SUSE-IU-2024:1439-1: Security update of suse/sl-micro/6.0/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Oct 3 07:05:48 UTC 2024 

SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:1439-1
Image Tags        : suse/sl-micro/6.0/baremetal-os-container:2.1.2 , suse/sl-micro/6.0/baremetal-os-container:2.1.2-3.59 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release     : 3.59
Severity          : moderate
Type              : security
References        : 1227052 CVE-2024-1753 CVE-2024-24786 CVE-2024-3727 CVE-2024-6104
-----------------------------------------------------------------

The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 46
Released:    Thu Sep 12 11:46:29 2024
Summary:     Security update for podman
Type:        security
Severity:    moderate
References:  1227052,CVE-2024-1753,CVE-2024-24786,CVE-2024-3727,CVE-2024-6104
This update for podman fixes the following issues:

- CVE-2024-6104: Fixed dependency issue with go-retryablehttp: url might write sensitive information to log file (bsc#1227052).

- Update to version 4.9.5:
  * Bump to v4.9.5
  * Update release notes for v4.9.5
  * fix 'concurrent map writes' in network ls compat endpoint
  * [v4.9] Fix for CVE-2024-3727
  * Disable failing bud test
  * CI Maintenance: Disable machine tests
  * [CI:DOCS] Allow downgrade of WiX
  * [CI:DOCS] Force WiX 3.11
  * [CI:DOCS] Fix windows installer action
  * Bump to v4.9.5-dev
  * Bump to v4.9.4
  * Update release notes for v4.9.4
  * [v4.9] Bump Buildah to v1.33.7, CVE-2024-1753, CVE-2024-24786
  * Add farm command to commands list
  * Bump to FreeBSD 13.3 (13.2 vanished)
  * Update health-start-periods docs
  * Don't update health check status during initialDelaySeconds
  * image scp: don't require port for ssh URL
  * Ignore docker's end point config when the final network mode isn't bridge.
  * Fix running container from docker client with rootful in rootless podman.
  * [skip-ci] Packit: remove koji and bodhi tasks for v4.9
  * Bump to v4.9.4-dev
  * Remove gitleaks scanning


The following package changes have been done:

- SL-Micro-release-6.0-24.16 updated
- podman-4.9.5-1.1 updated
- container:SL-Micro-base-container-2.1.2-3.35 updated

More information about the sle-container-updates mailing list