SUSE-IU-2023:704-1: Security update of suse-sles-15-sp4-chost-byos-v20230928-x86_64-gen2
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Oct 3 07:02:09 UTC 2023
SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230928-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2023:704-1
Image Tags : suse-sles-15-sp4-chost-byos-v20230928-x86_64-gen2:20230928
Image Release :
Severity : important
Type : security
References : 1181477 1195391 1196933 1204942 1205161 1205533 1206402 1206608
1207543 1207598 1207778 1208928 1209979 1209998 1210015 1210797
1210950 1211598 1211599 1211829 1212368 1212475 1212819 1212910
1213120 1213127 1213229 1213240 1213500 1213582 1214006 1214052
1214081 1214107 1214108 1214109 1214140 1214254 1214458 1214535
1214692 1214768 1215026 1215064 1215145 1215204 1215472 1215474
CVE-2022-45154 CVE-2023-20588 CVE-2023-28840 CVE-2023-28841 CVE-2023-28842
CVE-2023-32360 CVE-2023-3341 CVE-2023-34322 CVE-2023-38039 CVE-2023-39615
CVE-2023-40217 CVE-2023-4039 CVE-2023-4504
-----------------------------------------------------------------
The container suse-sles-15-sp4-chost-byos-v20230928-x86_64-gen2 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3521-1
Released: Tue Sep 5 08:56:45 2023
Summary: Recommended update for python-iniconfig
Type: recommended
Severity: moderate
References: 1213582
This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3536-1
Released: Tue Sep 5 15:00:27 2023
Summary: Security update for docker
Type: security
Severity: moderate
References: 1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842
This update for docker fixes the following issues:
- Update to Docker 24.0.5-ce.
See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2405> bsc#1213229
- Update to Docker 24.0.4-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500
- Update to Docker 24.0.3-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Recommend docker-rootless-extras instead of Require(ing) it, given
it's an additional functionality and not inherently required for
docker to function.
- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless)
- Update to Docker 24.0.2-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
* Includes the upstreamed fix for the mount table pollution issue.
bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
being provided by this package.
- was rebuilt against current GO compiler.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3538-1
Released: Tue Sep 5 16:37:14 2023
Summary: Recommended update for dracut
Type: recommended
Severity: important
References: 1214081
This update for dracut fixes the following issues:
- Protect against broken links pointing to themselves
- Exit if resolving executable dependencies fails (bsc#1214081)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3543-1
Released: Wed Sep 6 08:27:22 2023
Summary: Recommended update for protobuf-c
Type: recommended
Severity: moderate
References: 1214006
This update for protobuf-c fixes the following issues:
- Add missing Provides/Obsoletes after package merge (bsc#1214006)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3577-1
Released: Mon Sep 11 15:04:01 2023
Summary: Recommended update for crypto-policies
Type: recommended
Severity: low
References: 1209998
This update for crypto-policies fixes the following issues:
- Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3611-1
Released: Fri Sep 15 09:28:36 2023
Summary: Recommended update for sysuser-tools
Type: recommended
Severity: moderate
References: 1195391,1205161,1207778,1213240,1214140
This update for sysuser-tools fixes the following issues:
- Update to version 3.2
- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
- Add 'quilt setup' friendly hint to %sysusers_requires usage
- Use append so if a pre file already exists it isn't overridden
- Invoke bash for bash scripts (bsc#1195391)
- Remove all systemd requires not supported on SLE15 (bsc#1214140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3661-1
Released: Mon Sep 18 21:44:09 2023
Summary: Security update for gcc12
Type: security
Severity: important
References: 1214052,CVE-2023-4039
This update for gcc12 fixes the following issues:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3663-1
Released: Mon Sep 18 21:49:09 2023
Summary: Recommended update for perl-Bootloader
Type: recommended
Severity: important
References: 1215064
This update for perl-Bootloader fixes the following issues:
- bootloader_entry script can have an optional 'force-default'
argument (bsc#1215064)
- skip warning about unsupported options when in compat mode
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3699-1
Released: Wed Sep 20 11:02:50 2023
Summary: Security update for libxml2
Type: security
Severity: important
References: 1214768,CVE-2023-39615
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3707-1
Released: Wed Sep 20 17:12:03 2023
Summary: Security update for cups
Type: security
Severity: important
References: 1214254,1215204,CVE-2023-32360,CVE-2023-4504
This update for cups fixes the following issues:
- CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204).
- CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3737-1
Released: Fri Sep 22 20:31:25 2023
Summary: Security update for bind
Type: security
Severity: important
References: 1215472,CVE-2023-3341
This update for bind fixes the following issues:
Update to release 9.16.44:
- CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3780-1
Released: Tue Sep 26 10:58:21 2023
Summary: Recommended update hidapi
Type: recommended
Severity: moderate
References: 1214535
This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3814-1
Released: Wed Sep 27 18:08:17 2023
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1211829,1212819,1212910
This update for glibc fixes the following issues:
- nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415)
- Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457)
- elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688)
- elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676)
- ld.so: Always use MAP_COPY to map the first segment (BZ #30452)
- add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3817-1
Released: Wed Sep 27 18:31:14 2023
Summary: Security update for containerd
Type: security
Severity: important
References: 1212475
This update of containerd fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3822-1
Released: Wed Sep 27 18:40:14 2023
Summary: Security update for supportutils
Type: security
Severity: moderate
References: 1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154
This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other Fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3823-1
Released: Wed Sep 27 18:42:38 2023
Summary: Security update for curl
Type: security
Severity: important
References: 1215026,CVE-2023-38039
This update for curl fixes the following issues:
- CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3828-1
Released: Wed Sep 27 19:07:38 2023
Summary: Security update for python3
Type: security
Severity: important
References: 1214692,CVE-2023-40217
This update for python3 fixes the following issues:
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3832-1
Released: Wed Sep 27 19:15:53 2023
Summary: Security update for xen
Type: security
Severity: important
References: 1215145,1215474,CVE-2023-20588,CVE-2023-34322
This update for xen fixes the following issues:
- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3843-1
Released: Wed Sep 27 20:18:06 2023
Summary: Recommended update for suse-build-key
Type: recommended
Severity: important
References:
This update for suse-build-key fixes the following issues:
This update adds and runs a import-suse-build-key script.
It is run after installation with libzypp based installers. (jsc#PED-2777)
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3856-1
Released: Thu Sep 28 09:42:16 2023
Summary: Recommended update for apparmor
Type: recommended
Severity: moderate
References: 1214458
This update for apparmor fixes the following issues:
- Update zgrep profile to allow egrep helper use (bsc#1214458)
The following package changes have been done:
- apparmor-abstractions-3.0.4-150400.5.9.1 updated
- apparmor-parser-3.0.4-150400.5.9.1 updated
- bind-utils-9.16.44-150400.5.37.2 updated
- containerd-ctr-1.6.21-150000.95.1 updated
- containerd-1.6.21-150000.95.1 updated
- crypto-policies-20210917.c9d86d1-150400.3.3.1 updated
- cups-config-2.2.7-150000.3.51.2 updated
- curl-8.0.1-150400.5.29.1 updated
- docker-24.0.5_ce-150000.185.1 updated
- dracut-055+suse.347.gdcb9bdbf-150400.3.28.1 updated
- glibc-locale-base-2.31-150300.58.1 updated
- glibc-locale-2.31-150300.58.1 updated
- glibc-2.31-150300.58.1 updated
- kernel-default-5.14.21-150400.24.84.1 updated
- libapparmor1-3.0.4-150400.5.9.1 updated
- libcups2-2.2.7-150000.3.51.2 updated
- libcurl4-8.0.1-150400.5.29.1 updated
- libgcc_s1-12.3.0+git1204-150000.1.16.1 updated
- libhidapi-hidraw0-0.10.1-150300.3.2.1 updated
- libprotobuf-c1-1.3.2-150200.3.9.1 updated
- libpython3_6m1_0-3.6.15-150300.10.51.1 updated
- libstdc++6-12.3.0+git1204-150000.1.16.1 updated
- libxml2-2-2.9.14-150400.5.22.1 updated
- perl-Bootloader-0.945-150400.3.9.1 updated
- python3-base-3.6.15-150300.10.51.1 updated
- python3-bind-9.16.44-150400.5.37.2 updated
- python3-iniconfig-1.1.1-150000.1.11.1 updated
- python3-3.6.15-150300.10.51.1 updated
- supportutils-3.1.26-150300.7.35.21.1 updated
- suse-build-key-12.0-150000.8.34.1 updated
- sysuser-shadow-3.2-150400.3.5.3 updated
- xen-libs-4.16.5_04-150400.4.34.1 updated
- sysfsutils-2.1.0-3.3.1 removed
More information about the sle-security-updates
mailing list