SUSE-CU-2024:5717-1: Security update of suse/manager/5.0/x86_64/server-attestation

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Mon Nov 18 16:16:56 UTC 2024 

SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-attestation
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:5717-1
Container Tags        : suse/manager/5.0/x86_64/server-attestation:5.0.2 , suse/manager/5.0/x86_64/server-attestation:5.0.2.6.8.1 , suse/manager/5.0/x86_64/server-attestation:latest
Container Release     : 6.8.1
Severity              : important
Type                  : security
References            : 1188441 1210959 1214915 1219031 1220262 1220724 1221601 1227807
                        1228972 1229028 1230638 1230698 1231051 1231702 1231711 1231716
                        1231719 1231833 CVE-2023-50782 CVE-2024-21208 CVE-2024-21210
                        CVE-2024-21217 CVE-2024-21235 CVE-2024-41996 
-----------------------------------------------------------------

The container suse/manager/5.0/x86_64/server-attestation was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3300-1
Released:    Wed Sep 18 14:27:53 2024
Summary:     Recommended update for ncurses
Type:        recommended
Severity:    moderate
References:  1229028
This update for ncurses fixes the following issues:

- Allow the terminal description based on static fallback entries to be freed (bsc#1229028)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3388-1
Released:    Mon Sep 23 10:34:24 2024
Summary:     Recommended update for snpguest
Type:        recommended
Severity:    moderate
References:  1228972
This update for snpguest fixes the following issues:

- Update vendor dependencies, fixing build failures with Rust 1.80 (bsc#1228972).
- Service: Remove deprecated cargo_config and cargo_audit services, both 
  are now handled by the cargo_vendor service
- Spec: Remove pre-release tag from the package version string

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3501-1
Released:    Tue Oct  1 16:03:34 2024
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1230698,CVE-2024-41996
This update for openssl-3 fixes the following issues:

- CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3504-1
Released:    Tue Oct  1 16:22:27 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1230638
This update for glibc fixes the following issue:

- Use nss-systemd by default also in SLE (bsc#1230638).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3597-1
Released:    Fri Oct 11 10:39:52 2024
Summary:     Recommended update for bash
Type:        recommended
Severity:    moderate
References:  1227807
This update for bash fixes the following issues:

- Load completion file eveh if a brace expansion is in the
  command line included (bsc#1227807).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3659-1
Released:    Wed Oct 16 15:12:47 2024
Summary:     Recommended update for gcc14
Type:        recommended
Severity:    moderate
References:  1188441,1210959,1214915,1219031,1220724,1221601
This update for gcc14 fixes the following issues:

This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474)

The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 13 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module.

The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.

To use gcc14 compilers use:

- install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages.
- override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages.

For a full changelog with all new GCC14 features, check out

	https://gcc.gnu.org/gcc-14/changes.html


- Add libquadmath0-devel-gcc14 sub-package to allow installing
  quadmath.h and SO link without installing the fortran frontend

- Avoid combine spending too much compile-time and memory doing nothing on s390x.  [bsc#1188441]
- Remove timezone Recommends from the libstdc++6 package.  [bsc#1221601]
- Revert libgccjit dependency change.  [bsc#1220724]
- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.
- Add cross-X-newlib-devel requires to newlib cross compilers.
  [bsc#1219031]
- Re-enable AutoReqProv for cross packages but filter files processed
  via __requires_exclude_from and __provides_exclude_from.
  [bsc#1219031]
- Package m2rte.so plugin in the gcc14-m2 sub-package rather than
  in gcc13-devel.  [bsc#1210959]
- Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs
  are linked against libstdc++6.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3726-1
Released:    Fri Oct 18 11:56:40 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1231051
This update for glibc fixes the following issue:

- Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3865-1
Released:    Fri Nov  1 16:10:37 2024
Summary:     Recommended update for gcc14
Type:        recommended
Severity:    moderate
References:  1231833
This update for gcc14 fixes the following issues:

- Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3875-1
Released:    Fri Nov  1 16:27:47 2024
Summary:     Security update for java-11-openjdk
Type:        security
Severity:    moderate
References:  1231702,1231711,1231716,1231719,CVE-2024-21208,CVE-2024-21210,CVE-2024-21217,CVE-2024-21235
This update for java-11-openjdk fixes the following issues:

Updated to version 11.0.25+9 (October 2024 CPU):

- CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702)
- CVE-2024-21210: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231711) 
- CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716)
- CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3943-1
Released:    Thu Nov  7 11:12:00 2024
Summary:     Security update for openssl-3
Type:        security
Severity:    moderate
References:  1220262,CVE-2023-50782
This update for openssl-3 fixes the following issues:

- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)


The following package changes have been done:

- libgcc_s1-14.2.0+git10526-150000.1.6.1 updated
- libstdc++6-14.2.0+git10526-150000.1.6.1 updated
- libreadline7-7.0-150400.27.3.2 updated
- bash-4.4-150400.27.3.2 updated
- glibc-2.38-150600.14.14.2 updated
- terminfo-base-6.1-150000.5.27.1 updated
- bash-sh-4.4-150400.27.3.2 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated
- libopenssl3-3.1.4-150600.5.21.1 updated
- snpguest-0.3.2-150600.3.3.2 updated
- libncurses6-6.1-150000.5.27.1 updated
- openssl-3-3.1.4-150600.5.21.1 updated
- java-11-openjdk-headless-11.0.25.0-150000.3.119.1 updated

More information about the sle-container-updates mailing list