SUSE-CU-2023:1897-1: Security update of suse/sle15

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Jun 14 07:26:47 UTC 2023


SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:1897-1
Container Tags        : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.3 , suse/sle15:15.5 , suse/sle15:15.5.36.5.3
Container Release     : 36.5.3
Severity              : important
Type                  : security
References            : 1029961 1120610 1120610 1127591 1130496 1130496 1177047 1178233
                        1180713 1181131 1181131 1184124 1186642 1195633 1198062 1198922
                        1200441 1200441 1200657 1200657 1202436 1202436 1202436 1203141
                        1203248 1203249 1203537 1203600 1203715 1204548 1204956 1205570
                        1205636 1206134 1206949 1207294 1207410 1207571 1207753 1207789
                        1207957 1207975 1207990 1207991 1207992 1208270 1208271 1208272
                        1208329 1208358 1208432 1209030 1209094 1209122 1209140 1209209
                        1209210 1209211 1209212 1209214 1209406 1209533 1209713 1209714
                        1210135 1210434 1210507 1210870 1211230 1211231 1211232 1211233
                        1211661 1211795 1212187 CVE-2018-20482 CVE-2018-20482 CVE-2019-9923
                        CVE-2019-9923 CVE-2021-20193 CVE-2021-20193 CVE-2022-1271 CVE-2022-41720
                        CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2022-48303 CVE-2022-4899
                        CVE-2023-0687 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-24532
                        CVE-2023-24593 CVE-2023-25180 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535
                        CVE-2023-27536 CVE-2023-27538 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321
                        CVE-2023-28322 CVE-2023-29383 CVE-2023-29491 CVE-2023-2953 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:926-1
Released:    Wed Apr 10 16:33:12 2019
Summary:     Security update for tar
Type:        security
Severity:    moderate
References:  1120610,1130496,CVE-2018-20482,CVE-2019-9923
This update for tar fixes the following issues:

Security issues fixed:

- CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496).
- CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3791-1
Released:    Mon Dec 14 17:39:19 2020
Summary:     Recommended update for gzip
Type:        recommended
Severity:    moderate
References:  
This update for gzip fixes the following issue:

- Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775)
  
  Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:974-1
Released:    Mon Mar 29 19:31:27 2021
Summary:     Security update for tar
Type:        security
Severity:    low
References:  1181131,CVE-2021-20193
This update for tar fixes the following issues:

CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1018-1
Released:    Tue Apr  6 14:29:13 2021
Summary:     Recommended update for gzip
Type:        recommended
Severity:    moderate
References:  1180713
This update for gzip fixes the following issues:

- Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1289-1
Released:    Wed Apr 21 14:02:46 2021
Summary:     Recommended update for gzip
Type:        recommended
Severity:    moderate
References:  1177047
This update for gzip fixes the following issues:

- Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1935-1
Released:    Thu Jun 10 10:45:09 2021
Summary:     Recommended update for gzip
Type:        recommended
Severity:    moderate
References:  1186642

This update for gzip fixes the following issue:

- gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead
  to migration issues. (bsc#1186642)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2193-1
Released:    Mon Jun 28 18:38:43 2021
Summary:     Recommended update for tar
Type:        recommended
Severity:    moderate
References:  1184124
This update for tar fixes the following issues:

- Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1548-1
Released:    Thu May  5 16:45:28 2022
Summary:     Security update for tar
Type:        security
Severity:    moderate
References:  1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193
This update for tar fixes the following issues:

- CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131).
- CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496).
- CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610).

- Update to GNU tar 1.34:
  * Fix extraction over pipe
  * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131)
  * Fix extraction when . and .. are unreadable
  * Gracefully handle duplicate symlinks when extracting
  * Re-initialize supplementary groups when switching to user
    privileges

- Update to GNU tar 1.33:
  * POSIX extended format headers do not include PID by default
  * --delay-directory-restore works for archives with reversed
    member ordering
  * Fix extraction of a symbolic link hardlinked to another
    symbolic link
  * Wildcards in exclude-vcs-ignore mode don't match slash
  * Fix the --no-overwrite-dir option
  * Fix handling of chained renames in incremental backups
  * Link counting works for file names supplied with -T
  * Accept only position-sensitive (file-selection) options in file
    list files

- prepare usrmerge (bsc#1029961)

- Update to GNU 1.32
  * Fix the use of --checkpoint without explicit --checkpoint-action
  * Fix extraction with the -U option
  * Fix iconv usage on BSD-based systems
  * Fix possible NULL dereference (savannah bug #55369)
    [bsc#1130496] [CVE-2019-9923]
  * Improve the testsuite

- Update to GNU 1.31
  * Fix heap-buffer-overrun with --one-top-level, bug introduced
    with the addition of that option in 1.28
  * Support for zstd compression
  * New option '--zstd' instructs tar to use zstd as compression
    program. When listing, extractng and comparing, zstd compressed
    archives are recognized automatically. When '-a' option is in
    effect, zstd compression is selected if the destination archive
    name ends in '.zst' or '.tzst'.
  * The -K option interacts properly with member names given in the
    command line. Names of members to extract can be specified along
    with the '-K NAME' option. In this case, tar will extract NAME
    and those of named members that appear in the archive after it,
    which is consistent with the semantics of the option. Previous
    versions of tar extracted NAME, those of named members that
    appeared before it, and everything after it.
  * Fix CVE-2018-20482 - When creating archives with the --sparse
    option, previous versions of tar would loop endlessly if a
    sparse file had been truncated while being archived.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1617-1
Released:    Tue May 10 14:40:12 2022
Summary:     Security update for gzip
Type:        security
Severity:    important
References:  1198062,1198922,CVE-2022-1271
This update for gzip fixes the following issues:

- CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2735-1
Released:    Wed Aug 10 04:31:41 2022
Summary:     Recommended update for tar
Type:        recommended
Severity:    moderate
References:  1200657
This update for tar fixes the following issues:

- Fix race condition while creating intermediate subdirectories (bsc#1200657)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2844-1
Released:    Thu Aug 18 14:41:25 2022
Summary:     Recommended update for tar
Type:        recommended
Severity:    important
References:  1202436
This update for tar fixes the following issues:

- A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436)

 
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4312-1
Released:    Fri Dec  2 11:16:47 2022
Summary:     Recommended update for tar
Type:        recommended
Severity:    moderate
References:  1200657,1203600
This update for tar fixes the following issues:

- Fix unexpected inconsistency when making directory (bsc#1203600)
- Update race condition fix (bsc#1200657)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:179-1
Released:    Thu Jan 26 21:54:30 2023
Summary:     Recommended update for tar
Type:        recommended
Severity:    low
References:  1202436
This update for tar fixes the following issue:

- Fix hang when unpacking test tarball (bsc#1202436)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:429-1
Released:    Wed Feb 15 17:41:22 2023
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916
This update for curl fixes the following issues:

- CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990).
- CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991).
- CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:463-1
Released:    Mon Feb 20 16:33:39 2023
Summary:     Security update for tar
Type:        security
Severity:    moderate
References:  1202436,1207753,CVE-2022-48303
This update for tar fixes the following issues:

- CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). 

Bug fixes:

- Fix hang when unpacking test tarball (bsc#1202436).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:464-1
Released:    Mon Feb 20 18:11:37 2023
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  
This update for systemd fixes the following issues:

- Merge of v249.15
- Drop workaround related to systemd-timesyncd that addressed a Factory issue.
- Conditionalize the use of /lib/modprobe.d only on systems with split usr
  support enabled (i.e. SLE).
- Make use of the %systemd_* rpm macros consistently. Using the upstream
  variants will ease the backports of Factory changes to SLE since Factory
  systemd uses the upstream variants exclusively.
- machines.target belongs to systemd-container, do its init/cleanup steps from
  the scriptlets of this sub-package.
- Make sure we apply the presets on units shipped by systemd package.
- systemd-testsuite: move the integration tests in a dedicated sub directory.
- Move systemd-cryptenroll into udev package.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:617-1
Released:    Fri Mar  3 16:49:06 2023
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  1207789
This update for jitterentropy fixes the following issues:

- build jitterentropy library with debuginfo (bsc#1207789)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:713-1
Released:    Mon Mar 13 10:25:04 2023
Summary:     Recommended update for suse-build-key
Type:        recommended
Severity:    moderate
References:  
This update for suse-build-key fixes the following issues:

This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise
15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch
to mid of 2023. (jsc#PED-2777)

- gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories).
- gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories).
- suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages.
- build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem:
  New RSA 4096 key for the SUSE registry registry.suse.com, installed as
  suse-container-key-2023.pem and suse-container-key-2023.asc
- suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem:
  New PTF container signing key for registry.suse.com/ptf/ space.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:714-1
Released:    Mon Mar 13 10:53:25 2023
Summary:     Recommended update for rpm
Type:        recommended
Severity:    important
References:  1207294
This update for rpm fixes the following issues:

- Fix missing python(abi) for 3.XX versions (bsc#1207294)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:776-1
Released:    Thu Mar 16 17:29:23 2023
Summary:     Recommended update for gcc12
Type:        recommended
Severity:    moderate
References:  
This update for gcc12 fixes the following issues:

This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products.

SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes


This update ship the GCC 12 compiler suite and its base libraries.

The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.

The new compilers for C, C++, and Fortran are provided in the SUSE Linux
Enterprise Module for Development Tools.

To use gcc12 compilers use:

- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out

	https://gcc.gnu.org/gcc-12/changes.html


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:788-1
Released:    Thu Mar 16 19:37:59 2023
Summary:     Recommended update for libsolv, libzypp, zypper
Type:        recommended
Severity:    important
References:  1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949
This update for libsolv, libzypp, zypper fixes the following issues:

libsolv:

- Do not autouninstall SUSE PTF packages
- Ensure 'duplinvolvedmap_all' is reset when a solver is reused
- Fix 'keep installed' jobs not disabling 'best update' rules
- New '-P' and '-W' options for `testsolv`
- New introspection interface for weak dependencies similar to ruleinfos
- Ensure special case file dependencies are written correctly in the testcase writer
- Support better info about alternatives
- Support decision reason queries
- Support merging of related decisions
- Support stringification of multiple solvables
- Support stringification of ruleinfo, decisioninfo and decision reasons

libzypp:

- Avoid calling getsockopt when we know the info already.
  This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when
  accepting new socket connections (bsc#1178233)
- Avoid redirecting 'history.logfile=/dev/null' into the target
- Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956)
- Enhance yaml-cpp detection
- Improve download of optional files
- MultiCurl: Make sure to reset the progress function when falling back.
- Properly reset range requests (bsc#1204548)
- Removing a PTF without enabled repos should always fail (bsc#1203248)
  Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. 
  To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the
  installed PTF packages to theit latest version.
- Skip media.1/media download for http repo status calc.
  This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed.
  This optimisation only takes place if the repo does specify only downloading base urls.
- Use a dynamic fallback for BLKSIZE in downloads.
  When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed,
  relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar
  metric as the MirrorCache implementation on the server side.
- ProgressData: enforce reporting the INIT||END state (bsc#1206949)
- ps: fix service detection on newer Tumbleweed systems (bsc#1205636)


zypper:

- Allow to (re)add a service with the same URL (bsc#1203715)
- Bump dependency requirement to libzypp-devel 17.31.7 or greater
- Explain outdatedness of repositories
- patterns: Avoid dispylaing superfluous @System entries (bsc#1205570)
- Provide `removeptf` command (bsc#1203249)
  A remove command which prefers replacing dependant packages to removing them as well.
  A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant
  packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the
  remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official
  update versions.
- Update man page and explain '.no_auto_prune' (bsc#1204956)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:871-1
Released:    Wed Mar 22 14:32:45 2023
Summary:     Security update for container-suseconnect
Type:        security
Severity:    important
References:  1200441,1206134,1208270,1208271,1208272,1209030,CVE-2022-41720,CVE-2022-41723,CVE-2022-41724,CVE-2022-41725,CVE-2023-24532

This update of container-suseconnect fixes the following issue:

- container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7.

- CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270).
- CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271).
- CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272).
- CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030).

- CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1582-1
Released:    Mon Mar 27 10:31:52 2023
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538
This update for curl fixes the following issues:
  
- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1662-1
Released:    Wed Mar 29 10:36:23 2023
Summary:     Recommended update for patterns-base
Type:        recommended
Severity:    moderate
References:  1203537
This update for patterns-base fixes the following issues:

- change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1688-1
Released:    Wed Mar 29 18:19:10 2023
Summary:     Security update for zstd
Type:        security
Severity:    moderate
References:  1209533,CVE-2022-4899
This update for zstd fixes the following issues:

- CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1718-1
Released:    Fri Mar 31 15:47:34 2023
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1207571,1207957,1207975,1208358,CVE-2023-0687
This update for glibc fixes the following issues:

Security issue fixed:

- CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)

Other issues fixed:

- Fix avx2 strncmp offset compare condition check (bsc#1208358)
- elf: Allow dlopen of filter object to work (bsc#1207571)
- powerpc: Fix unrecognized instruction errors with recent GCC
- x86: Cache computation for AMD architecture (bsc#1207957)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1779-1
Released:    Thu Apr  6 08:16:58 2023
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1208432
This update for systemd fixes the following issues:

- Fix return non-zero value when disabling SysVinit service (bsc#1208432)
- Drop build requirement on libpci, it's not no longer needed
- Move systemd-boot and all components managing (secure) UEFI boot into udev
  sub-package, so they aren't installed in systemd based containers

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1805-1
Released:    Tue Apr 11 10:12:41 2023
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  
This update for timezone fixes the following issues:

- Version update from 2022g to 2023c:
  * Egypt now uses DST again, from April through October.
  * This year Morocco springs forward April 23, not April 30.
  * Palestine delays the start of DST this year.
  * Much of Greenland still uses DST from 2024 on.
  * America/Yellowknife now links to America/Edmonton.
  * tzselect can now use current time to help infer timezone.
  * The code now defaults to C99 or later.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1851-1
Released:    Fri Apr 14 15:08:38 2023
Summary:     Security update for container-suseconnect
Type:        security
Severity:    important
References:  

This update for container-suseconnect fixes the following issue:

- rebuilt against current go version.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2060-1
Released:    Thu Apr 27 17:04:25 2023
Summary:     Security update for glib2
Type:        security
Severity:    moderate
References:  1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180
This update for glib2 fixes the following issues:

- CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714).
- CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713).

The following non-security bug was fixed:

- Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2066-1
Released:    Fri Apr 28 13:54:17 2023
Summary:     Security update for shadow
Type:        security
Severity:    moderate
References:  1210507,CVE-2023-29383
This update for shadow fixes the following issues:

- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2104-1
Released:    Thu May  4 21:05:30 2023
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1209122
This update for procps fixes the following issue:

- Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2111-1
Released:    Fri May  5 14:34:00 2023
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1210434,CVE-2023-29491
This update for ncurses fixes the following issues:

- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2174-1
Released:    Thu May 11 13:08:09 2023
Summary:     Security update for container-suseconnect
Type:        security
Severity:    important
References:  1200441

This update of container-suseconnect fixes the following issues:

- rebuild the package with the go 19.9 secure release (bsc#1200441).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2224-1
Released:    Wed May 17 09:53:54 2023
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322
This update for curl adds the following feature:

Update to version 8.0.1 (jsc#PED-2580)

- CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230).
- CVE-2023-28320: siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: POST-after-PUT confusion (bsc#1211233).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2240-1
Released:    Wed May 17 19:56:54 2023
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1203141,1207410
This update for systemd fixes the following issues:

- udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410)
- Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141)
- Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2245-1
Released:    Thu May 18 17:01:47 2023
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1127591,1195633,1208329,1209406,1210870
This update for libzypp, zypper fixes the following issues:

- Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633)
- multicurl: propagate ssl settings stored in repo url (bsc#1127591)
- MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870)
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329)
- Teach MediaNetwork to retry on HTTP2 errors.
- Fix selecting installed patterns from picklist (bsc#1209406)
- man: better explanation of --priority

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2341-1
Released:    Thu Jun  1 11:31:27 2023
Summary:     Recommended update for libsigc++2
Type:        recommended
Severity:    moderate
References:  1209094,1209140
This update for libsigc++2 fixes the following issues:

- Remove executable permission for file (bsc#1209094, bsc#1209140)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2484-1
Released:    Mon Jun 12 08:49:58 2023
Summary:     Security update for openldap2
Type:        security
Severity:    moderate
References:  1211795,CVE-2023-2953
This update for openldap2 fixes the following issues:

- CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2495-1
Released:    Tue Jun 13 15:05:27 2023
Summary:     Recommended update for libzypp
Type:        recommended
Severity:    important
References:  1211661,1212187
This update for libzypp fixes the following issues:

- Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187]
- Do not unconditionally release a medium if provideFile failed. [bsc#1211661]


The following package changes have been done:

- container-suseconnect-2.4.0-150000.4.28.1 updated
- curl-8.0.1-150400.5.23.1 updated
- glibc-2.31-150300.46.1 updated
- gzip-1.10-150200.10.1 added
- krb5-1.20.1-150500.1.2 updated
- libblkid1-2.37.4-150500.7.16 updated
- libcurl4-8.0.1-150400.5.23.1 updated
- libfdisk1-2.37.4-150500.7.16 updated
- libgcc_s1-12.2.1+git416-150000.1.7.1 updated
- libgcrypt20-hmac-1.9.4-150500.10.19 updated
- libgcrypt20-1.9.4-150500.10.19 updated
- libglib-2_0-0-2.70.5-150400.3.8.1 updated
- libjitterentropy3-3.4.0-150000.1.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.14.1 updated
- libldap-data-2.4.46-150200.14.14.1 updated
- libmount1-2.37.4-150500.7.16 updated
- libncurses6-6.1-150000.5.15.1 updated
- libopenssl1_1-hmac-1.1.1l-150500.15.4 updated
- libopenssl1_1-1.1.1l-150500.15.4 updated
- libprocps7-3.3.15-150000.7.31.1 updated
- libsasl2-3-2.1.28-150500.1.1 updated
- libsigc-2_0-0-2.10.7-150400.3.3.1 updated
- libsmartcols1-2.37.4-150500.7.16 updated
- libsolv-tools-0.7.24-150400.3.6.4 updated
- libstdc++6-12.2.1+git416-150000.1.7.1 updated
- libsystemd0-249.16-150400.8.28.3 updated
- libudev1-249.16-150400.8.28.3 updated
- libuuid1-2.37.4-150500.7.16 updated
- libxml2-2-2.10.3-150500.3.1 updated
- libz1-1.2.13-150500.2.3 updated
- libzstd1-1.5.0-150400.3.3.1 updated
- libzypp-17.31.13-150400.3.30.1 updated
- login_defs-4.8.1-150400.10.6.1 updated
- ncurses-utils-6.1-150000.5.15.1 updated
- openssl-1_1-1.1.1l-150500.15.4 updated
- patterns-base-fips-20200124-150400.20.4.1 updated
- procps-3.3.15-150000.7.31.1 updated
- rpm-ndb-4.14.3-150300.55.1 updated
- shadow-4.8.1-150400.10.6.1 updated
- skelcd-EULA-bci-2023.03.06-150500.2.1 updated
- sles-release-15.5-150500.43.4 updated
- suse-build-key-12.0-150000.8.31.1 updated
- tar-1.34-150000.3.31.1 added
- terminfo-base-6.1-150000.5.15.1 updated
- timezone-2023c-150000.75.23.1 updated
- util-linux-2.37.4-150500.7.16 updated
- zypper-1.14.60-150400.3.21.2 updated


More information about the sle-security-updates mailing list