SUSE-CU-2024:925-1: Security update of suse/ltss/sle15.3/sle15
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Mar 13 08:06:07 UTC 2024
SUSE Container Update Advisory: suse/ltss/sle15.3/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:925-1
Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.19 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.19
Container Release : 4.19
Severity : moderate
Type : security
References : 1218571 1219238 1219243 CVE-2023-7207 CVE-2024-0727
-----------------------------------------------------------------
The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:792-1
Released: Thu Mar 7 09:55:23 2024
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References:
This update for timezone fixes the following issues:
- Update to version 2024a
- Kazakhstan unifies on UTC+5
- Palestine springs forward a week later than previously predicted in 2024 and 2025
- Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00
- From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00
- In 1911 Miquelon adopted standard time on June 15, not May 15
- The FROM and TO columns of Rule lines can no longer be 'minimum'
- localtime no longer mishandle some timestamps
- strftime %s now uses tm_gmtoff if available
- Ittoqqortoormiit, Greenland changes time zones on 2024-03-31
- Vostok, Antarctica changed time zones on 2023-12-18
- Casey, Antarctica changed time zones five times since 2020
- Code and data fixes for Palestine timestamps starting in 2072
- A new data file zonenow.tab for timestamps starting now
- Much of Greenland changed its standard time from -03 to -02 on 2023-03-25
- localtime.c no longer mishandles TZif files that contain a single transition into a DST regime
- tzselect no longer creates temporary files
- tzselect no longer mishandles the following:
* Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION.
* TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/
* ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments
* Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension
* zic no longer mishandles data for Palestine after the year 2075
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:824-1
Released: Fri Mar 8 17:34:36 2024
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1218571,1219238,CVE-2023-7207
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:832-1
Released: Mon Mar 11 10:30:30 2024
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1219243,CVE-2024-0727
This update for openssl-1_1 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
The following package changes have been done:
- cpio-2.12-150000.3.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.85.1 updated
- libopenssl1_1-1.1.1d-150200.11.85.1 updated
- openssl-1_1-1.1.1d-150200.11.85.1 updated
- timezone-2024a-150000.75.28.1 updated
More information about the sle-container-updates
mailing list