SUSE-CU-2024:1012-1: Security update of suse/sle-micro/5.1/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Mar 16 16:25:32 UTC 2024 

SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1012-1
Container Tags        : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-2.2.558 , suse/sle-micro/5.1/toolbox:latest
Container Release     : 2.2.558
Severity              : important
Type                  : security
References            : 1068950 1081527 1211052 1214691 1214713 1215005 1217316 1217320
                        1217321 1217324 1217326 1217329 1217330 1217432 1217445 1217589
                        1218632 1218812 1218814 1218866 1219241 1219581 1219639 1219666
                        CVE-2017-16829 CVE-2018-7208 CVE-2022-48064 CVE-2022-48566 CVE-2023-4750
                        CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235
                        CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-6597 CVE-2024-22667
-----------------------------------------------------------------

The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:870-1
Released:    Wed Mar 13 13:05:14 2024
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1217445,1217589,1218866
This update for glibc fixes the following issues:

Security issues fixed:

- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)

Other issues fixed:

- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:871-1
Released:    Wed Mar 13 13:07:46 2024
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667
This update for vim fixes the following issues:

- CVE-2023-48231: Fixed  Use-After-Free in win_close() (bsc#1217316).
- CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320).
- CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321).
- CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324).
- CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326).
- CVE-2023-48236: Fixed overflow in get_number (bsc#1217329).
- CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330).
- CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432).
- CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).
- CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005).

Updated to version 9.1 with patch level 0111:
https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:899-1
Released:    Thu Mar 14 16:09:41 2024
Summary:     Security update for gdb
Type:        security
Severity:    moderate
References:  1068950,1081527,1211052,CVE-2017-16829,CVE-2018-7208,CVE-2022-48064
This update for gdb fixes the following issues:

- Drop libdebuginfod1 BuildRequires/Recommends. The former isn't
  needed because there's a build requirement on libdebuginfod-devel
  already, which will pull the shared library. And the latter,
  because it's bogus since RPM auto generated dependency will take
  care of that requirement.

gdb was released in 13.2:

* This version of GDB includes the following changes and enhancements:

  * Support for the following new targets has been added in both GDB and GDBserver:

        * GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux*
        * GNU/Linux/CSKY (gdbserver) csky*-*linux* 

  * The Windows native target now supports target async.
  * Floating-point support has now been added on LoongArch GNU/Linux.
  * New commands:

        * set print nibbles [on|off]
        * show print nibbles

        * This controls whether the 'print/t' command will display binary values in groups of four bits, known as 'nibbles'. The default is 'off'.
          Various styling-related commands. See the gdb/NEWS file for more details.
          Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details. 

  * Python API improvements:

          * New Python API for instruction disassembly.

          * The new attribute 'locations' of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee.
          * New Python type gdb.BreakpointLocation.
          * New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as 'address '
          * New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter('language'), this will never return 'auto'.
          * New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string.
          * New method gdb.Frame.language that returns the name of the frame's language.
          * gdb.Value.format_string now uses the format provided by 'print', if it is called during a 'print' or other similar operation.
          * gdb.Value.format_string now accepts the 'summary' keyword. This can be used to request a shorter representation of a value, the way that 'set print frame-arguments scalars' does.
          * The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window's name must start with a character in the set [a-zA-Z], every subsequent character of a window's name must be in the set [-_.a-zA-Z0-9]. 
   * GDB/MI changes:

          * MI version 1 is deprecated, and will be removed in GDB 14.
          * The async record stating the stopped reason 'breakpoint-hit' now contains an optional field locno. 

   * Miscellaneous improvements:

          * gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF.
          * New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior.
          * New convenience variables $_hit_bpnum and $_hit_locno, set to the breakpoint number and the breakpoint location number of the breakpoint last hit.
          * The 'info breakpoints' now displays enabled breakpoint locations of disabled breakpoints as in the 'y-' state.
          * The format of 'disassemble /r' and 'record instruction-history /r' has changed to match the layout of GNU objdump when disassembling.

          * A new format '/b' has been introduce to provide the old behavior of '/r'.
          * The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new 'set style tui-current-position' command.
          * It is now possible to use the 'document' command to document user-defined commands.
          * Support for memory tag data for AArch64 MTE. 

   * Support Removal notices:

          * DBX mode has been removed.
          * Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3.
          * Support for the following commands has been removed:

          * set debug aix-solib on|off
          * show debug aix-solib
          * set debug solib-frv on|off
          * show debug solib-frv

          * Use the 'set/show debug solib' commands instead. 

See the NEWS file for a more complete and detailed list of what this release includes. 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:901-1
Released:    Thu Mar 14 17:49:10 2024
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1214691,1219666,CVE-2022-48566,CVE-2023-6597
This update for python3 fixes the following issues:

- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:904-1
Released:    Fri Mar 15 08:42:04 2024
Summary:     Recommended update for supportutils
Type:        recommended
Severity:    moderate
References:  1214713,1218632,1218812,1218814,1219241,1219639
This update for supportutils fixes the following issues:

- Update toversion 3.1.29
- Extended scaling for performance (bsc#1214713)
- Fixed kdumptool output error (bsc#1218632)
- Corrected podman ID errors (bsc#1218812)
- Duplicate non root podman entries removed (bsc#1218814)
- Corrected get_sles_ver for SLE Micro (bsc#1219241)
- Check nvidida-persistenced state (bsc#1219639)


The following package changes have been done:

- gdb-13.2-150100.8.39.1 updated
- glibc-locale-base-2.31-150300.68.1 updated
- glibc-locale-2.31-150300.68.1 updated
- libpython3_6m1_0-3.6.15-150300.10.57.1 updated
- python3-base-3.6.15-150300.10.57.1 updated
- supportutils-3.1.29-150300.7.35.27.1 updated
- vim-data-common-9.1.0111-150000.5.60.1 updated
- vim-9.1.0111-150000.5.60.1 updated

More information about the sle-container-updates mailing list