SUSE-CU-2024:899-1: Security update of bci/openjdk-devel
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Mon Mar 11 15:32:27 UTC 2024
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:899-1
Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-16.52 , bci/openjdk-devel:latest
Container Release : 16.52
Severity : important
Type : security
References : 1198880 1200551 1217390 CVE-2021-40633 CVE-2022-28506 CVE-2023-48161
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:786-1
Released: Wed Mar 6 21:07:20 2024
Summary: Security update for giflib
Type: security
Severity: important
References: 1198880,1200551,1217390,CVE-2021-40633,CVE-2022-28506,CVE-2023-48161
This update for giflib fixes the following issues:
Update to version 5.2.2
* Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880)
* #138 Documentation for obsolete utilities still installed
* #139: Typo in 'LZW image data' page ('110_2 = 4_10')
* #140: Typo in 'LZW image data' page ('LWZ')
* #141: Typo in 'Bits and bytes' page ('filed')
* Note as already fixed SF issue #143: cannot compile under mingw
* #144: giflib-5.2.1 cannot be build on windows and other platforms using c89
* #145: Remove manual pages installation for binaries that are not installed too
* #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7
* #147 [PATCH] Fixes to doc/whatsinagif/ content
* #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB
* Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1
* Declared Won't-fix on SF issue 149: Out of source builds no longer possible
* #151: A heap-buffer-overflow in gif2rgb.c:294:45
* #152: Fix some typos on the html documentation and man pages
* #153: Fix segmentation faults due to non correct checking for args
* #154: Recover the giffilter manual page
* #155: Add gifsponge docs
* #157: An OutofMemory-Exception or Memory Leak in gif2rgb
* #158: There is a null pointer problem in gif2rgb
* #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45
* #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c
* #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c
* #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c
* #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c
The following package changes have been done:
- libgif7-5.2.2-150000.4.13.1 updated
- container:bci-openjdk-17-15.5.17-16.24 updated
- gzip-1.10-150200.10.1 removed
- libdw1-0.185-150400.5.3.1 removed
- libelf1-0.185-150400.5.3.1 removed
- libgcrypt20-1.9.4-150500.10.19 removed
- libgcrypt20-hmac-1.9.4-150500.10.19 removed
- libgpg-error0-1.42-150400.1.101 removed
- liblua5_3-5-5.3.6-3.6.1 removed
- liblz4-1-1.9.3-150400.1.7 removed
- libpopt0-1.16-3.22 removed
- libsystemd0-249.17-150400.8.40.1 removed
- libxml2-2-2.10.3-150500.5.14.1 removed
- rpm-config-SUSE-1-150400.14.3.1 removed
- rpm-ndb-4.14.3-150400.59.7.1 removed
- tar-1.34-150000.3.34.1 removed
- timezone-2023c-150000.75.23.1 removed
More information about the sle-container-updates
mailing list