SUSE-CU-2025:4279-1: Security update of bci/dotnet-runtime
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat Jun 14 07:26:32 UTC 2025
SUSE Container Update Advisory: bci/dotnet-runtime
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4279-1
Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.6 , bci/dotnet-runtime:9.0.6-11.1 , bci/dotnet-runtime:latest
Container Release : 11.1
Severity : important
Type : security
References : 1220262 1220523 1220690 1220693 1220696 1221365 1221751 1221752
1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827
1222899 1223336 1223428 1224388 1225291 1225551 1226463 1227138
1229465 1230698 1230959 1231748 1232326 1236136 1240366 1240607
CVE-2023-50782 CVE-2024-13176 CVE-2024-41996 CVE-2024-4603 CVE-2024-4741
CVE-2024-5535 CVE-2024-6119 CVE-2025-27587
-----------------------------------------------------------------
The container bci/dotnet-runtime was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2066-1
Released: Tue Jun 18 13:16:09 2024
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741
This update for openssl-3 fixes the following issues:
Security issues fixed:
- CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388)
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
Other issues fixed:
- Enable livepatching support (bsc#1223428)
- Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2635-1
Released: Tue Jul 30 09:14:09 2024
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1222899,1223336,1226463,1227138,CVE-2024-5535
This update for openssl-3 fixes the following issues:
Security fixes:
- CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
- Build with enabled sm2 and sm4 support (bsc#1222899)
- Fix non-reproducibility issue (bsc#1223336)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3106-1
Released: Tue Sep 3 17:00:40 2024
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119
This update for openssl-3 fixes the following issues:
- CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)
Other fixes:
- FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365).
- FIPS: RSA keygen PCT requirements.
- FIPS: Check that the fips provider is available before setting
it as the default provider in FIPS mode (bsc#1220523).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: Block non-Approved Elliptic Curves (bsc#1221786).
- FIPS: Service Level Indicator (bsc#1221365).
- FIPS: Output the FIPS-validation name and module version which uniquely
identify the FIPS validated module (bsc#1221751).
- FIPS: Add required selftests: (bsc#1221760).
- FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821).
- FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827).
- FIPS: Zero initialization required (bsc#1221752).
- FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696).
- FIPS: NIST SP 800-56Brev2 (bsc#1221824).
- FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: NIST SP 800-56Arev3 (bsc#1221822).
- FIPS: Error state has to be enforced (bsc#1221753).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3501-1
Released: Tue Oct 1 16:03:34 2024
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1230698,CVE-2024-41996
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3943-1
Released: Thu Nov 7 11:12:00 2024
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1220262,CVE-2023-50782
This update for openssl-3 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:430-1
Released: Tue Feb 11 15:13:32 2025
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1236136,CVE-2024-13176
This update for openssl-3 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1550-1
Released: Fri May 16 02:16:11 2025
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1230959,1231748,1232326,1240366,1240607,CVE-2025-27587
This update for openssl-3 fixes the following issues:
Security:
- CVE-2025-27587: Timing side channel vulnerability in the P-384
implementation when used with ECDSA in the PPC architecture (bsc#1240366).
- Missing null pointer check before accessing handshake_func in ssl_lib.c (bsc#1240607).
FIPS:
- Disabling EMS in OpenSSL configuration prevents sshd from starting (bsc#1230959, bsc#1232326, bsc#1231748).
The following package changes have been done:
- libopenssl3-3.1.4-150600.5.27.1 added
- libopenssl-3-fips-provider-3.1.4-150600.5.27.1 added
- libopenssl1_1-1.1.1w-150600.5.12.2 removed
More information about the sle-container-updates
mailing list