SUSE-CU-2025:1720-1: Security update of bci/golang

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Mar 12 08:46:17 UTC 2025 

SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:1720-1
Container Tags        : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.38 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.38
Container Release     : 55.38
Severity              : important
Type                  : security
References            : 1224044 1231463 1233282 1237374 CVE-2024-34397 CVE-2024-52533
-----------------------------------------------------------------

The container bci/golang was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1950-1
Released:    Fri Jun  7 17:20:14 2024
Summary:     Security update for glib2
Type:        security
Severity:    moderate
References:  1224044,CVE-2024-34397
This update for glib2 fixes the following issues:

Update to version 2.78.6:

+ Fix a regression with IBus caused by the fix for CVE-2024-34397

Changes in version 2.78.5:

+ Fix CVE-2024-34397: GDBus signal subscriptions for well-known
  names are vulnerable to unicast spoofing. (bsc#1224044)
+ Bugs fixed:
  - gvfs-udisks2-volume-monitor SIGSEGV in
    g_content_type_guess_for_tree() due to filename with bad
    encoding
  - gcontenttype: Make filename valid utf-8 string before processing.
  - gdbusconnection: Don't deliver signals if the sender doesn't match.

Changes in version 2.78.4:

+ Bugs fixed:
  - Fix generated RST anchors for methods, signals and properties.
  - docs/reference: depend on a native gtk-doc.
  - gobject_gdb.py: Do not break bt on optimized build.
  - gregex: clean up usage of _GRegex.jit_status.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4254-1
Released:    Fri Dec  6 18:03:05 2024
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1231463,1233282,CVE-2024-52533
This update for glib2 fixes the following issues:

Security issues fixed:

- CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282).

Non-security issue fixed:

- Fix error when uninstalling packages (bsc#1231463).


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:794-1
Released:    Thu Mar  6 07:59:29 2025
Summary:     Recommended update for pkg-config
Type:        recommended
Severity:    important
References:  1237374
This update for pkg-config fixes the following issues:

- Build with system GLib instead of bundled GLib (bsc#1237374).


The following package changes have been done:

- libglib-2_0-0-2.78.6-150600.4.8.1 added
- pkg-config-0.29.2-150600.15.3.1 updated
- container:registry.suse.com-bci-bci-base-15.6-d14843b944f1f4f869ea7501aa763d50e0e36522274d9c9ef88b053f6692e1ae-0 updated

More information about the sle-container-updates mailing list