SUSE-CU-2023:1282-1: Security update of rancher/elemental-teal/5.3

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Apr 27 07:02:28 UTC 2023 

SUSE Container Update Advisory: rancher/elemental-teal/5.3
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:1282-1
Container Tags        : rancher/elemental-teal/5.3:1.1.4 , rancher/elemental-teal/5.3:1.1.4-3.2.13 , rancher/elemental-teal/5.3:latest
Container Release     : 3.2.13
Severity              : critical
Type                  : security
References            : 1141883 1187810 1189036 1191546 1196125 1201225 1201590 1204357
                        1206579 1207064 1207209 1208242 1208999 1209165 1209234 1209372
                        1209667 CVE-2022-34903 CVE-2022-3515 CVE-2022-47629 
-----------------------------------------------------------------

The container rancher/elemental-teal/5.3 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2218-1
Released:    Mon Aug 26 11:29:57 2019
Summary:     Recommended update for pinentry
Type:        recommended
Severity:    moderate
References:  1141883
This update for pinentry fixes the following issues:

- Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released:    Mon Jul 25 14:43:22 2022
Summary:     Security update for gpg2
Type:        security
Severity:    important
References:  1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:

- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3304-1
Released:    Mon Sep 19 11:43:25 2022
Summary:     Recommended update for libassuan
Type:        recommended
Severity:    moderate
References:  
This update for libassuan fixes the following issues:

- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3683-1
Released:    Fri Oct 21 11:48:39 2022
Summary:     Security update for libksba
Type:        security
Severity:    critical
References:  1204357,CVE-2022-3515
This update for libksba fixes the following issues:

  - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4062-1
Released:    Fri Nov 18 09:05:07 2022
Summary:     Recommended update for libusb-1_0
Type:        recommended
Severity:    moderate
References:  1201590
This update for libusb-1_0 fixes the following issues:

- Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:56-1
Released:    Mon Jan  9 11:13:43 2023
Summary:     Security update for libksba
Type:        security
Severity:    moderate
References:  1206579,CVE-2022-47629
This update for libksba fixes the following issues:

- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL
  signature parser (bsc#1206579).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1939-1
Released:    Fri Apr 21 11:14:30 2023
Summary:     Recommended update for mozilla-nss
Type:        recommended
Severity:    moderate
References:  1191546,1207209,1208242,1208999
This update for mozilla-nss fixes the following issues:

- FIPS 140-3: Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999)
- FIPS 140-3: Update session->lastOpWasFIPS before destroying the key after
  derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE,
  CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256,
  CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546)
- FIPS 140-3: more changes for pairwise consistency checks. (bsc#1207209)
- Add manpages to mozilla-nss-tools (bsc#1208242)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1963-1
Released:    Mon Apr 24 15:03:10 2023
Summary:     Recommended update for grub2
Type:        recommended
Severity:    moderate
References:  1187810,1189036,1207064,1209165,1209234,1209372,1209667
This update for grub2 fixes the following issues:

- Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165)
- Make grub more robust against storage race condition causing system boot failures (bsc#1189036)
- Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234)  
- Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372)


The following package changes have been done:

- libusb-1_0-0-1.0.24-150400.3.3.1 added
- libksba8-1.3.5-150000.4.6.1 added
- libassuan0-2.5.5-150000.4.3.1 added
- libnpth0-1.5-2.11 added
- mozilla-nss-certs-3.79.4-150400.3.29.1 updated
- libfreebl3-3.79.4-150400.3.29.1 updated
- libsoftokn3-3.79.4-150400.3.29.1 updated
- mozilla-nss-3.79.4-150400.3.29.1 updated
- pinentry-1.1.0-4.3.1 added
- grub2-2.06-150400.11.30.1 updated
- grub2-i386-pc-2.06-150400.11.30.1 updated
- gpg2-2.2.27-150300.3.5.1 added
- libgpgme11-1.16.0-150400.1.80 added
- container:micro-for-rancher-image-5.3.0-7.2.137 updated

More information about the sle-security-updates mailing list