SUSE-CU-2022:2015-1: Security update of suse/sles/15.4/cdi-uploadserver

sle-security-updates at sle-security-updates at
Sat Sep 3 07:17:53 UTC 2022

SUSE Container Update Advisory: suse/sles/15.4/cdi-uploadserver
Container Advisory ID : SUSE-CU-2022:2015-1
Container Tags        : suse/sles/15.4/cdi-uploadserver:1.43.0 , suse/sles/15.4/cdi-uploadserver:1.43.0-150400.2.4 , suse/sles/15.4/cdi-uploadserver:
Container Release     : 16.17
Severity              : important
Type                  : security
References            : 1190698 1195059 1198341 1198979 1201795 1202020 CVE-2022-2509

The container suse/sles/15.4/cdi-uploadserver was updated. The following patches have been included in this update:

Advisory ID: SUSE-RU-2022:2901-1
Released:    Fri Aug 26 03:34:23 2022
Summary:     Recommended update for elfutils
Type:        recommended
Severity:    moderate
This update for elfutils fixes the following issues:

- Fix runtime dependency for devel package

Advisory ID: SUSE-RU-2022:2904-1
Released:    Fri Aug 26 05:28:34 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1198341
This update for openldap2 fixes the following issues:

- Prevent memory reuse which may lead to instability (bsc#1198341)

Advisory ID: SUSE-SU-2022:2919-1
Released:    Fri Aug 26 15:04:20 2022
Summary:     Security update for gnutls
Type:        security
Severity:    important
References:  1190698,1198979,1202020,CVE-2022-2509
This update for gnutls fixes the following issues:

- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).

Non-security fixes:

- FIPS: Check minimum keylength for symmetric key generation [bsc#1190698]
- FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698]
- FIPS: Provides interface for running library self tests on-demand [bsc#1198979]

Advisory ID: SUSE-RU-2022:2920-1
Released:    Fri Aug 26 15:17:02 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1195059,1201795
This update for systemd fixes the following issues:

- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters 
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message  
- tmpfiles: Check for the correct directory

The following package changes have been done:

- libldap-data-2.4.46-150200.14.11.2 updated
- libudev1-249.12-150400.8.10.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- sles-release-15.5-150500.9.1 updated
- libnettle8-3.8.1-150500.1.2 updated
- libhogweed6-3.8.1-150500.1.2 updated
- libgnutls30-3.7.3-150400.4.10.1 updated
- libgnutls30-hmac-3.7.3-150400.4.10.1 updated
- container:sles15-image-15.0.0-31.9 updated

More information about the sle-security-updates mailing list