SUSE-CU-2022:2731-1: Security update of suse/manager/4.3/proxy-tftpd
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Oct 26 11:16:03 UTC 2022
SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2731-1
Container Tags : suse/manager/4.3/proxy-tftpd:4.3.2 , suse/manager/4.3/proxy-tftpd:4.3.2.9.9.1 , suse/manager/4.3/proxy-tftpd:latest
Container Release : 9.9.1
Severity : important
Type : security
References : 1047178 1121365 1180995 1181994 1182983 1188006 1189802 1190651
1190653 1190700 1190888 1191020 1193859 1195773 1198471 1198472
1198752 1199079 1199140 1199492 1200800 1201293 1201680 1201783
1201942 1202117 1202148 1202624 1202868 1202870 1203018 1203046
1203069 1203438 1204366 1204367 CVE-2017-6512 CVE-2021-28861
CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-35737 CVE-2022-40303
CVE-2022-40304 CVE-2022-40674
-----------------------------------------------------------------
The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2796-1
Released: Fri Aug 12 14:34:31 2022
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References:
This update for jitterentropy fixes the following issues:
jitterentropy is included in version 3.4.0 (jsc#SLE-24941):
This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library,
used by other FIPS libraries.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3328-1
Released: Wed Sep 21 12:48:56 2022
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References: 1202870
This update for jitterentropy fixes the following issues:
- Hide the non-GNUC constructs that are library internal from the
exported header, to make it usable in builds with strict C99
compliance. (bsc#1202870)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3395-1
Released: Mon Sep 26 16:35:18 2022
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1181994,1188006,1199079,1202868
This update for ca-certificates-mozilla fixes the following issues:
Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
- Added:
- Certainly Root E1
- Certainly Root R1
- DigiCert SMIME ECC P384 Root G5
- DigiCert SMIME RSA4096 Root G5
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Removed:
- Hellenic Academic and Research Institutions RootCA 2011
Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
- Added:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- D-TRUST BR Root CA 1 2020
- D-TRUST EV Root CA 1 2020
- GlobalSign ECC Root CA R4
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- HiPKI Root CA - G1
- ISRG Root X2
- Telia Root CA v2
- vTrus ECC Root CA
- vTrus Root CA
- Removed:
- Cybertrust Global Root
- DST Root CA X3
- DigiNotar PKIoverheid CA Organisatie - G2
- GlobalSign ECC Root CA R4
- GlobalSign Root CA R2
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added:
- HARICA Client ECC Root CA 2021
- HARICA Client RSA Root CA 2021
- HARICA TLS ECC Root CA 2021
- HARICA TLS RSA Root CA 2021
- TunTrust Root CA
Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
- NAVER Global Root Certification Authority
- Removed old root CAs:
- GeoTrust Global CA
- GeoTrust Primary Certification Authority
- GeoTrust Primary Certification Authority - G3
- GeoTrust Universal CA
- GeoTrust Universal CA 2
- thawte Primary Root CA
- thawte Primary Root CA - G2
- thawte Primary Root CA - G3
- VeriSign Class 3 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G5
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3452-1
Released: Wed Sep 28 12:13:43 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1201942
This update for glibc fixes the following issues:
- Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942)
- powerpc: Optimized memcmp for power10 (jsc#PED-987)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3489-1
Released: Sat Oct 1 13:35:24 2022
Summary: Security update for expat
Type: security
Severity: important
References: 1203438,CVE-2022-40674
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3544-1
Released: Thu Oct 6 13:48:42 2022
Summary: Security update for python3
Type: security
Severity: important
References: 1202624,CVE-2021-28861
This update for python3 fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3551-1
Released: Fri Oct 7 17:03:55 2022
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1182983,1190700,1191020,1202117
This update for libgcrypt fixes the following issues:
- FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while
typing Tab key to Auto-Completion. [bsc#1182983]
- FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]
* Enable the jitter based entropy generator by default in random.conf
* Update the internal jitterentropy to version 3.4.0
- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
* Consider approved keylength greater or equal to 112 bits.
- FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3555-1
Released: Mon Oct 10 14:05:12 2022
Summary: Recommended update for aaa_base
Type: recommended
Severity: important
References: 1199492
This update for aaa_base fixes the following issues:
- The wrapper rootsh is not a restricted shell. (bsc#1199492)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3663-1
Released: Wed Oct 19 19:05:21 2022
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069
This update for openssl-1_1 fixes the following issues:
- FIPS: Default to RFC-7919 groups for genparam and dhparam
- FIPS: list only FIPS approved digest and public key algorithms
[bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472]
- FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069]
- FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293]
* The FIPS_drbg implementation is not FIPS validated anymore. To
provide backwards compatibility for applications that need FIPS
compliant RNG number generation and use FIPS_drbg_generate,
this function was re-wired to call the FIPS validated DRBG
instance instead through the RAND_bytes() call.
- FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046]
- FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941]
libcrypto.so now requires libjitterentropy3 library.
- FIPS: OpenSSL Provide a service-level indicator [bsc#1190651]
- FIPS: Add zeroization of temporary variables to the hmac integrity
function FIPSCHECK_verify(). [bsc#1190653]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3692-1
Released: Fri Oct 21 16:15:07 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304
This update for libxml2 fixes the following issues:
- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
- CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- glibc-2.31-150300.41.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libgcrypt20-1.9.4-150400.6.5.1 updated
- libgcrypt20-hmac-1.9.4-150400.6.5.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libjitterentropy3-3.4.0-150000.1.6.1 added
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libxml2-2-2.9.14-150400.5.10.1 updated
- libopenssl1_1-1.1.1l-150400.7.10.5 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.10.5 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- permissions-20201225-150400.5.11.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated
- openssl-1_1-1.1.1l-150400.7.10.5 updated
- ca-certificates-mozilla-2.56-150200.24.1 updated
- libexpat1-2.4.4-150400.3.9.1 updated
- libpython3_6m1_0-3.6.15-150300.10.30.1 updated
- python3-base-3.6.15-150300.10.30.1 updated
- python3-3.6.15-150300.10.30.1 updated
More information about the sle-security-updates
mailing list