SUSE-CU-2023:2514-1: Security update of suse/manager/4.3/proxy-httpd
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Aug 3 07:03:53 UTC 2023
SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:2514-1
Container Tags : suse/manager/4.3/proxy-httpd:4.3.7 , suse/manager/4.3/proxy-httpd:4.3.7.9.34.1 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.7 , suse/manager/4.3/proxy-httpd:susemanager-4.3.7.9.34.1
Container Release : 9.34.1
Severity : critical
Type : security
References : 1089497 1175823 1175823 1179747 1179747 1195380 1195380 1201337
1201337 1201627 1202234 1204089 1204089 1207330 1207330 1207417
1207534 1207550 1207550 1207691 1207691 1207941 1207941 1208528
1208528 1208577 1208577 1208612 1208612 1208720 1208720 1208721
1208984 1208984 1209156 1209156 1209229 1209565 1210004 1210011
1210011 1210103 1210103 1210394 1210394 1210406 1210406 1210456
1210456 1210475 1210475 1210659 1210659 1210834 1210834 1210957
1210957 1210994 1210994 1210999 1211062 1211062 1211261 1211261
1211276 1211276 1211330 1211330 1211418 1211419 1211469 1211469
1211621 1211621 1211650 1211650 1211713 1211713 1211828 1211897
1211897 1211929 1211929 1212032 1212032 1212126 1212187 1212187
1212222 1212222 1212260 1212550 1212550 1212588 1212588 1212623
1212700 1212700 1212770 1212770 1212771 1212771 1213237 1213432
1213432 1213487 CVE-2022-4304 CVE-2023-2183 CVE-2023-2602 CVE-2023-2603
CVE-2023-2801 CVE-2023-3128 CVE-2023-31484 CVE-2023-32001 CVE-2023-3446
CVE-2023-34969
-----------------------------------------------------------------
The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2625-1
Released: Fri Jun 23 17:16:11 2023
Summary: Recommended update for gcc12
Type: recommended
Severity: moderate
References:
This update for gcc12 fixes the following issues:
- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
* includes regression and other bug fixes
- Speed up builds with --enable-link-serialization.
- Update embedded newlib to version 4.2.0
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2648-1
Released: Tue Jun 27 09:52:35 2023
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1201627,1207534,CVE-2022-4304
This update for openssl-1_1 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- Update further expiring certificates that affect the testsuite (bsc#1201627).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2649-1
Released: Tue Jun 27 10:01:13 2023
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issues:
- update to 0.371:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2742-1
Released: Fri Jun 30 11:40:56 2023
Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper
Type: recommended
Severity: moderate
References: 1202234,1209565,1211261,1212187,1212222
This update for yast2-pkg-bindings fixes the following issues:
libzypp was updated to version 17.31.14 (22):
- Curl: trim all custom headers (bsc#1212187)
HTTP/2 RFC 9113 forbids fields ending with a space. So we make
sure all custom headers are trimmed. This also includes headers
returned by URL-Resolver plugins.
- build: honor libproxy.pc's includedir (bsc#1212222)
zypper was updated to version 1.14.61:
- targetos: Add an error note if XPath:/product/register/target
is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
yast2-pkg-bindings, autoyast:
- Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565)
- Selected products are not installed after resetting the package manager internally (bsc#1202234)
yast2-update:
- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2765-1
Released: Mon Jul 3 20:28:14 2023
Summary: Security update for libcap
Type: security
Severity: moderate
References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603
This update for libcap fixes the following issues:
- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2772-1
Released: Tue Jul 4 09:54:23 2023
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1211261,1212187,1212222
This update for libzypp, zypper fixes the following issues:
libzypp was updated to version 17.31.14 (22):
- Curl: trim all custom headers (bsc#1212187)
HTTP/2 RFC 9113 forbids fields ending with a space. So we make
sure all custom headers are trimmed. This also includes headers
returned by URL-Resolver plugins.
- build: honor libproxy.pc's includedir (bsc#1212222)
zypper was updated to version 1.14.61:
- targetos: Add an error note if XPath:/product/register/target
is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2800-1
Released: Mon Jul 10 07:35:22 2023
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1212623
This update for openssl-1_1 fixes the following issues:
- Check the OCSP RESPONSE in openssl s_client command and terminate
connection if a revoked certificate is found. [bsc#1212623]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2827-1
Released: Fri Jul 14 11:27:47 2023
Summary: Recommended update for libxml2
Type: recommended
Severity: moderate
References:
This update for libxml2 fixes the following issues:
- Build also for modern python version (jsc#PED-68)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2847-1
Released: Mon Jul 17 08:40:42 2023
Summary: Recommended update for audit
Type: recommended
Severity: moderate
References: 1210004
This update for audit fixes the following issues:
- Check for AF_UNIX unnamed sockets (bsc#1210004)
- Enable livepatching on main library on x86_64
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2855-1
Released: Mon Jul 17 16:35:21 2023
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1212260
This update for openldap2 fixes the following issues:
- libldap2 crashes on ldap_sasl_bind_s (bsc#1212260)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2877-1
Released: Wed Jul 19 09:43:42 2023
Summary: Security update for dbus-1
Type: security
Severity: moderate
References: 1212126,CVE-2023-34969
This update for dbus-1 fixes the following issues:
- CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2882-1
Released: Wed Jul 19 11:49:39 2023
Summary: Security update for perl
Type: security
Severity: important
References: 1210999,CVE-2023-31484
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2885-1
Released: Wed Jul 19 16:58:43 2023
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1208721,1209229,1211828
This update for glibc fixes the following issues:
- getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235)
- Exclude static archives from preparation for live patching (bsc#1208721)
- resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2891-1
Released: Wed Jul 19 21:14:33 2023
Summary: Security update for curl
Type: security
Severity: moderate
References: 1213237,CVE-2023-32001
This update for curl fixes the following issues:
- CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2918-1
Released: Thu Jul 20 12:00:17 2023
Summary: Recommended update for gpgme
Type: recommended
Severity: moderate
References: 1089497
This update for gpgme fixes the following issues:
gpgme:
- Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497)
libassuan:
- Version upgrade to 2.5.5 in LTSS to address gpgme new requirements
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2962-1
Released: Tue Jul 25 09:34:53 2023
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1213487,CVE-2023-3446
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3133-1
Released: Wed Aug 2 09:15:22 2023
Summary: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Type: recommended
Severity: moderate
References: 1175823,1179747,1195380,1201337,1204089,1207330,1207417,1207550,1207691,1207941,1208528,1208577,1208612,1208720,1208984,1209156,1210011,1210103,1210394,1210406,1210456,1210475,1210659,1210834,1210957,1210994,1211062,1211276,1211330,1211469,1211621,1211650,1211713,1211897,1211929,1212032,1212550,1212588,1212700,1212770,1212771,1213432
Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
This is a codestream only update
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3136-1
Released: Wed Aug 2 09:16:10 2023
Summary: Maintenance update for SUSE Manager 4.3.7 Release Notes
Type: security
Severity: critical
References: 1175823,1179747,1195380,1201337,1204089,1207330,1207550,1207691,1207941,1208528,1208577,1208612,1208720,1208984,1209156,1210011,1210103,1210394,1210406,1210456,1210475,1210659,1210834,1210957,1210994,1211062,1211276,1211330,1211469,1211621,1211650,1211713,1211897,1211929,1212032,1212550,1212588,1212700,1212770,1212771,1213432,CVE-2023-2183,CVE-2023-2801,CVE-2023-3128
Maintenance update for SUSE Manager 4.3.7 Release Notes:
This is a codestream only update
The following package changes have been done:
- libldap-data-2.4.46-150200.14.17.1 updated
- glibc-2.31-150300.52.2 updated
- perl-base-5.26.1-150300.17.14.1 updated
- libcap2-2.63-150400.3.3.1 updated
- libaudit1-3.0.6-150400.4.10.1 updated
- libgcc_s1-12.3.0+git1204-150000.1.10.1 updated
- libassuan0-2.5.5-150000.4.5.2 updated
- libstdc++6-12.3.0+git1204-150000.1.10.1 updated
- libxml2-2-2.9.14-150400.5.19.1 updated
- libopenssl1_1-1.1.1l-150400.7.48.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.48.1 updated
- libprotobuf-lite20-3.9.2-150200.4.21.1 updated
- libldap-2_4-2-2.4.46-150200.14.17.1 updated
- libcurl4-8.0.1-150400.5.26.1 updated
- libzypp-17.31.14-150400.3.35.1 updated
- zypper-1.14.61-150400.3.24.1 updated
- curl-8.0.1-150400.5.26.1 updated
- libdbus-1-3-1.12.2-150400.18.8.1 updated
- release-notes-susemanager-proxy-4.3.7-150400.3.58.1 updated
- dbus-1-1.12.2-150400.18.8.1 updated
- hwdata-0.371-150000.3.62.1 updated
- python3-libxml2-2.9.14-150400.5.19.1 updated
- spacewalk-backend-4.3.22-150400.3.24.6 updated
More information about the sle-security-updates
mailing list