SUSE-CU-2024:926-1: Security update of suse/ltss/sle15.4/sle15

Wed Mar 13 08:06:15 UTC 2024

SUSE Container Update Advisory: suse/ltss/sle15.4/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:926-1
Container Tags        : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.10 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.10
Container Release     : 3.10
Severity              : moderate
Type                  : security
References            : 1219243 1220117 CVE-2024-0727 
-----------------------------------------------------------------

The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:792-1
Released:    Thu Mar  7 09:55:23 2024
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  
This update for timezone fixes the following issues:

- Update to version 2024a
- Kazakhstan unifies on UTC+5
- Palestine springs forward a week later than previously predicted in 2024 and 2025
- Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00
- From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00
- In 1911 Miquelon adopted standard time on June 15, not May 15
- The FROM and TO columns of Rule lines can no longer be 'minimum'
- localtime no longer mishandle some timestamps
- strftime %s now uses tm_gmtoff if available
- Ittoqqortoormiit, Greenland changes time zones on 2024-03-31
- Vostok, Antarctica changed time zones on 2023-12-18
- Casey, Antarctica changed time zones five times since 2020
- Code and data fixes for Palestine timestamps starting in 2072
- A new data file zonenow.tab for timestamps starting now
- Much of Greenland changed its standard time from -03 to -02 on 2023-03-25
- localtime.c no longer mishandles TZif files that contain a single transition into a DST regime
- tzselect no longer creates temporary files
- tzselect no longer mishandles the following:
  * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION.
  * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/
  * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments
  * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension
  * zic no longer mishandles data for Palestine after the year 2075

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:833-1
Released:    Mon Mar 11 10:31:14 2024
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1219243,CVE-2024-0727
This update for openssl-1_1 fixes the following issues:

- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:838-1
Released:    Tue Mar 12 06:46:28 2024
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1220117
This update for util-linux fixes the following issues:

- Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117)

The following package changes have been done:

- libblkid1-2.37.2-150400.8.26.1 updated
- libfdisk1-2.37.2-150400.8.26.1 updated
- libmount1-2.37.2-150400.8.26.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.63.1 updated
- libopenssl1_1-1.1.1l-150400.7.63.1 updated
- libsmartcols1-2.37.2-150400.8.26.1 updated
- libuuid1-2.37.2-150400.8.26.1 updated
- openssl-1_1-1.1.1l-150400.7.63.1 updated
- timezone-2024a-150000.75.28.1 updated
- util-linux-2.37.2-150400.8.26.1 updated