SUSE-CU-2024:4377-1: Security update of suse/manager/5.0/x86_64/server-hub-xmlrpc-api
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Sep 17 11:36:50 UTC 2024
SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-hub-xmlrpc-api
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:4377-1
Container Tags : suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.1 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.1.6.5.1 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest
Container Release : 6.5.1
Severity : important
Type : security
References : 1082216 1082233 1159034 1188441 1194818 1211721 1213638 1218609
1221361 1221361 1221407 1221482 1221632 1222285 1222547 1223428
1223596 1224388 1225291 1225551 1225976 1226125 1226664 1227186
1227187 CVE-2018-6798 CVE-2018-6913 CVE-2024-37370 CVE-2024-37371
CVE-2024-4603 CVE-2024-4741
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/server-hub-xmlrpc-api was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1487-1
Released: Thu May 2 10:43:53 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1211721,1221361,1221407,1222547
This update for aaa_base fixes the following issues:
- home and end button not working from ssh client (bsc#1221407)
- use autosetup in prep stage of specfile
- drop the stderr redirection for csh (bsc#1221361)
- drop sysctl.d/50-default-s390.conf (bsc#1211721)
- make sure the script does not exit with 1 if a file with content is found (bsc#1222547)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1665-1
Released: Thu May 16 08:00:09 2024
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1221632
This update for coreutils fixes the following issues:
- ls: avoid triggering automounts (bsc#1221632)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1762-1
Released: Wed May 22 16:14:17 2024
Summary: Security update for perl
Type: security
Severity: important
References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
Non-security issue fixed:
- make Net::FTP work with TLS 1.3 (bsc#1213638)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1876-1
Released: Fri May 31 06:47:32 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1221361
This update for aaa_base fixes the following issues:
- Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1934-1
Released: Thu Jun 6 11:19:24 2024
Summary: Recommended update for sles15-image
Type: recommended
Severity: moderate
References:
This update for sles15-image fixes the following issues:
- update to SUSE LLC and use https (it's 2024)
- use more specific lifecycle url
- remove deprecated label duplication as those labels are
inherited into all derived containers as well causing
confusion
- set supportlevel to released and L3
- use the base-container-images landing page
- rename kiwi file to match package name
- move artifacthub.io labels outside labelling helper to
avoid duplication
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1954-1
Released: Fri Jun 7 18:01:06 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1221482
This update for glibc fixes the following issues:
- Also include stat64 in the 32-bit libc_nonshared.a workaround
(bsc#1221482)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1997-1
Released: Tue Jun 11 17:24:32 2024
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1223596
This update for e2fsprogs fixes the following issues:
- EA Inode handling fixes:
- e2fsck: add more checks for ea inode consistency (bsc#1223596)
- e2fsck: fix golden output of several tests (bsc#1223596)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2066-1
Released: Tue Jun 18 13:16:09 2024
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741
This update for openssl-3 fixes the following issues:
Security issues fixed:
- CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388)
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
Other issues fixed:
- Enable livepatching support (bsc#1223428)
- Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2086-1
Released: Wed Jun 19 11:48:24 2024
Summary: Recommended update for gcc13
Type: recommended
Severity: moderate
References: 1188441
This update for gcc13 fixes the following issues:
Update to GCC 13.3 release
- Removed Fiji support from the GCN offload compiler as that is requiring
Code Object version 3 which is no longer supported by llvm18.
- Avoid combine spending too much compile-time and memory doing nothing
on s390x. [bsc#1188441]
- Make requirement to lld version specific to avoid requiring the
meta-package.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2307-1
Released: Fri Jul 5 12:04:34 2024
Summary: Security update for krb5
Type: security
Severity: important
References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2641-1
Released: Tue Jul 30 09:29:36 2024
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References:
This update for systemd fixes the following issues:
systemd was updated from version 254.13 to version 254.15:
- Changes in version 254.15:
* boot: cover for hardware keys on phones/tablets
* Conditional PSI check to reflect changes done in 5.13
* core/dbus-manager: refuse SoftReboot() for user managers
* core/exec-invoke: reopen OpenFile= fds with O_NOCTTY
* core/exec-invoke: use sched_setattr instead of sched_setscheduler
* core/unit: follow merged units before updating SourcePath= timestamp too
* coredump: correctly take tmpfs size into account for compression
* cryptsetup: improve TPM2 blob display
* docs: Add section to HACKING.md on distribution packages
* docs: fixed dead link to GNOME documentation
* docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type
* Fixed typo in CAP_BPF description
* LICENSES/README: expand text to summarize state for binaries and libs
* man: fully adopt ~/.local/state/
* man/systemd.exec: list inaccessible files for ProtectKernelTunables
* man/tmpfiles: remove outdated behavior regarding symlink ownership
* meson: bpf: propagate 'sysroot' for cross compilation
* meson: Define __TARGET_ARCH macros required by bpf
* mkfs-util: Set sector size for btrfs as well
* mkosi: drop CentOS 8 from CI
* mkosi: Enable hyperscale-packages-experimental for CentOS
* mountpoint-util: do not assume symlinks are not mountpoints
* os-util: avoid matching on the wrong extension-release file
* README: add missing CONFIG_MEMCG kernel config option for oomd
* README: update requirements for signed dm-verity
* resolved: allow the full TTL to be used by OPT records
* resolved: correct parsing of OPT extended RCODEs
* sysusers: handle NSS errors gracefully
* TEST-58-REPART: reverse order of diff args
* TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic
* test: fixed TEST-24-CRYPTSETUP on SUSE
* test: install /etc/hosts
* Use consistent spelling of systemd.condition_first_boot argument
* util: make file_read() 64bit offset safe
* vmm: make sure we can handle smbios objects without variable part
- Changes in version 254.14:
* analyze: show pcrs also in sha384 bank
* chase: Tighten '.' and './' check
* core/service: fixed accept-socket deserialization
* efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too
* executor: check for all permission related errnos when setting up IPC namespace
* install: allow removing symlinks even for units that are gone
* json: use secure un{base64,hex}mem for sensitive variants
* man,units: drop 'temporary' from description of systemd-tmpfiles
* missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS
* repart: fixed memory leak
* repart: Use CRYPT_ACTIVATE_PRIVATE
* resolved: permit dnssec rrtype questions when we aren't validating
* rules: Limit the number of device units generated for serial ttys
* run: do not pass the pty slave fd to transient service in a machine
* sd-dhcp-server: clear buffer before receive
* strbuf: use GREEDY_REALLOC to grow the buffer
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2677-1
Released: Wed Jul 31 06:58:52 2024
Summary: Recommended update for wicked
Type: recommended
Severity: important
References: 1225976,1226125,1226664
This update for wicked fixes the following issues:
- Update to version 0.6.76
- compat-suse: warn user and create missing parent config of infiniband children
- client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125)
- ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976)
- wireless: add frequency-list in station mode (jsc#PED-8715)
- client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664)
- man: add supported bonding options to ifcfg-bonding(5) man page
- arputil: Document minimal interval for getopts
- man: (re)generate man pages from md sources
- client: warn on interface wait time reached
- compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces
- compat-suse: fix infiniband and infiniband child type detection from ifname
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2888-1
Released: Tue Aug 13 11:07:41 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1159034,1194818,1218609,1222285
This update for util-linux fixes the following issues:
- agetty: Prevent login cursor escape (bsc#1194818).
- Document unexpected side effects of lazy destruction (bsc#1159034).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them (bsc#1222285).
- Improved man page for chcpu (bsc#1218609).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3135-1
Released: Wed Sep 4 08:36:23 2024
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References:
This update for rsyslog fixes the following issues:
- Version upgrade
- patches replaced by upgrade (details in upgrade logs)
* Revert 'Update omlibdbi.c'
* imkmsg: add params 'readMode' and 'expectedBootCompleteSeconds'
* testbench: fix 'typo' in test case
* omazureeventhubs: Corrected handling of transport closed failures
* imkmsg: add module param parseKernelTimestamp
* imfile: remove state file on file delete fix
* imklog bugfix: keepKernelTimestamp=off config param did not work
* Netstreamdriver: deallocate certificate related resources
* TLS subsystem: add remote hostname to error reporting
* Fix forking issue do to close_range call
* replace debian sample systemd service file by readme
* testbench: bump zookeeper version to match current offering
* Update rsyslog.service sample unit to the latest version used in Debian Trixie
* Only keep a single rsyslog.service for Debian
* Remove no longer used --with-systemdsystemunitdir configure switch
* use logind instead of utmp for wall messages with systemd
* Typo fixes
* Drop CAP_IPC_LOCK capability
* Add CAP_NET_RAW capability due to the omudpspoof module
* Add new global config option 'libcapng.enable'
* tcp net subsystem: handle data race gracefully
* Avoid crash on restart in imrelp SIGTTIN handler
- patches replaced by upgrade
* fix startup issue on modern systemd systems
* Fix misspeling in message.
* tcpflood bugfix: plain tcp send error not properly reported
* omprog bugfix: Add CAP_DAC_OVERRIDE to the bounding set
* testbench: cleanup and improve some more imfile tests
* lookup tables: fix static analyzer issue
* lookup tables bugfix: reload on HUP did not work when backgrounded
* CI: fix and cleaup github workflow
* imjournal: Support input module
* testbench: make test more reliable
* tcpflood: add -A option to NOT abort when sending fails
* tcpflood: fix today's programming error
* openssl: Replaced depreceated method SSLv23_method with TLS_method
* testbench improvement: define state file directories for imfile tests
* testbench: cleanup a test and some nitfixes to it
* tcpflood bugfix: TCP sending was not implemented properly
* testbench: make waiting for HUP processing more reliable
* build system: make rsyslogd execute when --disable-inet is configured
* CI: update zookeper download to newer version
* ossl driver: Using newer INIT API for OpenSSL 1.1+ Versions
* ossl: Fix CRL File Expire from 1 day to 100 years.
* PR5175: Add TLS CRL Support for GnuTLS driver and OpenSSL 1.0.2+
* omazureeventhubs: Initial implementation of new output module
* TLS CRL Support Issue 5081
* action.resumeintervalmax: the parameter was not respected
* IMHIREDIS::FIXED:: Restore compatiblity with hiredis < v1.0.0
* Add the 'batchsize' parameter to imhiredis
* Clear undefined behavior in libgcry.c (GH #5167)
* Do not try to drop capabilities when we don't have any
* testbench: use newer zookeeper version in tests
* build system: more precise error message on too-old lib
* Fix quoting for omprog, improg, mmexternal
The following package changes have been done:
- glibc-2.38-150600.14.5.1 updated
- libuuid1-2.39.3-150600.4.6.2 updated
- libsmartcols1-2.39.3-150600.4.6.2 updated
- libcom_err2-1.47.0-150600.4.3.2 updated
- libblkid1-2.39.3-150600.4.6.2 updated
- libfdisk1-2.39.3-150600.4.6.2 updated
- perl-base-5.26.1-150300.17.17.1 updated
- libgcc_s1-13.3.0+git8781-150000.1.12.1 updated
- libstdc++6-13.3.0+git8781-150000.1.12.1 updated
- libmount1-2.39.3-150600.4.6.2 updated
- libopenssl3-3.1.4-150600.5.7.1 updated
- libudev1-254.13-150600.4.5.1 updated
- libsystemd0-254.13-150600.4.5.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.7.1 updated
- krb5-1.20.1-150600.11.3.1 updated
- coreutils-8.32-150400.9.6.1 updated
- util-linux-2.39.3-150600.4.6.2 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated
- systemd-254.15-150600.4.8.1 updated
- util-linux-systemd-2.39.3-150600.4.9.4 updated
- wicked-0.6.76-150600.11.9.1 updated
- wicked-service-0.6.76-150600.11.9.1 updated
- rsyslog-8.2406.0-150600.12.3.2 updated
- container:sles15-image-15.6.0-47.9.1 updated
More information about the sle-container-updates
mailing list