SUSE-CU-2023:1620-1: Security update of suse/sles12sp5

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu May 25 07:09:42 UTC 2023 

SUSE Container Update Advisory: suse/sles12sp5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:1620-1
Container Tags        : suse/sles12sp5:6.5.472 , suse/sles12sp5:latest
Container Release     : 6.5.472
Severity              : important
Type                  : security
References            : 1198608 1203248 1203249 1208329 1210593 1211230 1211231 1211232
                        1211233 428822 CVE-2022-27774 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321
                        CVE-2023-28322 
-----------------------------------------------------------------

The container suse/sles12sp5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2225-1
Released:    Wed May 17 09:54:33 2023
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1198608,1211230,1211231,1211232,1211233,CVE-2022-27774,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322
This update for curl adds the following feature:

Update to version 8.0.1 (jsc#PED-2580)

- CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230).
- CVE-2023-28320: siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: POST-after-PUT confusion (bsc#1211233).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2249-1
Released:    Thu May 18 17:07:31 2023
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1203248,1203249,1208329,428822
This update for libzypp, zypper fixes the following issues:
    
- Removing a PTF without enabled repos should always fail (bsc#1203248)
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329)
- Add expert (allow-*) options to all installer commands (bsc#428822)

- Provide 'removeptf' command (bsc#1203249)
  A remove command which prefers replacing dependant packages to removing them as well.
  A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant
  packages. But you don't want the dependant packages to be removed together with the PTF, which is what the remove
  command would do. The removeptf command however will aim to replace the dependant packages by their official
  update versions.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2260-1
Released:    Mon May 22 10:29:33 2023
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1210593
This update for zlib fixes the following issues:

- Fix crash when calling deflateBound() function (bsc#1210593)


The following package changes have been done:

- libcurl4-8.0.1-11.65.2 updated
- libz1-1.2.11-11.34.1 updated
- libzypp-16.22.7-48.2 updated
- zypper-1.13.64-21.55.2 updated

More information about the sle-security-updates mailing list