SUSE-CU-2024:4184-1: Security update of suse/postgres

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Sep 11 07:10:30 UTC 2024 

SUSE Container Update Advisory: suse/postgres
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:4184-1
Container Tags        : suse/postgres:15 , suse/postgres:15-30.1 , suse/postgres:15.8 , suse/postgres:15.8 , suse/postgres:15.8-30.1 , suse/postgres:15.8-30.1
Container Release     : 30.1
Severity              : important
Type                  : security
References            : 1194818 1218297 1221479 1224282 1226414 1226463 1227138 1227186
                        1227187 1228043 1228091 1228770 1229013 1229013 916845 CVE-2013-4235
                        CVE-2013-4235 CVE-2023-7008 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371
                        CVE-2024-5535 CVE-2024-7348 CVE-2024-7348 
-----------------------------------------------------------------

The container suse/postgres was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2290-1
Released:    Wed Jul  3 11:35:00 2024
Summary:     Security update for libxml2
Type:        security
Severity:    low
References:  1224282,CVE-2024-34459
This update for libxml2 fixes the following issues:

- CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2302-1
Released:    Thu Jul  4 16:21:10 2024
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1227186,1227187,CVE-2024-37370,CVE-2024-37371
This update for krb5 fixes the following issues:

- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2658-1
Released:    Tue Jul 30 15:37:26 2024
Summary:     Security update for shadow
Type:        security
Severity:    important
References:  916845,CVE-2013-4235
This update for shadow fixes the following issues:

- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2679-1
Released:    Wed Jul 31 09:47:44 2024
Summary:     Recommended update for patterns-base
Type:        recommended
Severity:    moderate
References:  
This update for patterns-base fixes the following issues:

Added a fips-certified pattern matching the exact certified FIPS
versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss
and libgcrypt.

Note that applying this pattern might cause downgrade of various packages
and so deinstall security and bugfix updates released after the certified
binaries.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2804-1
Released:    Wed Aug  7 09:48:29 2024
Summary:     Security update for shadow
Type:        security
Severity:    moderate
References:  1228770,CVE-2013-4235
This update for shadow fixes the following issues:

- Fixed not copying of skel files (bsc#1228770)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2891-1
Released:    Tue Aug 13 11:39:53 2024
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1226463,1227138,CVE-2024-5535
This update for openssl-1_1 fixes the following issues:

- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)

Other fixes:
- Build with no-afalgeng (bsc#1226463)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2967-1
Released:    Mon Aug 19 15:41:29 2024
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1194818
This update for pam fixes the following issue:

- Prevent cursor escape from the login prompt (bsc#1194818).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3149-1
Released:    Thu Sep  5 17:05:36 2024
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1218297,1221479,1226414,1228091,CVE-2023-7008
This update for systemd fixes the following issues:

- CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297)

Other fixes:
- Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
- Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3167-1
Released:    Mon Sep  9 12:31:59 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1228043
This update for glibc fixes the following issue:

- s390x: Fix segfault in wcsncmp (bsc#1228043).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3168-1
Released:    Mon Sep  9 12:48:13 2024
Summary:     Security update for postgresql16
Type:        security
Severity:    important
References:  1229013,CVE-2024-7348
This update for postgresql16 fixes the following issues:

- Upgrade to 15.8 (bsc#1229013)
- CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3170-1
Released:    Mon Sep  9 12:51:44 2024
Summary:     Security update for postgresql16
Type:        security
Severity:    important
References:  1229013,CVE-2024-7348
This update for postgresql16 fixes the following issues:

- Upgrade to 16.4 (bsc#1229013)
- CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013)


The following package changes have been done:

- glibc-2.31-150300.86.3 updated
- login_defs-4.8.1-150400.10.21.1 updated
- libxml2-2-2.10.3-150500.5.17.1 updated
- libopenssl1_1-1.1.1l-150500.17.34.1 updated
- libopenssl1_1-hmac-1.1.1l-150500.17.34.1 updated
- krb5-1.20.1-150500.3.9.1 updated
- patterns-base-fips-20200124-150400.20.10.1 updated
- pam-1.3.0-150000.6.71.2 updated
- shadow-4.8.1-150400.10.21.1 updated
- libsystemd0-249.17-150400.8.43.1 updated
- glibc-locale-base-2.31-150300.86.3 updated
- libpq5-16.4-150200.5.16.1 updated
- glibc-locale-2.31-150300.86.3 updated
- postgresql15-15.8-150200.5.30.1 updated
- postgresql15-server-15.8-150200.5.30.1 updated
- container:sles15-image-15.0.0-36.14.21 updated

More information about the sle-container-updates mailing list