SUSE-CU-2023:1339-1: Security update of suse/sle-micro/5.1/toolbox
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Fri Apr 28 07:34:03 UTC 2023
SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:1339-1
Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.380 , suse/sle-micro/5.1/toolbox:latest
Container Release : 2.2.380
Severity : important
Type : security
References : 1065270 1199132 1204585 1210411 1210412 CVE-2021-3541 CVE-2022-29824
CVE-2023-28484 CVE-2023-29469
-----------------------------------------------------------------
The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2048-1
Released: Wed Apr 26 21:05:45 2023
Summary: Security update for libxml2
Type: security
Severity: important
References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469
This update for libxml2 fixes the following issues:
- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).
- CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132).
The following non-security bugs were fixed:
- Added W3C conformance tests to the testsuite (bsc#1204585).
- Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) .
The following package changes have been done:
- libxml2-2-2.9.7-150000.3.57.1 updated
- container:sles15-image-15.0.0-17.20.128 updated
More information about the sle-updates
mailing list