SUSE-CU-2024:4257-1: Security update of rancher/elemental-operator

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Sep 13 15:33:07 UTC 2024 

SUSE Container Update Advisory: rancher/elemental-operator
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:4257-1
Container Tags        : rancher/elemental-operator:1.6.4 , rancher/elemental-operator:1.6.4-2.12 , rancher/elemental-operator:latest
Container Release     : 2.12
Severity              : important
Type                  : security
References            : 1188441 1199079 1220356 1220724 1221239 1221482 1221940 1222992
                        1223423 1223424 1223425 1227525 1228041 CVE-2024-2961 CVE-2024-33599
                        CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 
-----------------------------------------------------------------

The container rancher/elemental-operator was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 9
Released:    Fri Aug  9 10:33:34 2024
Summary:     Recommended update for bash, libcap-ng, libselinux, libselinux-bindings, libsemanage, zypper
Type:        recommended
Severity:    low
References:  
This update fixes the following issues:

- No change rebuild due to dependency changes.

-----------------------------------------------------------------
Advisory ID: 24
Released:    Wed Aug 28 13:31:01 2024
Summary:     Security update for ca-certificates-mozilla
Type:        security
Severity:    important
References:  1199079,1220356,1227525
This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
  - Added: FIRMAPROFESIONAL CA ROOT-A WEB
  - Distrust: GLOBALTRUST 2020

- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
  Added:
  - CommScope Public Trust ECC Root-01
  - CommScope Public Trust ECC Root-02
  - CommScope Public Trust RSA Root-01
  - CommScope Public Trust RSA Root-02
  - D-Trust SBR Root CA 1 2022
  - D-Trust SBR Root CA 2 2022
  - Telekom Security SMIME ECC Root 2021
  - Telekom Security SMIME RSA Root 2023
  - Telekom Security TLS ECC Root 2020
  - Telekom Security TLS RSA Root 2023
  - TrustAsia Global Root CA G3
  - TrustAsia Global Root CA G4
  Removed:
  - Autoridad de Certificacion Firmaprofesional CIF A62634068
  - Chambers of Commerce Root - 2008
  - Global Chambersign Root - 2008
  - Security Communication Root CA
  - Symantec Class 1 Public Primary Certification Authority - G6
  - Symantec Class 2 Public Primary Certification Authority - G6
  - TrustCor ECA-1
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - VeriSign Class 1 Public Primary Certification Authority - G3
  - VeriSign Class 2 Public Primary Certification Authority - G3

-----------------------------------------------------------------
Advisory ID: 29
Released:    Wed Sep  4 12:41:35 2024
Summary:     Recommended update for gcc13
Type:        recommended
Severity:    important
References:  1188441,1220724,1221239
This update for gcc13 fixes the following issues:

- Update to GCC 13.3 release

- Removed Fiji support from the GCN offload compiler as that is requiring
  Code Object version 3 which is no longer supported by llvm18.
- Avoid combine spending too much compile-time and memory doing nothing
  on s390x.  [bsc#1188441]
- Make requirement to lld version specific to avoid requiring the
  meta-package.
- Fix unwinding for JIT code.  [bsc#1221239] 
- Revert libgccjit dependency change.  [bsc#1220724]

-----------------------------------------------------------------
Advisory ID: 32
Released:    Thu Sep  5 12:12:35 2024
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1221482,1221940,1222992,1223423,1223424,1223425,1228041,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602
This update for glibc fixes the following issues:

Fixed security issues:

- CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)
- CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423)
- CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424)
- CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424)
- CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425)
- CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992)

Fixed non-security issues:

- Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482)
- Fix segfault in wcsncmp (bsc#1228041)
- Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482)
- Avoid creating ULP prologue for _start routine (bsc#1221940)
- Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482)
- malloc: Use __get_nprocs on arena_get2
- linux: Use rseq area unconditionally in sched_getcpu


The following package changes have been done:

- compat-usrmerge-tools-84.87-2.195 added
- system-user-root-20190513-2.208 updated
- filesystem-84.87-5.2 updated
- glibc-2.38-7.1 updated
- libtasn1-6-4.19.0-2.7 updated
- libpcre2-8-0-10.42-2.179 added
- libgmp10-6.3.0-1.119 updated
- libgcc_s1-13.3.0+git8781-1.1 updated
- libffi8-3.4.4-2.182 added
- libcap2-2.69-2.83 updated
- libattr1-2.5.1-2.193 updated
- libacl1-2.3.1-2.187 updated
- libselinux1-3.5-3.1 updated
- libstdc++6-13.3.0+git8781-1.1 updated
- libncurses6-6.4.20240224-10.2 updated
- terminfo-base-6.4.20240224-10.2 updated
- libp11-kit0-0.25.3-1.6 updated
- libreadline8-8.2-2.180 added
- bash-5.2.15-3.1 updated
- p11-kit-0.25.3-1.6 updated
- p11-kit-tools-0.25.3-1.6 updated
- bash-sh-5.2.15-3.1 updated
- coreutils-9.4-4.8 updated
- ca-certificates-2+git20230406.2dae8b7-2.8 updated
- ca-certificates-mozilla-2.68-1.1 updated
- container:suse-toolbox-image-1.0.0-6.51 added
- container:suse-sle15-15.5-- removed
- crypto-policies-20210917.c9d86d1-150400.3.6.1 removed
- findutils-4.8.0-1.20 removed
- info-6.5-4.17 removed
- libbz2-1-1.0.8-150400.1.122 removed
- libffi7-3.2.1.git259-10.8 removed
- libjitterentropy3-3.4.1-150000.1.12.1 removed
- liblzma5-5.2.3-150000.4.7.1 removed
- libopenssl1_1-1.1.1l-150500.17.31.1 removed
- libopenssl1_1-hmac-1.1.1l-150500.17.31.1 removed
- libreadline7-7.0-150400.25.22 removed
- libtasn1-4.13-150000.4.8.1 removed
- libz1-1.2.13-150500.4.3.1 removed
- libzio1-1.06-2.20 removed
- openssl-1_1-1.1.1l-150500.17.31.1 removed
- patterns-base-fips-20200124-150400.20.4.1 removed

More information about the sle-container-updates mailing list