SUSE-CU-2024:4033-1: Security update of bci/kiwi

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Sep 6 07:15:55 UTC 2024 

SUSE Container Update Advisory: bci/kiwi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:4033-1
Container Tags        : bci/kiwi:9 , bci/kiwi:9-10.7 , bci/kiwi:9.24 , bci/kiwi:9.24-10.7 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-10.7 , bci/kiwi:latest
Container Release     : 10.7
Severity              : important
Type                  : security
References            : 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753
                        1221760 1221786 1221787 1221821 1221822 1221824 1221827 1224113
                        1228808 1228968 1229160 1229329 1229465 1229975 CVE-2024-6119
-----------------------------------------------------------------

The container bci/kiwi was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3103-1
Released:    Tue Sep  3 16:59:06 2024
Summary:     Recommended update for xfsprogs
Type:        recommended
Severity:    moderate
References:  1229160
This update for xfsprogs fixes the following issue:

- xfs_repair: allow symlinks with short remote targets (bsc#1229160)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3106-1
Released:    Tue Sep  3 17:00:40 2024
Summary:     Security update for openssl-3
Type:        security
Severity:    moderate
References:  1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119
This update for openssl-3 fixes the following issues:

- CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)

Other fixes:    
    
- FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365).
- FIPS: RSA keygen PCT requirements.
- FIPS: Check that the fips provider is available before setting
  it as the default provider in FIPS mode (bsc#1220523).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: Block non-Approved Elliptic Curves (bsc#1221786).
- FIPS: Service Level Indicator (bsc#1221365).
- FIPS: Output the FIPS-validation name and module version which uniquely
  identify the FIPS validated module (bsc#1221751).
- FIPS: Add required selftests: (bsc#1221760).
- FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821).
- FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827).
- FIPS: Zero initialization required (bsc#1221752).
- FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696).
- FIPS: NIST SP 800-56Brev2 (bsc#1221824).
- FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: NIST SP 800-56Arev3 (bsc#1221822).
- FIPS: Error state has to be enforced (bsc#1221753).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3124-1
Released:    Tue Sep  3 17:38:34 2024
Summary:     Recommended update for cryptsetup
Type:        recommended
Severity:    moderate
References:  1229975
This update for cryptsetup fixes the following issues:

- FIPS: Extend the password for PBKDF2 benchmarking to be more than 20
  chars to meet FIPS 140-3 requirements (bsc#1229975)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3131-1
Released:    Tue Sep  3 17:42:24 2024
Summary:     Recommended update for mozilla-nss
Type:        recommended
Severity:    moderate
References:  1224113
This update for mozilla-nss fixes the following issues:

- FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3132-1
Released:    Tue Sep  3 17:43:10 2024
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1228968,1229329
This update for permissions fixes the following issues:

- Update to version 20240826:
  * permissions: remove outdated entries (bsc#1228968)

- Update to version 20240826:
  * cockpit: revert path change (bsc#1229329)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3141-1
Released:    Wed Sep  4 12:30:32 2024
Summary:     Recommended update for python-kiwi
Type:        recommended
Severity:    important
References:  1228808
This update for python-kiwi fixes the following issues:

- Update virtualenv setup
- types-pkg_resources got dropped from PyPI
- Fixed regression in GRUB_SERIAL_COMMAND setup (bsc#1228808)


The following package changes have been done:

- libopenssl3-3.1.4-150600.5.15.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated
- permissions-20240826-150600.10.9.1 updated
- openssl-3-3.1.4-150600.5.15.1 updated
- kiwi-tools-9.24.43-150100.3.84.1 updated
- libfreebl3-3.101.2-150400.3.51.1 updated
- libcryptsetup12-2.7.0-150600.3.3.1 updated
- xfsprogs-6.7.0-150600.3.6.2 updated
- mozilla-nss-certs-3.101.2-150400.3.51.1 updated
- cryptsetup-2.7.0-150600.3.3.1 updated
- mozilla-nss-3.101.2-150400.3.51.1 updated
- libsoftokn3-3.101.2-150400.3.51.1 updated
- kiwi-systemdeps-core-9.24.43-150100.3.84.1 updated
- dracut-kiwi-lib-9.24.43-150100.3.84.1 updated
- dracut-kiwi-oem-repart-9.24.43-150100.3.84.1 updated
- kiwi-systemdeps-filesystems-9.24.43-150100.3.84.1 updated
- python3-kiwi-9.24.43-150100.3.84.1 updated
- container:sles15-image-15.6.0-47.11.10 updated

More information about the sle-container-updates mailing list