SUSE-CU-2025:418-1: Security update of suse/sles/15.7/cdi-uploadserver
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Jan 23 08:20:58 UTC 2025
SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadserver
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:418-1
Container Tags : suse/sles/15.7/cdi-uploadserver:1.58.0 , suse/sles/15.7/cdi-uploadserver:1.58.0-150700.7.35 , suse/sles/15.7/cdi-uploadserver:1.58.0.28.93
Container Release : 28.93
Severity : moderate
Type : security
References : 1219736 1234068 1235151 CVE-2024-11053
-----------------------------------------------------------------
The container suse/sles/15.7/cdi-uploadserver was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libuuid1-2.40.2-150700.1.2 updated
- libsmartcols1-2.40.2-150700.1.2 updated
- libnghttp2-14-1.64.0-150700.1.3 updated
- libgpg-error0-1.50-150700.1.2 updated
- libgcrypt20-1.11.0-150700.2.8 updated
- libblkid1-2.40.2-150700.1.2 updated
- libxml2-2-2.12.9-150700.1.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libmount1-2.40.2-150700.1.2 updated
- libfdisk1-2.40.2-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- util-linux-2.40.2-150700.1.2 updated
- curl-8.6.0-150600.4.18.1 updated
- libnettle8-3.10.1-150700.2.2 updated
- libhogweed6-3.10.1-150700.2.2 updated
- qemu-img-9.2.0-150700.1.3 updated
- libnbd0-1.20.3-150700.1.2 updated
- libnbd-1.20.3-150700.1.2 updated
- containerized-data-importer-uploadserver-1.58.0-150700.7.35 updated
- container:sles15-image-15.7.0-2.4 updated
- file-magic-5.32-7.14.1 removed
- libmagic1-5.32-7.14.1 removed
More information about the sle-container-updates
mailing list