SUSE-CU-2025:443-1: Security update of suse/sles/15.7/virt-launcher

Fri Jan 24 08:11:13 UTC 2025

SUSE Container Update Advisory: suse/sles/15.7/virt-launcher
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:443-1
Container Tags        : suse/sles/15.7/virt-launcher:1.1.1 , suse/sles/15.7/virt-launcher:1.1.1-150700.9.40 , suse/sles/15.7/virt-launcher:1.1.1.34.75
Container Release     : 34.75
Severity              : important
Type                  : security
References            : 1082756 1189451 1203617 1219736 1220338 1225462 1229238 1231048
                        1231373 1232227 1232844 1234015 1234068 1235151 CVE-2024-11053
                        CVE-2024-43374 CVE-2024-47814 CVE-2024-54661 
-----------------------------------------------------------------

The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released:    Wed Dec 11 09:31:32 2024
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1234068,CVE-2024-11053
This update for curl fixes the following issues:

  - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4295-1
Released:    Wed Dec 11 15:40:56 2024
Summary:     Security update for socat
Type:        security
Severity:    moderate
References:  1225462,CVE-2024-54661
This update for socat fixes the following issues:

- CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory in socat readline.sh (bsc#1225462)  

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4330-1
Released:    Mon Dec 16 14:17:15 2024
Summary:     Security update for vim
Type:        security
Severity:    low
References:  1229238,1231373,CVE-2024-43374,CVE-2024-47814
This update for vim fixes the following issues:

  - CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373)
  - CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238)

Other fixes:

- Updated to version 9.1.0836

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released:    Tue Dec 17 08:17:39 2024
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1231048,1232844
This update for systemd fixes the following issues:

- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released:    Thu Dec 19 08:23:55 2024
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1203617
This update for aaa_base fixes the following issues:

- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released:    Fri Jan  3 14:53:56 2025
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1220338,1232227,1234015
This update for systemd fixes the following issues:

- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released:    Thu Jan  9 16:04:03 2025
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1219736
This update for permissions fixes the following issues:

- Update to version 20240826:

  * chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released:    Mon Jan 13 10:43:05 2025
Summary:     Recommended update for curl
Type:        recommended
Severity:    moderate
References:  1235151

This update for curl fixes the following issue:

- smtp: for starttls, do full upgrade [bsc#1235151]
  * Make sure the TLS handshake after a successful STARTTLS command
    is fully done before further sending/receiving on the connection.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:79-1
Released:    Mon Jan 13 12:50:24 2025
Summary:     Recommended update for libnl3, ovpn-dco, openVPN
Type:        recommended
Severity:    moderate
References:  1082756,1189451
This update for libnl3, ovpn-dco, openVPN fixes the following issue:

- Update libnl to release 3.9
- Create Multibuild Environment to support openVPN Data Channel Offload (openvpn-dco package)(#PED-8305)

The following package changes have been done:

- glibc-2.38-150700.19.2 updated
- libuuid1-2.40.2-150700.1.2 updated
- libsmartcols1-2.40.2-150700.1.2 updated
- libnghttp2-14-1.64.0-150700.1.3 updated
- libgpg-error0-1.50-150700.1.2 updated
- libudev1-254.21-150600.4.21.1 updated
- findutils-4.10.0-150700.1.2 updated
- libgcrypt20-1.11.0-150700.2.8 updated
- libblkid1-2.40.2-150700.1.2 updated
- libxml2-2-2.12.9-150700.1.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libmount1-2.40.2-150700.1.2 updated
- libfdisk1-2.40.2-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- sles-release-15.7-150700.17.2 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- util-linux-2.40.2-150700.1.2 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- curl-8.6.0-150600.4.18.1 updated
- kbd-2.4.0-150700.13.1 updated
- kubevirt-container-disk-1.1.1-150700.9.40 updated
- libbpf1-1.5.0-150700.1.1 updated
- libcbor0_10-0.10.1-150500.1.1 added
- libdevmapper1_03-2.03.24_1.02.198-150700.1.2 updated
- libexpat1-2.6.4-150700.1.2 updated
- libnettle8-3.10.1-150700.2.2 updated
- libnl-config-3.9.0-150600.15.4.4 updated
- libusdm0-24.09.0-150700.1.1 added
- qemu-accel-tcg-x86-9.2.0-150700.1.3 updated
- qemu-hw-usb-host-9.2.0-150700.1.3 updated
- qemu-ipxe-9.2.0-150700.1.3 updated
- qemu-seabios-9.2.01.16.3_3_g3d33c746-150700.1.3 updated
- qemu-vgabios-9.2.01.16.3_3_g3d33c746-150700.1.3 updated
- vim-data-common-9.1.0836-150500.20.15.1 updated
- libndctl6-80-150700.1.2 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libhogweed6-3.10.1-150700.2.2 updated
- libnl3-200-3.9.0-150600.15.4.4 updated
- virtiofsd-1.12.0-150700.1.4 updated
- qemu-hw-usb-redirect-9.2.0-150700.1.3 updated
- libqat4-24.09.0-150700.1.1 added
- socat-1.8.0.0-150600.20.6.1 updated
- vim-small-9.1.0836-150500.20.15.1 updated
- xen-libs-4.20.0_02-150700.1.4 updated
- libqatzip3-1.2.0-150700.1.1 added
- qemu-img-9.2.0-150700.1.3 updated
- systemd-254.21-150600.4.21.1 updated
- udev-254.21-150600.4.21.1 updated
- systemd-container-254.21-150600.4.21.1 updated
- libvirt-libs-10.10.0-150700.2.2 updated
- rdma-core-54.0-150700.1.3 updated
- libvirt-daemon-log-10.10.0-150700.2.2 updated
- libvirt-client-10.10.0-150700.2.2 updated
- kubevirt-virt-launcher-1.1.1-150700.9.40 updated
- swtpm-0.9.0-150700.1.2 updated
- libibverbs1-54.0-150700.1.3 updated
- libmlx5-1-54.0-150700.1.3 updated
- libvirt-daemon-common-10.10.0-150700.2.2 updated
- libmlx4-1-54.0-150700.1.3 updated
- libmana1-54.0-150700.1.3 updated
- libhns1-54.0-150700.1.3 updated
- libefa1-54.0-150700.1.3 updated
- libibverbs-54.0-150700.1.3 updated
- librdmacm1-54.0-150700.1.3 updated
- qemu-ovmf-x86_64-202408-150700.1.2 updated
- qemu-x86-9.2.0-150700.1.3 updated
- qemu-9.2.0-150700.1.3 updated
- libvirt-daemon-driver-qemu-10.10.0-150700.2.2 updated
- container:sles15-image-15.7.0-2.4 updated
- kbd-legacy-2.4.0-150400.5.6.1 removed