SUSE-CU-2024:948-1: Security update of suse/ltss/sle15.3/bci-base-fips

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Mar 15 14:49:17 UTC 2024 

SUSE Container Update Advisory: suse/ltss/sle15.3/bci-base-fips
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:948-1
Container Tags        : suse/ltss/sle15.3/bci-base-fips:15.3 , suse/ltss/sle15.3/bci-base-fips:15.3.4.2
Container Release     : 4.2
Severity              : important
Type                  : security
References            : 1215286 1215891 1216378 CVE-2023-45853 CVE-2023-4813 
-----------------------------------------------------------------

The container suse/ltss/sle15.3/bci-base-fips was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4448-1
Released:    Tue Dec 13 10:16:48 2022
Summary:     Initial shipment of package sles-ltss-release
Type:        recommended
Severity:    important
References:  
This patch ships the sles-ltss-release package to SUSE Linux Enterprise Server 15 SP3 customers
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4110-1
Released:    Wed Oct 18 12:35:26 2023
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1215286,1215891,CVE-2023-4813
This update for glibc fixes the following issues:

Security issue fixed:

- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)

Also a regression from a previous update was fixed:

- elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4217-1
Released:    Thu Oct 26 12:20:27 2023
Summary:     Security update for zlib
Type:        security
Severity:    moderate
References:  1216378,CVE-2023-45853
This update for zlib fixes the following issues:

- CVE-2023-45853: Fixed an integer overflow that would lead to a
  buffer overflow in the minizip subcomponent (bsc#1216378).


The following package changes have been done:

- glibc-2.31-150300.63.1 updated
- libz1-1.2.11-150000.3.48.1 updated
- sles-ltss-release-15.3-150300.10.3.1 added
- container:sles15-image-15.0.0-17.20.233 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 removed
- bash-4.4-19.6.1 removed
- cpio-2.12-3.9.1 removed
- cracklib-2.9.7-11.6.1 removed
- cracklib-dict-small-2.9.7-11.6.1 removed
- diffutils-3.6-4.3.1 removed
- file-magic-5.32-7.14.1 removed
- fillup-1.42-2.18 removed
- findutils-4.8.0-1.20 removed
- grep-3.1-150000.4.6.1 removed
- info-6.5-4.17 removed
- krb5-1.19.2-150300.13.1 removed
- libaudit1-2.8.5-3.43 removed
- libblkid1-2.36.2-150300.4.35.1 removed
- libbz2-1-1.0.6-5.11.1 removed
- libcap-ng0-0.7.9-4.37 removed
- libcom_err2-1.43.8-150000.4.33.1 removed
- libcrack2-2.9.7-11.6.1 removed
- libcrypt1-4.4.15-150300.4.4.3 removed
- libcurl4-7.66.0-150200.4.57.1 removed
- libdw1-0.177-150300.11.6.1 removed
- libebl-plugins-0.177-150300.11.6.1 removed
- libeconf0-0.5.2-150300.3.11.1 removed
- libelf1-0.177-150300.11.6.1 removed
- libfdisk1-2.36.2-150300.4.35.1 removed
- libgcc_s1-12.3.0+git1204-150000.1.16.1 removed
- libgcrypt20-1.8.2-8.36.1 removed
- libgcrypt20-hmac-1.8.2-8.36.1 removed
- libgpg-error0-1.42-150300.9.3.1 removed
- libidn2-0-2.2.0-3.6.1 removed
- libkeyutils1-1.6.3-5.6.1 removed
- libldap-2_4-2-2.4.46-150200.14.17.1 removed
- libldap-data-2.4.46-150200.14.17.1 removed
- liblua5_3-5-5.3.6-3.6.1 removed
- liblz4-1-1.9.2-3.3.1 removed
- liblzma5-5.2.3-150000.4.7.1 removed
- libmagic1-5.32-7.14.1 removed
- libmount1-2.36.2-150300.4.35.1 removed
- libncurses6-6.1-150000.5.15.1 removed
- libnghttp2-14-1.40.0-6.1 removed
- libnsl2-1.2.0-2.44 removed
- libpopt0-1.16-3.22 removed
- libpsl5-0.20.1-150000.3.3.1 removed
- libreadline7-7.0-19.6.1 removed
- libsasl2-3-2.1.27-150300.4.6.1 removed
- libsemanage1-3.0-1.27 removed
- libsepol1-3.0-1.31 removed
- libsmartcols1-2.36.2-150300.4.35.1 removed
- libssh4-0.8.7-10.12.1 removed
- libstdc++6-12.3.0+git1204-150000.1.16.1 removed
- libsystemd0-246.16-150300.7.57.1 removed
- libtirpc-netconfig-1.2.6-150300.3.17.1 removed
- libtirpc3-1.2.6-150300.3.17.1 removed
- libunistring2-0.9.10-1.1 removed
- libutempter0-1.1.6-3.42 removed
- libuuid1-2.36.2-150300.4.35.1 removed
- libverto1-0.2.6-3.20 removed
- libxml2-2-2.9.7-150000.3.60.1 removed
- libzio1-1.06-2.20 removed
- libzstd1-1.4.4-150000.1.9.1 removed
- login_defs-4.8.1-150300.4.9.1 removed
- ncurses-utils-6.1-150000.5.15.1 removed
- pam-1.3.0-150000.6.61.1 removed
- perl-base-5.26.1-150300.17.14.1 removed
- permissions-20181225-150200.23.23.1 removed
- rpm-config-SUSE-1-5.6.1 removed
- sed-4.4-11.6 removed
- shadow-4.8.1-150300.4.9.1 removed
- system-group-hardware-20170617-17.3.1 removed
- sysuser-shadow-2.0-4.2.8 removed
- terminfo-base-6.1-150000.5.15.1 removed
- timezone-2023c-150000.75.23.1 removed
- util-linux-2.36.2-150300.4.35.1 removed

More information about the sle-container-updates mailing list