SUSE-CU-2023:428-1: Security update of bci/dotnet-aspnet

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Feb 22 08:03:55 UTC 2023


SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:428-1
Container Tags        : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-29.1 , bci/dotnet-aspnet:6.0.14 , bci/dotnet-aspnet:6.0.14-29.1
Container Release     : 29.1
Severity              : moderate
Type                  : security
References            : 1041090 1049382 1116658 1136234 1155141 1173404 1173409 1173410
                        1173471 1174465 1176547 1177955 1178807 1178943 1178944 1179025
                        1179203 1181122 1181644 1181872 1182790 1193951 CVE-2020-21913
-----------------------------------------------------------------

The container bci/dotnet-aspnet was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:927-1
Released:    Tue Mar 23 14:07:06 2021
Summary:     Recommended update for libreoffice
Type:        recommended
Severity:    moderate
References:  1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790
This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790)


libreoffice:

- Image shown with different aspect ratio (bsc#1176547)
- Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644)
- Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375)
- Wrong bullet points in Impress (bsc#1174465)
- SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955)
- Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471)
  - SUSE Mint
  - SUSE Midnight Blue
  - SUSE Waterhole Blue
  - SUSE Persimmon
- Fix a crash opening a PPTX. (bsc#1179025)
- Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807)
- Shadow effects for table completely missing (bsc#1178944, bsc#1178943)
- Disable firebird integration for the time being (bsc#1179203)
- Fixes hang on Writer on scrolling/saving of a document (bsc#1136234)
- Wrong rendering of bulleted lists in PPTX document (bsc#1155141)
- Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404) 
- Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658)

libixion:

Update to 0.16.1:

- fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values.
- worked around floating point rounding errors which prevented two theoretically-equal numeric values from being 
  evaluated as equal in test code.
- added new function to allow printing of single formula tokens.
- added method for setting cached results on formula cells in model_context.
- changed the model_context design to ensure that all sheets are of the same size.
- added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns
  a string value from cell.
- added cell_access class for querying of cell states without knowing its type ahead of time.
- added document class which provides a layer on top of model_context, to abstract away the handling of formula 
  calculations.
- deprecated model_context::erase_cell() in favor of empty_cell().
- added support for 3D references - references that contain multiple sheets.
- added support for the exponent (^) and concatenation (&) operators.
- fixed incorrect handling of range references containing whole columns such as A:A.
- added support for unordered range references - range references whose start row or column is greater than 
  their end position counterparts, such as A3:A1.
- fixed a bug that prevented nested formula functions from working properly.
- implemented Calc A1 style reference resolver.
- formula results now directly store the string values when the results are of string type.  
  They previously stored string ID values after interning the original strings.
- Removed build-time dependency on spdlog.

libmwaw:

Update to 0.3.17:

- add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file 
  still contains its resource fork
- add a parser for Canvas 3 and 3.5 files
- AppleWorks parser: try to retrieve more Windows presentation
- add a parser for Drawing Table files
- add a parser for Canvas 2 files
- API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29` 
  and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined
- remove the QuarkXPress parser (must be in libqxp)
- retrieve the annotation in MsWord 5 document
- try to better understand RagTime 5-6 document

libnumbertext:

Update to 1.0.6

liborcus:

Update to 0.16.1

- Add upstream changes to fix build with GCC 11 (bsc#1181872)

libstaroffice:

Update to 0.0.7:

- fix `text:sender-lastname` when creating meta-data

libwps:

Update to 0.4.11:

- XYWrite: add a parser to .fil v2 and v4 files
- wks,wk1: correct some problems when retrieving cell's reference.

glfw:

New package provided on version 3.3.2:

- See also: https://www.glfw.org/changelog.html
- Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090)
  * Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h
  * glfwFocusWindow could terminate on older WMs or without a WM
  * Creating an undecorated window could fail with BadMatch 
  * Querying a disconnected monitor could segfault 
  * Video modes with a duplicate screen area were discarded
  * The CMake files did not check for the XInput headers
  * Key names were not updated when the keyboard layout changed 
  * Decorations could not be enabled after window creation
  * Content scale fallback value could be inconsistent 
  * Disabled cursor mode was interrupted by indicator windows
  * Monitor physical dimensions could be reported as zero mm
  * Window position events were not emitted during resizing
  * Added on-demand loading of Vulkan and context creation API libraries
  * [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was 
    set to `GLFW_DONT_CARE`
  * [X11] Bugfix: Input focus was set before window was visible,
    causing BadMatch on some non-reparenting WMs 
  * [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on
    the window frame instead of the client area
  * [WGL] Added reporting of errors from `WGL_ARB_create_context` extension
  * [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries
  * [EGL] Bugfix: Dynamically loaded entry points were not verified
- Made build of geany-tags optional.

Box2D:

New package provided on version 2.4.1:

    * Extended distance joint to have a minimum and maximum limit.
    * `B2_USER_SETTINGS` and `b2_user_settings.h` can control user 
      data, length units, and maximum polygon vertices.
    * Default user data is now uintptr_t instead of void*
    * b2FixtureDef::restitutionThreshold lets you set the 
      restitution velocity threshold per fixture.
  * Collision
    * Chain and edge shape must now be one-sided to eliminate ghost 
      collisions
    * Broad-phase optimizations
    * Added b2ShapeCast for linear shape casting
  * Dynamics
    * Joint limits are now predictive and not stateful
    * Experimental 2D cloth (rope)
    * b2Body::SetActive -> b2Body::SetEnabled
    * Better support for running multiple worlds
    * Handle zero density better
      * The body behaves like a static body
      * The body is drawn with a red color
    * Added translation limit to wheel joint
    * World dump now writes to box2d_dump.inl
    * Static bodies are never awake
    * All joints with spring-dampers now use stiffness and damping
    * Added utility functions to convert frequency and damping 
      ratio to stiffness and damping
 * Polygon creation now computes the convex hull.
 * The convex hull code will merge vertices closer than dm_linearSlop.


 
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3142-1
Released:    Wed Sep  7 09:54:18 2022
Summary:     Security update for icu
Type:        security
Severity:    moderate
References:  1193951,CVE-2020-21913
This update for icu fixes the following issues:

- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
  after free (bsc#1193951).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:464-1
Released:    Mon Feb 20 18:11:37 2023
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  
This update for systemd fixes the following issues:

- Merge of v249.15
- Drop workaround related to systemd-timesyncd that addressed a Factory issue.
- Conditionalize the use of /lib/modprobe.d only on systems with split usr
  support enabled (i.e. SLE).
- Make use of the %systemd_* rpm macros consistently. Using the upstream
  variants will ease the backports of Factory changes to SLE since Factory
  systemd uses the upstream variants exclusively.
- machines.target belongs to systemd-container, do its init/cleanup steps from
  the scriptlets of this sub-package.
- Make sure we apply the presets on units shipped by systemd package.
- systemd-testsuite: move the integration tests in a dedicated sub directory.
- Move systemd-cryptenroll into udev package.


The following package changes have been done:

- libsystemd0-249.15-150400.8.22.1 updated
- libicu65_1-ledata-65.1-150200.4.5.1 added
- libicu-suse65_1-65.1-150200.4.5.1 added
- container:sles15-image-15.0.0-27.14.36 updated
- libicu69-69.1-7.3.2 removed
- libicu69-ledata-69.1-7.3.2 removed


More information about the sle-security-updates mailing list