SUSE-CU-2022:3259-1: Security update of suse/sle-micro/5.1/toolbox

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Nov 30 10:51:39 UTC 2022 

SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:3259-1
Container Tags        : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.326 , suse/sle-micro/5.1/toolbox:latest
Container Release     : 2.2.326
Severity              : important
Type                  : security
References            : 1184689 1188086 1188607 1192252 1192478 1192648 1197428 1198523
                        1199074 1200330 1202269 1202337 1202417 1202962 1203110 1203125
                        1203152 1203155 1203194 1203216 1203272 1203508 1203509 1203796
                        1203797 1203799 1203818 1203820 1203924 1204577 1204779 CVE-2019-18348
                        CVE-2020-10735 CVE-2020-8492 CVE-2021-3928 CVE-2022-2980 CVE-2022-2982
                        CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234
                        CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324
                        CVE-2022-3352 CVE-2022-3705 CVE-2022-37454 
-----------------------------------------------------------------

The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4270-1
Released:    Tue Nov 29 13:20:45 2022
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1198523,1199074,1203216
This update for lvm2 fixes the following issues:

- Design changes to avoid kernel panic (bsc#1198523)
- Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074)
- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4278-1
Released:    Tue Nov 29 15:43:49 2022
Summary:     Security update for supportutils
Type:        security
Severity:    moderate
References:  1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818
This update for supportutils fixes the following issues:

Security issues fixed:

- Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)

Bug fixes:

- Added lifecycle information
- Fixed KVM virtualization detection on bare metal (bsc#1184689)
- Added logging using journalctl (bsc#1200330)
- Get current sar data before collecting files (bsc#1192648)
- Collects everything in /etc/multipath/ (bsc#1192252)
- Collects power management information in hardware.txt (bsc#1197428)
- Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
- Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269)
- Update to nvme_info and block_info (bsc#1202417)
- Added includedir directories from /etc/sudoers (bsc#1188086)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4281-1
Released:    Tue Nov 29 15:46:10 2022
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454
This update for python3 fixes the following issues:

- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)
- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)

The following non-security bug was fixed:

- Fixed a crash in the garbage collection (bsc#1188607).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4282-1
Released:    Tue Nov 29 15:50:15 2022
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705
This update for vim fixes the following issues:

Updated to version 9.0 with patch level 0814:

- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).
- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).
- CVE-2022-3235: Fixed use-after-free (bsc#1203509).
- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).
- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).
- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).
- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).
- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).
- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).
- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).
- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).
- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).
- CVE-2022-3352: Fixed use-after-free (bsc#1203924).
- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).
- CVE-2022-3037: Fixed use-after-free (bsc#1202962).


The following package changes have been done:

- libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 updated
- libpython3_6m1_0-3.6.15-150300.10.37.2 updated
- python3-base-3.6.15-150300.10.37.2 updated
- supportutils-3.1.21-150300.7.35.15.1 updated
- vim-data-common-9.0.0814-150000.5.28.1 updated
- vim-9.0.0814-150000.5.28.1 updated

More information about the sle-security-updates mailing list