SUSE-IU-2023:612-1: Security update of sles-15-sp5-chost-byos-v20230915-arm64
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Sep 18 07:02:01 UTC 2023
SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20230915-arm64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2023:612-1
Image Tags : sles-15-sp5-chost-byos-v20230915-arm64:20230915
Image Release :
Severity : critical
Type : security
References : 1002895 1027519 1102408 1107105 1138666 1138715 1138746 1158763
1167732 1176389 1177120 1179805 1182142 1182421 1182422 1184505
1186606 1187045 1193412 1194609 1195391 1195916 1196696 1198331
1200771 1201519 1202498 1202498 1204145 1204364 1204844 1205161
1206212 1207778 1207805 1208036 1208194 1208574 1209741 1209998
1210419 1210702 1210740 1210797 1210996 1211256 1211257 1211461
1211576 1211674 1211757 1212368 1212434 1212684 1213120 1213185
1213212 1213229 1213231 1213240 1213500 1213557 1213575 1213582
1213607 1213616 1213673 1213826 1213873 1213940 1213951 1214006
1214025 1214071 1214081 1214082 1214083 1214107 1214108 1214109
1214140 1214248 1214290 CVE-2020-25659 CVE-2020-26137 CVE-2020-29651
CVE-2020-29651 CVE-2021-30560 CVE-2021-33503 CVE-2022-23491 CVE-2022-40982
CVE-2022-42969 CVE-2023-2004 CVE-2023-20569 CVE-2023-20593 CVE-2023-23931
CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 CVE-2023-28840 CVE-2023-28841
CVE-2023-28842 CVE-2023-32681 CVE-2023-4016 CVE-2023-4156
-----------------------------------------------------------------
The container sles-15-sp5-chost-byos-v20230915-arm64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1037-1
Released: Mon Apr 20 10:49:39 2020
Summary: Recommended update for python-pytest
Type: recommended
Severity: low
References: 1002895,1107105,1138666,1167732
This update fixes the following issues:
New python-pytest versions are provided.
In Basesystem:
- python3-pexpect: updated to 4.8.0
- python3-py: updated to 1.8.1
- python3-zipp: shipped as dependency in version 0.6.0
In Python2:
- python2-pexpect: updated to 4.8.0
- python2-py: updated to 1.8.1
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1859-1
Released: Fri Jun 4 09:02:38 2021
Summary: Security update for python-py
Type: security
Severity: moderate
References: 1179805,1184505,CVE-2020-29651
This update for python-py fixes the following issues:
- CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2012-1
Released: Fri Jun 18 09:15:13 2021
Summary: Security update for python-urllib3
Type: security
Severity: important
References: 1187045,CVE-2021-33503
This update for python-urllib3 fixes the following issues:
- CVE-2021-33503: Fixed a denial of service when the URL contained many @ characters in the authority component (bsc#1187045)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2817-1
Released: Mon Aug 23 15:05:18 2021
Summary: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3
Type: security
Severity: moderate
References: 1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137
This patch updates the Python AWS SDK stack in SLE 15:
General:
# aws-cli
- Version updated to upstream release v1.19.9
For a detailed list of all changes, please refer to the changelog file of this package.
# python-boto3
- Version updated to upstream release 1.17.9
For a detailed list of all changes, please refer to the changelog file of this package.
# python-botocore
- Version updated to upstream release 1.20.9
For a detailed list of all changes, please refer to the changelog file of this package.
# python-urllib3
- Version updated to upstream release 1.25.10
For a detailed list of all changes, please refer to the changelog file of this package.
# python-service_identity
- Added this new package to resolve runtime dependencies for other packages.
Version: 18.1.0
# python-trustme
- Added this new package to resolve runtime dependencies for other packages.
Version: 0.6.0
Security fixes:
# python-urllib3:
- CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated
by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2355-1
Released: Mon Jul 11 12:44:33 2022
Summary: Recommended update for python-cryptography
Type: recommended
Severity: moderate
References: 1198331,CVE-2020-25659
This update for python-cryptography fixes the following issues:
python-cryptography was updated to 3.3.2.
update to 3.3.0:
* BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit
to 1024-bit (8 byte to 128 byte) initialization vectors. This
change is to conform with an upcoming OpenSSL release that will
no longer support sizes outside this window.
* BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we
now raise ValueError rather than UnsupportedAlgorithm when an
unsupported cipher is used. This change is to conform with an
upcoming OpenSSL release that will no longer distinguish
between error types.
* BACKWARDS INCOMPATIBLE: We no longer allow loading of finite
field Diffie-Hellman parameters of less than 512 bits in
length. This change is to conform with an upcoming OpenSSL
release that no longer supports smaller sizes. These keys were
already wildly insecure and should not have been used in any
application outside of testing.
* Added the recover_data_from_signature() function to
RSAPublicKey for recovering the signed data from an RSA
signature.
Update to 3.2.1:
Disable blinding on RSA public keys to address an error with
some versions of OpenSSL.
update to 3.2 (bsc#1178168, CVE-2020-25659):
* CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
by our API, we cannot completely mitigate this vulnerability.
* Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.
update to 3.1:
* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
:term:`U-label` parsing in various X.509 classes. This support was originally
deprecated in version 2.1 and moved to an extra in 2.5.
* ``backend`` arguments to functions are no longer required and the
default backend will automatically be selected if no ``backend`` is provided.
* Added initial support for parsing certificates from PKCS7 files with
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
and
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
.
* Calling ``update`` or ``update_into`` on
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This
also resolves the same issue in :doc:`/fernet`.
update to 3.0:
* RSA generate_private_key() no longer accepts public_exponent values except
65537 and 3 (the latter for legacy purposes).
* X.509 certificate parsing now enforces that the version field contains
a valid value, rather than deferring this check until version is accessed.
* Deprecated support for Python 2
* Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa
private keys: load_ssh_private_key() for loading and OpenSSH for writing.
* Added support for OpenSSH certificates to load_ssh_public_key().
* Added encrypt_at_time() and decrypt_at_time() to Fernet.
* Added support for the SubjectInformationAccess X.509 extension.
* Added support for parsing SignedCertificateTimestamps in OCSP responses.
* Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().
* Added support for encoding attributes in certificate signing requests via add_attribute().
* On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG
instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
* Added initial support for creating PKCS12 files with serialize_key_and_certificates().
Update to 2.9:
* BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
low usage and maintenance burden.
* BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
Users on older version of OpenSSL will need to upgrade.
* BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
* Removed support for calling public_bytes() with no arguments, as per
our deprecation policy. You must now pass encoding and format.
* BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
returns the RDNs as required by RFC 4514.
* Added support for parsing single_extensions in an OCSP response.
* NameAttribute values can now be empty strings.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2548-1
Released: Tue Jul 26 13:48:28 2022
Summary: Critical update for python-cssselect
Type: recommended
Severity: critical
References:
This update for python-cssselect implements packages to the unrestrictied repository.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2831-1
Released: Wed Aug 17 14:41:07 2022
Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins
Type: security
Severity: moderate
References: 1195916,1196696,CVE-2020-29651
This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues:
- Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972)
- Remove redundant python3 dependency from Requires
- Update regular expression to fix python shebang
- Style is enforced upstream and triggers unnecessary build version requirements
- Allow specifying fs_id in cloudwatch log group name
- Includes fix for stunnel path
- Added hardening to systemd service(s).
- Raise minimal pytest version
- Fix typo in the ansi2html Requires
- Cleanup with spec-cleaner
- Make sure the tests are really executed
- Remove useless devel dependency
- Multiprocessing support in Python 3.8 was broken, but is now fixed
- Bumpy the URL to point to github rather than to docs
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2853-1
Released: Fri Aug 19 15:59:42 2022
Summary: Recommended update for sle-module-legacy-release
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2943-1
Released: Tue Aug 30 15:42:16 2022
Summary: Recommended update for python-iniconfig
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3022-1
Released: Mon Sep 5 15:16:02 2022
Summary: Recommended update for python-pyOpenSSL
Type: recommended
Severity: moderate
References: 1200771
This update for python-pyOpenSSL fixes the following issues:
- Fixed checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056).
python-pyOpenSSL was updated to 21.0.0 (bsc#1200771, jsc#SLE-24519):
- The minimum ``cryptography`` version is now 3.3.
- Raise an error when an invalid ALPN value is set.
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3985-1
Released: Tue Nov 15 12:54:11 2022
Summary:
Recommended update for python-apipkg
Type: recommended
Severity: moderate
References: 1204145
This update fixes for python3-apipkg the following issues:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:139-1
Released: Wed Jan 25 14:41:55 2023
Summary: Security update for python-certifi
Type: security
Severity: important
References: 1206212,CVE-2022-23491
This update for python-certifi fixes the following issues:
- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
certs (bsc#1206212 CVE-2022-23491)
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
- Add removeTrustCor.patch
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:161-1
Released: Thu Jan 26 18:23:16 2023
Summary: Security update for python-py
Type: security
Severity: moderate
References: 1204364,CVE-2022-42969
This update for python-py fixes the following issues:
- CVE-2022-42969: Fixed an excessive resource consumption that could
be triggered when interacting with a Subversion repository
containing crated data (bsc#1204364).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:557-1
Released: Tue Feb 28 09:29:15 2023
Summary: Security update for libxslt
Type: security
Severity: important
References: 1208574,CVE-2021-30560
This update for libxslt fixes the following issues:
- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:722-1
Released: Tue Mar 14 14:57:15 2023
Summary: Security update for python-cryptography
Type: security
Severity: moderate
References: 1208036,CVE-2023-23931
This update for python-cryptography fixes the following issues:
- CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2866-1
Released: Tue Jul 18 11:09:03 2023
Summary: Security update for python-requests
Type: security
Severity: moderate
References: 1211674,CVE-2023-32681
This update for python-requests fixes the following issues:
- CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674).
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2023:2898-1
Released: Thu Jul 20 09:15:33 2023
Summary: Recommended update for python-instance-billing-flavor-check
Type: feature
Severity: critical
References:
This update for python-instance-billing-flavor-check fixes the following issues:
- Include PAYG checker package in SLE (jsc#PED-4791)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3330-1
Released: Wed Aug 16 08:59:33 2023
Summary: Recommended update for python-pyasn1
Type: recommended
Severity: important
References: 1207805
This update for python-pyasn1 fixes the following issues:
- To avoid users of this package having to recompile bytecode
files, change the mtime of any __init__.py. (bsc#1207805)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3371-1
Released: Tue Aug 22 13:30:18 2023
Summary: Recommended update for liblognorm
Type: recommended
Severity: moderate
References:
This update for liblognorm fixes the following issues:
- Update to liblognorm v2.0.6 (jsc#PED-4883)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3372-1
Released: Tue Aug 22 13:44:38 2023
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1211757,1213212
This update for rsyslog fixes the following issues:
- Fix removal of imfile state files (bsc#1213212)
- Fix segfaults in modExit() of imklog.c (bsc#1211757)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3393-1
Released: Wed Aug 23 17:41:55 2023
Summary: Recommended update for dracut
Type: recommended
Severity: important
References: 1214081
This update for dracut fixes the following issues:
- Protect against broken links pointing to themselves
- Exit if resolving executable dependencies fails (bsc#1214081)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3410-1
Released: Thu Aug 24 06:56:32 2023
Summary: Recommended update for audit
Type: recommended
Severity: moderate
References: 1201519,1204844
This update for audit fixes the following issues:
- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
- Fix rules not loaded when restarting auditd.service (bsc#1204844)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3440-1
Released: Mon Aug 28 08:57:10 2023
Summary: Security update for gawk
Type: security
Severity: low
References: 1214025,CVE-2023-4156
This update for gawk fixes the following issues:
- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3447-1
Released: Mon Aug 28 10:57:05 2023
Summary: Security update for xen
Type: security
Severity: moderate
References: 1027519,1212684,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593
This update for xen fixes the following issues:
- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434)
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435)
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3451-1
Released: Mon Aug 28 12:15:22 2023
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873
This update for systemd fixes the following issues:
- Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575)
- Decrease devlink priority for iso disks (bsc#1213185)
- Do not ignore mount point paths longer than 255 characters (bsc#1208194)
- Refuse hibernation if there's no possible way to resume (bsc#1186606)
- Update 'korean' and 'arabic' keyboard layouts (bsc#1210702)
- Drop some entries no longer needed by YaST (bsc#1194609)
- The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741)
- Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3452-1
Released: Mon Aug 28 12:41:11 2023
Summary: Recommended update for supportutils-plugin-suse-public-cloud
Type: recommended
Severity: moderate
References: 1213951
This update for supportutils-plugin-suse-public-cloud fixes the following issues:
- Update from version 1.0.7 to 1.0.8 (bsc#1213951)
- Capture CSP billing adapter config and log
- Accept upper case Amazon string in DMI table
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3454-1
Released: Mon Aug 28 13:43:18 2023
Summary: Security update for ca-certificates-mozilla
Type: security
Severity: important
References: 1214248
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
Added:
- Atos TrustedRoot Root CA ECC G2 2020
- Atos TrustedRoot Root CA ECC TLS 2021
- Atos TrustedRoot Root CA RSA G2 2020
- Atos TrustedRoot Root CA RSA TLS 2021
- BJCA Global Root CA1
- BJCA Global Root CA2
- LAWtrust Root CA2 (4096)
- Sectigo Public Email Protection Root E46
- Sectigo Public Email Protection Root R46
- Sectigo Public Server Authentication Root E46
- Sectigo Public Server Authentication Root R46
- SSL.com Client ECC Root CA 2022
- SSL.com Client RSA Root CA 2022
- SSL.com TLS ECC Root CA 2022
- SSL.com TLS RSA Root CA 2022
Removed CAs:
- Chambers of Commerce Root
- E-Tugra Certification Authority
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3461-1
Released: Mon Aug 28 17:25:09 2023
Summary: Security update for freetype2
Type: security
Severity: moderate
References: 1210419,CVE-2023-2004
This update for freetype2 fixes the following issues:
- CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3465-1
Released: Tue Aug 29 07:30:00 2023
Summary: Recommended update for samba
Type: recommended
Severity: moderate
References: 1213607,1213826,1213940
This update for samba fixes the following issues:
- Fix DFS not working with widelinks enabled; (bsc#1213607)
- Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940)
- net ads lookup with unspecified realm fails (bsc#1213826)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3468-1
Released: Tue Aug 29 09:22:18 2023
Summary: Recommended update for python3
Type: recommended
Severity: low
References:
This update for python3 fixes the following issue:
- Rename sources in preparation of python3.11 (jsc#PED-68)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3470-1
Released: Tue Aug 29 10:49:33 2023
Summary: Recommended update for parted
Type: recommended
Severity: low
References: 1182142,1193412
This update for parted fixes the following issues:
- fix null pointer dereference (bsc#1193412)
- update mkpart options in manpage (bsc#1182142)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3472-1
Released: Tue Aug 29 10:55:16 2023
Summary: Security update for procps
Type: security
Severity: low
References: 1214290,CVE-2023-4016
This update for procps fixes the following issues:
- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3485-1
Released: Tue Aug 29 14:20:56 2023
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1214071
This update for lvm2 fixes the following issues:
- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3497-1
Released: Wed Aug 30 21:25:05 2023
Summary: Security update for vim
Type: security
Severity: important
References: 1210996,1211256,1211257,1211461,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 1572.
- CVE-2023-2426: Fixed Out-of-range Pointer Offset use (bsc#1210996).
- CVE-2023-2609: Fixed NULL Pointer Dereference (bsc#1211256).
- CVE-2023-2610: Fixed nteger Overflow or Wraparound (bsc#1211257).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3514-1
Released: Fri Sep 1 15:48:52 2023
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1158763,1210740,1213231,1213557,1213673
This update for libzypp, zypper fixes the following issues:
- Fix occasional isue with downloading very small files (bsc#1213673)
- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763)
- Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740)
- Revised explanation of --force-resolution in man page (bsc#1213557)
- Print summary hint if policies were violated due to --force-resolution (bsc#1213557)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3521-1
Released: Tue Sep 5 08:56:45 2023
Summary: Recommended update for python-iniconfig
Type: recommended
Severity: moderate
References: 1213582
This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3536-1
Released: Tue Sep 5 15:00:27 2023
Summary: Security update for docker
Type: security
Severity: moderate
References: 1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842
This update for docker fixes the following issues:
- Update to Docker 24.0.5-ce.
See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2405> bsc#1213229
- Update to Docker 24.0.4-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500
- Update to Docker 24.0.3-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Recommend docker-rootless-extras instead of Require(ing) it, given
it's an additional functionality and not inherently required for
docker to function.
- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless)
- Update to Docker 24.0.2-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
* Includes the upstreamed fix for the mount table pollution issue.
bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
being provided by this package.
- was rebuilt against current GO compiler.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3543-1
Released: Wed Sep 6 08:27:22 2023
Summary: Recommended update for protobuf-c
Type: recommended
Severity: moderate
References: 1214006
This update for protobuf-c fixes the following issues:
- Add missing Provides/Obsoletes after package merge (bsc#1214006)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3577-1
Released: Mon Sep 11 15:04:01 2023
Summary: Recommended update for crypto-policies
Type: recommended
Severity: low
References: 1209998
This update for crypto-policies fixes the following issues:
- Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3611-1
Released: Fri Sep 15 09:28:36 2023
Summary: Recommended update for sysuser-tools
Type: recommended
Severity: moderate
References: 1195391,1205161,1207778,1213240,1214140
This update for sysuser-tools fixes the following issues:
- Update to version 3.2
- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
- Add 'quilt setup' friendly hint to %sysusers_requires usage
- Use append so if a pre file already exists it isn't overridden
- Invoke bash for bash scripts (bsc#1195391)
- Remove all systemd requires not supported on SLE15 (bsc#1214140)
The following package changes have been done:
- audit-3.0.6-150400.4.13.1 updated
- ca-certificates-mozilla-2.62-150200.30.1 updated
- crypto-policies-20210917.c9d86d1-150400.3.3.1 updated
- docker-24.0.5_ce-150000.185.1 updated
- dracut-055+suse.369.gde6c81bf-150500.3.9.1 updated
- gawk-4.2.1-150000.3.3.1 updated
- libaudit1-3.0.6-150400.4.13.1 updated
- libauparse0-3.0.6-150400.4.13.1 updated
- libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 updated
- libfreetype6-2.10.4-150000.4.15.1 updated
- liblognorm5-2.0.6-150000.3.3.1 updated
- libparted0-3.2-150300.21.3.1 updated
- libprocps7-3.3.15-150000.7.34.1 updated
- libprotobuf-c1-1.3.2-150200.3.9.1 updated
- libsystemd0-249.16-150400.8.33.1 updated
- libudev1-249.16-150400.8.33.1 updated
- libxslt1-1.1.34-150400.3.3.1 added
- libzypp-17.31.20-150400.3.40.1 updated
- parted-3.2-150300.21.3.1 updated
- procps-3.3.15-150000.7.34.1 updated
- python-instance-billing-flavor-check-0.0.2-150000.1.3.1 added
- python3-apipkg-2.1.0-150500.1.1 added
- python3-asn1crypto-0.24.0-3.2.1 added
- python3-certifi-2018.1.18-150000.3.3.1 added
- python3-cffi-1.13.2-3.2.5 added
- python3-chardet-3.0.4-3.23 added
- python3-cryptography-3.3.2-150400.16.6.1 added
- python3-cssselect-1.0.3-150000.3.3.1 added
- python3-idna-2.6-1.20 added
- python3-iniconfig-1.1.1-150000.1.11.1 added
- python3-lxml-4.9.1-150500.1.2 added
- python3-ordered-set-4.0.2-150400.8.34 updated
- python3-pyOpenSSL-21.0.0-150400.7.62 added
- python3-pyasn1-0.4.2-150000.3.5.1 added
- python3-pycparser-2.17-3.2.1 added
- python3-py-1.10.0-150100.5.12.1 added
- python3-requests-2.24.0-150300.3.3.1 added
- python3-urllib3-1.25.10-4.3.1 added
- rsyslog-module-relp-8.2306.0-150400.5.18.1 updated
- rsyslog-8.2306.0-150400.5.18.1 updated
- samba-client-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 updated
- supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 updated
- system-group-audit-3.0.6-150400.4.13.1 updated
- systemd-sysvinit-249.16-150400.8.33.1 updated
- systemd-249.16-150400.8.33.1 updated
- sysuser-shadow-3.2-150400.3.5.3 updated
- udev-249.16-150400.8.33.1 updated
- vim-data-common-9.0.1632-150500.20.3.1 updated
- vim-9.0.1632-150500.20.3.1 updated
- xen-libs-4.17.2_02-150500.3.6.1 updated
- zypper-1.14.63-150400.3.29.1 updated
- samba-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 removed
More information about the sle-security-updates
mailing list