SUSE-CU-2024:1087-1: Security update of suse/nginx

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Mar 26 08:04:56 UTC 2024 

SUSE Container Update Advisory: suse/nginx
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1087-1
Container Tags        : suse/nginx:1.21 , suse/nginx:1.21-10.34 , suse/nginx:latest
Container Release     : 10.34
Severity              : important
Type                  : security
References            : 1176006 1188307 1203823 1213590 1214686 1214687 1219321 1221187
                        CVE-2023-38288 CVE-2023-40745 CVE-2023-41175 
-----------------------------------------------------------------

The container suse/nginx was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:914-1
Released:    Mon Mar 18 06:39:03 2024
Summary:     Recommended update for shadow
Type:        recommended
Severity:    important
References:  1176006,1188307,1203823
This update for shadow fixes the following issues:

- Fix chage date miscalculation (bsc#1176006)
- Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307
- Remove pam_keyinit from PAM config files (bsc#1203823)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:929-1
Released:    Tue Mar 19 06:36:24 2024
Summary:     Recommended update for coreutils
Type:        recommended
Severity:    moderate
References:  1219321
This update for coreutils fixes the following issues:

- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:973-1
Released:    Fri Mar 22 11:23:15 2024
Summary:     Security update for tiff
Type:        security
Severity:    moderate
References:  1213590,1214686,1214687,1221187,CVE-2023-38288,CVE-2023-40745,CVE-2023-41175
This update for tiff fixes the following issues:

- CVE-2023-41175: Fixed potential integer overflow in raw2tiff.c (bsc#1214686).
- CVE-2023-38288: Fixed potential integer overflow in raw2tiff.c (bsc#1213590).
- CVE-2023-40745: Fixed integer overflow in tiffcp.c (bsc#1214687).


The following package changes have been done:

- login_defs-4.8.1-150400.10.15.1 updated
- coreutils-8.32-150400.9.3.1 updated
- shadow-4.8.1-150400.10.15.1 updated
- libtiff5-4.0.9-150000.45.41.1 updated
- container:sles15-image-15.0.0-36.11.15 updated

More information about the sle-container-updates mailing list