SUSE-CU-2023:3418-1: Security update of suse/sles12sp5

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Oct 17 07:02:51 UTC 2023 

SUSE Container Update Advisory: suse/sles12sp5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:3418-1
Container Tags        : suse/sles12sp5:6.5.523 , suse/sles12sp5:latest
Container Release     : 6.5.523
Severity              : important
Type                  : security
References            : 1214806 1215286 1215504 1215888 1215889 CVE-2023-38545 CVE-2023-38546
                        CVE-2023-4641 CVE-2023-4813 
-----------------------------------------------------------------

The container suse/sles12sp5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4023-1
Released:    Tue Oct 10 13:23:04 2023
Summary:     Security update for shadow
Type:        security
Severity:    low
References:  1214806,CVE-2023-4641
This update for shadow fixes the following issues:
  
- CVE-2023-4641: Fixed potential password leak (bsc#1214806).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4043-1
Released:    Wed Oct 11 09:00:09 2023
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1215888,1215889,CVE-2023-38545,CVE-2023-38546
This update for curl fixes the following issues:

- CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888)
- CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4063-1
Released:    Thu Oct 12 10:41:20 2023
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1215286,1215504,CVE-2023-4813

This update of glibc fixes the following issues:

Security issue fixed:

- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) 

Other issues fixed:

- S390: Fix relocation of _nl_current_LC_CATETORY_used in static build (bsc#1215504, BZ #19860)
- added GB18030-2022 charmap (jsc#PED-4908, BZ #30243)



The following package changes have been done:

- glibc-2.22-114.31.1 updated
- libcurl4-8.0.1-11.74.1 updated
- shadow-4.2.1-36.6.1 updated

More information about the sle-security-updates mailing list