SUSE-IU-2024:1230-1: Security update of suse-sles-15-sp4-chost-byos-v20240912-hvm-ssd-x86_64
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Sep 13 15:32:03 UTC 2024
SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20240912-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:1230-1
Image Tags : suse-sles-15-sp4-chost-byos-v20240912-hvm-ssd-x86_64:20240912
Image Release :
Severity : critical
Type : security
References : 1081596 1156395 1190336 1191958 1193454 1193554 1193787 1193883
1194324 1194818 1194818 1194826 1194869 1195065 1195254 1195341
1195349 1195357 1195668 1195927 1195957 1196018 1196746 1196823
1197146 1197246 1197762 1197915 1198014 1199295 1200528 1202346
1202686 1202767 1202780 1207230 1209636 1213123 1214855 1215587
1216834 1217070 1217102 1218297 1218820 1219267 1219268 1219438
1220185 1220186 1220187 1220356 1221044 1221243 1221479 1221677
1221916 1222011 1222021 1222728 1222809 1222810 1222985 1223094
1223409 1223535 1223571 1223635 1223863 1224014 1224016 1224044
1224117 1224488 1224495 1224671 1224771 1225267 1225573 1225829
1226014 1226030 1226100 1226168 1226226 1226227 1226414 1226463
1226493 1226519 1226537 1226539 1226550 1226553 1226554 1226556
1226557 1226558 1226559 1226561 1226562 1226563 1226564 1226567
1226569 1226572 1226574 1226575 1226576 1226577 1226580 1226583
1226585 1226587 1226601 1226602 1226603 1226607 1226614 1226617
1226618 1226619 1226621 1226624 1226626 1226628 1226629 1226643
1226644 1226645 1226650 1226653 1226662 1226669 1226670 1226672
1226673 1226674 1226675 1226679 1226683 1226685 1226686 1226690
1226691 1226692 1226696 1226697 1226698 1226699 1226701 1226702
1226703 1226705 1226708 1226709 1226710 1226711 1226712 1226713
1226715 1226716 1226719 1226720 1226721 1226732 1226758 1226762
1226785 1227090 1227115 1227127 1227138 1227205 1227308 1227383
1227487 1227525 1227549 1227625 1227716 1227750 1227764 1227793
1227808 1227810 1227823 1227829 1227836 1227917 1227920 1227921
1227922 1227923 1227924 1227925 1227928 1227931 1227932 1227933
1227935 1227938 1227941 1227942 1227944 1227945 1227948 1227949
1227952 1227953 1227954 1227956 1227963 1227964 1227965 1227968
1227969 1227970 1227971 1227972 1227975 1227976 1227981 1227982
1227985 1227986 1227987 1227988 1227989 1227990 1227991 1227993
1227995 1227996 1227997 1228000 1228002 1228004 1228005 1228006
1228007 1228008 1228009 1228010 1228013 1228014 1228015 1228019
1228025 1228028 1228035 1228037 1228038 1228039 1228040 1228043
1228045 1228054 1228055 1228056 1228060 1228061 1228062 1228063
1228064 1228066 1228091 1228105 1228114 1228124 1228138 1228206
1228208 1228247 1228265 1228324 1228328 1228420 1228440 1228535
1228553 1228561 1228644 1228680 1228743 1228787 1228801 1228847
1229339 1229930 1229931 1229932 1230020 1230034 1230092 1230093
222971 CVE-2021-4439 CVE-2021-47534 CVE-2021-47576 CVE-2021-47578
CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585
CVE-2021-47586 CVE-2021-47587 CVE-2021-47589 CVE-2021-47592 CVE-2021-47596
CVE-2021-47597 CVE-2021-47598 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602
CVE-2021-47603 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2021-47611
CVE-2021-47612 CVE-2021-47614 CVE-2021-47615 CVE-2021-47616 CVE-2021-47617
CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2021-47622 CVE-2021-47624
CVE-2022-0854 CVE-2022-1996 CVE-2022-20368 CVE-2022-28748 CVE-2022-2964
CVE-2022-48711 CVE-2022-48712 CVE-2022-48713 CVE-2022-48715 CVE-2022-48717
CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724
CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729
CVE-2022-48730 CVE-2022-48732 CVE-2022-48734 CVE-2022-48735 CVE-2022-48736
CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743
CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48749
CVE-2022-48751 CVE-2022-48752 CVE-2022-48754 CVE-2022-48756 CVE-2022-48758
CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765
CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48771 CVE-2022-48773
CVE-2022-48774 CVE-2022-48775 CVE-2022-48776 CVE-2022-48777 CVE-2022-48778
CVE-2022-48780 CVE-2022-48783 CVE-2022-48784 CVE-2022-48786 CVE-2022-48787
CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48792
CVE-2022-48793 CVE-2022-48794 CVE-2022-48796 CVE-2022-48797 CVE-2022-48798
CVE-2022-48799 CVE-2022-48800 CVE-2022-48801 CVE-2022-48802 CVE-2022-48803
CVE-2022-48804 CVE-2022-48805 CVE-2022-48806 CVE-2022-48807 CVE-2022-48811
CVE-2022-48812 CVE-2022-48813 CVE-2022-48814 CVE-2022-48815 CVE-2022-48816
CVE-2022-48817 CVE-2022-48818 CVE-2022-48820 CVE-2022-48821 CVE-2022-48822
CVE-2022-48823 CVE-2022-48824 CVE-2022-48825 CVE-2022-48826 CVE-2022-48827
CVE-2022-48828 CVE-2022-48829 CVE-2022-48830 CVE-2022-48831 CVE-2022-48834
CVE-2022-48835 CVE-2022-48836 CVE-2022-48837 CVE-2022-48838 CVE-2022-48839
CVE-2022-48840 CVE-2022-48841 CVE-2022-48842 CVE-2022-48843 CVE-2022-48847
CVE-2022-48849 CVE-2022-48851 CVE-2022-48853 CVE-2022-48856 CVE-2022-48857
CVE-2022-48858 CVE-2022-48859 CVE-2022-48860 CVE-2022-48861 CVE-2022-48862
CVE-2022-48863 CVE-2022-48866 CVE-2023-1582 CVE-2023-37453 CVE-2023-45142
CVE-2023-47108 CVE-2023-52591 CVE-2023-52762 CVE-2023-52766 CVE-2023-52800
CVE-2023-52885 CVE-2023-52886 CVE-2023-7008 CVE-2023-7256 CVE-2024-1753
CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24786 CVE-2024-26583
CVE-2024-26584 CVE-2024-26585 CVE-2024-26800 CVE-2024-26813 CVE-2024-26814
CVE-2024-26976 CVE-2024-28180 CVE-2024-34397 CVE-2024-35878 CVE-2024-35901
CVE-2024-35905 CVE-2024-36926 CVE-2024-36974 CVE-2024-3727 CVE-2024-38541
CVE-2024-38555 CVE-2024-38559 CVE-2024-39463 CVE-2024-39494 CVE-2024-40902
CVE-2024-40937 CVE-2024-40954 CVE-2024-40956 CVE-2024-40989 CVE-2024-40994
CVE-2024-41011 CVE-2024-41012 CVE-2024-41059 CVE-2024-41069 CVE-2024-41090
CVE-2024-41110 CVE-2024-42093 CVE-2024-42145 CVE-2024-42230 CVE-2024-45310
CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-5535 CVE-2024-6345
CVE-2024-7264 CVE-2024-8006 CVE-2024-8096
-----------------------------------------------------------------
The container suse-sles-15-sp4-chost-byos-v20240912-hvm-ssd-x86_64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2869-1
Released: Fri Aug 9 15:59:29 2024
Summary: Security update for ca-certificates-mozilla
Type: security
Severity: important
References: 1220356,1227525
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2024:2877-1
Released: Mon Aug 12 13:35:20 2024
Summary: Optional update for sles-release
Type: optional
Severity: low
References: 1227115
This update for sles-release fixes the following issue:
- Adjust codestream lifecycle
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2886-1
Released: Tue Aug 13 09:46:48 2024
Summary: Recommended update for dmidecode
Type: recommended
Severity: moderate
References:
This update for dmidecode fixes the following issues:
- Version update (jsc#PED-8574):
* Support for SMBIOS 3.6.0. This includes new memory device types, new
processor upgrades, and Loongarch support
* Support for SMBIOS 3.7.0. This includes new port types, new processor
upgrades, new slot characteristics and new fields for memory modules
* Add bash completion
* Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245
* Implement options --list-strings and --list-types
* Update HPE OEM records 203, 212, 216, 221, 233 and 236
* Update Redfish support
* Bug fixes:
- Fix enabled slot characteristics not being printed
* Minor improvements:
- Print slot width on its own line
- Use standard strings for slot width
* Add a --no-quirks option
* Drop the CPUID exception list
* Obsoletes patches removed :
dmidecode-do-not-let-dump-bin-overwrite-an-existing-file,
dmidecode-fortify-entry-point-length-checks,
dmidecode-split-table-fetching-from-decoding,
dmidecode-write-the-whole-dump-file-at-once,
dmioem-fix-segmentation-fault-in-dmi_hp_240_attr,
dmioem-hpe-oem-record-237-firmware-change,
dmioem-typo-fix-virutal-virtual,
ensure-dev-mem-is-a-character-device-file,
news-fix-typo,
use-read_file-to-read-from-dump
Update for HPE servers from upstream:
- dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in
HPE type 238 records
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2912-1
Released: Wed Aug 14 20:20:12 2024
Summary: Recommended update for cloud-regionsrv-client
Type: recommended
Severity: important
References: 1222985,1223571,1224014,1224016,1227308
This update for cloud-regionsrv-client contains the following fixes:
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2922-1
Released: Thu Aug 15 07:01:20 2024
Summary: Recommended update for grub2
Type: recommended
Severity: important
References: 1207230,1217102,1223535,1226100,1228124
This update for grub2 fixes the following issues:
- Fix btrfs subvolume for platform modules not mounting at runtime when the
default subvolume is the topmost root tree (bsc#1228124)
- Fix error in grub-install when root is on tmpfs (bsc#1226100)
- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
- Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to SLE-15-SP2 (bsc#1217102)
- Enhancement to PPC secure boot's root device discovery config (bsc#1207230)
- Fix regex for Open Firmware device specifier with encoded commas
- Fix regular expression in PPC secure boot config to prevent escaped commas
from being treated as delimiters when retrieving partition substrings
- Use prep_load_env in PPC secure boot config to handle unset host-specific
environment variables and ensure successful command execution
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2927-1
Released: Thu Aug 15 09:02:55 2024
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1226463,1227138,CVE-2024-5535
This update for openssl-1_1 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2929-1
Released: Thu Aug 15 11:31:30 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1156395,1190336,1191958,1193454,1193554,1193787,1193883,1194324,1194826,1194869,1195065,1195254,1195341,1195349,1195357,1195668,1195927,1195957,1196018,1196746,1196823,1197146,1197246,1197762,1197915,1198014,1199295,1202346,1202686,1202767,1202780,1209636,1213123,1215587,1216834,1218820,1220185,1220186,1220187,1221044,1222011,1222728,1222809,1222810,1223635,1223863,1224488,1224495,1224671,1225573,1225829,1226168,1226226,1226519,1226537,1226539,1226550,1226553,1226554,1226556,1226557,1226558,1226559,1226561,1226562,1226563,1226564,1226567,1226569,1226572,1226574,1226575,1226576,1226577,1226580,1226583,1226585,1226587,1226601,1226602,1226603,1226607,1226614,1226617,1226618,1226619,1226621,1226624,1226626,1226628,1226629,1226643,1226644,1226645,1226650,1226653,1226662,1226669,1226670,1226672,1226673,1226674,1226675,1226679,1226683,1226685,1226686,1226690,1226691,1226692,1226696,1226697,1226698,1226699,1226701,1226702,1226703,1226705,1226708,1226709,1226710,1226711,1226712,1
226713,1226715,1226716,1226719,1226720,1226721,1226732,1226758,1226762,1226785,1227090,1227383,1227487,1227549,1227716,1227750,1227764,1227808,1227810,1227823,1227829,1227836,1227917,1227920,1227921,1227922,1227923,1227924,1227925,1227928,1227931,1227932,1227933,1227935,1227938,1227941,1227942,1227944,1227945,1227948,1227949,1227952,1227953,1227954,1227956,1227963,1227964,1227965,1227968,1227969,1227970,1227971,1227972,1227975,1227976,1227981,1227982,1227985,1227986,1227987,1227988,1227989,1227990,1227991,1227993,1227995,1227996,1227997,1228000,1228002,1228004,1228005,1228006,1228007,1228008,1228009,1228010,1228013,1228014,1228015,1228019,1228025,1228028,1228035,1228037,1228038,1228039,1228040,1228045,1228054,1228055,1228056,1228060,1228061,1228062,1228063,1228064,1228066,1228114,1228247,1228328,1228440,1228561,1228644,1228680,1228743,1228801,CVE-2021-4439,CVE-2021-47534,CVE-2021-47576,CVE-2021-47578,CVE-2021-47580,CVE-2021-47582,CVE-2021-47583,CVE-2021-47584,CVE-2021-47585,CVE-2021
-47586,CVE-2021-47587,CVE-2021-47589,CVE-2021-47592,CVE-2021-47596,CVE-2021-47597,CVE-2021-47598,CVE-2021-47600,CVE-2021-47601,CVE-2021-47602,CVE-2021-47603,CVE-2021-47607,CVE-2021-47608,CVE-2021-47609,CVE-2021-47611,CVE-2021-47612,CVE-2021-47614,CVE-2021-47615,CVE-2021-47616,CVE-2021-47617,CVE-2021-47618,CVE-2021-47619,CVE-2021-47620,CVE-2021-47622,CVE-2021-47624,CVE-2022-0854,CVE-2022-20368,CVE-2022-28748,CVE-2022-2964,CVE-2022-48711,CVE-2022-48712,CVE-2022-48713,CVE-2022-48715,CVE-2022-48717,CVE-2022-48720,CVE-2022-48721,CVE-2022-48722,CVE-2022-48723,CVE-2022-48724,CVE-2022-48725,CVE-2022-48726,CVE-2022-48727,CVE-2022-48728,CVE-2022-48729,CVE-2022-48730,CVE-2022-48732,CVE-2022-48734,CVE-2022-48735,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48739,CVE-2022-48740,CVE-2022-48743,CVE-2022-48744,CVE-2022-48745,CVE-2022-48746,CVE-2022-48747,CVE-2022-48749,CVE-2022-48751,CVE-2022-48752,CVE-2022-48754,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48761,CV
E-2022-48763,CVE-2022-48765,CVE-2022-48767,CVE-2022-48768,CVE-2022-48769,CVE-2022-48771,CVE-2022-48773,CVE-2022-48774,CVE-2022-48775,CVE-2022-48776,CVE-2022-48777,CVE-2022-48778,CVE-2022-48780,CVE-2022-48783,CVE-2022-48784,CVE-2022-48786,CVE-2022-48787,CVE-2022-48788,CVE-2022-48789,CVE-2022-48790,CVE-2022-48791,CVE-2022-48792,CVE-2022-48793,CVE-2022-48794,CVE-2022-48796,CVE-2022-48797,CVE-2022-48798,CVE-2022-48799,CVE-2022-48800,CVE-2022-48801,CVE-2022-48802,CVE-2022-48803,CVE-2022-48804,CVE-2022-48805,CVE-2022-48806,CVE-2022-48807,CVE-2022-48811,CVE-2022-48812,CVE-2022-48813,CVE-2022-48814,CVE-2022-48815,CVE-2022-48816,CVE-2022-48817,CVE-2022-48818,CVE-2022-48820,CVE-2022-48821,CVE-2022-48822,CVE-2022-48823,CVE-2022-48824,CVE-2022-48825,CVE-2022-48826,CVE-2022-48827,CVE-2022-48828,CVE-2022-48829,CVE-2022-48830,CVE-2022-48831,CVE-2022-48834,CVE-2022-48835,CVE-2022-48836,CVE-2022-48837,CVE-2022-48838,CVE-2022-48839,CVE-2022-48840,CVE-2022-48841,CVE-2022-48842,CVE-2022-48843,CVE-2022-
48847,CVE-2022-48849,CVE-2022-48851,CVE-2022-48853,CVE-2022-48856,CVE-2022-48857,CVE-2022-48858,CVE-2022-48859,CVE-2022-48860,CVE-2022-48861,CVE-2022-48862,CVE-2022-48863,CVE-2022-48866,CVE-2023-1582,CVE-2023-37453,CVE-2023-52591,CVE-2023-52762,CVE-2023-52766,CVE-2023-52800,CVE-2023-52885,CVE-2023-52886,CVE-2024-26583,CVE-2024-26584,CVE-2024-26585,CVE-2024-26800,CVE-2024-26813,CVE-2024-26814,CVE-2024-26976,CVE-2024-35878,CVE-2024-35901,CVE-2024-35905,CVE-2024-36926,CVE-2024-36974,CVE-2024-38541,CVE-2024-38555,CVE-2024-38559,CVE-2024-39463,CVE-2024-39494,CVE-2024-40902,CVE-2024-40937,CVE-2024-40954,CVE-2024-40956,CVE-2024-40989,CVE-2024-40994,CVE-2024-41011,CVE-2024-41012,CVE-2024-41059,CVE-2024-41069,CVE-2024-41090,CVE-2024-42093,CVE-2024-42145,CVE-2024-42230
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743)
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495).
- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
The following non-security bugs were fixed:
- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863).
- X.509: Fix the parser of extended key usage for length (bsc#1218820).
- btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
- kABI: rtas: Workaround false positive due to lost definition (bsc#1227487).
- kernel-binary: vdso: Own module_dir
- net/dcb: check for detached device before executing callbacks (bsc#1215587).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- powerpc/rtas: clean up includes (bsc#1227487).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2966-1
Released: Mon Aug 19 15:37:07 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1194818
This update for util-linux fixes the following issue:
- agetty: Prevent login cursor escape (bsc#1194818).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2967-1
Released: Mon Aug 19 15:41:29 2024
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1194818
This update for pam fixes the following issue:
- Prevent cursor escape from the login prompt (bsc#1194818).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3026-1
Released: Tue Aug 27 13:20:03 2024
Summary: Recommended update for supportutils
Type: recommended
Severity: moderate
References: 1222021,1227127,1228265
This update for supportutils fixes the following issues:
Changes to version 3.2.8
+ Avoid getting duplicate kernel verifications in boot.text (pr#190)
+ lvm: suppress file descriptor leak warnings from lvm commands (pr#191)
+ docker_info: Add timestamps to container logs (pr#196)
+ Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198)
+ Update supportconfig get pam.d sorted (pr#199)
+ yast_files: Exclude .zcat (pr#201)
+ Sanitize grub bootloader (bsc#1227127, pr#203)
+ Sanitize regcodes (pr#204)
+ Improve product detection (pr#205)
+ Add read_values for s390x (bsc#1228265, pr#206)
+ hardware_info: Remove old alsa ver check (pr#209)
+ drbd_info: Fix incorrect escape of quotes (pr#210)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3054-1
Released: Wed Aug 28 14:48:31 2024
Summary: Security update for python3-setuptools
Type: security
Severity: important
References: 1228105,CVE-2024-6345
This update for python3-setuptools fixes the following issues:
- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3071-1
Released: Mon Sep 2 15:17:11 2024
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1229339
This update for suse-build-key fixes the following issue:
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3080-1
Released: Mon Sep 2 16:43:54 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1228535,CVE-2024-7264
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3086-1
Released: Tue Sep 3 08:57:32 2024
Summary: Security update for glib2
Type: security
Severity: low
References: 1224044,CVE-2024-34397
This update for glib2 fixes the following issues:
- Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3120-1
Released: Tue Sep 3 17:12:56 2024
Summary: Security update for buildah, docker
Type: security
Severity: critical
References: 1214855,1219267,1219268,1219438,1221243,1221677,1221916,1223409,1224117,1228324,CVE-2024-1753,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653,CVE-2024-24786,CVE-2024-28180,CVE-2024-3727,CVE-2024-41110
This update for buildah, docker fixes the following issues:
Changes in docker:
- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)
- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)
Other fixes:
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- Update to Docker 25.0.5-ce (bsc#1223409)
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. (bsc#1221916)
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. (bsc#1214855)
Changes in buildah:
- Update to version 1.35.4:
* [release-1.35] Bump to Buildah v1.35.4
* [release-1.35] CVE-2024-3727 updates (bsc#1224117)
* integration test: handle new labels in 'bud and test --unsetlabel'
* [release-1.35] Bump go-jose CVE-2024-28180
* [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180
- Update to version 1.35.3:
* [release-1.35] Bump to Buildah v1.35.3
* [release-1.35] correctly configure /etc/hosts and resolv.conf
* [release-1.35] buildah: refactor resolv/hosts setup.
* [release-1.35] rename the hostFile var to reflect
* [release-1.35] Bump c/common to v0.58.1
* [release-1.35] Bump Buildah to v1.35.2
* [release-1.35] CVE-2024-24786 protobuf to 1.33
* [release-1.35] Bump to v1.35.2-dev
- Update to version 1.35.1:
* [release-1.35] Bump to v1.35.1
* [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677)
- Buildah dropped cni support, require netavark instead (bsc#1221243)
- Remove obsolete requires libcontainers-image & libcontainers-storage
- Require passt for rootless networking (poo#156955)
Buildah moved to passt/pasta for rootless networking from slirp4netns
(https://github.com/containers/common/pull/1846)
- Update to version 1.35.0:
* Bump v1.35.0
* Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0
* conformance tests: don't break on trailing zeroes in layer blobs
* Add a conformance test for copying to a mounted prior stage
* fix(deps): update module github.com/stretchr/testify to v1.9.0
* cgroups: reuse version check from c/common
* Update vendor of containers/(common,image)
* fix(deps): update github.com/containers/storage digest to eadc620
* fix(deps): update github.com/containers/luksy digest to ceb12d4
* fix(deps): update github.com/containers/image/v5 digest to cdc6802
* manifest add: complain if we get artifact flags without --artifact
* Use retry logic from containers/common
* Vendor in containers/(storage,image,common)
* Update module golang.org/x/crypto to v0.20.0
* Add comment re: Total Success task name
* tests: skip_if_no_unshare(): check for --setuid
* Properly handle build --pull=false
* [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
* Update module go.etcd.io/bbolt to v1.3.9
* Revert 'Reduce official image size'
* Update module github.com/opencontainers/image-spec to v1.1.0
* Reduce official image size
* Build with CNI support on FreeBSD
* build --all-platforms: skip some base 'image' platforms
* Bump main to v1.35.0-dev
* Vendor in latest containers/(storage,image,common)
* Split up error messages for missing --sbom related flags
* `buildah manifest`: add artifact-related options
* cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
* cmd/buildah/manifest.go: don't make struct declarations aliases
* Use golang.org/x/exp/slices.Contains
* Disable loong64 again
* Fix a couple of typos in one-line comments
* egrep is obsolescent; use grep -E
* Try Cirrus with a newer VM version
* Set CONTAINERS_CONF in the chroot-mount-flags integration test
* Update to match dependency API update
* Update github.com/openshift/imagebuilder and containers/common
* docs: correct default authfile path
* fix(deps): update module github.com/containerd/containerd to v1.7.13
* tests: retrofit test for heredoc summary
* build, heredoc: show heredoc summary in build output
* manifest, push: add support for --retry and --retry-delay
* fix(deps): update github.com/openshift/imagebuilder digest to b767bc3
* imagebuildah: fix crash with empty RUN
* fix(deps): update github.com/containers/luksy digest to b62d551
* fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security]
* fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]
* Make buildah match podman for handling of ulimits
* docs: move footnotes to where they're applicable
* Allow users to specify no-dereference
* Run codespell on code
* Fix FreeBSD version parsing
* Fix a build break on FreeBSD
* Remove a bad FROM line
* fix(deps): update module github.com/onsi/gomega to v1.31.1
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6
* docs: use reversed logo for dark theme in README
* build,commit: add --sbom to scan and produce SBOMs when committing
* commit: force omitHistory if the parent has layers but no history
* docs: fix a couple of typos
* internal/mkcw.Archive(): handle extra image content
* stage_executor,heredoc: honor interpreter in heredoc
* stage_executor,layers: burst cache if heredoc content is changed
* fix(deps): update module golang.org/x/crypto to v0.18.0
* Replace map[K]bool with map[K]struct{} where it makes sense
* fix(deps): update module golang.org/x/sync to v0.6.0
* fix(deps): update module golang.org/x/term to v0.16.0
* Bump CI VMs
* Replace strings.SplitN with strings.Cut
* fix(deps): update github.com/containers/storage digest to ef81e9b
* fix(deps): update github.com/containers/image/v5 digest to 1b221d4
* fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1
* Document use of containers-transports values in buildah
* fix(deps): update module golang.org/x/crypto to v0.17.0 [security]
* chore(deps): update dependency containers/automation_images to v20231208
* manifest: addCompression use default from containers.conf
* commit: add a --add-file flag
* mkcw: populate the rootfs using an overlay
* chore(deps): update dependency containers/automation_images to v20230517
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containernetworking/plugins to v1.4.0
* fix(deps): update github.com/containers/image/v5 digest to 7a40fee
* Bump to v1.34.1-dev
* Ignore errors if label.Relabel returns ENOSUP
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3145-1
Released: Thu Sep 5 09:09:27 2024
Summary: Recommended update for dracut
Type: recommended
Severity: moderate
References: 1228847
This update for dracut fixes the following issue:
- Version update
* fix(convertfs): error in conditional expressions (bsc#1228847).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3149-1
Released: Thu Sep 5 17:05:36 2024
Summary: Security update for systemd
Type: security
Severity: moderate
References: 1218297,1221479,1226414,1228091,CVE-2023-7008
This update for systemd fixes the following issues:
- CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297)
Other fixes:
- Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
- Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3167-1
Released: Mon Sep 9 12:31:59 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1228043
This update for glibc fixes the following issue:
- s390x: Fix segfault in wcsncmp (bsc#1228043).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3178-1
Released: Mon Sep 9 14:39:11 2024
Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings
Type: recommended
Severity: important
References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971
This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues:
- Make sure not to statically linked installed tools (bsc#1228787)
- MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208)
- Export asSolvable for YAST (bsc#1228420)
- Export CredentialManager for legacy YAST versions (bsc#1228420)
- Fix 4 typos in zypp.conf
- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- Removed dependency on external find program in the repo2solv tool
- Fix return value of repodata.add_solv()
- New SOLVER_FLAG_FOCUS_NEW flag
- Fix return value of repodata.add_solv() in the bindings
- Fix SHA-224 oid in solv_pgpvrfy
- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
- Fix int overflow in Provider
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- Keep UrlResolverPlugin API public
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
- Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205)
- Show rpm install size before installing (bsc#1224771)
- Install zypp/APIConfig.h legacy include
- Update soname due to RepoManager refactoring and cleanup
- Workaround broken libsolv-tools-base requirements
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows
- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
- Provide python3-zypp-plugin down to SLE12 (bsc#1081596)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3185-1
Released: Tue Sep 10 08:15:38 2024
Summary: Recommended update for cups
Type: recommended
Severity: moderate
References: 1226227
This update for cups fixes the following issues:
- Fixed cupsd failing to authenticate users when group membership is required (bsc#1226227)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3210-1
Released: Wed Sep 11 17:39:30 2024
Summary: Security update for libpcap
Type: security
Severity: moderate
References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006
This update for libpcap fixes the following issues:
- CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034)
- CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3211-1
Released: Wed Sep 11 17:40:13 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1230093,CVE-2024-8096
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3216-1
Released: Thu Sep 12 13:05:20 2024
Summary: Security update for expat
Type: security
Severity: moderate
References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492
This update for expat fixes the following issues:
- CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
- CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
- CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3221-1
Released: Thu Sep 12 13:18:18 2024
Summary: Security update for containerd
Type: security
Severity: important
References: 1200528,1217070,1228553,CVE-2022-1996,CVE-2023-45142,CVE-2023-47108
This update for containerd fixes the following issues:
- Update to containerd v1.7.21
- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070)
- CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3222-1
Released: Thu Sep 12 13:20:47 2024
Summary: Security update for runc
Type: security
Severity: low
References: 1230092,CVE-2024-45310
This update for runc fixes the following issues:
- Update to runc v1.1.14
- CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092)
The following package changes have been done:
- ca-certificates-mozilla-2.68-150200.33.1 updated
- containerd-ctr-1.7.21-150000.117.1 updated
- containerd-1.7.21-150000.117.1 updated
- cups-config-2.2.7-150000.3.65.1 updated
- curl-8.0.1-150400.5.50.1 updated
- dmidecode-3.6-150400.16.11.2 updated
- docker-25.0.6_ce-150000.207.1 updated
- dracut-055+suse.359.geb85610b-150400.3.37.2 updated
- glibc-locale-base-2.31-150300.86.3 updated
- glibc-locale-2.31-150300.86.3 updated
- glibc-2.31-150300.86.3 updated
- grub2-i386-pc-2.06-150400.11.46.1 updated
- grub2-x86_64-efi-2.06-150400.11.46.1 updated
- grub2-x86_64-xen-2.06-150400.11.46.1 updated
- grub2-2.06-150400.11.46.1 updated
- kernel-default-5.14.21-150400.24.128.1 updated
- libblkid1-2.37.2-150400.8.32.2 updated
- libcups2-2.2.7-150000.3.65.1 updated
- libcurl4-8.0.1-150400.5.50.1 updated
- libexpat1-2.4.4-150400.3.22.1 updated
- libfdisk1-2.37.2-150400.8.32.2 updated
- libglib-2_0-0-2.70.5-150400.3.14.1 updated
- libmount1-2.37.2-150400.8.32.2 updated
- libopenssl1_1-1.1.1l-150400.7.72.1 updated
- libpcap1-1.10.1-150400.3.3.2 updated
- libsmartcols1-2.37.2-150400.8.32.2 updated
- libsolv-tools-base-0.7.30-150400.3.27.2 updated
- libsolv-tools-0.7.30-150400.3.27.2 updated
- libsystemd0-249.17-150400.8.43.1 updated
- libudev1-249.17-150400.8.43.1 updated
- libuuid1-2.37.2-150400.8.32.2 updated
- libyaml-0-2-0.1.7-150000.3.2.1 added
- libzypp-17.35.8-150400.3.85.1 updated
- openssl-1_1-1.1.1l-150400.7.72.1 updated
- pam-1.3.0-150000.6.71.2 updated
- python3-PyYAML-5.4.1-150300.3.3.1 updated
- python3-setuptools-44.1.1-150400.9.9.1 updated
- runc-1.1.14-150000.70.1 updated
- sles-release-15.4-150400.58.10.2 updated
- supportutils-3.2.8-150300.7.35.33.1 updated
- suse-build-key-12.0-150000.8.52.3 updated
- systemd-sysvinit-249.17-150400.8.43.1 updated
- systemd-249.17-150400.8.43.1 updated
- udev-249.17-150400.8.43.1 updated
- util-linux-systemd-2.37.2-150400.8.32.2 updated
- util-linux-2.37.2-150400.8.32.2 updated
- zypper-1.14.76-150400.3.57.16 updated
- libabsl2308_0_0-20230802.1-150400.10.4.1 removed
- libprotobuf-lite25_1_0-25.1-150400.9.6.1 removed
More information about the sle-container-updates
mailing list