SUSE-CU-2025:2532-1: Security update of bci/golang

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Apr 16 07:24:32 UTC 2025 

SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:2532-1
Container Tags        : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.52 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.52
Container Release     : 55.52
Severity              : important
Type                  : security
References            : 1234128 1234713 1237374 1239618 1239883 CVE-2024-8176 
-----------------------------------------------------------------

The container bci/golang was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1198-1
Released:    Fri Apr 11 09:46:09 2025
Summary:     Recommended update for glibc
Type:        recommended
Severity:    important
References:  1234128,1234713,1239883
This update for glibc fixes the following issues:

- Fix the lost wakeup from a bug in signal stealing (bsc#1234128)
- Mark functions in libc_nonshared.a as hidden (bsc#1239883)
- Bump minimal kernel version to 4.3 to enable use of direct socketcalls
  on x86-32 and s390x (bsc#1234713)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1201-1
Released:    Fri Apr 11 12:15:58 2025
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1239618,CVE-2024-8176
This update for expat fixes the following issues:

- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused 
  by stack overflow by resolving use of recursion (bsc#1239618)

Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
     Bug fixes:
       #980 #989  Restore event pointer behavior from Expat 2.6.4
                    (that the fix to CVE-2024-8176 changed in 2.7.0);
                    affected API functions are:
                    - XML_GetCurrentByteCount
                    - XML_GetCurrentByteIndex
                    - XML_GetCurrentColumnNumber
                    - XML_GetCurrentLineNumber
                    - XML_GetInputContext
     Other changes:
       #976 #977  Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
                    with Automake that were missing from 2.7.0 release tarballs
       #983 #984  Fix printf format specifiers for 32bit Emscripten
            #992  docs: Promote OpenSSF Best Practices self-certification
            #978  tests/benchmark: Resolve mistaken double close
            #986  Address compiler warnings
       #990 #993  Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
                    to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
                    for what these numbers do
        Infrastructure:
            #982  CI: Start running Perl XML::Parser integration tests
            #987  CI: Enforce Clang Static Analyzer clean code
            #991  CI: Re-enable warning clang-analyzer-valist.Uninitialized
                    for clang-tidy
            #981  CI: Cover compilation with musl
       #983 #984  CI: Cover compilation with 32bit Emscripten
       #976 #977  CI: Protect against fuzzer files missing from future
                    release archives

- version update to 2.7.0
       #935 #937  Autotools: Make generated CMake files look for
                    libexpat. at SO_MAJOR@.dylib on macOS
            #925  Autotools: Sync CMake templates with CMake 3.29
  #945 #962 #966  CMake: Drop support for CMake <3.13
            #942  CMake: Small fuzzing related improvements
            #921  docs: Add missing documentation of error code
                    XML_ERROR_NOT_STARTED that was introduced with 2.6.4
            #941  docs: Document need for C++11 compiler for use from C++
            #959  tests/benchmark: Fix a (harmless) TOCTTOU
            #944  Windows: Fix installer target location of file xmlwf.xml
                    for CMake
            #953  Windows: Address warning -Wunknown-warning-option
                    about -Wno-pedantic-ms-format from LLVM MinGW
            #971  Address Cppcheck warnings
       #969 #970  Mass-migrate links from http:// to https://
    #947 #958 ..
       #974 #975  Document changes since the previous release
       #974 #975  Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
                    to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
                    for what these numbers do

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1245-1
Released:    Mon Apr 14 13:31:49 2025
Summary:     Recommended update for pkg-config
Type:        recommended
Severity:    moderate
References:  1237374
This update for rsync fixes the following issues:

- Security scan found old glib in pkg-config (bsc#1237374).
- This update for pkg-config changes attribute to the author who actually
  makes the change


The following package changes have been done:

- libexpat1-2.7.1-150400.3.28.1 updated
- pkg-config-0.29.2-150600.15.6.3 updated
- glibc-devel-2.38-150600.14.26.1 updated

More information about the sle-container-updates mailing list