SUSE-CU-2022:2624-1: Recommended update of suse/sle15

Fri Oct 21 07:45:31 UTC 2022

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2624-1
Container Tags        : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.3 , suse/sle15:15.4 , suse/sle15:15.4.27.14.3
Container Release     : 27.14.3
Severity              : moderate
Type                  : recommended
References            : 1121365 1180995 1190651 1190653 1190888 1193859 1198471 1198472
                        1201293 1202148 1202870 1203046 1203069 1204244 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2796-1
Released:    Fri Aug 12 14:34:31 2022
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  
This update for jitterentropy fixes the following issues:

jitterentropy is included in version 3.4.0 (jsc#SLE-24941):

This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, 
used by other FIPS libraries.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3328-1
Released:    Wed Sep 21 12:48:56 2022
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  1202870
This update for jitterentropy fixes the following issues:

- Hide the non-GNUC constructs that are library internal from the 
  exported header, to make it usable in builds with strict C99
  compliance. (bsc#1202870)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3663-1
Released:    Wed Oct 19 19:05:21 2022
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069
This update for openssl-1_1 fixes the following issues:

- FIPS: Default to RFC-7919 groups for genparam and dhparam
- FIPS: list only FIPS approved digest and public key algorithms
  [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472]
- FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069]
- FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293]
  * The FIPS_drbg implementation is not FIPS validated anymore. To
    provide backwards compatibility for applications that need FIPS
    compliant RNG number generation and use FIPS_drbg_generate,
    this function was re-wired to call the FIPS validated DRBG
    instance instead through the RAND_bytes() call.
- FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046]
- FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941]
  libcrypto.so now requires libjitterentropy3 library.
- FIPS: OpenSSL Provide a service-level indicator [bsc#1190651]
- FIPS: Add zeroization of temporary variables to the hmac integrity
  function FIPSCHECK_verify(). [bsc#1190653]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3670-1
Released:    Thu Oct 20 10:44:13 2022
Summary:     Recommended update for zchunk
Type:        recommended
Severity:    moderate
References:  1204244
This update for zchunk fixes the following issues:

- Make sure to ship libzck1 to Micro 5.3 (bsc#1204244)

The following package changes have been done:

- libjitterentropy3-3.4.0-150000.1.6.1 added
- libopenssl1_1-hmac-1.1.1l-150400.7.10.5 updated
- libopenssl1_1-1.1.1l-150400.7.10.5 updated
- libzck1-1.1.16-150400.3.2.1 updated
- openssl-1_1-1.1.1l-150400.7.10.5 updated