SUSE-CU-2024:4307-1: Security update of bci/openjdk-devel

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Sep 17 07:12:41 UTC 2024 

SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:4307-1
Container Tags        : bci/openjdk-devel:17 , bci/openjdk-devel:17-29.3
Container Release     : 29.3
Severity              : moderate
Type                  : security
References            : 1229476 1229930 1229931 1229932 CVE-2024-45490 CVE-2024-45491
                        CVE-2024-45492 
-----------------------------------------------------------------

The container bci/openjdk-devel was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3216-1
Released:    Thu Sep 12 13:05:20 2024
Summary:     Security update for expat
Type:        security
Severity:    moderate
References:  1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492
This update for expat fixes the following issues:

- CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
- CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
- CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3237-1
Released:    Fri Sep 13 11:49:56 2024
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1229476
This update for util-linux fixes the following issue:

- Skip aarch64 decode path for rest of the architectures (bsc#1229476).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3245-1
Released:    Mon Sep 16 07:55:19 2024
Summary:     Recommended update for maven, maven-resolver, sbt, xmvn
Type:        recommended
Severity:    moderate
References:  
This update for maven, maven-resolver, sbt, xmvn fixes the following issues:

maven-resolver was upgraded to version 1.9.22:

- Bugs fixed:

  * Resolver-Supplier unusable in OSGi runtimes
  * Invalid Cookie set under proxy conditions
  * In typical setups, DefaultArtifact copies the same maps over and over again
  * Memory consumption improvements

- New Features:

  * Import o.e.aether packages with the exact same version in OSGi metadata

- Improvements:

  * Removed excessive strictness of OSGi dependency metadata


maven was upgraded to version 3.9.9:

-  Bugs fixed:

  * Fixed search for topDirectory when using -f / --file for Maven 3.9.x
  * Fixed Maven not finding extensions for -f when current dir is root
  * Fixed warning for com.sun:tools:jar that refers to a non-existing file
  * Fixed profile activation based on OS properties for 'mvn site'
  * Fixed Resolver wrongly assuming it is deploying a plugin by presence of META-INF/maven/plugins.xml in JAR
  * Fixed missing or mismatching Trusted Checksum for some artifacts is not properly reported
  * Fixed regression causing Property not resolved in profile pluginManagement

sbt, xmvn:

- Minor code improvements

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3247-1
Released:    Mon Sep 16 07:59:42 2024
Summary:     Recommended update for hamcrest
Type:        recommended
Severity:    moderate
References:  
This update for hamcrest fixes the following issues:

- hamcrest was updated to version 3.0:

  * Breaking Changes:

    + From version 3.0, the jar distributed to Maven Central is now
      compiled to Java 1.8 bytecode, and is not compatible with
      previous versions of Java.
      Developers who use Java 1.7 earlier can still depend upon
      hamcrest-2.2.jar.

  * Improvements:
  
    + FileMatchersTest simplification
    + License cleanup


The following package changes have been done:

- libuuid1-2.37.4-150500.9.17.2 updated
- libsmartcols1-2.37.4-150500.9.17.2 updated
- libblkid1-2.37.4-150500.9.17.2 updated
- libfdisk1-2.37.4-150500.9.17.2 updated
- libmount1-2.37.4-150500.9.17.2 updated
- util-linux-2.37.4-150500.9.17.2 updated
- libexpat1-2.4.4-150400.3.22.1 updated
- hamcrest-3.0-150200.12.20.1 updated
- maven-resolver-api-1.9.22-150200.3.26.1 updated
- maven-resolver-util-1.9.22-150200.3.26.1 updated
- maven-resolver-spi-1.9.22-150200.3.26.1 updated
- maven-resolver-named-locks-1.9.22-150200.3.26.1 updated
- maven-resolver-transport-file-1.9.22-150200.3.26.1 updated
- maven-resolver-connector-basic-1.9.22-150200.3.26.1 updated
- maven-resolver-transport-wagon-1.9.22-150200.3.26.1 updated
- maven-resolver-impl-1.9.22-150200.3.26.1 updated
- maven-resolver-transport-http-1.9.22-150200.3.26.1 updated
- maven-lib-3.9.9-150200.4.30.1 updated
- maven-3.9.9-150200.4.30.1 updated
- container:bci-openjdk-17-15.5.17-30.2 updated

More information about the sle-container-updates mailing list