SUSE-CU-2025:1843-1: Recommended update of bci/bci-minimal

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Mar 19 14:40:27 UTC 2025 

SUSE Container Update Advisory: bci/bci-minimal
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:1843-1
Container Tags        : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.32.7 , bci/bci-minimal:latest
Container Release     : 32.7
Severity              : moderate
Type                  : recommended
References            : 1202870 1207789 1209627 1220893 1220895 1220896 1225936 1225939
                        1225941 1225942 
-----------------------------------------------------------------

The container bci/bci-minimal was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2796-1
Released:    Fri Aug 12 14:34:31 2022
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  
This update for jitterentropy fixes the following issues:

jitterentropy is included in version 3.4.0 (jsc#SLE-24941):

This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, 
used by other FIPS libraries.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3328-1
Released:    Wed Sep 21 12:48:56 2022
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  1202870
This update for jitterentropy fixes the following issues:

- Hide the non-GNUC constructs that are library internal from the 
  exported header, to make it usable in builds with strict C99
  compliance. (bsc#1202870)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:617-1
Released:    Fri Mar  3 16:49:06 2023
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  1207789
This update for jitterentropy fixes the following issues:

- build jitterentropy library with debuginfo (bsc#1207789)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2024-1
Released:    Thu Jun 13 16:15:18 2024
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  1209627
This update for jitterentropy fixes the following issues:

- Fixed a stack corruption on s390x: [bsc#1209627]
  * Output size of the STCKE command on s390x is 16 bytes, compared
    to 8 bytes of the STCK command. Fix a stack corruption in the
    s390x version of jent_get_nstime(). Add some more detailed
    information on the STCKE command.

Updated to 3.4.1

* add FIPS 140 hints to man page
* simplify the test tool to search for optimal configurations
* fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0
* enhancement: add ARM64 assembler code to read high-res timer
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:915-1
Released:    Wed Mar 19 08:04:05 2025
Summary:     Recommended update for libgcrypt
Type:        recommended
Severity:    moderate
References:  1220893,1220895,1220896,1225936,1225939,1225941,1225942
This update for libgcrypt fixes the following issues:

- FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939]
- FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939]
- FIPS: Disable setting the library in non-FIPS mode [bsc#1220893]
- FIPS: Disallow rsa < 2048 [bsc#1225941]
  * Mark RSA operations with keysize < 2048 as non-approved in the SLI
- FIPS: Service level indicator for libgcrypt [bsc#1225939]
- FIPS: Consider deprecate sha1 [bsc#1225942]
  * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will
    transition at the end of 2030. Mark SHA1 as non-approved in SLI.
- FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936]
  * cipher: Do not run RSA encryption selftest by default
- FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG
  for the whole length entropy buffer in FIPS mode. [bsc#1220893]
- FIPS: Set the FSM into error state if Jitter RNG is returning an
  error code to the caller when an health test error occurs when
  random bytes are requested through the jent_read_entropy_safe()
  function. [bsc#1220895]
- FIPS: Replace the built-in jitter rng with standalone version
  * Remove the internal jitterentropy copy [bsc#1220896]


The following package changes have been done:

- libgcrypt20-1.10.3-150600.3.3.1 updated
- libjitterentropy3-3.4.1-150000.1.12.1 added

More information about the sle-container-updates mailing list