SUSE-IU-2024:19-1: Security update of suse-sles-15-sp5-chost-byos-v20240111-hvm-ssd-x86_64

sle-security-updates at sle-security-updates at
Mon Jan 15 08:01:06 UTC 2024

SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240111-hvm-ssd-x86_64
Image Advisory ID : SUSE-IU-2024:19-1
Image Tags        : suse-sles-15-sp5-chost-byos-v20240111-hvm-ssd-x86_64:20240111
Image Release     : 
Severity          : important
Type              : security
References        : 1029961 1158830 1170415 1170446 1178760 1201384 1206798 1209122
                        1210141 1212160 1213229 1213500 1214788 1215294 1215323 1215496
                        1216412 1216853 1216987 1217277 1217292 1217513 1217592 1217593
                        1217695 1217696 1217873 1217950 1217969 1218014 1218291 CVE-2020-12912
                        CVE-2020-8694 CVE-2020-8695 CVE-2023-38472 CVE-2023-39804 CVE-2023-48795
                        CVE-2023-49083 CVE-2023-50495 CVE-2023-5981 

The container suse-sles-15-sp5-chost-byos-v20240111-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

Advisory ID: SUSE-SU-2023:4843-1
Released:    Thu Dec 14 12:22:44 2023
Summary:     Security update for python3-cryptography
Type:        security
Severity:    moderate
References:  1217592,CVE-2023-49083
This update for python3-cryptography fixes the following issues:

- CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592).

Advisory ID: SUSE-SU-2023:4891-1
Released:    Mon Dec 18 16:31:49 2023
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1201384,1218014,CVE-2023-50495
This update for ncurses fixes the following issues:

- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)

Advisory ID: SUSE-SU-2023:4901-1
Released:    Tue Dec 19 11:25:47 2023
Summary:     Security update for avahi
Type:        security
Severity:    moderate
References:  1216853,CVE-2023-38472
This update for avahi fixes the following issues:

- CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853).

Advisory ID: SUSE-SU-2023:4902-1
Released:    Tue Dec 19 13:09:42 2023
Summary:     Security update for openssh
Type:        security
Severity:    important
References:  1214788,1217950,CVE-2023-48795
This update for openssh fixes the following issues:

- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950).

the following non-security bug was fixed:

- Fix the 'no route to host' error when connecting via ProxyJump

Advisory ID: SUSE-SU-2023:4936-1
Released:    Wed Dec 20 17:18:21 2023
Summary:     Security update for docker, rootlesskit
Type:        security
Severity:    important
References:  1170415,1170446,1178760,1210141,1213229,1213500,1215323,1217513,CVE-2020-12912,CVE-2020-8694,CVE-2020-8695
This update for docker, rootlesskit fixes the following issues:


- Update to Docker 24.0.7-ce. See upstream changelong online at>. bsc#1217513
  * Deny containers access to /sys/devices/virtual/powercap by default.
    - CVE-2020-8694 bsc#1170415
    - CVE-2020-8695 bsc#1170446
    - CVE-2020-12912 bsc#1178760

- Update to Docker 24.0.6-ce. See upstream changelong online at . bsc#1215323

- Add a docker.socket unit file, but with socket activation effectively
  disabled to ensure that Docker will always run even if you start the socket
  individually. Users should probably just ignore this unit file. bsc#1210141

- Update to Docker 24.0.5-ce. See upstream changelong online at . bsc#1213229

This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180)


- new package, for docker rootless support. (jsc#PED-6180)

Advisory ID: SUSE-RU-2023:4962-1
Released:    Fri Dec 22 13:45:06 2023
Summary:     Recommended update for curl
Type:        recommended
Severity:    important
References:  1216987
This update for curl fixes the following issues:

- libssh: Implement SFTP packet size limit (bsc#1216987)

This update also ships curl to the INSTALLER channel.

Advisory ID: SUSE-SU-2023:4983-1
Released:    Thu Dec 28 14:21:40 2023
Summary:     Security update for gnutls
Type:        security
Severity:    moderate
References:  1217277,CVE-2023-5981
This update for gnutls fixes the following issues:

- CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277).

Advisory ID: SUSE-RU-2024:11-1
Released:    Tue Jan  2 13:24:52 2024
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1029961,1158830,1206798,1209122
This update for procps fixes the following issues:

- Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369)

- For support up to 2048 CPU as well (bsc#1185417)
- Allow `-´ as leading character to ignore possible errors on systctl entries (bsc#1209122)
- Get the first CPU summary correct (bsc#1121753)
- Enable pidof for SLE-15 as this is provided by sysvinit-tools
- Use a check on syscall __NR_pidfd_open to decide if
  the pwait tool and its manual page will be build
- Do not truncate output of w with option -n
- Prefer logind over utmp (jsc#PED-3144)
- Don't install translated man pages for non-installed binaries
  (uptime, kill).
- Fix directory for Ukrainian man pages translations.
- Move localized man pages to lang package.

- Update to procps-ng-3.3.17

  * library: Incremented to 8:3:0
    (no removals or additions, internal changes only)
  * all: properly handle utf8 cmdline translations
  * kill: Pass int to signalled process
  * pgrep: Pass int to signalled process
  * pgrep: Check sanity of SG_ARG_MAX
  * pgrep: Add older than selection
  * pidof: Quiet mode
  * pidof: show worker threads
  * ps.1: Mention stime alias
  * ps: check also match on truncated 16 char comm names
  * ps: Add exe output option
  * ps: A lot more sorting available
  * pwait: New command waits for a process
  * sysctl: Match systemd directory order
  * sysctl: Document directory order
  * top: ensure config file backward compatibility
  * top: add command line 'e' for symmetry with 'E'
  * top: add '4' toggle for two abreast cpu display
  * top: add '!' toggle for combining multiple cpus
  * top: fix potential SEGV involving -p switch
  * vmstat: Wide mode gives wider proc columns
  * watch: Add environment variable for interval
  * watch: Add no linewrap option
  * watch: Support more colors
  * free,uptime,slabtop: complain about extra ops

- Package translations in procps-lang.

- Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited.

- Enable pidof by default

- Update to procps-ng-3.3.16

  * library: Increment to 8:2:0

    No removals or functions
    Internal changes only, so revision is incremented.
    Previous version should have been 8:1:0 not 8:0:1

  * docs: Use correct symbols for -h option in free.1
  * docs: ps.1 now warns about command name length
  * docs: install translated man pages
  * pgrep: Match on runstate
  * snice: Fix matching on pid
  * top: can now exploit 256-color terminals
  * top: preserves 'other filters' in configuration file
  * top: can now collapse/expand forest view children
  * top: parent %CPU time includes collapsed children
  * top: improve xterm support for vim navigation keys
  * top: avoid segmentation fault at program termination
  * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830)

Advisory ID: SUSE-RU-2024:50-1
Released:    Mon Jan  8 03:18:56 2024
Summary:     Recommended update for python-instance-billing-flavor-check
Type:        recommended
Severity:    moderate
References:  1217695,1217696
This update for python-instance-billing-flavor-check fixes the following issues:

-  Run the command as sudo only (bsc#1217696, bsc#1217695)
-  Handle exception for Python 3.4 

Advisory ID: SUSE-RU-2024:62-1
Released:    Mon Jan  8 11:44:47 2024
Summary:     Recommended update for libxcrypt
Type:        recommended
Severity:    moderate
References:  1215496
This update for libxcrypt fixes the following issues:

- fix variable name for datamember [bsc#1215496]
- added patches fix

Advisory ID: SUSE-RU-2024:68-1
Released:    Tue Jan  9 15:26:08 2024
Summary:     Recommended update for rsyslog
Type:        recommended
Severity:    moderate
References:  1217292
This update for rsyslog fixes the following issues:

- Restart daemon after modules packages have been updated (bsc#1217292)

Advisory ID: SUSE-SU-2024:70-1
Released:    Tue Jan  9 18:29:39 2024
Summary:     Security update for tar
Type:        security
Severity:    low
References:  1217969,CVE-2023-39804
This update for tar fixes the following issues:

- CVE-2023-39804: Fixed  extension attributes in PAX archives incorrect hanling (bsc#1217969).

Advisory ID: SUSE-RU-2024:88-1
Released:    Thu Jan 11 10:08:20 2024
Summary:     Recommended update for libsolv, zypper, libzypp
Type:        recommended
Severity:    moderate
References:  1212160,1215294,1216412,1217593,1217873,1218291
This update for libsolv, zypper, libzypp fixes the following issues:

- Expand RepoVars in URLs downloading a .repo file (bsc#1212160)
- Fix search/info commands ignoring --ignore-unknown (bsc#1217593)
- CheckAccessDeleted: fix 'running in container' filter (bsc#1218291)
- Open rpmdb just once during execution of %posttrans scripts (bsc#1216412)
- Make sure reboot-needed is remembered until next boot (bsc#1217873)
- Stop using boost version 1 timer library (bsc#1215294)
- Updated to version 0.7.27  
- Add zstd support for the installcheck tool
- Add putinowndirpool cache to make file list handling in repo_write much faster
- Do not use deprecated headerUnload with newer rpm versions
- Support complex deps in SOLVABLE_PREREQ_IGNOREINST
- Fix minimization not prefering installed packages in some cases
- Reduce memory usage in repo_updateinfoxml
- Fix lock-step interfering with architecture selection
- Fix choice rule handing for package downgrades
- Fix complex dependencies with an 'else' part sometimes leading to unsolved dependencies

The following package changes have been done:

- curl-8.0.1-150400.5.41.1 updated
- docker-24.0.7_ce-150000.190.4 updated
- libavahi-client3-0.8-150400.7.13.1 updated
- libavahi-common3-0.8-150400.7.13.1 updated
- libcrypt1-4.4.15-150300.4.7.1 updated
- libcurl4-8.0.1-150400.5.41.1 updated
- libgnutls30-3.7.3-150400.4.38.1 updated
- libncurses6-6.1-150000.5.20.1 updated
- libprocps8-3.3.17-150000.7.37.1 added
- libsolv-tools-0.7.27-150400.3.11.2 updated
- libzypp-17.31.27-150400.3.49.1 updated
- ncurses-utils-6.1-150000.5.20.1 updated
- openssh-clients-8.4p1-150300.3.27.1 updated
- openssh-common-8.4p1-150300.3.27.1 updated
- openssh-server-8.4p1-150300.3.27.1 updated
- openssh-8.4p1-150300.3.27.1 updated
- procps-3.3.17-150000.7.37.1 updated
- python-instance-billing-flavor-check-0.0.4-150000.1.6.1 updated
- python3-cryptography-3.3.2-150400.23.1 updated
- python3-cssselect-1.0.3-150000.3.5.1 updated
- rsyslog-module-relp-8.2306.0-150400.5.24.1 updated
- rsyslog-8.2306.0-150400.5.24.1 updated
- samba-client-libs-4.17.12+git.455.b299ac1e60-150500.3.20.1 updated
- tar-1.34-150000.3.34.1 updated
- terminfo-base-6.1-150000.5.20.1 updated
- terminfo-6.1-150000.5.20.1 updated
- xen-libs-4.17.3_02-150500.3.18.1 updated
- xen-tools-domU-4.17.3_02-150500.3.18.1 updated
- zypper-1.14.68-150400.3.40.2 updated
- libprocps7-3.3.15-150000.7.34.1 removed

More information about the sle-security-updates mailing list