SUSE-CU-2024:5689-1: Security update of suse/sles/15.7/libguestfs-tools

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Nov 15 08:07:08 UTC 2024 

SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:5689-1
Container Tags        : suse/sles/15.7/libguestfs-tools:1.1.1 , suse/sles/15.7/libguestfs-tools:1.1.1-150700.9.22 , suse/sles/15.7/libguestfs-tools:1.1.1.28.59
Container Release     : 28.59
Severity              : important
Type                  : security
References            : 1220262 1220262 1224258 1224260 1224264 1224265 1224266 1224267
                        1224268 1224269 1224270 1224271 1224272 1224273 1224275 1226724
                        1226731 1226733 1227642 1227669 1227670 1227671 1228618 1228619
                        1228623 1228999 1229555 1229745 1230166 1230906 1230911 1230972
                        1231060 1231833 1232241 1232528 CVE-2023-50782 CVE-2023-50782
                        CVE-2024-9287 CVE-2024-9681 
-----------------------------------------------------------------

The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3846-1
Released:    Thu Oct 31 11:07:10 2024
Summary:     Recommended update for gnutls
Type:        recommended
Severity:    moderate
References:  1226724,1226731,1226733,1227642,1227669,1227670,1227671,1230166
This update for gnutls fixes the following issues:

- FIPS: Do not allow curve P-192 for signature or keypair verification [bsc#1227669]
- FIPS: Allow to perform the integrity check with the hmac provided by each library [bsc#1226724]
- FIPS: Mark gnutls_hash_fast operations as approved in SLI. [bsc#1230166]
- FIPS: Run pairwise consistency test only in FIPS mode. [bsc#1226733]
- FIPS: Use full hash+sign operations, not low level primitives in PCT test. [bsc#1226733]
- FIPS: Mark SHA1 as not allowed for signature verification in both RSA and ECDSA sigVer. [bsc#1227642]
- FIPS: Allow RSA signature verification with min of 2048 bit modulus. [bsc#1227670]
- FIPS: Remove not needed DSA in selfchecks in FIPS mode. [bsc#1227671, bsc#1226731]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3865-1
Released:    Fri Nov  1 16:10:37 2024
Summary:     Recommended update for gcc14
Type:        recommended
Severity:    moderate
References:  1231833
This update for gcc14 fixes the following issues:

- Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3879-1
Released:    Fri Nov  1 17:04:25 2024
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1230906,1232241,CVE-2024-9287
This update for python3 fixes the following issues:

Security fixes:

- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)

Other fixes:

- Drop .pyc files from docdir for reproducible builds (bsc#1230906)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3896-1
Released:    Mon Nov  4 12:08:29 2024
Summary:     Recommended update for shadow
Type:        recommended
Severity:    moderate
References:  1230972
This update for shadow fixes the following issues:

- Add useradd warnings when requested UID is outside the default range (bsc#1230972)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3905-1
Released:    Mon Nov  4 13:39:01 2024
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1220262,1224258,1224260,1224264,1224265,1224266,1224267,1224268,1224269,1224270,1224271,1224272,1224273,1224275,1228618,1228619,1228623,CVE-2023-50782
This update for openssl-1_1 fixes the following issues:

Security fixes:

- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)

Other fixes:

- FIPS: AES GCM external IV implementation (bsc#1228618)
- FIPS: Mark PBKDF2 and HKDF HMAC input keys with size >= 112 bits as approved in the SLI. (bsc#1228623)
- FIPS: Enforce KDF in FIPS style (bsc#1224270)
- FIPS: Mark HKDF and TLSv1.3 KDF as approved in the SLI (bsc#1228619)
- FIPS: The X9.31 scheme is not approved for RSA signature operations in FIPS 186-5. (bsc#1224269)
- FIPS: Differentiate the PSS length requirements (bsc#1224275)
- FIPS: Mark sigGen and sigVer primitives as non-approved (bsc#1224272)
- FIPS: Disable PKCSv1.5 and shake in FIPS mode (bsc#1224271)
- FIPS: Mark SHA1 as non-approved in the SLI (bsc#1224266)
- FIPS: DH FIPS selftest and safe prime group (bsc#1224264)
- FIPS: Remove not needed FIPS DRBG files (bsc#1224268)
- FIPS: Add Pair-wise Consistency Test when generating DH key (bsc#1224265)
- FIPS: Disallow non-approved KDF types (bsc#1224267)
- FIPS: Disallow RSA sigVer with 1024 and ECDSA sigVer/keyVer P-192 (bsc#1224273)
- FIPS: DRBG component chaining (bsc#1224258)
- FIPS: Align CRNGT_BUFSIZ with Jitter RNG output size (bsc#1224260)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3925-1
Released:    Wed Nov  6 11:14:28 2024
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1232528,CVE-2024-9681
This update for curl fixes the following issues:

- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3935-1
Released:    Thu Nov  7 06:12:39 2024
Summary:     Recommended update for wicked
Type:        recommended
Severity:    important
References:  1229555,1229745,1230911,1231060
This update for wicked fixes the following issues:

- Update to version 0.6.77
  - compat-suse: use iftype in sysctl handling (bsc#1230911) 
    - Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
    - Inherit all, default and interface sysctl settings also for loopback,
      except for use_tempaddr and accept_dad
    - Consider only interface specific accept_redirects sysctl settings
    - Adopt ifsysctl(5) manual page with wicked specific behavior
  - route: fix family and destination processing (bsc#1231060)
  - man: improve wicked-config(5) file description
  - dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option
  - team: set arp link watcher interval default to 1s
  - systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
  - compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (bsc#1229555)
  - arp: don't set target broadcast hardware address
  - dbus: don't memcpy empty/NULL array value
  - ethtool: fix leak and free pause data in ethtool_free

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3943-1
Released:    Thu Nov  7 11:12:00 2024
Summary:     Security update for openssl-3
Type:        security
Severity:    moderate
References:  1220262,CVE-2023-50782
This update for openssl-3 fixes the following issues:

- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3952-1
Released:    Fri Nov  8 10:26:53 2024
Summary:     Recommended update for libproxy
Type:        recommended
Severity:    moderate
References:  1228999
This update for libproxy fixes the following issue:

- (fix) Remove white space in key value for libproxy (bsc#1228999).


The following package changes have been done:

- libgcc_s1-14.2.0+git10526-150000.1.6.1 updated
- libstdc++6-14.2.0+git10526-150000.1.6.1 updated
- login_defs-4.8.1-150600.17.9.1 updated
- libopenssl3-3.1.4-150600.5.21.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated
- patterns-base-fips-20200124-150700.35.1 updated
- sles-release-15.7-150700.11.2 updated
- libcurl4-8.6.0-150600.4.12.1 updated
- shadow-4.8.1-150600.17.9.1 updated
- curl-8.6.0-150600.4.12.1 updated
- libguestfs-winsupport-1.54.0-150700.1.2 updated
- libhivex0-1.3.24-150700.1.1 updated
- libopenssl1_1-1.1.1w-150600.5.9.1 updated
- osinfo-db-20240701-150700.2.1 updated
- qemu-accel-tcg-x86-9.1.1-150700.1.1 updated
- qemu-ipxe-9.1.1-150700.1.1 updated
- qemu-seabios-9.1.11.16.3_3_gc13ff2cd-150700.1.1 updated
- qemu-vgabios-9.1.11.16.3_3_gc13ff2cd-150700.1.1 updated
- python3-base-3.6.15-150300.10.75.1 updated
- libpython3_6m1_0-3.6.15-150300.10.75.1 updated
- virtiofsd-1.12.0-150700.1.2 updated
- libgnutls30-3.8.3-150600.4.3.1 updated
- xen-libs-4.19.0_04-150700.1.8 updated
- qemu-vmsr-helper-9.1.1-150700.1.1 updated
- qemu-pr-helper-9.1.1-150700.1.1 updated
- qemu-img-9.1.1-150700.1.1 updated
- qemu-tools-9.1.1-150700.1.1 updated
- libpxbackend-1_0-0.5.3-150600.4.3.2 updated
- wicked-0.6.77-150600.11.15.1 updated
- wicked-service-0.6.77-150600.11.15.1 updated
- libproxy1-0.5.3-150600.4.3.2 updated
- qemu-x86-9.1.1-150700.1.1 updated
- qemu-9.1.1-150700.1.1 updated
- qemu-ovmf-x86_64-202408-150700.1.1 updated
- libguestfs0-1.54.0-150700.1.2 updated
- libguestfs-devel-1.54.0-150700.1.2 updated
- libguestfs-appliance-1.54.0-150700.1.2 updated
- libguestfs-1.54.0-150700.1.2 updated
- container:sles15-image-15.0.0-50.43 updated

More information about the sle-container-updates mailing list