SUSE-CU-2024:2602-1: Security update of suse/sle15

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Jun 8 07:08:53 UTC 2024 

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:2602-1
Container Tags        : bci/bci-base:15.6 , bci/bci-base:15.6.47.5.4 , suse/sle15:15.6 , suse/sle15:15.6.47.5.4
Container Release     : 47.5.4
Severity              : important
Type                  : security
References            : 1218609 1220117 1221482 1221831 1223605 1224044 CVE-2024-28085
                        CVE-2024-34397 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1943-1
Released:    Fri Jun  7 17:04:06 2024
Summary:     Security update for util-linux
Type:        security
Severity:    important
References:  1218609,1220117,1221831,1223605,CVE-2024-28085
This update for util-linux fixes the following issues:

-  CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1950-1
Released:    Fri Jun  7 17:20:14 2024
Summary:     Security update for glib2
Type:        security
Severity:    moderate
References:  1224044,CVE-2024-34397
This update for glib2 fixes the following issues:

Update to version 2.78.6:

+ Fix a regression with IBus caused by the fix for CVE-2024-34397

Changes in version 2.78.5:

+ Fix CVE-2024-34397: GDBus signal subscriptions for well-known
  names are vulnerable to unicast spoofing. (bsc#1224044)
+ Bugs fixed:
  - gvfs-udisks2-volume-monitor SIGSEGV in
    g_content_type_guess_for_tree() due to filename with bad
    encoding
  - gcontenttype: Make filename valid utf-8 string before processing.
  - gdbusconnection: Don't deliver signals if the sender doesn't match.

Changes in version 2.78.4:

+ Bugs fixed:
  - Fix generated RST anchors for methods, signals and properties.
  - docs/reference: depend on a native gtk-doc.
  - gobject_gdb.py: Do not break bt on optimized build.
  - gregex: clean up usage of _GRegex.jit_status.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1954-1
Released:    Fri Jun  7 18:01:06 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1221482
This update for glibc fixes the following issues:

- Also include stat64 in the 32-bit libc_nonshared.a workaround
  (bsc#1221482)


The following package changes have been done:

- gio-branding-SLE-15-150600.35.2.1 updated
- glib2-tools-2.78.6-150600.4.3.1 updated
- glibc-2.38-150600.14.5.1 updated
- libblkid1-2.39.3-150600.4.3.1 updated
- libfdisk1-2.39.3-150600.4.3.1 updated
- libgio-2_0-0-2.78.6-150600.4.3.1 updated
- libglib-2_0-0-2.78.6-150600.4.3.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.3.1 updated
- libgobject-2_0-0-2.78.6-150600.4.3.1 updated
- libmount1-2.39.3-150600.4.3.1 updated
- libsmartcols1-2.39.3-150600.4.3.1 updated
- libuuid1-2.39.3-150600.4.3.1 updated
- util-linux-2.39.3-150600.4.3.1 updated

More information about the sle-container-updates mailing list