SUSE-CU-2020:347-1: Security update of suse/sles12sp3

sle-security-updates at sle-security-updates at
Thu Jun 25 01:24:18 MDT 2020

SUSE Container Update Advisory: suse/sles12sp3
Container Advisory ID : SUSE-CU-2020:347-1
Container Tags        : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.167 , suse/sles12sp3:latest
Container Release     : 24.167
Severity              : important
Type                  : security
References            : 1102840 1156159 1160039 1170601 1171863 1171864 1171866 1172295
                        CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 

The container suse/sles12sp3 was updated. The following patches have been included in this update:

Advisory ID: SUSE-SU-2020:1662-1
Released:    Thu Jun 18 11:13:05 2020
Summary:     Security update for perl
Type:        security
Severity:    important
References:  1102840,1160039,1170601,1171863,1171864,1171866,CVE-2020-10543,CVE-2020-10878,CVE-2020-12723
This update for perl fixes the following issues:

- CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have 
  allowed overwriting of allocated memory with attacker's data (bsc#1171863).
- CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of 
  instructions into the compiled form of Perl regular expression (bsc#1171864).
- CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a 
  compiled regular expression (bsc#1171866).
- Fixed utf8 handling in perldoc by useing 'term' instead of 'man' (bsc#1170601).
- Some packages make assumptions about the date and time they are built. 
  This update will solve the issues caused by calling the perl function timelocal
  expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039)

Advisory ID: SUSE-RU-2020:1689-1
Released:    Fri Jun 19 11:03:49 2020
Summary:     Recommended update for audit
Type:        recommended
Severity:    important
References:  1156159,1172295
This update for audit fixes the following issues:

- Fix specfile to require libauparse0 and libaudit1 after splitting audit-libs. (bsc#1172295)
- Fix hang on startup. (bsc#1156159)

More information about the sle-security-updates mailing list