SUSE-CU-2024:1097-1: Security update of suse/sle15

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Mar 26 08:06:22 UTC 2024 

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1097-1
Container Tags        : bci/bci-base:15.6 , bci/bci-base:15.6.45.2.80 , suse/sle15:15.6 , suse/sle15:15.6.45.2.80
Container Release     : 45.2.80
Severity              : important
Type                  : security
References            : 1087072 1195654 1196025 1196026 1196168 1196169 1196171 1196784
                        1199944 1203438 1204111 1204112 1204113 1204708 1212126 1216296
                        CVE-2022-1664 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314
                        CVE-2022-25315 CVE-2022-40674 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012
                        CVE-2022-43680 CVE-2023-34969 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:789-1
Released:    Thu Mar 10 11:22:05 2022
Summary:     Recommended update for update-alternatives
Type:        recommended
Severity:    moderate
References:  1195654
This update for update-alternatives fixes the following issues:

- Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2294-1
Released:    Wed Jul  6 13:34:15 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315
This update for expat fixes the following issues:

- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3489-1
Released:    Sat Oct  1 13:35:24 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1203438,CVE-2022-40674
This update for expat fixes the following issues:

- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3806-1
Released:    Thu Oct 27 17:21:11 2022
Summary:     Security update for dbus-1
Type:        security
Severity:    important
References:  1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012
This update for dbus-1 fixes the following issues:

  - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).
  - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).
  - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).

  Bugfixes:

  - Disable asserts (bsc#1087072).


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3884-1
Released:    Mon Nov  7 10:59:26 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1204708,CVE-2022-43680
This update for expat fixes the following issues:

  - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4081-1
Released:    Fri Nov 18 15:40:46 2022
Summary:     Security update for dpkg
Type:        security
Severity:    low
References:  1199944,CVE-2022-1664
This update for dpkg fixes the following issues:

- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2877-1
Released:    Wed Jul 19 09:43:42 2023
Summary:     Security update for dbus-1
Type:        security
Severity:    moderate
References:  1212126,CVE-2023-34969
This update for dbus-1 fixes the following issues:

- CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4973-1
Released:    Tue Dec 26 04:44:10 2023
Summary:     Recommended update for duktape
Type:        recommended
Severity:    moderate
References:  1216296

This update of duktape fixes the following issue:

- duktape-devel is shipped to Basesystem module (bsc#1216296).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:637-1
Released:    Tue Feb 27 10:06:55 2024
Summary:     Recommended update for duktape
Type:        recommended
Severity:    moderate
References:  
This update for duktape fixes the following issues:

- Ship libduktape206-32bit: needed by libproxy since version 0.5.


The following package changes have been done:

- dbus-1-1.12.2-150400.18.8.1 added
- gio-branding-SLE-15-150600.33.2 added
- glib2-tools-2.78.3-150600.1.6 added
- libdbus-1-3-1.12.2-150400.18.8.1 added
- libduktape206-2.6.0-150500.4.5.1 added
- libexpat1-2.4.4-150400.3.12.1 added
- libgio-2_0-0-2.78.3-150600.1.6 added
- libgmodule-2_0-0-2.78.3-150600.1.6 added
- libgobject-2_0-0-2.78.3-150600.1.6 added
- libgpgme11-1.23.0-150600.1.27 updated
- libproxy1-0.5.3-150600.1.1 updated
- libpxbackend-1_0-0.5.3-150600.1.1 added
- libssh-config-0.9.8-150600.8.3 updated
- libssh4-0.9.8-150600.8.3 updated
- libsystemd0-254.9-150600.2.14 updated
- libudev1-254.9-150600.2.14 updated
- libzypp-17.31.31-150600.8.6 updated
- shared-mime-info-2.4-150600.1.2 added
- sle-module-basesystem-release-15.6-150600.28.1 updated
- sle-module-python3-release-15.6-150600.28.1 updated
- sle-module-server-applications-release-15.6-150600.28.1 updated
- sles-release-15.6-150600.28.2 updated
- update-alternatives-1.19.0.4-150000.4.4.1 added

More information about the sle-container-updates mailing list