SUSE-CU-2024:5481-1: Security update of suse/rmt-server
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Mon Nov 4 12:49:58 UTC 2024
SUSE Container Update Advisory: suse/rmt-server
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:5481-1
Container Tags : suse/rmt-server:2.19 , suse/rmt-server:2.19-54.2 , suse/rmt-server:latest
Container Release : 54.2
Severity : important
Type : security
References : 1159034 1188441 1193578 1194818 1194818 1210959 1214915 1218609
1219031 1220523 1220690 1220693 1220696 1220724 1221365 1221601
1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822
1221824 1221827 1222285 1222985 1223571 1224014 1224016 1224390
1225907 1226414 1226463 1227138 1227308 1227807 1228042 1228072
1228091 1228223 1228794 1228799 1228809 1228968 1229028 1229329
1229465 1229476 1229518 1229673 1230145 1230638 1230698 1231051
CVE-2021-43809 CVE-2024-35176 CVE-2024-39908 CVE-2024-41123 CVE-2024-41946
CVE-2024-41996 CVE-2024-43398 CVE-2024-5535 CVE-2024-6119
-----------------------------------------------------------------
The container suse/rmt-server was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2888-1
Released: Tue Aug 13 11:07:41 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1159034,1194818,1218609,1222285
This update for util-linux fixes the following issues:
- agetty: Prevent login cursor escape (bsc#1194818).
- Document unexpected side effects of lazy destruction (bsc#1159034).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them (bsc#1222285).
- Improved man page for chcpu (bsc#1218609).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2912-1
Released: Wed Aug 14 20:20:13 2024
Summary: Recommended update for cloud-regionsrv-client
Type: recommended
Severity: important
References: 1222985,1223571,1224014,1224016,1227308
This update for cloud-regionsrv-client contains the following fixes:
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2933-1
Released: Thu Aug 15 12:12:50 2024
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1225907,1226463,1227138,CVE-2024-5535
This update for openssl-1_1 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
Other fixes:
- Build with no-afalgeng. (bsc#1226463)
- Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2967-1
Released: Mon Aug 19 15:41:29 2024
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1194818
This update for pam fixes the following issue:
- Prevent cursor escape from the login prompt (bsc#1194818).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3106-1
Released: Tue Sep 3 17:00:40 2024
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119
This update for openssl-3 fixes the following issues:
- CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)
Other fixes:
- FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365).
- FIPS: RSA keygen PCT requirements.
- FIPS: Check that the fips provider is available before setting
it as the default provider in FIPS mode (bsc#1220523).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: Block non-Approved Elliptic Curves (bsc#1221786).
- FIPS: Service Level Indicator (bsc#1221365).
- FIPS: Output the FIPS-validation name and module version which uniquely
identify the FIPS validated module (bsc#1221751).
- FIPS: Add required selftests: (bsc#1221760).
- FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821).
- FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827).
- FIPS: Zero initialization required (bsc#1221752).
- FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696).
- FIPS: NIST SP 800-56Brev2 (bsc#1221824).
- FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: NIST SP 800-56Arev3 (bsc#1221822).
- FIPS: Error state has to be enforced (bsc#1221753).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3132-1
Released: Tue Sep 3 17:43:10 2024
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1228968,1229329
This update for permissions fixes the following issues:
- Update to version 20240826:
* permissions: remove outdated entries (bsc#1228968)
- Update to version 20240826:
* cockpit: revert path change (bsc#1229329)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3166-1
Released: Mon Sep 9 12:25:30 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1228042
This update for glibc fixes the following issue:
- s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3239-1
Released: Fri Sep 13 12:00:58 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1229476
This update for util-linux fixes the following issue:
- Skip aarch64 decode path for rest of the architectures (bsc#1229476).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3258-1
Released: Mon Sep 16 16:19:28 2024
Summary: Recommended update for rmt-server
Type: recommended
Severity: important
References:
This update for rmt-server contains the following fixes:
- Version 2.19
* Fix for mirroring products that contain special characters (eg.: '$') in their path
* rmt-server-pubcloud:
* Support registration of extensions in BYOS mode on top of a PAYG system (hybrid mode) (jsc#PCT-400)
* Validate repository and registy access for hybrid systems
- Include new script to fix yum-utils issue (jsc#SLL-369)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3300-1
Released: Wed Sep 18 14:27:53 2024
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References: 1229028
This update for ncurses fixes the following issues:
- Allow the terminal description based on static fallback entries to be freed (bsc#1229028)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3501-1
Released: Tue Oct 1 16:03:34 2024
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1230698,CVE-2024-41996
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3504-1
Released: Tue Oct 1 16:22:27 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1230638
This update for glibc fixes the following issue:
- Use nss-systemd by default also in SLE (bsc#1230638).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3512-1
Released: Wed Oct 2 18:14:56 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1226414,1228091,1228223,1228809,1229518
This update for systemd fixes the following issues:
- Determine the effective user limits in a systemd setup (jsc#PED-5659)
- Don't try to restart the udev socket units anymore. (bsc#1228809).
- Add systemd.rules rework (bsc#1229518).
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091).
- upstream commit (bsc#1226414).
- Make the 32bit version of libudev.so available again (bsc#1228223).
- policykit-1 renamed to polkitd
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3528-1
Released: Fri Oct 4 15:31:43 2024
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1230145
This update for e2fsprogs fixes the following issue:
- resize2fs: Check number of group descriptors only if meta_bg is disabled
(bsc#1230145).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3597-1
Released: Fri Oct 11 10:39:52 2024
Summary: Recommended update for bash
Type: recommended
Severity: moderate
References: 1227807
This update for bash fixes the following issues:
- Load completion file eveh if a brace expansion is in the
command line included (bsc#1227807).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3659-1
Released: Wed Oct 16 15:12:47 2024
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1188441,1210959,1214915,1219031,1220724,1221601
This update for gcc14 fixes the following issues:
This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 13 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc14 compilers use:
- install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages.
- override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages.
For a full changelog with all new GCC14 features, check out
https://gcc.gnu.org/gcc-14/changes.html
- Add libquadmath0-devel-gcc14 sub-package to allow installing
quadmath.h and SO link without installing the fortran frontend
- Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441]
- Remove timezone Recommends from the libstdc++6 package. [bsc#1221601]
- Revert libgccjit dependency change. [bsc#1220724]
- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Re-enable AutoReqProv for cross packages but filter files processed
via __requires_exclude_from and __provides_exclude_from.
[bsc#1219031]
- Package m2rte.so plugin in the gcc14-m2 sub-package rather than
in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs
are linked against libstdc++6.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3726-1
Released: Fri Oct 18 11:56:40 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1231051
This update for glibc fixes the following issue:
- Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3873-1
Released: Fri Nov 1 16:22:15 2024
Summary: Security update for rubygem-bundler
Type: security
Severity: important
References: 1193578,CVE-2021-43809
This update for rubygem-bundler fixes the following issues:
- CVE-2021-43809: Fixed remote execution via Gemfile argument injection (bsc#1193578)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3874-1
Released: Fri Nov 1 16:24:52 2024
Summary: Security update for ruby2.5
Type: security
Severity: important
References: 1224390,1228072,1228794,1228799,1229673,CVE-2024-35176,CVE-2024-39908,CVE-2024-41123,CVE-2024-41946,CVE-2024-43398
This update for ruby2.5 fixes the following issues:
- CVE-2024-43398: Fixed DoS when parsing a XML that has many deep elements with the same local name attributes (bsc#1229673)
- CVE-2024-41123: Fixed DoS when parsing an XML that contains many specific characters such as whitespaces, >] and ]> (bsc#1228794)
- CVE-2024-41946: Fixed DoS when parsing an XML that has many entity expansions with SAX2 or pull parser API (bsc#1228799)
- CVE-2024-35176: Fixed DoS when parsing an XML that has many left angled brackets in an attribute value (bsc#1224390)
- CVE-2024-39908: Fixed ReDos when parsing an XML that has many specific characters (bsc#1228072)
The following package changes have been done:
- glibc-2.38-150600.14.14.2 updated
- libuuid1-2.39.3-150600.4.12.2 updated
- libsmartcols1-2.39.3-150600.4.12.2 updated
- libcom_err2-1.47.0-150600.4.6.2 updated
- libblkid1-2.39.3-150600.4.12.2 updated
- libfdisk1-2.39.3-150600.4.12.2 updated
- libgcc_s1-14.2.0+git10526-150000.1.3.3 updated
- libstdc++6-14.2.0+git10526-150000.1.3.3 updated
- libncurses6-6.1-150000.5.27.1 updated
- terminfo-base-6.1-150000.5.27.1 updated
- libmount1-2.39.3-150600.4.12.2 updated
- libudev1-254.18-150600.4.15.10 updated
- libopenssl3-3.1.4-150600.5.18.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated
- libreadline7-7.0-150400.27.3.2 updated
- bash-4.4-150400.27.3.2 updated
- bash-sh-4.4-150400.27.3.2 updated
- permissions-20240826-150600.10.9.1 updated
- pam-1.3.0-150000.6.71.2 updated
- util-linux-2.39.3-150600.4.12.2 updated
- libopenssl1_1-1.1.1w-150600.5.6.1 updated
- libruby2_5-2_5-2.5.9-150000.4.32.1 updated
- libyaml-0-2-0.1.7-150000.3.2.1 updated
- ruby2.5-stdlib-2.5.9-150000.4.32.1 updated
- ruby2.5-2.5.9-150000.4.32.1 updated
- ruby2.5-rubygem-bundler-1.16.1-150000.3.6.1 updated
- rmt-server-config-2.19-150500.3.22.1 updated
- rmt-server-2.19-150500.3.22.1 updated
- container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 added
- container:sles15-image-15.6.0-47.11.5 removed
More information about the sle-container-updates
mailing list