SUSE-CU-2023:2216-1: Security update of suse/sle15
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Jul 5 07:09:37 UTC 2023
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:2216-1
Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.75 , suse/sle15:15.4 , suse/sle15:15.4.27.14.75
Container Release : 27.14.75
Severity : moderate
Type : security
References : 1202234 1209565 1211261 1211261 1211418 1211419 1212187 1212187
1212222 1212222 CVE-2023-2602 CVE-2023-2603
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2742-1
Released: Fri Jun 30 11:40:56 2023
Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper
Type: recommended
Severity: moderate
References: 1202234,1209565,1211261,1212187,1212222
This update for yast2-pkg-bindings fixes the following issues:
libzypp was updated to version 17.31.14 (22):
- Curl: trim all custom headers (bsc#1212187)
HTTP/2 RFC 9113 forbids fields ending with a space. So we make
sure all custom headers are trimmed. This also includes headers
returned by URL-Resolver plugins.
- build: honor libproxy.pc's includedir (bsc#1212222)
zypper was updated to version 1.14.61:
- targetos: Add an error note if XPath:/product/register/target
is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
yast2-pkg-bindings, autoyast:
- Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565)
- Selected products are not installed after resetting the package manager internally (bsc#1202234)
yast2-update:
- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2765-1
Released: Mon Jul 3 20:28:14 2023
Summary: Security update for libcap
Type: security
Severity: moderate
References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603
This update for libcap fixes the following issues:
- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2772-1
Released: Tue Jul 4 09:54:23 2023
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1211261,1212187,1212222
This update for libzypp, zypper fixes the following issues:
libzypp was updated to version 17.31.14 (22):
- Curl: trim all custom headers (bsc#1212187)
HTTP/2 RFC 9113 forbids fields ending with a space. So we make
sure all custom headers are trimmed. This also includes headers
returned by URL-Resolver plugins.
- build: honor libproxy.pc's includedir (bsc#1212222)
zypper was updated to version 1.14.61:
- targetos: Add an error note if XPath:/product/register/target
is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
The following package changes have been done:
- libcap2-2.63-150400.3.3.1 updated
- libprotobuf-lite20-3.9.2-150200.4.21.1 updated
- libzypp-17.31.14-150400.3.35.1 updated
- zypper-1.14.61-150400.3.24.1 updated
More information about the sle-security-updates
mailing list