SUSE-CU-2022:3494-1: Security update of suse/sle-micro/5.4/toolbox

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Dec 30 08:25:07 UTC 2022


SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:3494-1
Container Tags        : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.26 , suse/sle-micro/5.4/toolbox:latest
Container Release     : 3.2.26
Severity              : important
Type                  : security
References            : 1200723 1204779 1205000 1205797 1206028 1206071 1206072 1206075
                        1206077 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705
                        CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2022-4415 
-----------------------------------------------------------------

The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4629-1
Released:    Wed Dec 28 09:24:07 2022
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1200723,1205000,CVE-2022-4415
This update for systemd fixes the following issues:

- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).

Bug fixes:

- Support by-path devlink for multipath nvme block devices (bsc#1200723).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4631-1
Released:    Wed Dec 28 09:29:15 2022
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293
This update for vim fixes the following issues:

Updated to version 9.0.1040:

- CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).
- CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).
- CVE-2022-3591: vim: Use After Free (bsc#1206072).
- CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).
- CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).
- CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).
- CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).


The following package changes have been done:

- systemd-249.12-150400.8.16.1 updated
- vim-data-common-9.0.1040-150000.5.31.1 updated
- vim-9.0.1040-150000.5.31.1 updated


More information about the sle-security-updates mailing list