SUSE-IU-2024:1349-1: Security update of suse-sles-15-sp3-chost-byos-v20240912-x86_64-gen2
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Sep 17 07:01:31 UTC 2024
SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20240912-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:1349-1
Image Tags : suse-sles-15-sp3-chost-byos-v20240912-x86_64-gen2:20240912
Image Release :
Severity : critical
Type : security
References : 1065729 1081596 1179610 1186463 1194818 1200528 1214855 1216834
1217070 1218820 1219267 1219268 1219438 1220185 1220186 1220187
1220356 1221243 1221539 1221677 1221916 1222021 1222728 1222824
1222985 1223094 1223409 1223571 1223863 1224014 1224016 1224044
1224117 1224771 1224918 1225267 1225404 1225431 1226014 1226030
1226227 1226493 1226519 1226550 1226574 1226575 1226662 1226666
1226785 1227127 1227138 1227205 1227213 1227308 1227362 1227487
1227525 1227625 1227716 1227750 1227793 1227810 1227836 1227976
1228013 1228040 1228043 1228105 1228114 1228124 1228138 1228206
1228208 1228265 1228324 1228328 1228420 1228535 1228535 1228553
1228561 1228574 1228575 1228644 1228743 1228787 1229339 1230092
1230093 222971 CVE-2020-26558 CVE-2021-0129 CVE-2021-47126 CVE-2021-47219
CVE-2021-47291 CVE-2021-47506 CVE-2021-47520 CVE-2021-47580 CVE-2021-47598
CVE-2021-47600 CVE-2022-1996 CVE-2022-48792 CVE-2022-48821 CVE-2022-48822
CVE-2023-45142 CVE-2023-47108 CVE-2023-52686 CVE-2023-52885 CVE-2024-1753
CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24786 CVE-2024-26583
CVE-2024-26584 CVE-2024-26585 CVE-2024-26800 CVE-2024-28180 CVE-2024-31145
CVE-2024-31146 CVE-2024-34397 CVE-2024-36974 CVE-2024-3727 CVE-2024-38559
CVE-2024-39494 CVE-2024-40937 CVE-2024-40956 CVE-2024-41011 CVE-2024-41059
CVE-2024-41069 CVE-2024-41090 CVE-2024-41110 CVE-2024-42145 CVE-2024-45310
CVE-2024-5535 CVE-2024-6345 CVE-2024-7264 CVE-2024-7264 CVE-2024-8096
-----------------------------------------------------------------
The container suse-sles-15-sp3-chost-byos-v20240912-x86_64-gen2 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2869-1
Released: Fri Aug 9 15:59:29 2024
Summary: Security update for ca-certificates-mozilla
Type: security
Severity: important
References: 1220356,1227525
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2870-1
Released: Mon Aug 12 06:52:05 2024
Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin
Type: recommended
Severity: important
References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971
This update for libzypp, zypper, libsolv, zypp-plugin fixes the following issues:
- Make sure not to statically linked installed tools (bsc#1228787)
- MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208)
- Export asSolvable for YAST (bsc#1228420)
- Export CredentialManager for legacy YAST versions (bsc#1228420)
- Fix 4 typos in zypp.conf
- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- Removed dependency on external find program in the repo2solv tool
- Fix return value of repodata.add_solv()
- New SOLVER_FLAG_FOCUS_NEW flag
- Report unsupported compression in solv_xfopen() with errno
- Fix return value of repodata.add_solv() in the bindings
- Fix SHA-224 oid in solv_pgpvrfy
- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
- Fix int overflow in Provider
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- Keep UrlResolverPlugin API public
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
- Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205)
- Show rpm install size before installing (bsc#1224771)
- Install zypp/APIConfig.h legacy include
- Update soname due to RepoManager refactoring and cleanup
- Workaround broken libsolv-tools-base requirements
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows
- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2899-1
Released: Wed Aug 14 02:37:38 2024
Summary: Security update for python-setuptools
Type: security
Severity: important
References: 1228105,CVE-2024-6345
This update for python-setuptools fixes the following issues:
- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2909-1
Released: Wed Aug 14 14:47:44 2024
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1227138,CVE-2024-5535
This update for openssl-1_1 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2912-1
Released: Wed Aug 14 20:20:12 2024
Summary: Recommended update for cloud-regionsrv-client
Type: recommended
Severity: important
References: 1222985,1223571,1224014,1224016,1227308
This update for cloud-regionsrv-client contains the following fixes:
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2919-1
Released: Thu Aug 15 07:00:00 2024
Summary: Recommended update for grub2
Type: recommended
Severity: important
References: 1228124
This update for grub2 fixes the following issues:
- Fix btrfs subvolume for platform modules not mounting at runtime when the
default subvolume is the topmost root tree (bsc#1228124)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2930-1
Released: Thu Aug 15 11:35:03 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1228535,CVE-2024-7264
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2948-1
Released: Fri Aug 16 15:47:51 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1065729,1179610,1186463,1216834,1218820,1220185,1220186,1220187,1221539,1222728,1222824,1223863,1224918,1225404,1225431,1226519,1226550,1226574,1226575,1226662,1226666,1226785,1227213,1227362,1227487,1227716,1227750,1227810,1227836,1227976,1228013,1228040,1228114,1228328,1228561,1228644,1228743,CVE-2020-26558,CVE-2021-0129,CVE-2021-47126,CVE-2021-47219,CVE-2021-47291,CVE-2021-47506,CVE-2021-47520,CVE-2021-47580,CVE-2021-47598,CVE-2021-47600,CVE-2022-48792,CVE-2022-48821,CVE-2022-48822,CVE-2023-52686,CVE-2023-52885,CVE-2024-26583,CVE-2024-26584,CVE-2024-26585,CVE-2024-26800,CVE-2024-36974,CVE-2024-38559,CVE-2024-39494,CVE-2024-40937,CVE-2024-40956,CVE-2024-41011,CVE-2024-41059,CVE-2024-41069,CVE-2024-41090,CVE-2024-42145
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (bsc#1179610).
- CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bsc#1186463).
- CVE-2021-47126: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (bsc#1221539).
- CVE-2021-47219: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (bsc#1222824).
- CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1224918).
- CVE-2021-47506: nfsd: fix use-after-free due to delegation race (bsc#1225404).
- CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431).
- CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1226575).
- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013).
- CVE-2022-48821: misc: fastrpc: avoid double fput() on failed usercopy (bsc#1227976).
- CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729).
- CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227750).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).
The following non-security bugs were fixed:
- Fix spurious WARNING caused by a qxl driver patch (bsc#1227213)
- nfs: Clean up directory array handling (bsc#1226662).
- nfs: Clean up nfs_readdir_page_filler() (bsc#1226662).
- nfs: Clean up readdir struct nfs_cache_array (bsc#1226662).
- nfs: Do not discard readdir results (bsc#1226662).
- nfs: Do not overfill uncached readdir pages (bsc#1226662).
- nfs: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- nfs: Ensure contents of struct nfs_open_dir_context are consistent (bsc#1226662).
- nfs: Fix up directory verifier races (bsc#1226662).
- nfs: Further optimisations for 'ls -l' (bsc#1226662).
- nfs: More readdir cleanups (bsc#1226662).
- nfs: Reduce number of RPC calls when doing uncached readdir (bsc#1226662).
- nfs: Reduce use of uncached readdir (bsc#1226662).
- nfs: Support larger readdir buffers (bsc#1226662).
- nfs: Use the 64-bit server readdir cookies when possible (bsc#1226662).
- nfs: optimise readdir cache page invalidation (bsc#1226662).
- nfsv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- powerpc/rtas: clean up includes (bsc#1227487).
- x.509: Fix the parser of extended key usage for length (bsc#1218820, bsc#1226666).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2967-1
Released: Mon Aug 19 15:41:29 2024
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1194818
This update for pam fixes the following issue:
- Prevent cursor escape from the login prompt (bsc#1194818).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2998-1
Released: Thu Aug 22 12:52:17 2024
Summary: Security update for glib2
Type: security
Severity: low
References: 1224044,CVE-2024-34397
This update for glib2 fixes the following issues:
- Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3001-1
Released: Fri Aug 23 10:15:42 2024
Summary: Security update for xen
Type: security
Severity: important
References: 1228574,1228575,CVE-2024-31145,CVE-2024-31146
This update for xen fixes the following issues:
- CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574)
- CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3026-1
Released: Tue Aug 27 13:20:03 2024
Summary: Recommended update for supportutils
Type: recommended
Severity: moderate
References: 1222021,1227127,1228265
This update for supportutils fixes the following issues:
Changes to version 3.2.8
+ Avoid getting duplicate kernel verifications in boot.text (pr#190)
+ lvm: suppress file descriptor leak warnings from lvm commands (pr#191)
+ docker_info: Add timestamps to container logs (pr#196)
+ Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198)
+ Update supportconfig get pam.d sorted (pr#199)
+ yast_files: Exclude .zcat (pr#201)
+ Sanitize grub bootloader (bsc#1227127, pr#203)
+ Sanitize regcodes (pr#204)
+ Improve product detection (pr#205)
+ Add read_values for s390x (bsc#1228265, pr#206)
+ hardware_info: Remove old alsa ver check (pr#209)
+ drbd_info: Fix incorrect escape of quotes (pr#210)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3071-1
Released: Mon Sep 2 15:17:11 2024
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1229339
This update for suse-build-key fixes the following issue:
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3120-1
Released: Tue Sep 3 17:12:56 2024
Summary: Security update for buildah, docker
Type: security
Severity: critical
References: 1214855,1219267,1219268,1219438,1221243,1221677,1221916,1223409,1224117,1228324,CVE-2024-1753,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653,CVE-2024-24786,CVE-2024-28180,CVE-2024-3727,CVE-2024-41110
This update for buildah, docker fixes the following issues:
Changes in docker:
- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)
- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)
Other fixes:
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- Update to Docker 25.0.5-ce (bsc#1223409)
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. (bsc#1221916)
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. (bsc#1214855)
Changes in buildah:
- Update to version 1.35.4:
* [release-1.35] Bump to Buildah v1.35.4
* [release-1.35] CVE-2024-3727 updates (bsc#1224117)
* integration test: handle new labels in 'bud and test --unsetlabel'
* [release-1.35] Bump go-jose CVE-2024-28180
* [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180
- Update to version 1.35.3:
* [release-1.35] Bump to Buildah v1.35.3
* [release-1.35] correctly configure /etc/hosts and resolv.conf
* [release-1.35] buildah: refactor resolv/hosts setup.
* [release-1.35] rename the hostFile var to reflect
* [release-1.35] Bump c/common to v0.58.1
* [release-1.35] Bump Buildah to v1.35.2
* [release-1.35] CVE-2024-24786 protobuf to 1.33
* [release-1.35] Bump to v1.35.2-dev
- Update to version 1.35.1:
* [release-1.35] Bump to v1.35.1
* [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677)
- Buildah dropped cni support, require netavark instead (bsc#1221243)
- Remove obsolete requires libcontainers-image & libcontainers-storage
- Require passt for rootless networking (poo#156955)
Buildah moved to passt/pasta for rootless networking from slirp4netns
(https://github.com/containers/common/pull/1846)
- Update to version 1.35.0:
* Bump v1.35.0
* Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0
* conformance tests: don't break on trailing zeroes in layer blobs
* Add a conformance test for copying to a mounted prior stage
* fix(deps): update module github.com/stretchr/testify to v1.9.0
* cgroups: reuse version check from c/common
* Update vendor of containers/(common,image)
* fix(deps): update github.com/containers/storage digest to eadc620
* fix(deps): update github.com/containers/luksy digest to ceb12d4
* fix(deps): update github.com/containers/image/v5 digest to cdc6802
* manifest add: complain if we get artifact flags without --artifact
* Use retry logic from containers/common
* Vendor in containers/(storage,image,common)
* Update module golang.org/x/crypto to v0.20.0
* Add comment re: Total Success task name
* tests: skip_if_no_unshare(): check for --setuid
* Properly handle build --pull=false
* [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
* Update module go.etcd.io/bbolt to v1.3.9
* Revert 'Reduce official image size'
* Update module github.com/opencontainers/image-spec to v1.1.0
* Reduce official image size
* Build with CNI support on FreeBSD
* build --all-platforms: skip some base 'image' platforms
* Bump main to v1.35.0-dev
* Vendor in latest containers/(storage,image,common)
* Split up error messages for missing --sbom related flags
* `buildah manifest`: add artifact-related options
* cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
* cmd/buildah/manifest.go: don't make struct declarations aliases
* Use golang.org/x/exp/slices.Contains
* Disable loong64 again
* Fix a couple of typos in one-line comments
* egrep is obsolescent; use grep -E
* Try Cirrus with a newer VM version
* Set CONTAINERS_CONF in the chroot-mount-flags integration test
* Update to match dependency API update
* Update github.com/openshift/imagebuilder and containers/common
* docs: correct default authfile path
* fix(deps): update module github.com/containerd/containerd to v1.7.13
* tests: retrofit test for heredoc summary
* build, heredoc: show heredoc summary in build output
* manifest, push: add support for --retry and --retry-delay
* fix(deps): update github.com/openshift/imagebuilder digest to b767bc3
* imagebuildah: fix crash with empty RUN
* fix(deps): update github.com/containers/luksy digest to b62d551
* fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security]
* fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]
* Make buildah match podman for handling of ulimits
* docs: move footnotes to where they're applicable
* Allow users to specify no-dereference
* Run codespell on code
* Fix FreeBSD version parsing
* Fix a build break on FreeBSD
* Remove a bad FROM line
* fix(deps): update module github.com/onsi/gomega to v1.31.1
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6
* docs: use reversed logo for dark theme in README
* build,commit: add --sbom to scan and produce SBOMs when committing
* commit: force omitHistory if the parent has layers but no history
* docs: fix a couple of typos
* internal/mkcw.Archive(): handle extra image content
* stage_executor,heredoc: honor interpreter in heredoc
* stage_executor,layers: burst cache if heredoc content is changed
* fix(deps): update module golang.org/x/crypto to v0.18.0
* Replace map[K]bool with map[K]struct{} where it makes sense
* fix(deps): update module golang.org/x/sync to v0.6.0
* fix(deps): update module golang.org/x/term to v0.16.0
* Bump CI VMs
* Replace strings.SplitN with strings.Cut
* fix(deps): update github.com/containers/storage digest to ef81e9b
* fix(deps): update github.com/containers/image/v5 digest to 1b221d4
* fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1
* Document use of containers-transports values in buildah
* fix(deps): update module golang.org/x/crypto to v0.17.0 [security]
* chore(deps): update dependency containers/automation_images to v20231208
* manifest: addCompression use default from containers.conf
* commit: add a --add-file flag
* mkcw: populate the rootfs using an overlay
* chore(deps): update dependency containers/automation_images to v20230517
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containernetworking/plugins to v1.4.0
* fix(deps): update github.com/containers/image/v5 digest to 7a40fee
* Bump to v1.34.1-dev
* Ignore errors if label.Relabel returns ENOSUP
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3167-1
Released: Mon Sep 9 12:31:59 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1228043
This update for glibc fixes the following issue:
- s390x: Fix segfault in wcsncmp (bsc#1228043).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3185-1
Released: Tue Sep 10 08:15:38 2024
Summary: Recommended update for cups
Type: recommended
Severity: moderate
References: 1226227
This update for cups fixes the following issues:
- Fixed cupsd failing to authenticate users when group membership is required (bsc#1226227)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3202-1
Released: Wed Sep 11 10:54:47 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1228535,1230093,CVE-2024-7264,CVE-2024-8096
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
- CVE-2024-7264: ASN.1 date parser overread. (bsc#1228535)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3221-1
Released: Thu Sep 12 13:18:18 2024
Summary: Security update for containerd
Type: security
Severity: important
References: 1200528,1217070,1228553,CVE-2022-1996,CVE-2023-45142,CVE-2023-47108
This update for containerd fixes the following issues:
- Update to containerd v1.7.21
- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070)
- CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3222-1
Released: Thu Sep 12 13:20:47 2024
Summary: Security update for runc
Type: security
Severity: low
References: 1230092,CVE-2024-45310
This update for runc fixes the following issues:
- Update to runc v1.1.14
- CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092)
The following package changes have been done:
- ca-certificates-mozilla-2.68-150200.33.1 updated
- containerd-ctr-1.7.21-150000.117.1 updated
- containerd-1.7.21-150000.117.1 updated
- cups-config-2.2.7-150000.3.65.1 updated
- curl-7.66.0-150200.4.78.1 updated
- docker-25.0.6_ce-150000.207.1 updated
- glibc-locale-base-2.31-150300.86.3 updated
- glibc-locale-2.31-150300.86.3 updated
- glibc-2.31-150300.86.3 updated
- grub2-i386-pc-2.04-150300.22.46.1 updated
- grub2-x86_64-efi-2.04-150300.22.46.1 updated
- grub2-2.04-150300.22.46.1 updated
- kernel-default-5.3.18-150300.59.170.1 updated
- libcups2-2.2.7-150000.3.65.1 updated
- libcurl4-7.66.0-150200.4.78.1 updated
- libglib-2_0-0-2.62.6-150200.3.21.1 updated
- libopenssl1_1-1.1.1d-150200.11.94.1 updated
- libsolv-tools-base-0.7.30-150200.37.2 updated
- libsolv-tools-0.7.30-150200.37.2 updated
- libyaml-0-2-0.1.7-150000.3.2.1 added
- libzypp-17.35.8-150200.121.1 updated
- openssl-1_1-1.1.1d-150200.11.94.1 updated
- pam-1.3.0-150000.6.71.2 updated
- python-azure-agent-config-server-2.9.1.1-150100.3.44.2 updated
- python-azure-agent-2.9.1.1-150100.3.44.2 updated
- python3-PyYAML-5.4.1-150300.3.3.1 updated
- python3-setuptools-40.5.0-150100.6.9.1 updated
- runc-1.1.14-150000.70.1 updated
- supportutils-3.2.8-150300.7.35.33.1 updated
- suse-build-key-12.0-150000.8.52.3 updated
- xen-libs-4.14.6_18-150300.3.78.1 updated
- zypper-1.14.76-150200.88.10 updated
- libprotobuf-lite20-3.9.2-150200.4.21.1 removed
More information about the sle-container-updates
mailing list