SUSE-CU-2023:3177-1: Security update of suse/sle-micro/5.5/toolbox

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Sep 29 07:07:46 UTC 2023


SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:3177-1
Container Tags        : suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.59 , suse/sle-micro/5.5/toolbox:latest
Container Release     : 2.2.59
Severity              : important
Type                  : security
References            : 1181477 1196933 1204942 1205533 1206402 1206608 1207543 1207598
                        1208928 1209979 1210015 1210950 1211598 1211599 1211829 1212819
                        1212910 1213127 1214692 1215026 CVE-2022-45154 CVE-2023-38039
                        CVE-2023-40217 
-----------------------------------------------------------------

The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3814-1
Released:    Wed Sep 27 18:08:17 2023
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1211829,1212819,1212910
This update for glibc fixes the following issues:

- nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415)
- Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457)
- elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688)
- elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676)
- ld.so: Always use MAP_COPY to map the first segment (BZ #30452)
- add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3822-1
Released:    Wed Sep 27 18:40:14 2023
Summary:     Security update for supportutils
Type:        security
Severity:    moderate
References:  1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154
This update for supportutils fixes the following issues:

Security fixes:

- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).

Other Fixes:

- Changes in version 3.1.26
  + powerpc plugin to collect the slots and active memory (bsc#1210950)
  + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
  + supportconfig: collect BPF information (pr#154)
  + Added additional iscsi information (pr#155)

- Added run time detection (bsc#1213127)

- Changes for supportutils version 3.1.25
  + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
  + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
  + powerpc: collect invscout logs (pr#150)
  + powerpc: collect RMC status logs (pr#151)
  + Added missing nvme nbft commands (bsc#1211599)
  + Fixed invalid nvme commands (bsc#1211598)
  + Added missing podman information (PED-1703, bsc#1181477)
  + Removed dependency on sysfstools
  + Check for systool use (bsc#1210015)
  + Added selinux checking (bsc#1209979)
  + Updated SLES_VER matrix

- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)

- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
  that `numactl --hardware` data is provided in supportconfigs

- Changes to supportconfig.rc version 3.1.11-35
  + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)

- Changes to supportconfig version 3.1.11-46.4
  + Added plymouth_info 

- Changes to getappcore version 1.53.02
  + The location of chkbin was updated earlier. This documents that
    change (bsc#1205533, bsc#1204942)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3823-1
Released:    Wed Sep 27 18:42:38 2023
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1215026,CVE-2023-38039
This update for curl fixes the following issues:

- CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3828-1
Released:    Wed Sep 27 19:07:38 2023
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1214692,CVE-2023-40217
This update for python3 fixes the following issues:

- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).


The following package changes have been done:

- glibc-locale-base-2.31-150300.58.1 updated
- glibc-locale-2.31-150300.58.1 updated
- glibc-2.31-150300.58.1 updated
- libcurl4-8.0.1-150400.5.29.1 updated
- libpython3_6m1_0-3.6.15-150300.10.51.1 updated
- python3-base-3.6.15-150300.10.51.1 updated
- supportutils-3.1.26-150300.7.35.21.1 updated
- container:sles15-image-15.0.0-36.5.37 updated
- sysfsutils-2.1.0-3.3.1 removed


More information about the sle-security-updates mailing list