SUSE-CU-2024:3209-1: Security update of suse/manager/5.0/x86_64/server-hub-xmlrpc-api

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Jul 18 07:06:51 UTC 2024 

SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-hub-xmlrpc-api
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:3209-1
Container Tags        : suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.0 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.0.4.9 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest
Container Release     : 4.9
Severity              : critical
Type                  : security
References            : 1205604 1218609 1218668 1218926 1219108 1220117 1221831 1223605
                        1224100 1225598 1226415 CVE-2024-28085 
-----------------------------------------------------------------

The container suse/manager/5.0/x86_64/server-hub-xmlrpc-api was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1852-1
Released:    Thu May 30 14:02:02 2024
Summary:     Recommended update for wicked
Type:        recommended
Severity:    moderate
References:  1205604,1218926,1219108,1224100
This update for wicked fixes the following issues:

- client: fix ifreload to pull UP ports/links again when the config
  of their master/lower changed (bsc#1224100, gh#openSUSE/wicked#1014)
  - cleanup: fix ni_fsm_state_t enum-int-mismatch warnings
  - cleanup: fix overflow warnings in a socket testcase on i586
  - ifcheck: report new and deleted configs as changed (bsc#1218926)
  - man: improve ARP configuration options in the wicked-config.5
  - bond: add ports when master is UP to avoid port MTU revert (bsc#1219108)
  - cleanup: fix interface dependencies and shutdown order (bsc#1205604)
- removed patches included in the source archive

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1943-1
Released:    Fri Jun  7 17:04:06 2024
Summary:     Security update for util-linux
Type:        security
Severity:    important
References:  1218609,1220117,1221831,1223605,CVE-2024-28085
This update for util-linux fixes the following issues:

-  CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2214-1
Released:    Tue Jun 25 17:11:26 2024
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1225598
This update for util-linux fixes the following issue:

- Fix hang of lscpu -e (bsc#1225598)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2239-1
Released:    Wed Jun 26 13:09:10 2024
Summary:     Recommended update for systemd
Type:        recommended
Severity:    critical
References:  1226415
This update for systemd contains the following fixes:

- testsuite: move a misplaced %endif

- Do not remove existing configuration files in /etc. If these files were
  modified on the systemd, that may cause unwanted side effects (bsc#1226415).

- Import upstream commit (merge of v254.13)
  Use the pty slave fd opened from the namespace when transient service is running in a container.
  This revert the backport of the broken commit until a fix is released in the v254-stable tree.

- Import upstream commit (merge of v254.11)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2241-1
Released:    Wed Jun 26 15:37:28 2024
Summary:     Recommended update for wicked
Type:        recommended
Severity:    important
References:  1218668
This update for wicked fixes the following issues:

- Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668]


The following package changes have been done:

- systemd-254.13-150600.4.5.1 updated
- util-linux-systemd-2.39.3-150600.4.6.2 updated
- wicked-0.6.75-150600.11.6.1 updated
- wicked-service-0.6.75-150600.11.6.1 updated
- hub-xmlrpc-api-0.7-150600.1.13 updated

More information about the sle-container-updates mailing list