SUSE-IU-2023:465-1: Security update of suse-sles-15-sp4-chost-byos-v20230606-hvm-ssd-x86_64

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Jul 3 07:01:46 UTC 2023


SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230606-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2023:465-1
Image Tags        : suse-sles-15-sp4-chost-byos-v20230606-hvm-ssd-x86_64:20230606
Image Release     : 
Severity          : critical
Type              : security
References        : 1027519 1127591 1186870 1195633 1199282 1200441 1203141 1204478
                        1204563 1207410 1208329 1208581 1209094 1209140 1209237 1209245
                        1209406 1210164 1210298 1210593 1210640 1210649 1210702 1210870
                        1211144 1211230 1211231 1211232 1211233 1211430 1211604 1211605
                        1211606 1211607 1211643 CVE-2023-2650 CVE-2023-28319 CVE-2023-28320
                        CVE-2023-28321 CVE-2023-28322 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147
                        CVE-2023-32067 CVE-2023-32324 
-----------------------------------------------------------------

The container suse-sles-15-sp4-chost-byos-v20230606-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2023:2192-1
Released:    Fri May 12 12:49:02 2023
Summary:     Feature update for python311, python311-pip, python311-setuptools
Type:        feature
Severity:    moderate
References:  
This release of python311, python311-pip, python311-setuptools adds the following feature:

- Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2216-1
Released:    Tue May 16 11:27:50 2023
Summary:     Recommended update for python-packaging
Type:        recommended
Severity:    important
References:  1186870,1199282
This update for python-packaging fixes the following issues:

- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Add patch to fix testsuite on big-endian targets
- Ignore python3.6.2 since the test doesn't support it. 
- update to 21.3:
  * Add a pp3-none-any tag
  * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion
  * Fix a spelling mistake

- update to 21.2:
  * Update documentation entry for 21.1.
  * Update pin to pyparsing to exclude 3.0.0.
  * PEP 656: musllinux support
  * Drop support for Python 2.7, Python 3.4 and Python 3.5
  * Replace distutils usage with sysconfig
  * Add support for zip files
  * Use cached hash attribute to short-circuit tag equality comparisons
  * Specify the default value for the 'specifier' argument to 'SpecifierSet'
  * Proper keyword-only 'warn' argument in packaging.tags
  * Correctly remove prerelease suffixes from ~= check
  * Fix type hints for 'Version.post' and 'Version.dev'
  * Use typing alias 'UnparsedVersion'
  * Improve type inference
  * Tighten the return typeo

- Add Provides: for python*dist(packaging). (bsc#1186870)

- add no-legacyversion-warning.patch to restore compatibility with 20.4 

- update to 20.9:
  * Add support for the ``macosx_10_*_universal2`` platform tags 
  * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()``

- update to 20.8:
  * Revert back to setuptools for compatibility purposes for some Linux distros
  * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits 
  * Fix flit configuration, to include LICENSE files
  * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag
  * Add some missing type hints to `packaging.requirements`
  * Officially support Python 3.9
  * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes
  * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string.

- update to 20.4:
  * Canonicalize version before comparing specifiers.
  * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``.
  This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2224-1
Released:    Wed May 17 09:53:54 2023
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322
This update for curl adds the following feature:

Update to version 8.0.1 (jsc#PED-2580)

- CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230).
- CVE-2023-28320: siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: POST-after-PUT confusion (bsc#1211233).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2237-1
Released:    Wed May 17 17:10:07 2023
Summary:     Recommended update for vim
Type:        recommended
Severity:    moderate
References:  1211144
This update for vim fixes the following issues:

* Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2240-1
Released:    Wed May 17 19:56:54 2023
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1203141,1207410
This update for systemd fixes the following issues:

- udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410)
- Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141)
- Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2245-1
Released:    Thu May 18 17:01:47 2023
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1127591,1195633,1208329,1209406,1210870
This update for libzypp, zypper fixes the following issues:

- Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633)
- multicurl: propagate ssl settings stored in repo url (bsc#1127591)
- MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870)
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329)
- Teach MediaNetwork to retry on HTTP2 errors.
- Fix selecting installed patterns from picklist (bsc#1209406)
- man: better explanation of --priority

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2254-1
Released:    Fri May 19 15:20:23 2023
Summary:     Security update for containerd
Type:        security
Severity:    important
References:  1210298
This update for containerd fixes the following issues:

- Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2256-1
Released:    Fri May 19 15:26:43 2023
Summary:     Security update for runc
Type:        security
Severity:    important
References:  1200441

This update of runc fixes the following issues:

- rebuild the package with the go 19.9 secure release (bsc#1200441).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2276-1
Released:    Wed May 24 07:54:42 2023
Summary:     Recommended update for grub2
Type:        recommended
Severity:    moderate
References:  1204563,1208581
This update for grub2 fixes the following issues:

- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) 

- Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2279-1
Released:    Wed May 24 07:57:53 2023
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1204478,1210640
This update for dracut fixes the following issues:

- Update to version 055+suse.342.g2e6dce8e:
  fips=1 and separate /boot break s390x (bsc#1204478):
  * fix(fips): move fips-boot script to pre-pivot
  * fix(fips): only unmount /boot if it was mounted by the fips module
  * feat(fips): add progress messages
  * fix(fips): do not blindly remove /boot
  * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2307-1
Released:    Mon May 29 10:29:49 2023
Summary:     Recommended update for kbd
Type:        recommended
Severity:    low
References:  1210702
This update for kbd fixes the following issue:

- Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2313-1
Released:    Tue May 30 09:29:25 2023
Summary:     Security update for c-ares
Type:        security
Severity:    important
References:  1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067
This update for c-ares fixes the following issues:

Update to version 1.19.1:

- CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604)
- CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605)
- CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606)
- CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607)
- Fix uninitialized memory warning in test
- ares_getaddrinfo() should allow a port of 0
- Fix memory leak in ares_send() on error
- Fix comment style in ares_data.h
- Fix typo in ares_init_options.3
- Sync ax_pthread.m4 with upstream
- Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support 

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2317-1
Released:    Tue May 30 14:01:22 2023
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1210164
This update for util-linux fixes the following issue:

- Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2333-1
Released:    Wed May 31 09:01:28 2023
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1210593
This update for zlib fixes the following issue:

- Fix function calling order to avoid crashes (bsc#1210593)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2341-1
Released:    Thu Jun  1 11:31:27 2023
Summary:     Recommended update for libsigc++2
Type:        recommended
Severity:    moderate
References:  1209094,1209140
This update for libsigc++2 fixes the following issues:

- Remove executable permission for file (bsc#1209094, bsc#1209140)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2342-1
Released:    Thu Jun  1 11:34:20 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1211430,CVE-2023-2650
This update for openssl-1_1 fixes the following issues:

- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2347-1
Released:    Thu Jun  1 14:33:10 2023
Summary:     Security update for cups
Type:        security
Severity:    important
References:  1211643,CVE-2023-32324
This update for cups fixes the following issues:

- CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2355-1
Released:    Fri Jun  2 12:48:25 2023
Summary:     Recommended update for librelp
Type:        recommended
Severity:    moderate
References:  1210649
This update for librelp fixes the following issues:

- update to librelp 1.11.0 (bsc#1210649)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2366-1
Released:    Mon Jun  5 09:23:08 2023
Summary:     Recommended update for xen
Type:        recommended
Severity:    moderate
References:  1027519,1209237,1209245
This update for xen fixes the following issues:

- Added debug-info to xen-syms (bsc#1209237)

- Update to Xen 4.16.4 bug fix release (bsc#1027519)

- Added upstream bug fixes (bsc#1027519)
  
- Fix host-assisted kexec/kdump for HVM domUs (bsc#1209245)

- Drop patches contained in new tarball and switch to upstream backports for some patches

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2430-1
Released:    Tue Jun  6 22:55:28 2023
Summary:     Recommended update for supportutils-plugin-suse-public-cloud
Type:        recommended
Severity:    critical
References:  
This update for supportutils-plugin-suse-public-cloud fixes the following issues:

  - This update will be delivered to SLE Micro. (SMO-219)
  

The following package changes have been done:

- containerd-ctr-1.6.19-150000.90.3 updated
- containerd-1.6.19-150000.90.3 updated
- cups-config-2.2.7-150000.3.43.1 updated
- curl-8.0.1-150400.5.23.1 updated
- dracut-055+suse.342.g2e6dce8e-150400.3.22.1 updated
- grub2-i386-pc-2.06-150400.11.33.1 updated
- grub2-x86_64-efi-2.06-150400.11.33.1 updated
- grub2-x86_64-xen-2.06-150400.11.33.1 updated
- grub2-2.06-150400.11.33.1 updated
- kbd-legacy-2.4.0-150400.5.6.1 updated
- kbd-2.4.0-150400.5.6.1 updated
- libblkid1-2.37.2-150400.8.17.1 updated
- libcares2-1.19.1-150000.3.23.1 updated
- libcups2-2.2.7-150000.3.43.1 updated
- libcurl4-8.0.1-150400.5.23.1 updated
- libfdisk1-2.37.2-150400.8.17.1 updated
- libmount1-2.37.2-150400.8.17.1 updated
- libopenssl1_1-1.1.1l-150400.7.37.1 updated
- librelp0-1.11.0-150000.3.3.1 updated
- libsigc-2_0-0-2.10.7-150400.3.3.1 updated
- libsmartcols1-2.37.2-150400.8.17.1 updated
- libsolv-tools-0.7.24-150400.3.6.4 updated
- libsystemd0-249.16-150400.8.28.3 updated
- libudev1-249.16-150400.8.28.3 updated
- libuuid1-2.37.2-150400.8.17.1 updated
- libz1-1.2.11-150000.3.45.1 updated
- libzypp-17.31.11-150400.3.25.2 updated
- openssl-1_1-1.1.1l-150400.7.37.1 updated
- python3-packaging-21.3-150200.3.3.1 updated
- python3-setuptools-44.1.1-150400.9.3.3 updated
- runc-1.1.5-150000.43.1 updated
- supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 updated
- systemd-sysvinit-249.16-150400.8.28.3 updated
- systemd-249.16-150400.8.28.3 updated
- udev-249.16-150400.8.28.3 updated
- util-linux-systemd-2.37.2-150400.8.17.1 updated
- util-linux-2.37.2-150400.8.17.1 updated
- vim-data-common-9.0.1443-150000.5.43.1 updated
- vim-9.0.1443-150000.5.43.1 updated
- xen-libs-4.16.4_02-150400.4.28.1 updated
- xen-tools-domU-4.16.4_02-150400.4.28.1 updated
- xxd-9.0.1443-150000.5.43.1 updated
- zypper-1.14.60-150400.3.21.2 updated


More information about the sle-security-updates mailing list