SUSE-CU-2022:2280-1: Security update of suse/sles/15.4/libguestfs-tools
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Sep 16 07:26:46 UTC 2022
SUSE Container Update Advisory: suse/sles/15.4/libguestfs-tools
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2280-1
Container Tags : suse/sles/15.4/libguestfs-tools:0.49.0 , suse/sles/15.4/libguestfs-tools:0.49.0-150400.1.37 , suse/sles/15.4/libguestfs-tools:0.49.0.16.26
Container Release : 16.26
Severity : important
Type : security
References : 1181475 1185882 1187365 1194557 1197178 1198405 1198709 1198731
1198752 1198925 1199093 1199895 1200800 1200993 1201092 1201551
1201576 1201638 1201975 1202011 1202175 1202310 1202593 CVE-2021-3593
CVE-2022-24795 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container suse/sles/15.4/libguestfs-tools was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2941-1
Released: Tue Aug 30 10:51:09 2022
Summary: Security update for libslirp
Type: security
Severity: moderate
References: 1187365,1201551,CVE-2021-3593
This update for libslirp fixes the following issues:
- CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365).
Non-security fixes:
- Fix the version header (bsc#1201551)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2973-1
Released: Thu Sep 1 11:37:02 2022
Summary: Recommended update for dracut
Type: recommended
Severity: important
References: 1198709,1201975
This update for dracut fixes the following issues:
- Include fixes to make network-manager module work properly with dracut (bsc#1201975)
- Add auto timeout to wicked DHCP test (bsc#1198709)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3118-1
Released: Tue Sep 6 15:43:53 2022
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1202011
This update for lvm2 fixes the following issues:
- Do not use udev for device listing or device information (bsc#1202011)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3162-1
Released: Wed Sep 7 15:07:31 2022
Summary: Security update for libyajl
Type: security
Severity: moderate
References: 1198405,CVE-2022-24795
This update for libyajl fixes the following issues:
- CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3219-1
Released: Thu Sep 8 21:15:24 2022
Summary: Recommended update for sysconfig
Type: recommended
Severity: moderate
References: 1185882,1194557,1199093
This update for sysconfig fixes the following issues:
- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- netconfig: revert NM default policy change change (bsc#1185882)
With the change to the default policy, netconfig with NetworkManager
as network.service accepted settings from all services/programs
directly instead only from NetworkManager, where plugins/services
have to deliver their settings to apply them.
- Also support service(network) provides
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3220-1
Released: Fri Sep 9 04:30:52 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1199895,1200993,1201092,1201576,1201638
This update for libzypp, zypper fixes the following issues:
libzypp:
- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test
the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.
zypper:
- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
- Reject install/remove modifier without argument (bsc#1201576)
- zypper-download: Handle unresolvable arguments as errors
- Put signing key supplying repository name in quotes
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- procps-3.3.15-150000.7.25.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- libzypp-17.31.0-150400.3.6.1 updated
- zypper-1.14.55-150400.3.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- curl-7.79.1-150400.5.6.1 updated
- btrfsprogs-udev-rules-5.14-150500.8.2 updated
- libdevmapper1_03-1.02.163-150400.17.3.1 updated
- libnettle8-3.8.1-150500.1.4 updated
- libslirp0-4.3.1-150300.11.1 updated
- libyajl2-2.1.0-150000.4.3.1 updated
- libxcb1-1.13-150000.3.9.1 updated
- libhogweed6-3.8.1-150500.1.4 updated
- btrfsprogs-5.14-150500.8.2 updated
- libmpath0-0.9.1+52+suse.be8809e-150500.1.1 updated
- libblkid-devel-2.37.2-150400.8.3.1 updated
- zlib-devel-1.2.11-150000.3.33.1 updated
- util-linux-systemd-2.37.2-150400.8.3.1 updated
- sysconfig-0.85.9-150200.12.1 updated
- sysconfig-netconfig-0.85.9-150200.12.1 updated
- dracut-mkinitrd-deprecated-055+suse.294.gc5bc4bb5-150400.3.8.1 updated
- dracut-055+suse.294.gc5bc4bb5-150400.3.8.1 updated
- dracut-fips-055+suse.294.gc5bc4bb5-150400.3.8.1 updated
- libmount-devel-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-31.13 updated
More information about the sle-security-updates
mailing list