SUSE-CU-2025:115-1: Security update of bci/golang
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Jan 10 08:08:58 UTC 2025
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:115-1
Container Tags : bci/golang:1.22 , bci/golang:1.22.10 , bci/golang:1.22.10-2.48.4 , bci/golang:oldstable , bci/golang:oldstable-2.48.4
Container Release : 48.4
Severity : important
Type : security
References : 1218424 1218424 1220262 1220338 1231048 1231833 1232227 1232528
1232579 1232844 1233520 1233699 1234015 1234068 CVE-2023-50782
CVE-2024-11053 CVE-2024-50602 CVE-2024-9681
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3865-1
Released: Fri Nov 1 16:10:37 2024
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1231833
This update for gcc14 fixes the following issues:
- Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3925-1
Released: Wed Nov 6 11:14:28 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1232528,CVE-2024-9681
This update for curl fixes the following issues:
- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3943-1
Released: Thu Nov 7 11:12:00 2024
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1220262,CVE-2023-50782
This update for openssl-3 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4003-1
Released: Mon Nov 18 10:47:33 2024
Summary: Recommended update for go1.22
Type: recommended
Severity: moderate
References: 1218424
This update for go1.22 fixes the following issues:
- Update to version go1.22.9 (bsc#1218424)
* runtime: TestGdbAutotmpTypes failures
* cmd/link: LC_UUID not generated by go linker, resulting in failure to access local network on macOS 15
* cmd/cgo/internal/testcarchive: TestManyCalls failures
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4035-1
Released: Mon Nov 18 16:22:57 2024
Summary: Security update for expat
Type: security
Severity: moderate
References: 1232579,CVE-2024-50602
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4045-1
Released: Mon Nov 25 08:33:05 2024
Summary: Recommended update for patterns-base
Type: recommended
Severity: moderate
References:
This update for patterns-base fixes the following issue:
- Updated patterns-base, removing plymouth recommendation on s390x archs.
Our certification team run into an issue (jsc#PED-10532), when they
run bare metal installation with fully encrypted disk.
If the whole disk is crypted, the prompt for the password is sent to
plymouth, which is obviously showing nothing because for booting bare
metal (LPAR) is used terminal in HMC.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4066-1
Released: Tue Nov 26 11:11:21 2024
Summary: Recommended update for lifecycle-data-sle-module-development-tools
Type: recommended
Severity: moderate
References:
This update for lifecycle-data-sle-module-development-tools fixes the following issues:
- mark past EOL dates for go1.20, go1.21, as now we have go1.22 and go1.23
- mark EOL date for gcc13 (2025-04-30).
- added missing EOLs for rust 1.xx (release date of N+2 , +7 days )
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4104-1
Released: Thu Nov 28 16:06:00 2024
Summary: Recommended update for lifecycle-data-sle-module-development-tools
Type: recommended
Severity: moderate
References:
This update for lifecycle-data-sle-module-development-tools fixes the following issues:
- fixed cpp13 lifecycle entry with incorrect year
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4224-1
Released: Fri Dec 6 10:24:50 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1233699
This update for glibc fixes the following issue:
- Remove nss-systemd from default nsswitch.conf (bsc#1233699).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4260-1
Released: Mon Dec 9 10:07:36 2024
Summary: Recommended update for go1.22
Type: recommended
Severity: moderate
References: 1218424
This update for go1.22 fixes the following issues:
- go1.22.10 (released 2024-12-03) includes fixes to the runtime and
the syscall package. (bsc#1218424)
* go#70201 syscall: SyscallN always escapes the variadic argument
* go#70238 time: TestLoadFixed failures
* go#70474 sync/atomic: TestNilDeref flaky failure on windows-386 with runtime fatal error
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4415-1
Released: Mon Dec 23 20:45:48 2024
Summary: Recommended update for binutils
Type: recommended
Severity: moderate
References: 1233520
This update for binutils fixes the following issues:
Update to current 2.43.1 branch [PED-10254, PED-10306]:
* s390 - Add arch15 instructions
* various fixes from upstream: PR32153, PR32171, PR32189,
PR32196, PR32191, PR32109, PR32372, PR32387
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- glibc-2.38-150600.14.17.2 updated
- libgcc_s1-14.2.0+git10526-150000.1.6.1 updated
- libstdc++6-14.2.0+git10526-150000.1.6.1 updated
- libopenssl3-3.1.4-150600.5.21.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated
- patterns-base-fips-20200124-150600.32.3.2 updated
- libcurl4-8.6.0-150600.4.15.1 updated
- curl-8.6.0-150600.4.15.1 updated
- go1.22-doc-1.22.10-150000.1.36.1 updated
- libatomic1-14.2.0+git10526-150000.1.6.1 updated
- libctf-nobfd0-2.43-150100.7.52.1 updated
- libexpat1-2.4.4-150400.3.25.1 updated
- libgomp1-14.2.0+git10526-150000.1.6.1 updated
- libitm1-14.2.0+git10526-150000.1.6.1 updated
- liblsan0-14.2.0+git10526-150000.1.6.1 updated
- lifecycle-data-sle-module-development-tools-1-150200.3.33.1 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libctf0-2.43-150100.7.52.1 updated
- binutils-2.43-150100.7.52.1 updated
- glibc-devel-2.38-150600.14.17.2 updated
- go1.22-1.22.10-150000.1.36.1 updated
- go1.22-race-1.22.10-150000.1.36.1 updated
- container:registry.suse.com-bci-bci-base-15.6-5eec4a1777d05deeeb4e305812d7686e5db266f4813fb015d59ac5c4524afd6e-0 updated
More information about the sle-container-updates
mailing list