SUSE-CU-2025:444-1: Security update of suse/sles/15.7/libguestfs-tools
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Jan 24 08:11:18 UTC 2025
SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:444-1
Container Tags : suse/sles/15.7/libguestfs-tools:1.1.1 , suse/sles/15.7/libguestfs-tools:1.1.1-150700.9.40 , suse/sles/15.7/libguestfs-tools:1.1.1.28.108
Container Release : 28.108
Severity : important
Type : security
References : 1082756 1189451 1203617 1219736 1220338 1231048 1232227 1232844
1233285 1233287 1233292 1234015 1234068 1234749 1234940 1235097
1235151 CVE-2024-11053 CVE-2024-52530 CVE-2024-52531 CVE-2024-52532
-----------------------------------------------------------------
The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4355-1
Released: Tue Dec 17 13:35:13 2024
Summary: Security update for libsoup
Type: security
Severity: important
References: 1233285,1233287,1233292,CVE-2024-52530,CVE-2024-52531,CVE-2024-52532
This update for libsoup fixes the following issues:
- CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285)
- CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292)
- CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287)
Other fixes:
- websocket-test: disconnect error copy after the test ends (glgo#GNOME/libsoup#391).
- fix an intermittent test failure (glgo#GNOME/soup#399).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4363-1
Released: Tue Dec 17 16:12:41 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update v0.390
* Update pci and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4402-1
Released: Fri Dec 20 16:41:09 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:79-1
Released: Mon Jan 13 12:50:24 2025
Summary: Recommended update for libnl3, ovpn-dco, openVPN
Type: recommended
Severity: moderate
References: 1082756,1189451
This update for libnl3, ovpn-dco, openVPN fixes the following issue:
- Update libnl to release 3.9
- Create Multibuild Environment to support openVPN Data Channel Offload (openvpn-dco package)(#PED-8305)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:151-1
Released: Thu Jan 16 20:44:56 2025
Summary: Recommended update for libproxy
Type: recommended
Severity: moderate
References: 1234940,1235097
This update for libproxy fixes the following issues:
- Properly handle empty proxy ignore entry (bsc#1234940).
- Ignore invalid proxy URI to suppress GUri warnings (bsc#1235097).
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libuuid1-2.40.2-150700.1.2 updated
- libsmartcols1-2.40.2-150700.1.2 updated
- libnghttp2-14-1.64.0-150700.1.3 updated
- libgpg-error0-1.50-150700.1.2 updated
- libudev1-254.21-150600.4.21.1 updated
- findutils-4.10.0-150700.1.2 updated
- libgcrypt20-1.11.0-150700.2.8 updated
- libblkid1-2.40.2-150700.1.2 updated
- libxml2-2-2.12.9-150700.1.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libmount1-2.40.2-150700.1.2 updated
- libfdisk1-2.40.2-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- sles-release-15.7-150700.17.2 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- libzypp-17.35.16-150600.3.39.1 updated
- util-linux-2.40.2-150700.1.2 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- curl-8.6.0-150600.4.18.1 updated
- kbd-2.4.0-150700.13.1 updated
- libguestfs-winsupport-1.55.2-150700.1.2 updated
- guestfs-tools-1.53.5-150700.1.1 updated
- libbpf1-1.5.0-150700.1.1 updated
- libcbor0_10-0.10.1-150500.1.1 added
- libdevmapper1_03-2.03.24_1.02.198-150700.1.2 updated
- libexpat1-2.6.4-150700.1.2 updated
- libhivex0-1.3.24-150700.1.3 updated
- libnettle8-3.10.1-150700.2.2 updated
- libnl-config-3.9.0-150600.15.4.4 updated
- libopenssl1_1-1.1.1w-150700.9.8 updated
- libusdm0-24.09.0-150700.1.1 added
- pigz-2.8-150700.1.2 updated
- qemu-accel-tcg-x86-9.2.0-150700.1.3 updated
- qemu-ipxe-9.2.0-150700.1.3 updated
- qemu-seabios-9.2.01.16.3_3_g3d33c746-150700.1.3 updated
- qemu-vgabios-9.2.01.16.3_3_g3d33c746-150700.1.3 updated
- libndctl6-80-150700.1.2 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libhogweed6-3.10.1-150700.2.2 updated
- libnl3-200-3.9.0-150600.15.4.4 updated
- virtiofsd-1.12.0-150700.1.4 updated
- libqat4-24.09.0-150700.1.1 added
- bind-utils-9.20.3-150700.1.3 updated
- xkeyboard-config-2.42-150700.1.1 updated
- hwdata-0.390-150000.3.74.2 updated
- libmpath0-0.10.1~2+112+suse.b66763a-150700.1.2 updated
- xen-libs-4.20.0_02-150700.1.4 updated
- libqatzip3-1.2.0-150700.1.1 added
- qemu-vmsr-helper-9.2.0-150700.1.3 updated
- qemu-pr-helper-9.2.0-150700.1.3 updated
- qemu-img-9.2.0-150700.1.3 updated
- systemd-254.21-150600.4.21.1 updated
- qemu-tools-9.2.0-150700.1.3 updated
- util-linux-systemd-2.40.2-150700.1.3 updated
- libvirt-libs-10.10.0-150700.2.2 updated
- libpxbackend-1_0-0.5.3-150600.4.6.2 updated
- wicked-0.6.78-150700.1.2 updated
- wicked-service-0.6.78-150700.1.2 updated
- libproxy1-0.5.3-150600.4.6.2 updated
- udev-254.21-150600.4.21.1 updated
- supermin-5.3.5-150700.2.2 updated
- rdma-core-54.0-150700.1.3 updated
- libsoup-3_0-0-3.4.4-150600.3.3.1 updated
- libibverbs1-54.0-150700.1.3 updated
- libmlx5-1-54.0-150700.1.3 updated
- libosinfo-1_0-0-1.12.0-150700.1.2 updated
- libosinfo-1.12.0-150700.1.2 updated
- libmlx4-1-54.0-150700.1.3 updated
- libmana1-54.0-150700.1.3 updated
- libhns1-54.0-150700.1.3 updated
- libefa1-54.0-150700.1.3 updated
- libibverbs-54.0-150700.1.3 updated
- librdmacm1-54.0-150700.1.3 updated
- qemu-x86-9.2.0-150700.1.3 updated
- qemu-9.2.0-150700.1.3 updated
- qemu-ovmf-x86_64-202408-150700.1.2 updated
- libguestfs0-1.55.2-150700.1.2 updated
- libguestfs-devel-1.55.2-150700.1.2 updated
- libguestfs-appliance-1.55.2-150700.1.2 updated
- libguestfs-1.55.2-150700.1.2 updated
- container:sles15-image-15.7.0-2.4 updated
- kbd-legacy-2.4.0-150400.5.6.1 removed
- libjansson4-2.14-150000.3.5.1 removed
More information about the sle-container-updates
mailing list