SUSE-CU-2024:2033-1: Security update of suse/ltss/sle15.3/bci-base-fips

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue May 14 07:02:00 UTC 2024 

SUSE Container Update Advisory: suse/ltss/sle15.3/bci-base-fips
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:2033-1
Container Tags        : suse/ltss/sle15.3/bci-base-fips:15.3 , suse/ltss/sle15.3/bci-base-fips:15.3.5.1
Container Release     : 5.1
Severity              : important
Type                  : security
References            : 1217445 1217589 1218866 1220441 1222992 CVE-2024-2961 
-----------------------------------------------------------------

The container suse/ltss/sle15.3/bci-base-fips was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:870-1
Released:    Wed Mar 13 13:05:14 2024
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1217445,1217589,1218866
This update for glibc fixes the following issues:

Security issues fixed:

- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)

Other issues fixed:

- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1231-1
Released:    Thu Apr 11 15:20:40 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1220441
This update for glibc fixes the following issues:

- duplocale: protect use of global locale (bsc#1220441, BZ #23970)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1375-1
Released:    Mon Apr 22 14:56:13 2024
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1222992,CVE-2024-2961
This update for glibc fixes the following issues:

- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)


The following package changes have been done:

- glibc-2.31-150300.74.1 updated
- container:sles15-ltss-image-15.0.0-4.47 added
- container:sles15-image-15.0.0-17.20.233 removed

More information about the sle-container-updates mailing list