SUSE-CU-2022:723-1: Security update of bci/dotnet-sdk

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Apr 26 07:43:14 UTC 2022


SUSE Container Update Advisory: bci/dotnet-sdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:723-1
Container Tags        : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-14.2 , bci/dotnet-sdk:6.0.4 , bci/dotnet-sdk:6.0.4-14.2 , bci/dotnet-sdk:latest
Container Release     : 14.2
Severity              : important
Type                  : security
References            : 1158955 1159131 1161007 1162882 1167603 1172427 1182252 1182645
                        1182959 1191502 1193086 1194642 1194642 1194883 1195149 1195247
                        1195529 1195792 1195856 1195899 1196093 1196275 1196406 1196567
                        1196647 1196939 1197004 1197024 1197459 1198062 CVE-2018-25032
                        CVE-2022-1271 
-----------------------------------------------------------------

The container bci/dotnet-sdk was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4063-1
Released:    Tue Dec 14 13:58:09 2021
Summary:     Security update for icu.691
Type:        security
Severity:    important
References:  1158955,1159131,1161007,1162882,1167603,1182252,1182645
This update for icu.691 fixes the following issues:


- Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. (jsc#SLE-17893)
- Fix undefined behaviour in 'ComplexUnitsConverter::applyRounder'

- Update to release 69.1
  - For Norwegian, 'no' is back to being the canonical code, with
    'nb' treated as equivalent. This aligns handling of Norwegian
    with other macro language codes.
  - Binary prefixes in measurement units (KiB, MiB, etc.)
  - Time zone offsets from local time with new APIs.
- Don't disable testsuite under 'qemu-linux-user'
- Fixed an issue when ICU test on 'aarch64 fails. (bsc#1182645)
- Drop 'SUSE_ASNEEDED' as the issue was in binutils. (bsc#1182252)
- Fix 'pthread' dependency issue. (bsc#1182252)

- Update to release 68.2
  - Fix memory problem in 'FormattedStringBuilder'
  - Fix assertion when 'setKeywordValue w/' long value.
  - Fix UBSan breakage on 8bit of rbbi
  - fix int32_t overflow in listFormat
  - Fix memory handling in MemoryPool::operator=()
  - Fix memory leak in AliasReplacer

- Add back icu.keyring.
- Update to release 68.1
  - PluralRules selection for ranges of numbers
  - Locale ID canonicalization now conforms to the CLDR spec including edge cases
  - DateIntervalFormat supports output options such as capitalization
  - Measurement units are normalized in skeleton string output
  - Time zone data (tzdata) version 2020d

- Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) 
- Update to version 67.1
  - Unicode 13 (ICU-20893, same as in ICU 66)
    - Total of 5930 new characters
    - 4 new scripts
    - 55 new emoji characters, plus additional new sequences
    - New CJK extension, first characters in plane 3: U+30000..U+3134A
    - New language at Modern coverage: Nigerian Pidgin
    - New languages at Basic coverage: Fulah (Adlam), Maithili,
      Manipuri, Santali, Sindhi (Devanagari), Sundanese
    - Region containment: EU no longer includes GB
    - Unicode 13 root collation data and Chinese data for collation and transliteration
  - DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier
  - Various other improvements for ECMA-402 conformance
  - Number skeletons have a new 'concise' form that can be used in MessageFormat strings
  - Currency formatting options for formal and other currency display name variants
  - ListFormatter: new public API to select the style & type
  - ListFormatter now selects the proper “and”/“or” form for Spanish & Hebrew.
  - Locale ID canonicalization upgraded to implement the complete CLDR spec.
  - LocaleMatcher: New option to ignore one-way matches
  - acceptLanguage() reimplemented via LocaleMatcher
  - Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category
  - Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type
  - and added a few API overloads to reduce the need for reinterpret_cast.
  - Support for manipulating CLDR 37 unit identifiers in MeasureUnit.

- Drop icu-versioning. (bsc#1159131)
- Update to version 66.1
  - Unicode 13 support
  - Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type.

- Fixed an issue when Qt apps can't handle non-ASCII filesystem path. ([bsc#1162882)
- Remove '/usr/lib(64)/icu/current'. (bsc#1158955)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:787-1
Released:    Thu Mar 10 11:20:13 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  
This update for openldap2 fixes the following issue:

- restore CLDAP functionality in CLI tools (jsc#PM-3288)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:861-1
Released:    Tue Mar 15 23:30:48 2022
Summary:     Recommended update for openssl-1_1 
Type:        recommended
Severity:    moderate
References:  1182959,1195149,1195792,1195856
This update for openssl-1_1 fixes the following issues:

openssl-1_1:

- Fix PAC pointer authentication in ARM (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
    
glibc:

- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1
    
linux-glibc-devel:

- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1

libxcrypt:

- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1

zlib:

- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:874-1
Released:    Wed Mar 16 10:40:52 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1197004
This update for openldap2 fixes the following issue:

- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:905-1
Released:    Mon Mar 21 08:46:09 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    important
References:  1172427,1194642
This update for util-linux fixes the following issues:

- Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642)
- Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642)
- Fix `su -s` bash completion. (bsc#1172427)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:936-1
Released:    Tue Mar 22 18:10:17 2022
Summary:     Recommended update for filesystem and systemd-rpm-macros
Type:        recommended
Severity:    moderate
References:  1196275,1196406
This update for filesystem and systemd-rpm-macros fixes the following issues:

filesystem:

- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)

systemd-rpm-macros:

- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released:    Wed Mar 30 16:20:56 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1196093,1197024
This update for pam fixes the following issues:

- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. 
  This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released:    Wed Mar 30 18:27:06 2022
Summary:     Security update for zlib
Type:        security
Severity:    important
References:  1197459,CVE-2018-25032
This update for zlib fixes the following issues:

- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released:    Mon Apr  4 12:53:05 2022
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1194883
This update for aaa_base fixes the following issues:

- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
  multi byte characters as well as support the vi mode of readline library

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1107-1
Released:    Mon Apr  4 17:49:17 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1194642
This update for util-linux fixes the following issue:

- Improve throughput and reduce clock sequence increments for high load situation with time based 
  version 1 uuids. (bsc#1194642)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released:    Tue Apr 12 14:44:43 2022
Summary:     Security update for xz
Type:        security
Severity:    important
References:  1198062,CVE-2022-1271
This update for xz fixes the following issues:

- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1170-1
Released:    Tue Apr 12 18:20:07 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1191502,1193086,1195247,1195529,1195899,1196567
This update for systemd fixes the following issues:

- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
- When migrating from sysvinit to systemd (it probably won't happen anymore),
  let's use the default systemd target, which is the graphical.target one.
- Don't open /var journals in volatile mode when runtime_journal==NULL
- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: ignore failures for auxiliary files
- install: make UnitFileChangeType enum anonymous
- shared/install: reduce scope of iterator variables
- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
- Drop or soften some of the deprecation warnings (bsc#1193086)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released:    Wed Apr 20 12:26:38 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1196647
This update for libtirpc fixes the following issues:

- Add option to enforce connection via protocol version 2 first (bsc#1196647)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released:    Fri Apr 22 10:04:46 2022
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    moderate
References:  1196939
This update for e2fsprogs fixes the following issues:

- Add support for 'libreadline7' for Leap. (bsc#1196939)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1333-1
Released:    Mon Apr 25 11:29:26 2022
Summary:     Recommended update for sles15-image
Type:        recommended
Severity:    moderate
References:  
This update for sles15-image fixes the following issues:

- Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562)
- Add com.suse.supportlevel label (jsc#BCI-40)


The following package changes have been done:

- libldap-data-2.4.46-9.64.1 updated
- filesystem-15.0-11.8.1 updated
- libtirpc-netconfig-1.2.6-150300.3.3.1 updated
- glibc-2.31-150300.20.7 updated
- libuuid1-2.36.2-150300.4.20.1 updated
- libsmartcols1-2.36.2-150300.4.20.1 updated
- libcrypt1-4.4.15-150300.4.2.41 updated
- libblkid1-2.36.2-150300.4.20.1 updated
- libfdisk1-2.36.2-150300.4.20.1 updated
- libz1-1.2.11-150000.3.30.1 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libcom_err2-1.43.8-150000.4.29.1 updated
- libopenssl1_1-1.1.1d-11.43.1 updated
- libopenssl1_1-hmac-1.1.1d-11.43.1 updated
- libmount1-2.36.2-150300.4.20.1 updated
- libtirpc3-1.2.6-150300.3.3.1 updated
- libldap-2_4-2-2.4.46-9.64.1 updated
- libsystemd0-246.16-150300.7.42.1 updated
- pam-1.3.0-150000.6.55.3 updated
- util-linux-2.36.2-150300.4.20.1 updated
- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- libicu69-ledata-69.1-7.3.2 added
- libicu69-69.1-7.3.2 added
- container:sles15-image-15.0.0-17.12.1 updated
- libgdbm4-1.12-1.418 removed
- libicu-suse65_1-65.1-4.2.1 removed
- libicu65_1-ledata-65.1-4.2.1 removed
- perl-5.26.1-15.87 removed
- update-alternatives-1.19.0.4-4.3.1 removed
- vim-8.0.1568-5.17.1 removed
- vim-data-common-8.0.1568-5.17.1 removed


More information about the sle-security-updates mailing list