:
procps was updated to 3.3.15. (bsc#1092100)
Following security issues were fixed:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
Also this non-security issue was fixed:
- Fix CPU summary showing old data. (bsc#1121753)
The update to 3.3.15 contains the following fixes:
* library: Increment to 8:0:1
No removals, no new functions
Changes: slab and pid structures
* library: Just check for SIGLOST and don't delete it
* library: Fix integer overflow and LPE in file2strvec CVE-2018-1124
* library: Use size_t for alloc functions CVE-2018-1126
* library: Increase comm size to 64
* pgrep: Fix stack-based buffer overflow CVE-2018-1125
* pgrep: Remove >15 warning as comm can be longer
* ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123
* ps: Increase command name selection field to 64
* top: Don't use cwd for location of config CVE-2018-1122
* update translations
* library: build on non-glibc systems
* free: fix scaling on 32-bit systems
* Revert 'Support running with child namespaces'
* library: Increment to 7:0:1
No changes, no removals
New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler
* doc: Document I idle state in ps.1 and top.1
* free: fix some of the SI multiples
* kill: -l space between name parses correctly
* library: dont use vm_min_free on non Linux
* library: don't strip off wchan prefixes (ps & top)
* pgrep: warn about 15+ char name only if -f not used
* pgrep/pkill: only match in same namespace by default
* pidof: specify separator between pids
* pkill: Return 0 only if we can kill process
* pmap: fix duplicate output line under '-x' option
* ps: avoid eip/esp address truncations
* ps: recognizes SCHED_DEADLINE as valid CPU scheduler
* ps: display NUMA node under which a thread ran
* ps: Add seconds display for cputime and time
* ps: Add LUID field
* sysctl: Permit empty string for value
* sysctl: Don't segv when file not available
* sysctl: Read and write large buffers
* top: add config file support for XDG specification
* top: eliminated minor libnuma memory leak
* top: show fewer memory decimal places (configurable)
* top: provide command line switch for memory scaling
* top: provide command line switch for CPU States
* top: provides more accurate cpu usage at startup
* top: display NUMA node under which a thread ran
* top: fix argument parsing quirk resulting in SEGV
* top: delay interval accepts non-locale radix point
* top: address a wishlist man page NLS suggestion
* top: fix potential distortion in 'Mem' graph display
* top: provide proper multi-byte string handling
* top: startup defaults are fully customizable
* watch: define HOST_NAME_MAX where not defined
* vmstat: Fix alignment for disk partition format
* watch: Support ANSI 39,49 reset sequences
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:225-1
Released: Fri Jan 24 06:49:07 2020
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1158830
This update for procps fixes the following issues:
- Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2958-1
Released: Tue Oct 20 12:24:55 2020
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1158830
This update for procps fixes the following issues:
- Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1169-1
Released: Tue Apr 13 15:01:42 2021
Summary: Recommended update for procps
Type: recommended
Severity: low
References: 1181976
This update for procps fixes the following issues:
- Corrected a statement in the man page about processor pinning via taskset (bsc#1181976)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1549-1
Released: Mon May 10 13:48:00 2021
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1185417
This update for procps fixes the following issues:
- Support up to 2048 CPU as well. (bsc#1185417)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2555-1
Released: Thu Jul 29 08:29:55 2021
Summary: Security update for git
Type: security
Severity: moderate
References: 1168930,1183026,1183580,CVE-2021-21300
This update for git fixes the following issues:
Update from version 2.26.2 to version 2.31.1 (jsc#SLE-18152)
Security fixes:
- CVE-2021-21300: On case-insensitive file systems with support for symbolic links, if Git is configured globally
to apply delay-capable clean/smudge filters (such as Git LFS), Git could run remote code during a clone. (bsc#1183026)
Non security changes:
- Add `sysusers` file to create `git-daemon` user.
- Remove `perl-base` and `openssh-server` dependency on `git-core`and provide a `perl-Git` package. (jsc#SLE-17838)
- `fsmonitor` bug fixes
- Fix `git bisect` to take an annotated tag as a good/bad endpoint
- Fix a corner case in `git mv` on case insensitive systems
- Require only `openssh-clients` where possible (like Tumbleweed or SUSE Linux Enterprise >= 15 SP3). (bsc#1183580)
- Drop `rsync` requirement, not necessary anymore.
- Use of `pack-redundant` command is discouraged and will trigger a warning. The replacement is `repack -d`.
- The `--format=%(trailers)` mechanism gets enhanced to make it easier to design output for machine consumption.
- No longer give message to choose between rebase or merge upon pull if the history `fast-forwards`.
- The configuration variable `core.abbrev` can be set to `no` to force no abbreviation regardless of the hash algorithm
- `git rev-parse` can be explicitly told to give output as absolute or relative path with the
`--path-format=(absolute|relative)` option.
- Bash completion update to make it easier for end-users to add completion for their custom `git` subcommands.
- `git maintenance` learned to drive scheduled maintenance on platforms whose native scheduling methods are not 'cron'.
- After expiring a reflog and making a single commit, the reflog for the branch would record a single entry that
knows both `@{0}` and `@{1}`, but we failed to answer 'what commit were we on?', i.e. `@{1}`
- `git bundle` learns `--stdin` option to read its refs from the standard input.
Also, it now does not lose refs when they point at the same object.
- `git log` learned a new `--diff-merges=<how>` option.
- `git ls-files` can and does show multiple entries when the index is unmerged, which is a source for confusion
unless `-s/-u` option is in use. A new option `--deduplicate` has been introduced.
- `git worktree list` now annotates worktrees as prunable, shows locked and prunable attributes
in `--porcelain mode`, and gained a `--verbose` option.
- `git clone` tries to locally check out the branch pointed at by HEAD of the remote repository after it
is done, but the protocol did not convey the information necessary to do so when copying an empty repository.
The protocol v2 learned how to do so.
- There are other ways than `..` for a single token to denote a `commit range', namely `<rev>^!`
and `<rev>^-<n>`, but `git range-diff` did not understand them.
- The `git range-diff` command learned `--(left|right)-only` option to show only one side of the compared range.
- `git mergetool` feeds three versions (base, local and remote) of a conflicted path unmodified.
The command learned to optionally prepare these files with unconflicted parts already resolved.
- The `.mailmap` is documented to be read only from the root level of a working tree, but a stray file
in a bare repository also was read by accident, which has been corrected.
- `git maintenance` tool learned a new `pack-refs` maintenance task.
- Improved error message given when a configuration variable that is expected to have a boolean value.
- Signed commits and tags now allow verification of objects, whose two object names
(one in SHA-1, the other in SHA-256) are both signed.
- `git rev-list` command learned `--disk-usage` option.
- `git diff`, `git log` `--{skip,rotate}-to=<path>` allows the user to discard diff output for early
paths or move them to the end of the output.
- `git difftool` learned `--skip-to=<path>` option to restart an interrupted session from an arbitrary path.
- `git grep` has been tweaked to be limited to the sparse checkout paths.
- `git rebase --[no-]fork-point` gained a configuration variable `rebase.forkPoint` so that users do not have
to keep specifying a non-default setting.
- `git stash` did not work well in a sparsely checked out working tree.
- Newline characters in the host and path part of `git://` URL are now forbidden.
- `Userdiff` updates for PHP, Rust, CSS
- Avoid administrator error leading to data loss with `git push --force-with-lease[=<ref>]` by
introducing `--force-if-includes`
- only pull `asciidoctor` for the default ruby version
- The `--committer-date-is-author-date` option of `rebase` and `am` subcommands lost the e-mail address by
mistake in 2.29
- The transport protocol v2 has become the default again
- `git worktree` gained a `repair` subcommand, `git init --separate-git-dir` no longer corrupts administrative data
related to linked worktrees
- `git maintenance` introduced for repository maintenance tasks
- `fetch.writeCommitGraph` is deemed to be still a bit too risky and is no longer part of the
`feature.experimental` set.
- The commands in the `diff` family honors the `diff.relative` configuration variable.
- `git diff-files` has been taught to say paths that are marked as `intent-to-add` are new files,
not modified from an empty blob.
- `git gui` now allows opening work trees from the start-up dialog.
- `git bugreport` reports what shell is in use.
- Some repositories have commits that record wrong committer timezone; `git fast-import` has an option to pass
these timestamps intact to allow recreating existing repositories as-is.
- `git describe` will always use the `long` version when giving its output based misplaced tags
- `git pull` issues a warning message until the `pull.rebase` configuration variable is explicitly given
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3766-1
Released: Tue Nov 23 07:07:43 2021
Summary: Recommended update for git
Type: recommended
Severity: moderate
References: 1192023
This update for git fixes the following issues:
- Installation of the 'git-daemon' package needs nogroup group dependency (bsc#1192023)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:227-1
Released: Mon Jan 31 06:05:25 2022
Summary: Recommended update for git
Type: recommended
Severity: moderate
References: 1193722
This update for git fixes the following issues:
- update to 2.34.1 (bsc#1193722):
* 'git grep' looking in a blob that has non-UTF8 payload was
completely broken when linked with certain versions of PCREv2
library in the latest release.
* 'git pull' with any strategy when the other side is behind us
should succeed as it is a no-op, but doesn't.
* An earlier change in 2.34.0 caused JGit application (that abused
GIT_EDITOR mechanism when invoking 'git config') to get stuck with
a SIGTTOU signal; it has been reverted.
* An earlier change that broke .gitignore matching has been reverted.
* SubmittingPatches document gained a syntactically incorrect mark-up,
which has been corrected.
- git 2.33.0:
* 'git send-email' learned the '--sendmail-cmd' command line option
and the 'sendemail.sendmailCmd' configuration variable, which is a
more sensible approach than the current way of repurposing the
'smtp-server' that is meant to name the server to instead name the
command to talk to the server.
* The userdiff pattern for C# learned the token 'record'.
* 'git rev-list' learns to omit the 'commit <object-name>' header
lines from the output with the `--no-commit-header` option.
* 'git worktree add --lock' learned to record why the worktree is
locked with a custom message.
* internal improvements including performance optimizations
* a number of bug fixes
- git 2.32.0:
* '.gitattributes', '.gitignore', and '.mailmap' files that are
symbolic links are ignored
* 'git apply --3way' used to first attempt a straight
application, and only fell back to the 3-way merge algorithm
when the straight application failed. Starting with this
version, the command will first try the 3-way merge algorithm
and only when it fails (either resulting with conflict or the
base versions of blobs are missing), falls back to the usual
patch application.
* 'git stash show' can now show the untracked part of the stash
* Improved 'git repack' strategy
* http code can now unlock a certificate with a cached password
respectively.
* 'git clone --reject-shallow' option fails the clone as soon as
we notice that we are cloning from a shallow repository.
* 'gitweb' learned 'e-mail privacy' feature
* Multiple improvements to output and configuration options
* Bug fixes and developer visible fixes
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:808-1
Released: Fri Mar 11 06:07:58 2022
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1195468
This update for procps fixes the following issues:
- Stop registering signal handler for SIGURG, to avoid `ps` failure if
someone sends such signal. Without the signal handler, SIGURG will
just be ignored. (bsc#1195468)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1484-1
Released: Mon May 2 16:47:10 2022
Summary: Security update for git
Type: security
Severity: important
References: 1181400,1198234,CVE-2022-24765
This update for git fixes the following issues:
- Updated to version 2.35.3:
- CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2360-1
Released: Tue Jul 12 12:01:39 2022
Summary: Security update for pcre2
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre2 fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2550-1
Released: Tue Jul 26 14:00:21 2022
Summary: Security update for git
Type: security
Severity: important
References: 1201431,CVE-2022-29187
This update for git fixes the following issues:
- CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2566-1
Released: Wed Jul 27 15:04:49 2022
Summary: Security update for pcre2
Type: security
Severity: important
References: 1199235,CVE-2022-1587
This update for pcre2 fixes the following issues:
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3931-1
Released: Thu Nov 10 11:26:01 2022
Summary: Security update for git
Type: security
Severity: moderate
References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260
This update for git fixes the following issues:
- CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456).
- CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:110-1
Released: Fri Jan 20 10:18:16 2023
Summary: Security update for git
Type: security
Severity: important
References: 1207032,1207033,CVE-2022-23521,CVE-2022-41903
This update for git fixes the following issues:
- CVE-2022-41903: Fixed a heap overflow in the 'git archive' and
'git log --format' commands (bsc#1207033).
- CVE-2022-23521: Fixed an integer overflow that could be triggered
when parsing a gitattributes file (bsc#1207032).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:181-1
Released: Thu Jan 26 21:55:43 2023
Summary: Recommended update for procps
Type: recommended
Severity: low
References: 1206412
This update for procps fixes the following issues:
- Improve memory handling/usage (bsc#1206412)
- Make sure that correct library version is installed (bsc#1206412)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:348-1
Released: Fri Feb 10 15:08:41 2023
Summary: Security update for less
Type: security
Severity: moderate
References: 1207815,CVE-2022-46663
This update for less fixes the following issues:
- CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:430-1
Released: Wed Feb 15 17:42:25 2023
Summary: Security update for git
Type: security
Severity: important
References: 1208027,1208028,CVE-2023-22490,CVE-2023-23946
This update for git fixes the following issues:
- CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027).
- CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2038-1
Released: Wed Apr 26 11:06:20 2023
Summary: Security update for git
Type: security
Severity: moderate
References: 1210686,CVE-2023-25652,CVE-2023-25815,CVE-2023-29007
This update for git fixes the following issues:
- CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686).
- CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686).
- CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2104-1
Released: Thu May 4 21:05:30 2023
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1209122
This update for procps fixes the following issue:
- Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3327-1
Released: Wed Aug 16 08:45:25 2023
Summary: Security update for pcre2
Type: security
Severity: moderate
References: 1213514,CVE-2022-41409
This update for pcre2 fixes the following issues:
- CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3440-1
Released: Mon Aug 28 08:57:10 2023
Summary: Security update for gawk
Type: security
Severity: low
References: 1214025,CVE-2023-4156
This update for gawk fixes the following issues:
- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3472-1
Released: Tue Aug 29 10:55:16 2023
Summary: Security update for procps
Type: security
Severity: low
References: 1214290,CVE-2023-4016
This update for procps fixes the following issues:
- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3994-1
Released: Fri Oct 6 13:44:15 2023
Summary: Recommended update for git
Type: recommended
Severity: moderate
References: 1215533
This update for git fixes the following issues:
- Downgrade openssh dependency to recommends (bsc#1215533)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4716-1
Released: Mon Dec 11 18:38:23 2023
Summary: Recommended update for git
Type: recommended
Severity: moderate
References: 1216501
This update for git fixes the following issues:
- Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501).
- gitweb.cgi AppArmor profile
- make the profile a named profile
- add local/include to make custom additions easier
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:11-1
Released: Tue Jan 2 13:24:52 2024
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1029961,1158830,1206798,1209122
This update for procps fixes the following issues:
- Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369)
- For support up to 2048 CPU as well (bsc#1185417)
- Allow `-´ as leading character to ignore possible errors on systctl entries (bsc#1209122)
- Get the first CPU summary correct (bsc#1121753)
- Enable pidof for SLE-15 as this is provided by sysvinit-tools
- Use a check on syscall __NR_pidfd_open to decide if
the pwait tool and its manual page will be build
- Do not truncate output of w with option -n
- Prefer logind over utmp (jsc#PED-3144)
- Don't install translated man pages for non-installed binaries
(uptime, kill).
- Fix directory for Ukrainian man pages translations.
- Move localized man pages to lang package.
- Update to procps-ng-3.3.17
* library: Incremented to 8:3:0
(no removals or additions, internal changes only)
* all: properly handle utf8 cmdline translations
* kill: Pass int to signalled process
* pgrep: Pass int to signalled process
* pgrep: Check sanity of SG_ARG_MAX
* pgrep: Add older than selection
* pidof: Quiet mode
* pidof: show worker threads
* ps.1: Mention stime alias
* ps: check also match on truncated 16 char comm names
* ps: Add exe output option
* ps: A lot more sorting available
* pwait: New command waits for a process
* sysctl: Match systemd directory order
* sysctl: Document directory order
* top: ensure config file backward compatibility
* top: add command line 'e' for symmetry with 'E'
* top: add '4' toggle for two abreast cpu display
* top: add '!' toggle for combining multiple cpus
* top: fix potential SEGV involving -p switch
* vmstat: Wide mode gives wider proc columns
* watch: Add environment variable for interval
* watch: Add no linewrap option
* watch: Support more colors
* free,uptime,slabtop: complain about extra ops
- Package translations in procps-lang.
- Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited.
- Enable pidof by default
- Update to procps-ng-3.3.16
* library: Increment to 8:2:0
No removals or functions
Internal changes only, so revision is incremented.
Previous version should have been 8:1:0 not 8:0:1
* docs: Use correct symbols for -h option in free.1
* docs: ps.1 now warns about command name length
* docs: install translated man pages
* pgrep: Match on runstate
* snice: Fix matching on pid
* top: can now exploit 256-color terminals
* top: preserves 'other filters' in configuration file
* top: can now collapse/expand forest view children
* top: parent %CPU time includes collapsed children
* top: improve xterm support for vim navigation keys
* top: avoid segmentation fault at program termination
* 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:960-1
Released: Thu Mar 21 09:35:14 2024
Summary: Recommended update for git
Type: recommended
Severity: moderate
References: 1216545
This update for git fixes the following issues:
- Do not replace apparmor configuration (bsc#1216545)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:997-1
Released: Tue Mar 26 11:03:37 2024
Summary: Security update for krb5
Type: security
Severity: important
References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462
This update for krb5 fixes the following issues:
- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
- CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1151-1
Released: Mon Apr 8 11:36:23 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398
This update for curl fixes the following issues:
- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1167-1
Released: Mon Apr 8 15:11:11 2024
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1221399,CVE-2024-28182
This update for nghttp2 fixes the following issues:
- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1192-1
Released: Wed Apr 10 09:14:37 2024
Summary: Security update for less
Type: security
Severity: important
References: 1219901,CVE-2022-48624
This update for less fixes the following issues:
- CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1598-1
Released: Fri May 10 11:50:36 2024
Summary: Security update for less
Type: security
Severity: important
References: 1222849,CVE-2024-32487
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1802-1
Released: Tue May 28 16:20:18 2024
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1223596
This update for e2fsprogs fixes the following issues:
EA Inode handling fixes:
- ext2fs: avoid re-reading inode multiple times (bsc#1223596)
- e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596)
- e2fsck: add more checks for ea inode consistency (bsc#1223596)
- e2fsck: fix golden output of several tests (bsc#1223596)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1807-1
Released: Tue May 28 22:11:31 2024
Summary: Security update for git
Type: security
Severity: important
References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465
This update for git fixes the following issues:
- CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168).
- CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170).
- CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171).
- CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172).
- CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173).
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2024:2282-1
Released: Tue Jul 2 22:41:28 2024
Summary: Optional update for openscap, scap-security-guide
Type: optional
Severity: moderate
References:
This update for scap-security-guide and openscap provides the SCAP tooling
for SLE Micro 5.3, 5.4, 5.5.
This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2302-1
Released: Thu Jul 4 16:21:10 2024
Summary: Security update for krb5
Type: security
Severity: important
References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
The following package changes have been done:
- libssh-config-0.9.8-150400.3.6.1 added
- libldap-data-2.4.46-150200.14.17.1 added
- libgpg-error0-1.42-150400.1.101 added
- libsasl2-3-2.1.28-150500.1.1 added
- libgcrypt20-1.9.4-150500.10.19 added
- libgcrypt20-hmac-1.9.4-150500.10.19 added
- libnghttp2-14-1.40.0-150200.17.1 added
- libbrotlicommon1-1.0.7-3.3.1 added
- libbrotlidec1-1.0.7-3.3.1 added
- libzstd1-1.5.0-150400.3.3.1 added
- libcom_err2-1.46.4-150400.3.6.2 added
- libunistring2-0.9.10-1.1 added
- libkeyutils1-1.6.3-5.6.1 added
- libidn2-0-2.2.0-3.6.1 added
- libpsl5-0.20.1-150000.3.3.1 added
- libverto1-0.2.6-3.20 added
- krb5-1.20.1-150500.3.9.1 added
- libldap-2_4-2-2.4.46-150200.14.17.1 added
- libssh4-0.9.8-150400.3.6.1 added
- libcurl4-8.0.1-150400.5.44.1 added
- curl-8.0.1-150400.5.44.1 added
- liblz4-1-1.9.3-150400.1.7 added
- libsystemd0-249.17-150400.8.40.1 added
- libprocps8-3.3.17-150000.7.39.1 added
- procps-3.3.17-150000.7.39.1 added
- libpcre2-8-0-10.39-150400.4.9.1 added
- libsha1detectcoll1-1.0.3-2.18 added
- which-2.21-2.20 added
- gawk-4.2.1-150000.3.3.1 added
- less-590-150400.3.9.1 added
- git-core-2.35.3-150300.10.39.1 added
More information about the sle-container-updates
mailing list