SUSE-CU-2022:3509-1: Security update of suse/sle-micro/5.1/toolbox

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Dec 30 09:00:47 UTC 2022 

SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:3509-1
Container Tags        : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.335 , suse/sle-micro/5.1/toolbox:latest
Container Release     : 2.2.335
Severity              : important
Type                  : security
References            : 1200723 1203857 1204423 1204779 1205000 1205797 1206028 1206071
                        1206072 1206075 1206077 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591
                        CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2022-4415
-----------------------------------------------------------------

The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4630-1
Released:    Wed Dec 28 09:25:18 2022
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1200723,1203857,1204423,1205000,CVE-2022-4415
This update for systemd fixes the following issues:

- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).

Bug fixes:

- Support by-path devlink for multipath nvme block devices (bsc#1200723).
- Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857).
- Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4631-1
Released:    Wed Dec 28 09:29:15 2022
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293
This update for vim fixes the following issues:

Updated to version 9.0.1040:

- CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).
- CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).
- CVE-2022-3591: vim: Use After Free (bsc#1206072).
- CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).
- CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).
- CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).
- CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).


The following package changes have been done:

- systemd-246.16-150300.7.57.1 updated
- udev-246.16-150300.7.57.1 updated
- vim-data-common-9.0.1040-150000.5.31.1 updated
- vim-9.0.1040-150000.5.31.1 updated

More information about the sle-security-updates mailing list