SUSE-CU-2022:3494-1: Security update of suse/sle-micro/5.4/toolbox
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Dec 30 08:25:07 UTC 2022
SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:3494-1
Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.26 , suse/sle-micro/5.4/toolbox:latest
Container Release : 3.2.26
Severity : important
Type : security
References : 1200723 1204779 1205000 1205797 1206028 1206071 1206072 1206075
1206077 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705
CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2022-4415
-----------------------------------------------------------------
The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4629-1
Released: Wed Dec 28 09:24:07 2022
Summary: Security update for systemd
Type: security
Severity: important
References: 1200723,1205000,CVE-2022-4415
This update for systemd fixes the following issues:
- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).
Bug fixes:
- Support by-path devlink for multipath nvme block devices (bsc#1200723).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4631-1
Released: Wed Dec 28 09:29:15 2022
Summary: Security update for vim
Type: security
Severity: important
References: 1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293
This update for vim fixes the following issues:
Updated to version 9.0.1040:
- CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).
- CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).
- CVE-2022-3591: vim: Use After Free (bsc#1206072).
- CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).
- CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).
- CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).
- CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).
The following package changes have been done:
- systemd-249.12-150400.8.16.1 updated
- vim-data-common-9.0.1040-150000.5.31.1 updated
- vim-9.0.1040-150000.5.31.1 updated
More information about the sle-security-updates
mailing list