SUSE-CU-2024:5712-1: Security update of suse/manager/5.0/x86_64/proxy-httpd
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Mon Nov 18 16:16:42 UTC 2024
SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:5712-1
Container Tags : suse/manager/5.0/x86_64/proxy-httpd:5.0.2 , suse/manager/5.0/x86_64/proxy-httpd:5.0.2.7.8.1 , suse/manager/5.0/x86_64/proxy-httpd:latest
Container Release : 7.8.1
Severity : critical
Type : security
References : 1220262 1224258 1224260 1224264 1224265 1224266 1224267 1224268
1224269 1224270 1224271 1224272 1224273 1224275 1226414 1227216
1227233 1227378 1227999 1228091 1228097 1228223 1228618 1228619
1228623 1228780 1228809 1228945 1229077 1229518 1229596 1229783
1229923 1230227 1230255 1230536 1230906 1231332 1231568 1231852
1231900 1231922 1232241 CVE-2023-49582 CVE-2023-50782 CVE-2024-40725
CVE-2024-47533 CVE-2024-49502 CVE-2024-49503 CVE-2024-5642 CVE-2024-6232
CVE-2024-6923 CVE-2024-7592 CVE-2024-9287
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3428-1
Released: Tue Sep 24 18:46:11 2024
Summary: Security update for apr
Type: security
Severity: moderate
References: 1229783,CVE-2023-49582
This update for apr fixes the following issues:
- CVE-2023-49582: Fixed an unexpected lax shared memory permissions. (bsc#1229783)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3450-1
Released: Thu Sep 26 09:09:16 2024
Summary: Recommended update for pam-config
Type: recommended
Severity: moderate
References: 1227216
This update for pam-config fixes the following issues:
- Improved check for existence of modules (bsc#1227216)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3470-1
Released: Fri Sep 27 14:34:46 2024
Summary: Security update for python3
Type: security
Severity: important
References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592
This update for python3 fixes the following issues:
- CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
- CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233).
- CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596).
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
Bug fixes:
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999).
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
- Remove %suse_update_desktop_file macro as it is not useful any more.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3487-1
Released: Fri Sep 27 19:56:02 2024
Summary: Recommended update for logrotate
Type: recommended
Severity: moderate
References:
This update for logrotate fixes the following issues:
- Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3512-1
Released: Wed Oct 2 18:14:56 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1226414,1228091,1228223,1228809,1229518
This update for systemd fixes the following issues:
- Determine the effective user limits in a systemd setup (jsc#PED-5659)
- Don't try to restart the udev socket units anymore. (bsc#1228809).
- Add systemd.rules rework (bsc#1229518).
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091).
- upstream commit (bsc#1226414).
- Make the 32bit version of libudev.so available again (bsc#1228223).
- policykit-1 renamed to polkitd
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3742-1
Released: Mon Oct 21 15:58:25 2024
Summary: Security update for apache2
Type: security
Severity: important
References: 1228097,CVE-2024-40725
This update for apache2 fixes the following issues:
- CVE-2024-40725: Fixed source code disclosure of local content (bsc#1228097)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3879-1
Released: Fri Nov 1 17:04:25 2024
Summary: Security update for python3
Type: security
Severity: moderate
References: 1230906,1232241,CVE-2024-9287
This update for python3 fixes the following issues:
Security fixes:
- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)
Other fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3905-1
Released: Mon Nov 4 13:39:01 2024
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1220262,1224258,1224260,1224264,1224265,1224266,1224267,1224268,1224269,1224270,1224271,1224272,1224273,1224275,1228618,1228619,1228623,CVE-2023-50782
This update for openssl-1_1 fixes the following issues:
Security fixes:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
Other fixes:
- FIPS: AES GCM external IV implementation (bsc#1228618)
- FIPS: Mark PBKDF2 and HKDF HMAC input keys with size >= 112 bits as approved in the SLI. (bsc#1228623)
- FIPS: Enforce KDF in FIPS style (bsc#1224270)
- FIPS: Mark HKDF and TLSv1.3 KDF as approved in the SLI (bsc#1228619)
- FIPS: The X9.31 scheme is not approved for RSA signature operations in FIPS 186-5. (bsc#1224269)
- FIPS: Differentiate the PSS length requirements (bsc#1224275)
- FIPS: Mark sigGen and sigVer primitives as non-approved (bsc#1224272)
- FIPS: Disable PKCSv1.5 and shake in FIPS mode (bsc#1224271)
- FIPS: Mark SHA1 as non-approved in the SLI (bsc#1224266)
- FIPS: DH FIPS selftest and safe prime group (bsc#1224264)
- FIPS: Remove not needed FIPS DRBG files (bsc#1224268)
- FIPS: Add Pair-wise Consistency Test when generating DH key (bsc#1224265)
- FIPS: Disallow non-approved KDF types (bsc#1224267)
- FIPS: Disallow RSA sigVer with 1024 and ECDSA sigVer/keyVer P-192 (bsc#1224273)
- FIPS: DRBG component chaining (bsc#1224258)
- FIPS: Align CRNGT_BUFSIZ with Jitter RNG output size (bsc#1224260)
-----------------------------------------------------------------
Advisory ID: SUSE-Manager-5.0-2024-4009
Released: Mon Nov 18 14:21:44 2024
Summary: Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server
Type: security
Severity: critical
References: 1228945,1229077,1229923,1230255,1230536,1231332,1231568,1231852,1231900,1231922,CVE-2024-47533,CVE-2024-49502,CVE-2024-49503
Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server
This is a codestream only update
The following package changes have been done:
- libapr1-1.6.3-150000.3.6.1 updated
- pam-config-1.1-150600.16.3.1 updated
- release-notes-susemanager-proxy-5.0.2-150600.11.12.2 updated
- libopenssl1_1-1.1.1w-150600.5.9.1 updated
- apache2-prefork-2.4.58-150600.5.26.1 updated
- python3-base-3.6.15-150300.10.75.1 updated
- libpython3_6m1_0-3.6.15-150300.10.75.1 updated
- systemd-254.18-150600.4.15.10 updated
- python3-3.6.15-150300.10.75.1 updated
- logrotate-3.18.1-150400.3.10.1 updated
- python3-uyuni-common-libs-5.0.5-150600.2.3.6 updated
- apache2-2.4.58-150600.5.26.1 updated
- spacewalk-backend-5.0.10-150600.4.6.10 updated
- spacewalk-proxy-package-manager-5.0.4-150600.3.3.6 updated
- spacewalk-proxy-common-5.0.4-150600.3.3.6 updated
- spacewalk-proxy-broker-5.0.4-150600.3.3.6 updated
- spacewalk-proxy-redirect-5.0.4-150600.3.3.6 updated
More information about the sle-container-updates
mailing list