SUSE-CU-2024:4570-1: Security update of suse/sles/15.7/libguestfs-tools
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Sep 26 13:47:06 UTC 2024
SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:4570-1
Container Tags : suse/sles/15.7/libguestfs-tools:1.1.1 , suse/sles/15.7/libguestfs-tools:1.1.1-150700.9.13 , suse/sles/15.7/libguestfs-tools:1.1.1.28.36
Container Release : 28.36
Severity : important
Type : security
References : 1081596 1209266 1220523 1220690 1220693 1220696 1221365 1221751
1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824
1221827 1223094 1224771 1225267 1226014 1226030 1226493 1227205
1227625 1227793 1228042 1228138 1228206 1228208 1228398 1228420
1228647 1228787 1228847 1228968 1229028 1229160 1229329 1229465
1229476 1229930 1229931 1229932 1229975 1230093 1230267 222971
CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-6119 CVE-2024-8096
-----------------------------------------------------------------
The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3103-1
Released: Tue Sep 3 16:59:06 2024
Summary: Recommended update for xfsprogs
Type: recommended
Severity: moderate
References: 1229160
This update for xfsprogs fixes the following issue:
- xfs_repair: allow symlinks with short remote targets (bsc#1229160)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3106-1
Released: Tue Sep 3 17:00:40 2024
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119
This update for openssl-3 fixes the following issues:
- CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)
Other fixes:
- FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365).
- FIPS: RSA keygen PCT requirements.
- FIPS: Check that the fips provider is available before setting
it as the default provider in FIPS mode (bsc#1220523).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: Block non-Approved Elliptic Curves (bsc#1221786).
- FIPS: Service Level Indicator (bsc#1221365).
- FIPS: Output the FIPS-validation name and module version which uniquely
identify the FIPS validated module (bsc#1221751).
- FIPS: Add required selftests: (bsc#1221760).
- FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821).
- FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827).
- FIPS: Zero initialization required (bsc#1221752).
- FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696).
- FIPS: NIST SP 800-56Brev2 (bsc#1221824).
- FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: NIST SP 800-56Arev3 (bsc#1221822).
- FIPS: Error state has to be enforced (bsc#1221753).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3124-1
Released: Tue Sep 3 17:38:34 2024
Summary: Recommended update for cryptsetup
Type: recommended
Severity: moderate
References: 1229975
This update for cryptsetup fixes the following issues:
- FIPS: Extend the password for PBKDF2 benchmarking to be more than 20
chars to meet FIPS 140-3 requirements (bsc#1229975)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3132-1
Released: Tue Sep 3 17:43:10 2024
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1228968,1229329
This update for permissions fixes the following issues:
- Update to version 20240826:
* permissions: remove outdated entries (bsc#1228968)
- Update to version 20240826:
* cockpit: revert path change (bsc#1229329)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3134-1
Released: Tue Sep 3 17:49:43 2024
Summary: Recommended update for ovmf
Type: recommended
Severity: moderate
References: 1209266
This update for ovmf fixes the following issues:
- We do not official support AMD SEV yet. On the other hand, the
secure boot will be disabled in SEV flavor, so we do not need revert
the patch anymore (bsc#1209266).
- Add backslash to the end of '-D BUILD_SHELL=FALSE' in BUILD_OPTIONS_X86.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3147-1
Released: Thu Sep 5 09:30:37 2024
Summary: Recommended update for dracut
Type: recommended
Severity: moderate
References: 1228398,1228847
This update for dracut fixes the following issues:
- Version update with:
* feat(systemd*) include systemd config files from /usr/lib/systemd (bsc#1228398)
* fix(convertfs) error in conditional expressions (bsc#1228847)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3166-1
Released: Mon Sep 9 12:25:30 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1228042
This update for glibc fixes the following issue:
- s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3178-1
Released: Mon Sep 9 14:39:12 2024
Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings
Type: recommended
Severity: important
References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971
This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues:
- Make sure not to statically linked installed tools (bsc#1228787)
- MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208)
- Export asSolvable for YAST (bsc#1228420)
- Export CredentialManager for legacy YAST versions (bsc#1228420)
- Fix 4 typos in zypp.conf
- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- Removed dependency on external find program in the repo2solv tool
- Fix return value of repodata.add_solv()
- New SOLVER_FLAG_FOCUS_NEW flag
- Fix return value of repodata.add_solv() in the bindings
- Fix SHA-224 oid in solv_pgpvrfy
- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
- Fix int overflow in Provider
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- Keep UrlResolverPlugin API public
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
- Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205)
- Show rpm install size before installing (bsc#1224771)
- Install zypp/APIConfig.h legacy include
- Update soname due to RepoManager refactoring and cleanup
- Workaround broken libsolv-tools-base requirements
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows
- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
- Provide python3-zypp-plugin down to SLE12 (bsc#1081596)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3204-1
Released: Wed Sep 11 10:55:22 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1230093,CVE-2024-8096
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3216-1
Released: Thu Sep 12 13:05:20 2024
Summary: Security update for expat
Type: security
Severity: moderate
References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492
This update for expat fixes the following issues:
- CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
- CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
- CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3239-1
Released: Fri Sep 13 12:00:58 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1229476
This update for util-linux fixes the following issue:
- Skip aarch64 decode path for rest of the architectures (bsc#1229476).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3300-1
Released: Wed Sep 18 14:27:53 2024
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References: 1229028
This update for ncurses fixes the following issues:
- Allow the terminal description based on static fallback entries to be freed (bsc#1229028)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3346-1
Released: Thu Sep 19 17:20:06 2024
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1228647,1230267
This update for libzypp, zypper fixes the following issues:
- API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267)
- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)
The following package changes have been done:
- glibc-2.38-150600.14.8.2 updated
- libuuid1-2.39.3-150600.4.12.2 updated
- libsmartcols1-2.39.3-150600.4.12.2 updated
- libblkid1-2.39.3-150600.4.12.2 updated
- libfdisk1-2.39.3-150600.4.12.2 updated
- libncurses6-6.1-150000.5.27.1 updated
- terminfo-base-6.1-150000.5.27.1 updated
- ncurses-utils-6.1-150000.5.27.1 updated
- libmount1-2.39.3-150600.4.12.2 updated
- libopenssl3-3.1.4-150600.5.15.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated
- libcurl4-8.6.0-150600.4.6.1 updated
- sles-release-15.7-150700.6.1 updated
- permissions-20240826-150600.10.9.1 updated
- libsolv-tools-base-0.7.30-150600.8.2.1 updated
- libzypp-17.35.11-150600.3.24.1 updated
- zypper-1.14.77-150600.10.11.2 updated
- util-linux-2.39.3-150600.4.12.2 updated
- curl-8.6.0-150600.4.6.1 updated
- libguestfs-winsupport-1.53.6-150700.1.3 updated
- guestfs-tools-1.53.3-150700.1.2 updated
- libexpat1-2.4.4-150400.3.22.1 updated
- osinfo-db-20240701-150700.1.1 updated
- qemu-accel-tcg-x86-9.1.0-150700.1.1 updated
- qemu-ipxe-9.1.0-150700.1.1 updated
- qemu-seabios-9.1.01.16.3_3_gc13ff2cd-150700.1.1 updated
- qemu-vgabios-9.1.01.16.3_3_gc13ff2cd-150700.1.1 updated
- libcryptsetup12-2.7.0-150600.3.3.1 updated
- xfsprogs-6.7.0-150600.3.6.2 updated
- cryptsetup-2.7.0-150600.3.3.1 updated
- libmpath0-0.10.0+103+suse.0fc97cd-150700.1.2 updated
- xen-libs-4.19.0_02-150700.1.7 updated
- qemu-vmsr-helper-9.1.0-150700.1.1 added
- qemu-pr-helper-9.1.0-150700.1.1 updated
- qemu-img-9.1.0-150700.1.1 updated
- qemu-tools-9.1.0-150700.1.1 updated
- util-linux-systemd-2.39.3-150600.4.12.2 updated
- libvirt-libs-10.7.0-150700.1.1 updated
- dracut-059+suse.531.g48487c31-150600.3.6.2 updated
- supermin-5.3.5-150700.1.2 updated
- dracut-fips-059+suse.531.g48487c31-150600.3.6.2 updated
- qemu-x86-9.1.0-150700.1.1 updated
- qemu-9.1.0-150700.1.1 updated
- qemu-ovmf-x86_64-202308-150600.5.3.2 updated
- libguestfs0-1.53.6-150700.1.3 updated
- libguestfs-devel-1.53.6-150700.1.3 updated
- libguestfs-appliance-1.53.6-150700.1.3 updated
- libguestfs-1.53.6-150700.1.3 updated
- container:sles15-image-15.0.0-50.18 updated
- libabsl2401_0_0-20240116.1-150600.17.7 removed
- libprocps8-3.3.17-150000.7.39.1 removed
- libprotobuf-lite25_1_0-25.1-150600.16.4.2 removed
- procps-3.3.17-150000.7.39.1 removed
More information about the sle-container-updates
mailing list