SUSE-CU-2023:954-1: Security update of suse/sles/15.5/virt-launcher

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Apr 5 07:03:40 UTC 2023


SUSE Container Update Advisory: suse/sles/15.5/virt-launcher
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:954-1
Container Tags        : suse/sles/15.5/virt-launcher:0.58.0 , suse/sles/15.5/virt-launcher:0.58.0-150500.4.19 , suse/sles/15.5/virt-launcher:0.58.0.20.112
Container Release     : 20.112
Severity              : important
Type                  : security
References            : 1202853 1203355 1203537 1204425 1206623 1207183 1207571 1207780
                        1207957 1207975 1208036 1208237 1208358 1208471 1208828 1208881
                        1208957 1208959 1209001 1209209 1209210 1209211 1209212 1209214
                        1209533 CVE-2022-3555 CVE-2022-4899 CVE-2023-0512 CVE-2023-0687
                        CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 CVE-2023-23931 CVE-2023-24329
                        CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538
-----------------------------------------------------------------

The container suse/sles/15.5/virt-launcher was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:622-1
Released:    Mon Mar  6 11:17:57 2023
Summary:     Recommended update for tcl
Type:        recommended
Severity:    moderate
References:  1206623
This update for tcl fixes the following issues:

- Fix string compare -length on big endian and improve string equal on little endian. (bsc#1206623)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:632-1
Released:    Mon Mar  6 20:33:59 2023
Summary:     Recommended update for gnutls
Type:        recommended
Severity:    moderate
References:  1207183,1208237
This update for gnutls fixes the following issues:

- FIPS: Fix pct_test() return code in case of error (bsc#1207183)
- Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:668-1
Released:    Wed Mar  8 11:17:33 2023
Summary:     Security update for libX11
Type:        security
Severity:    moderate
References:  1204425,1208881,CVE-2022-3555
This update for libX11 fixes the following issues:

- Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:709-1
Released:    Fri Mar 10 16:04:41 2023
Summary:     Recommended update for console-setup
Type:        recommended
Severity:    moderate
References:  1202853
This update for console-setup and kbd fixes the following issue:

- Fix Caps_Lock mapping for us.map and others (bsc#1202853)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:722-1
Released:    Tue Mar 14 14:57:15 2023
Summary:     Security update for python-cryptography
Type:        security
Severity:    moderate
References:  1208036,CVE-2023-23931
This update for python-cryptography fixes the following issues:

  - CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:743-1
Released:    Wed Mar 15 11:18:23 2023
Summary:     Recommended update for gnutls
Type:        recommended
Severity:    moderate
References:  1209001
This update for gnutls fixes the following issues:

FIPS: Establish PBKDF2 additional requirements [bsc#1209001]

* Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N)
* Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1)
* Set the minimum iterations count to 1000 (SP 800-132 sec 5.2)
* Set the minimum passlen of 20 characters (SP SP800-132 sec 5)
* Add regression tests for the new PBKDF2 requirements.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:776-1
Released:    Thu Mar 16 17:29:23 2023
Summary:     Recommended update for gcc12
Type:        recommended
Severity:    moderate
References:  
This update for gcc12 fixes the following issues:

This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products.

SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes


This update ship the GCC 12 compiler suite and its base libraries.

The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.

The new compilers for C, C++, and Fortran are provided in the SUSE Linux
Enterprise Module for Development Tools.

To use gcc12 compilers use:

- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out

	https://gcc.gnu.org/gcc-12/changes.html


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:781-1
Released:    Thu Mar 16 19:07:00 2023
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1207780,1208828,1208957,1208959,CVE-2023-0512,CVE-2023-1127,CVE-2023-1170,CVE-2023-1175
This update for vim fixes the following issues:

- CVE-2023-0512: Fixed a divide By Zero (bsc#1207780).
- CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957).
- CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).

Updated to version 9.0 with patch level 1386.

- https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:868-1
Released:    Wed Mar 22 09:41:01 2023
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1203355,1208471,CVE-2023-24329
This update for python3 fixes the following issues:

- CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).

The following non-security bug was fixed:

- Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1582-1
Released:    Mon Mar 27 10:31:52 2023
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538
This update for curl fixes the following issues:
  
- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1662-1
Released:    Wed Mar 29 10:36:23 2023
Summary:     Recommended update for patterns-base
Type:        recommended
Severity:    moderate
References:  1203537
This update for patterns-base fixes the following issues:

- change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1688-1
Released:    Wed Mar 29 18:19:10 2023
Summary:     Security update for zstd
Type:        security
Severity:    moderate
References:  1209533,CVE-2022-4899
This update for zstd fixes the following issues:

- CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1718-1
Released:    Fri Mar 31 15:47:34 2023
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1207571,1207957,1207975,1208358,CVE-2023-0687
This update for glibc fixes the following issues:

Security issue fixed:

- CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)

Other issues fixed:

- Fix avx2 strncmp offset compare condition check (bsc#1208358)
- elf: Allow dlopen of filter object to work (bsc#1207571)
- powerpc: Fix unrecognized instruction errors with recent GCC
- x86: Cache computation for AMD architecture (bsc#1207957)


The following package changes have been done:

- glibc-2.31-150300.46.1 updated
- libzstd1-1.5.0-150400.3.3.1 updated
- libz1-1.2.13-150500.1.16 updated
- libuuid1-2.37.4-150500.7.10 updated
- libsmartcols1-2.37.4-150500.7.10 updated
- libblkid1-2.37.4-150500.7.10 updated
- libgcrypt20-1.9.4-150500.10.14 updated
- libgcrypt20-hmac-1.9.4-150500.10.14 updated
- libfdisk1-2.37.4-150500.7.10 updated
- libgcc_s1-12.2.1+git416-150000.1.7.1 updated
- libstdc++6-12.2.1+git416-150000.1.7.1 updated
- libopenssl1_1-1.1.1l-150500.13.5 updated
- libopenssl1_1-hmac-1.1.1l-150500.13.5 updated
- libmount1-2.37.4-150500.7.10 updated
- patterns-base-fips-20200124-150400.20.4.1 updated
- libcurl4-7.79.1-150400.5.18.1 updated
- sles-release-15.5-150500.37.4 updated
- util-linux-2.37.4-150500.7.10 updated
- curl-7.79.1-150400.5.18.1 updated
- kbd-legacy-2.4.0-150400.5.3.1 updated
- kubevirt-container-disk-0.58.0-150500.4.19 updated
- libX11-data-1.6.5-150000.3.27.1 updated
- libnettle8-3.8.1-150500.2.20 updated
- libslirp0-4.7.0+44-150500.2.1 updated
- qemu-accel-tcg-x86-7.1.0-150500.47.6 updated
- qemu-ipxe-1.0.0+-150500.47.6 updated
- qemu-seabios-1.16.0_0_gd239552-150500.47.6 updated
- qemu-sgabios-8-150500.47.6 updated
- qemu-vgabios-1.16.0_0_gd239552-150500.47.6 updated
- vim-data-common-9.0.1386-150000.5.37.1 updated
- kbd-2.4.0-150400.5.3.1 updated
- libpython3_6m1_0-3.6.15-150300.10.45.1 updated
- python3-base-3.6.15-150300.10.45.1 updated
- python3-3.6.15-150300.10.45.1 updated
- libhogweed6-3.8.1-150500.2.20 updated
- libmpath0-0.9.4+71+suse.c648a77-150500.1.1 updated
- qemu-hw-usb-redirect-7.1.0-150500.47.6 updated
- tcl-8.6.12-150300.14.9.1 updated
- vim-small-9.0.1386-150000.5.37.1 updated
- libX11-6-1.6.5-150000.3.27.1 updated
- libgnutls30-3.7.3-150400.4.35.1 updated
- libgnutls30-hmac-3.7.3-150400.4.35.1 updated
- xen-libs-4.17.0_06-150500.1.2 updated
- gnutls-3.7.3-150400.4.35.1 updated
- qemu-tools-7.1.0-150500.47.6 updated
- kubevirt-virt-launcher-0.58.0-150500.4.19 updated
- python3-cryptography-3.3.2-150400.16.6.1 updated
- qemu-x86-7.1.0-150500.47.6 updated
- qemu-7.1.0-150500.47.6 updated
- container:sles15-image-15.0.0-34.15 updated


More information about the sle-security-updates mailing list