SUSE-CU-2022:1696-1: Security update of bci/nodejs
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Jul 29 07:47:42 UTC 2022
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:1696-1
Container Tags : bci/node:12 , bci/node:12-16.116 , bci/nodejs:12 , bci/nodejs:12-16.116
Container Release : 16.116
Severity : important
Type : security
References : 1194550 1196125 1197684 1199042 1200855 1201225 1201431 1201560
1201640 CVE-2022-29187 CVE-2022-34903
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2550-1
Released: Tue Jul 26 14:00:21 2022
Summary: Security update for git
Type: security
Severity: important
References: 1201431,CVE-2022-29187
This update for git fixes the following issues:
- CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released: Thu Jul 28 04:22:33 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
The following package changes have been done:
- git-core-2.35.3-150300.10.15.1 updated
- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- libzypp-17.30.2-150200.39.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.6 updated
More information about the sle-security-updates
mailing list