SUSE-IU-2024:1752-1: Security update of suse-sles-15-sp5-chost-byos-v20241112-hvm-ssd-x86_64

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Nov 14 08:01:53 UTC 2024 

SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20241112-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:1752-1
Image Tags        : suse-sles-15-sp5-chost-byos-v20241112-hvm-ssd-x86_64:20241112
Image Release     : 
Severity          : important
Type              : security
References        : 1027519 1188441 1204720 1210382 1210959 1214915 1219031 1220262
                        1220724 1221601 1228337 1229555 1229745 1230316 1230366 1230906
                        1230911 1230912 1230972 1231043 1231060 1231661 1231796 1231829
                        1231833 1232241 1232528 1232542 1232622 1232624 CVE-2023-50782
                        CVE-2024-45817 CVE-2024-45818 CVE-2024-45819 CVE-2024-9287 CVE-2024-9681
-----------------------------------------------------------------

The container suse-sles-15-sp5-chost-byos-v20241112-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3659-1
Released:    Wed Oct 16 15:12:47 2024
Summary:     Recommended update for gcc14
Type:        recommended
Severity:    moderate
References:  1188441,1210959,1214915,1219031,1220724,1221601
This update for gcc14 fixes the following issues:

This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474)

The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 13 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module.

The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.

To use gcc14 compilers use:

- install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages.
- override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages.

For a full changelog with all new GCC14 features, check out

	https://gcc.gnu.org/gcc-14/changes.html


- Add libquadmath0-devel-gcc14 sub-package to allow installing
  quadmath.h and SO link without installing the fortran frontend

- Avoid combine spending too much compile-time and memory doing nothing on s390x.  [bsc#1188441]
- Remove timezone Recommends from the libstdc++6 package.  [bsc#1221601]
- Revert libgccjit dependency change.  [bsc#1220724]
- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.
- Add cross-X-newlib-devel requires to newlib cross compilers.
  [bsc#1219031]
- Re-enable AutoReqProv for cross packages but filter files processed
  via __requires_exclude_from and __provides_exclude_from.
  [bsc#1219031]
- Package m2rte.so plugin in the gcc14-m2 sub-package rather than
  in gcc13-devel.  [bsc#1210959]
- Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs
  are linked against libstdc++6.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3718-1
Released:    Fri Oct 18 04:04:26 2024
Summary:     Recommended update for libzypp
Type:        recommended
Severity:    important
References:  1230912,1231043
This update for libzypp fixes the following issues:

- Send unescaped colons in header values. According to the STOMP protocol, it
  would be correct to escape colon here but the practice broke plugin receivers
  that didn't expect this. The incompatiblity affected customers who were
  running spacewalk-repo-sync and experienced issues when accessing the cloud
  URL. [bsc#1231043]
  
- Fix hang in curl code with no network connection. [bsc#1230912]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3765-1
Released:    Tue Oct 29 02:34:05 2024
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1220262,CVE-2023-50782
This update for openssl-1_1 fixes the following issues:

- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3865-1
Released:    Fri Nov  1 16:10:37 2024
Summary:     Recommended update for gcc14
Type:        recommended
Severity:    moderate
References:  1231833
This update for gcc14 fixes the following issues:

- Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3868-1
Released:    Fri Nov  1 16:15:26 2024
Summary:     Recommended update for suse-build-key
Type:        recommended
Severity:    moderate
References:  1231829
This update for suse-build-key fixes the following issues:

  - Also include the GPG key from the current build project to allow Staging testing without production keys,
    but only in staging. (bsc#1231829)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3879-1
Released:    Fri Nov  1 17:04:25 2024
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1230906,1232241,CVE-2024-9287
This update for python3 fixes the following issues:

Security fixes:

- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)

Other fixes:

- Drop .pyc files from docdir for reproducible builds (bsc#1230906)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3886-1
Released:    Mon Nov  4 09:15:58 2024
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1231796
This update for lvm2 fixes the following issue:

- LVM2 mirror attached to another node couldn't be converted into linear LV (bsc#1231796).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3890-1
Released:    Mon Nov  4 10:14:19 2024
Summary:     Recommended update for wget
Type:        recommended
Severity:    moderate
References:  1204720,1231661
This update for wget fixes the following issues:

- wget incorrectly truncates long filenames (bsc#1231661).
- wget dies writing too long filenames (bsc#1204720).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3897-1
Released:    Mon Nov  4 12:08:56 2024
Summary:     Recommended update for shadow
Type:        recommended
Severity:    moderate
References:  1228337,1230972
This update for shadow fixes the following issues:

- Add useradd warnings when requested UID is outside the default range (bsc#1230972)
- Chage -d date vs passwd -S output is off by one (bsc#1228337)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3902-1
Released:    Mon Nov  4 13:15:51 2024
Summary:     Recommended update for shim
Type:        recommended
Severity:    moderate
References:  1210382,1230316
This update for shim fixes the following issues:

- Update shim-install to apply the missing fix for openSUSE Leap (bsc#1210382) 
- Update shim-install to use the 'removable' way for SL-Micro (bsc#1230316)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3926-1
Released:    Wed Nov  6 11:15:25 2024
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1232528,CVE-2024-9681
This update for curl fixes the following issues:

- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3936-1
Released:    Thu Nov  7 06:12:53 2024
Summary:     Recommended update for wicked
Type:        recommended
Severity:    important
References:  1229555,1229745,1230911,1231060
This update for wicked fixes the following issues:

- Update to version 0.6.77
  - compat-suse: use iftype in sysctl handling (bsc#1230911)
    - Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
    - Inherit all, default and interface sysctl settings also for loopback,
      except for use_tempaddr and accept_dad
    - Consider only interface specific accept_redirects sysctl settings
    - Adopt ifsysctl(5) manual page with wicked specific behavior
  - route: fix family and destination processing (bsc#1231060)
  - man: improve wicked-config(5) file description
  - dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option
  - team: set arp link watcher interval default to 1s
  - systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
  - compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (bsc#1229555)
  - arp: don't set target broadcast hardware address
  - dbus: don't memcpy empty/NULL array value
  - ethtool: fix leak and free pause data in ethtool_free

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3980-1
Released:    Tue Nov 12 17:14:08 2024
Summary:     Security update for xen
Type:        security
Severity:    moderate
References:  1027519,1230366,1232542,1232622,1232624,CVE-2024-45817,CVE-2024-45818,CVE-2024-45819
This update for xen fixes the following issues:

Security issues fixed:

- CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling (bsc#1232622)
- CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables (bsc#1232624)
- CVE-2024-45817: xen: x86: Deadlock in vlapic_error() (bsc#1230366)

Non-security issues fixed:

- Removed usage of net-tools-deprecated from supportconfig plugin (bsc#1232542)
- Upstream bug fixes (bsc#1027519)


The following package changes have been done:

- curl-8.0.1-150400.5.56.1 updated
- libcurl4-8.0.1-150400.5.56.1 updated
- libdevmapper1_03-2.03.22_1.02.196-150500.7.12.2 updated
- libgcc_s1-14.2.0+git10526-150000.1.6.1 updated
- libopenssl1_1-1.1.1l-150500.17.37.1 updated
- libpython3_6m1_0-3.6.15-150300.10.75.1 updated
- libstdc++6-14.2.0+git10526-150000.1.6.1 updated
- libzypp-17.35.12-150500.6.21.1 updated
- login_defs-4.8.1-150400.10.24.1 updated
- openssl-1_1-1.1.1l-150500.17.37.1 updated
- python3-base-3.6.15-150300.10.75.1 updated
- python3-3.6.15-150300.10.75.1 updated
- shadow-4.8.1-150400.10.24.1 updated
- shim-15.8-150300.4.23.1 updated
- suse-build-key-12.0-150000.8.55.1 updated
- wget-1.20.3-150000.3.23.2 updated
- wicked-service-0.6.77-150500.3.39.1 updated
- wicked-0.6.77-150500.3.39.1 updated
- xen-libs-4.17.5_06-150500.3.42.1 updated
- xen-tools-domU-4.17.5_06-150500.3.42.1 updated

More information about the sle-container-updates mailing list