SUSE-CU-2022:1706-1: Security update of suse/sle15
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Fri Jul 29 07:53:24 UTC 2022
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:1706-1
Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.11.7 , suse/sle15:15.4 , suse/sle15:15.4.27.11.7
Container Release : 27.11.7
Severity : important
Type : security
References : 1194550 1196490 1197684 1199042 1199132 CVE-2022-23308 CVE-2022-29824
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2552-1
Released: Tue Jul 26 14:55:40 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
Update to 2.9.14:
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
Update to version 2.9.13:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2573-1
Released: Thu Jul 28 04:24:19 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
The following package changes have been done:
- libxml2-2-2.9.14-150400.5.7.1 updated
- libzypp-17.30.2-150400.3.3.1 updated
- zypper-1.14.53-150400.3.3.1 updated
More information about the sle-updates
mailing list