SUSE-CU-2024:5496-1: Security update of suse/manager/4.3/proxy-httpd

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Mon Nov 4 12:53:01 UTC 2024 

SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:5496-1
Container Tags        : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.54 , suse/manager/4.3/proxy-httpd:latest
Container Release     : 9.57.54
Severity              : important
Type                  : security
References            : 1220262 1228097 1230906 1231833 1232241 CVE-2023-50782 CVE-2024-40725
                        CVE-2024-9287 
-----------------------------------------------------------------

The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3864-1
Released:    Fri Nov  1 16:06:15 2024
Summary:     Security update for apache2
Type:        security
Severity:    important
References:  1228097,CVE-2024-40725
This update for apache2 fixes the following issues:

- CVE-2024-40725: Fixed source code disclosure of local content (bsc#1228097)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3865-1
Released:    Fri Nov  1 16:10:37 2024
Summary:     Recommended update for gcc14
Type:        recommended
Severity:    moderate
References:  1231833
This update for gcc14 fixes the following issues:

- Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3872-1
Released:    Fri Nov  1 16:20:29 2024
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1220262,CVE-2023-50782
This update for openssl-1_1 fixes the following issues:

- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3879-1
Released:    Fri Nov  1 17:04:25 2024
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1230906,1232241,CVE-2024-9287
This update for python3 fixes the following issues:

Security fixes:

- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)

Other fixes:

- Drop .pyc files from docdir for reproducible builds (bsc#1230906)


The following package changes have been done:

- libgcc_s1-14.2.0+git10526-150000.1.6.1 updated
- libstdc++6-14.2.0+git10526-150000.1.6.1 updated
- libopenssl1_1-1.1.1l-150400.7.75.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.75.1 updated
- python3-base-3.6.15-150300.10.75.1 updated
- libpython3_6m1_0-3.6.15-150300.10.75.1 updated
- python3-3.6.15-150300.10.75.1 updated
- apache2-utils-2.4.51-150400.6.37.1 updated
- apache2-2.4.51-150400.6.37.1 updated
- apache2-prefork-2.4.51-150400.6.37.1 updated
- container:sles15-ltss-image-15.4.0-2.4 updated

More information about the sle-container-updates mailing list