SUSE-CU-2024:4371-1: Security update of suse/manager/5.0/x86_64/proxy-httpd
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Sep 17 11:36:32 UTC 2024
SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:4371-1
Container Tags : suse/manager/5.0/x86_64/proxy-httpd:5.0.1 , suse/manager/5.0/x86_64/proxy-httpd:5.0.1.7.5.1 , suse/manager/5.0/x86_64/proxy-httpd:latest
Container Release : 7.5.1
Severity : important
Type : security
References : 1082216 1082233 1188441 1211721 1213638 1218609 1219559 1220117
1220664 1221361 1221361 1221407 1221482 1221563 1221632 1221831
1221854 1222075 1222086 1222547 1222985 1223428 1223430 1223571
1223596 1223605 1223766 1224014 1224016 1224044 1224242 1224388
1225291 1225551 1225598 1225907 1226447 1226448 1226463 1227138
1227186 1227187 1227268 1227269 1227270 1227271 1227272 1227276
1227278 1227308 1227353 1228105 CVE-2018-6798 CVE-2018-6913 CVE-2023-52425
CVE-2024-0397 CVE-2024-0450 CVE-2024-28085 CVE-2024-34397 CVE-2024-36387
CVE-2024-37370 CVE-2024-37371 CVE-2024-38473 CVE-2024-38474 CVE-2024-38475
CVE-2024-38476 CVE-2024-38477 CVE-2024-39573 CVE-2024-39884 CVE-2024-4032
CVE-2024-4603 CVE-2024-4741 CVE-2024-5535 CVE-2024-6345
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1487-1
Released: Thu May 2 10:43:53 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1211721,1221361,1221407,1222547
This update for aaa_base fixes the following issues:
- home and end button not working from ssh client (bsc#1221407)
- use autosetup in prep stage of specfile
- drop the stderr redirection for csh (bsc#1221361)
- drop sysctl.d/50-default-s390.conf (bsc#1211721)
- make sure the script does not exit with 1 if a file with content is found (bsc#1222547)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1665-1
Released: Thu May 16 08:00:09 2024
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1221632
This update for coreutils fixes the following issues:
- ls: avoid triggering automounts (bsc#1221632)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1762-1
Released: Wed May 22 16:14:17 2024
Summary: Security update for perl
Type: security
Severity: important
References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
Non-security issue fixed:
- make Net::FTP work with TLS 1.3 (bsc#1213638)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1876-1
Released: Fri May 31 06:47:32 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1221361
This update for aaa_base fixes the following issues:
- Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1934-1
Released: Thu Jun 6 11:19:24 2024
Summary: Recommended update for sles15-image
Type: recommended
Severity: moderate
References:
This update for sles15-image fixes the following issues:
- update to SUSE LLC and use https (it's 2024)
- use more specific lifecycle url
- remove deprecated label duplication as those labels are
inherited into all derived containers as well causing
confusion
- set supportlevel to released and L3
- use the base-container-images landing page
- rename kiwi file to match package name
- move artifacthub.io labels outside labelling helper to
avoid duplication
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1943-1
Released: Fri Jun 7 17:04:06 2024
Summary: Security update for util-linux
Type: security
Severity: important
References: 1218609,1220117,1221831,1223605,CVE-2024-28085
This update for util-linux fixes the following issues:
- CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1950-1
Released: Fri Jun 7 17:20:14 2024
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1224044,CVE-2024-34397
This update for glib2 fixes the following issues:
Update to version 2.78.6:
+ Fix a regression with IBus caused by the fix for CVE-2024-34397
Changes in version 2.78.5:
+ Fix CVE-2024-34397: GDBus signal subscriptions for well-known
names are vulnerable to unicast spoofing. (bsc#1224044)
+ Bugs fixed:
- gvfs-udisks2-volume-monitor SIGSEGV in
g_content_type_guess_for_tree() due to filename with bad
encoding
- gcontenttype: Make filename valid utf-8 string before processing.
- gdbusconnection: Don't deliver signals if the sender doesn't match.
Changes in version 2.78.4:
+ Bugs fixed:
- Fix generated RST anchors for methods, signals and properties.
- docs/reference: depend on a native gtk-doc.
- gobject_gdb.py: Do not break bt on optimized build.
- gregex: clean up usage of _GRegex.jit_status.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1954-1
Released: Fri Jun 7 18:01:06 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1221482
This update for glibc fixes the following issues:
- Also include stat64 in the 32-bit libc_nonshared.a workaround
(bsc#1221482)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1997-1
Released: Tue Jun 11 17:24:32 2024
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1223596
This update for e2fsprogs fixes the following issues:
- EA Inode handling fixes:
- e2fsck: add more checks for ea inode consistency (bsc#1223596)
- e2fsck: fix golden output of several tests (bsc#1223596)
-----------------------------------------------------------------
Advisory ID: 33664
Released: Thu Jun 13 21:03:11 2024
Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings
Type: recommended
Severity: important
References: 1222086,1223430,1223766,1224242
This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues:
- Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242)
- Improve updating of installed multiversion packages
- Fix decision introspection going into an endless loop in some cases
- Split libsolv-tools into libsolv-tools-base [jsc#PED-8153]
- Improve checks against corrupt rpm
- Fixed check for outdated repo metadata as non-root user (bsc#1222086)
- Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153)
- Dynamically resolve libproxy (jsc#PED-8153)
- Fix download from gpgkey URL (bsc#1223430)
- Delay zypp lock until command options are parsed (bsc#1223766)
- Unify message format
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2066-1
Released: Tue Jun 18 13:16:09 2024
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741
This update for openssl-3 fixes the following issues:
Security issues fixed:
- CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388)
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
Other issues fixed:
- Enable livepatching support (bsc#1223428)
- Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2086-1
Released: Wed Jun 19 11:48:24 2024
Summary: Recommended update for gcc13
Type: recommended
Severity: moderate
References: 1188441
This update for gcc13 fixes the following issues:
Update to GCC 13.3 release
- Removed Fiji support from the GCN offload compiler as that is requiring
Code Object version 3 which is no longer supported by llvm18.
- Avoid combine spending too much compile-time and memory doing nothing
on s390x. [bsc#1188441]
- Make requirement to lld version specific to avoid requiring the
meta-package.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2214-1
Released: Tue Jun 25 17:11:26 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1225598
This update for util-linux fixes the following issue:
- Fix hang of lscpu -e (bsc#1225598)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2307-1
Released: Fri Jul 5 12:04:34 2024
Summary: Security update for krb5
Type: security
Severity: important
References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2405-1
Released: Thu Jul 11 10:21:19 2024
Summary: Security update for apache2
Type: security
Severity: important
References: 1227270,1227271,CVE-2024-38477,CVE-2024-39573
This update for apache2 fixes the following issues:
- CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270)
- CVE-2024-39573: Fixed potential SSRF in mod_rewrite (bsc#1227271)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2479-1
Released: Mon Jul 15 10:33:22 2024
Summary: Security update for python3
Type: security
Severity: important
References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032
This update for python3 fixes the following issues:
- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2597-1
Released: Tue Jul 23 09:03:59 2024
Summary: Security update for apache2
Type: security
Severity: important
References: 1227268,1227269,1227272,CVE-2024-36387,CVE-2024-38475,CVE-2024-38476
This update for apache2 fixes the following issues:
- CVE-2024-36387: Fixed DoS by null pointer in websocket over HTTP/2 (bsc#1227272)
- CVE-2024-38475: Fixed improper escaping of output in mod_rewrite (bsc#1227268)
- CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect (bsc#1227269)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2641-1
Released: Tue Jul 30 09:29:36 2024
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References:
This update for systemd fixes the following issues:
systemd was updated from version 254.13 to version 254.15:
- Changes in version 254.15:
* boot: cover for hardware keys on phones/tablets
* Conditional PSI check to reflect changes done in 5.13
* core/dbus-manager: refuse SoftReboot() for user managers
* core/exec-invoke: reopen OpenFile= fds with O_NOCTTY
* core/exec-invoke: use sched_setattr instead of sched_setscheduler
* core/unit: follow merged units before updating SourcePath= timestamp too
* coredump: correctly take tmpfs size into account for compression
* cryptsetup: improve TPM2 blob display
* docs: Add section to HACKING.md on distribution packages
* docs: fixed dead link to GNOME documentation
* docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type
* Fixed typo in CAP_BPF description
* LICENSES/README: expand text to summarize state for binaries and libs
* man: fully adopt ~/.local/state/
* man/systemd.exec: list inaccessible files for ProtectKernelTunables
* man/tmpfiles: remove outdated behavior regarding symlink ownership
* meson: bpf: propagate 'sysroot' for cross compilation
* meson: Define __TARGET_ARCH macros required by bpf
* mkfs-util: Set sector size for btrfs as well
* mkosi: drop CentOS 8 from CI
* mkosi: Enable hyperscale-packages-experimental for CentOS
* mountpoint-util: do not assume symlinks are not mountpoints
* os-util: avoid matching on the wrong extension-release file
* README: add missing CONFIG_MEMCG kernel config option for oomd
* README: update requirements for signed dm-verity
* resolved: allow the full TTL to be used by OPT records
* resolved: correct parsing of OPT extended RCODEs
* sysusers: handle NSS errors gracefully
* TEST-58-REPART: reverse order of diff args
* TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic
* test: fixed TEST-24-CRYPTSETUP on SUSE
* test: install /etc/hosts
* Use consistent spelling of systemd.condition_first_boot argument
* util: make file_read() 64bit offset safe
* vmm: make sure we can handle smbios objects without variable part
- Changes in version 254.14:
* analyze: show pcrs also in sha384 bank
* chase: Tighten '.' and './' check
* core/service: fixed accept-socket deserialization
* efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too
* executor: check for all permission related errnos when setting up IPC namespace
* install: allow removing symlinks even for units that are gone
* json: use secure un{base64,hex}mem for sensitive variants
* man,units: drop 'temporary' from description of systemd-tmpfiles
* missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS
* repart: fixed memory leak
* repart: Use CRYPT_ACTIVATE_PRIVATE
* resolved: permit dnssec rrtype questions when we aren't validating
* rules: Limit the number of device units generated for serial ttys
* run: do not pass the pty slave fd to transient service in a machine
* sd-dhcp-server: clear buffer before receive
* strbuf: use GREEDY_REALLOC to grow the buffer
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2912-1
Released: Wed Aug 14 20:20:13 2024
Summary: Recommended update for cloud-regionsrv-client
Type: recommended
Severity: important
References: 1222985,1223571,1224014,1224016,1227308
This update for cloud-regionsrv-client contains the following fixes:
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2933-1
Released: Thu Aug 15 12:12:50 2024
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1225907,1226463,1227138,CVE-2024-5535
This update for openssl-1_1 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
Other fixes:
- Build with no-afalgeng. (bsc#1226463)
- Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3054-1
Released: Wed Aug 28 14:48:31 2024
Summary: Security update for python3-setuptools
Type: security
Severity: important
References: 1228105,CVE-2024-6345
This update for python3-setuptools fixes the following issues:
- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3172-1
Released: Mon Sep 9 12:55:40 2024
Summary: Security update for apache2
Type: security
Severity: important
References: 1227276,1227278,1227353,CVE-2024-38473,CVE-2024-38474,CVE-2024-39884
This update for apache2 fixes the following issues:
- CVE-2024-38474: Fixed substitution encoding issue in mod_rewrite (bsc#1227278)
- CVE-2024-38473: Fixed encoding problem in mod_proxy (bsc#1227276)
- CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType (bsc#1227353)
The following package changes have been done:
- glibc-2.38-150600.14.5.1 updated
- libuuid1-2.39.3-150600.4.6.2 updated
- libsmartcols1-2.39.3-150600.4.6.2 updated
- libcom_err2-1.47.0-150600.4.3.2 updated
- libblkid1-2.39.3-150600.4.6.2 updated
- libfdisk1-2.39.3-150600.4.6.2 updated
- libxml2-2-2.10.3-150500.5.17.1 updated
- perl-base-5.26.1-150300.17.17.1 updated
- libgcc_s1-13.3.0+git8781-150000.1.12.1 updated
- libstdc++6-13.3.0+git8781-150000.1.12.1 updated
- libglib-2_0-0-2.78.6-150600.4.3.1 updated
- libmount1-2.39.3-150600.4.6.2 updated
- libopenssl3-3.1.4-150600.5.7.1 updated
- libudev1-254.13-150600.4.5.1 updated
- libsystemd0-254.13-150600.4.5.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.7.1 updated
- krb5-1.20.1-150600.11.3.1 updated
- coreutils-8.32-150400.9.6.1 updated
- libsolv-tools-base-0.7.29-150400.3.22.4 added
- libzypp-17.34.1-150600.3.4.6 updated
- zypper-1.14.71-150600.10.2.7 updated
- util-linux-2.39.3-150600.4.6.2 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.3.1 updated
- libgobject-2_0-0-2.78.6-150600.4.3.1 updated
- libyaml-0-2-0.1.7-150000.3.2.1 updated
- libopenssl1_1-1.1.1w-150600.5.6.1 updated
- apache2-prefork-2.4.58-150600.5.23.1 updated
- python3-base-3.6.15-150300.10.65.1 updated
- libpython3_6m1_0-3.6.15-150300.10.65.1 updated
- systemd-254.15-150600.4.8.1 updated
- gio-branding-SLE-15-150600.35.2.1 updated
- libgio-2_0-0-2.78.6-150600.4.3.1 updated
- glib2-tools-2.78.6-150600.4.3.1 updated
- python3-3.6.15-150300.10.65.2 updated
- python3-PyYAML-5.4.1-150300.3.3.1 updated
- apache2-2.4.58-150600.5.23.1 updated
- python3-setuptools-44.1.1-150400.9.9.1 updated
- spacewalk-backend-5.0.8-150600.3.44.11 updated
- python3-spacewalk-client-tools-5.0.6-150600.3.90.10 updated
- spacewalk-client-tools-5.0.6-150600.3.90.10 updated
- container:sles15-image-15.6.0-47.9.1 updated
- libabsl2401_0_0-20240116.1-150600.17.7 removed
- libprocps8-3.3.17-150000.7.37.1 removed
- libprotobuf-lite25_1_0-25.1-150600.14.3 removed
- procps-3.3.17-150000.7.37.1 removed
More information about the sle-container-updates
mailing list