SUSE-CU-2024:5720-1: Security update of suse/manager/5.0/x86_64/server-migration-14-16
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Mon Nov 18 16:17:07 UTC 2024
SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-migration-14-16
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:5720-1
Container Tags : suse/manager/5.0/x86_64/server-migration-14-16:5.0.2 , suse/manager/5.0/x86_64/server-migration-14-16:5.0.2.7.8.1 , suse/manager/5.0/x86_64/server-migration-14-16:latest
Container Release : 7.8.1
Severity : important
Type : security
References : 1188441 1210959 1214915 1219031 1220262 1220724 1221601 1224258
1224260 1224264 1224265 1224266 1224267 1224268 1224269 1224270
1224271 1224272 1224273 1224275 1226414 1227233 1227378 1227807
1227999 1228091 1228223 1228618 1228619 1228623 1228780 1228809
1229028 1229476 1229518 1229596 1229930 1229931 1229932 1230111
1230145 1230227 1230423 1230638 1230698 1230906 1231051 1232241
CVE-2023-50782 CVE-2024-41996 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492
CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 CVE-2024-9287
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/server-migration-14-16 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3216-1
Released: Thu Sep 12 13:05:20 2024
Summary: Security update for expat
Type: security
Severity: moderate
References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492
This update for expat fixes the following issues:
- CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
- CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
- CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3239-1
Released: Fri Sep 13 12:00:58 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1229476
This update for util-linux fixes the following issue:
- Skip aarch64 decode path for rest of the architectures (bsc#1229476).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3300-1
Released: Wed Sep 18 14:27:53 2024
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References: 1229028
This update for ncurses fixes the following issues:
- Allow the terminal description based on static fallback entries to be freed (bsc#1229028)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3359-1
Released: Fri Sep 20 17:31:14 2024
Summary: Recommended update for pgaudit, postgresql
Type: recommended
Severity: moderate
References: 1230423
This update for pgaudit, postgresql fixes the following issues:
- Relax the dependency of extensions on the server
version from exact major.minor to greater or equal, after Tom
Lane confirmed on the PostgreSQL packagers list that ABI
stability is being taken care of between minor releases. (bsc#1230423)
pgaudit is rebuilt with updated postgresql requires.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3470-1
Released: Fri Sep 27 14:34:46 2024
Summary: Security update for python3
Type: security
Severity: important
References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592
This update for python3 fixes the following issues:
- CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
- CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233).
- CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596).
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
Bug fixes:
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999).
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
- Remove %suse_update_desktop_file macro as it is not useful any more.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3501-1
Released: Tue Oct 1 16:03:34 2024
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1230698,CVE-2024-41996
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3504-1
Released: Tue Oct 1 16:22:27 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1230638
This update for glibc fixes the following issue:
- Use nss-systemd by default also in SLE (bsc#1230638).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3512-1
Released: Wed Oct 2 18:14:56 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1226414,1228091,1228223,1228809,1229518
This update for systemd fixes the following issues:
- Determine the effective user limits in a systemd setup (jsc#PED-5659)
- Don't try to restart the udev socket units anymore. (bsc#1228809).
- Add systemd.rules rework (bsc#1229518).
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091).
- upstream commit (bsc#1226414).
- Make the 32bit version of libudev.so available again (bsc#1228223).
- policykit-1 renamed to polkitd
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3528-1
Released: Fri Oct 4 15:31:43 2024
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1230145
This update for e2fsprogs fixes the following issue:
- resize2fs: Check number of group descriptors only if meta_bg is disabled
(bsc#1230145).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3589-1
Released: Thu Oct 10 16:39:07 2024
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1230111
This update for cyrus-sasl fixes the following issues:
- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 )
RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3597-1
Released: Fri Oct 11 10:39:52 2024
Summary: Recommended update for bash
Type: recommended
Severity: moderate
References: 1227807
This update for bash fixes the following issues:
- Load completion file eveh if a brace expansion is in the
command line included (bsc#1227807).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3659-1
Released: Wed Oct 16 15:12:47 2024
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1188441,1210959,1214915,1219031,1220724,1221601
This update for gcc14 fixes the following issues:
This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 13 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc14 compilers use:
- install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages.
- override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages.
For a full changelog with all new GCC14 features, check out
https://gcc.gnu.org/gcc-14/changes.html
- Add libquadmath0-devel-gcc14 sub-package to allow installing
quadmath.h and SO link without installing the fortran frontend
- Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441]
- Remove timezone Recommends from the libstdc++6 package. [bsc#1221601]
- Revert libgccjit dependency change. [bsc#1220724]
- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Re-enable AutoReqProv for cross packages but filter files processed
via __requires_exclude_from and __provides_exclude_from.
[bsc#1219031]
- Package m2rte.so plugin in the gcc14-m2 sub-package rather than
in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs
are linked against libstdc++6.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3726-1
Released: Fri Oct 18 11:56:40 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1231051
This update for glibc fixes the following issue:
- Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3879-1
Released: Fri Nov 1 17:04:25 2024
Summary: Security update for python3
Type: security
Severity: moderate
References: 1230906,1232241,CVE-2024-9287
This update for python3 fixes the following issues:
Security fixes:
- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)
Other fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3905-1
Released: Mon Nov 4 13:39:01 2024
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1220262,1224258,1224260,1224264,1224265,1224266,1224267,1224268,1224269,1224270,1224271,1224272,1224273,1224275,1228618,1228619,1228623,CVE-2023-50782
This update for openssl-1_1 fixes the following issues:
Security fixes:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
Other fixes:
- FIPS: AES GCM external IV implementation (bsc#1228618)
- FIPS: Mark PBKDF2 and HKDF HMAC input keys with size >= 112 bits as approved in the SLI. (bsc#1228623)
- FIPS: Enforce KDF in FIPS style (bsc#1224270)
- FIPS: Mark HKDF and TLSv1.3 KDF as approved in the SLI (bsc#1228619)
- FIPS: The X9.31 scheme is not approved for RSA signature operations in FIPS 186-5. (bsc#1224269)
- FIPS: Differentiate the PSS length requirements (bsc#1224275)
- FIPS: Mark sigGen and sigVer primitives as non-approved (bsc#1224272)
- FIPS: Disable PKCSv1.5 and shake in FIPS mode (bsc#1224271)
- FIPS: Mark SHA1 as non-approved in the SLI (bsc#1224266)
- FIPS: DH FIPS selftest and safe prime group (bsc#1224264)
- FIPS: Remove not needed FIPS DRBG files (bsc#1224268)
- FIPS: Add Pair-wise Consistency Test when generating DH key (bsc#1224265)
- FIPS: Disallow non-approved KDF types (bsc#1224267)
- FIPS: Disallow RSA sigVer with 1024 and ECDSA sigVer/keyVer P-192 (bsc#1224273)
- FIPS: DRBG component chaining (bsc#1224258)
- FIPS: Align CRNGT_BUFSIZ with Jitter RNG output size (bsc#1224260)
The following package changes have been done:
- glibc-2.38-150600.14.14.2 updated
- libuuid1-2.39.3-150600.4.12.2 updated
- libsasl2-3-2.1.28-150600.7.3.1 updated
- libcom_err2-1.47.0-150600.4.6.2 updated
- libgcc_s1-14.2.0+git10526-150000.1.3.3 updated
- libstdc++6-14.2.0+git10526-150000.1.3.3 updated
- libncurses6-6.1-150000.5.27.1 updated
- terminfo-base-6.1-150000.5.27.1 updated
- libopenssl3-3.1.4-150600.5.18.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated
- libreadline7-7.0-150400.27.3.2 updated
- bash-4.4-150400.27.3.2 updated
- bash-sh-4.4-150400.27.3.2 updated
- libexpat1-2.4.4-150400.3.22.1 updated
- libsystemd0-254.18-150600.4.15.10 updated
- glibc-locale-base-2.38-150600.14.14.2 updated
- libopenssl1_1-1.1.1w-150600.5.9.1 updated
- glibc-locale-2.38-150600.14.14.2 updated
- libpython3_6m1_0-3.6.15-150300.10.75.1 updated
- python3-base-3.6.15-150300.10.75.1 updated
- postgresql-16-150600.17.3.2 updated
- postgresql-server-16-150600.17.3.2 updated
- postgresql-contrib-16-150600.17.3.2 updated
- container:suse-manager-5.0-init-5.0.2-5.0.2-7.6.16 added
- container:suse-manager-5.0-init-5.0.1-5.0.1-7.3.17 removed
More information about the sle-container-updates
mailing list