SUSE-IU-2023:611-1: Security update of suse-sles-15-sp5-chost-byos-v20230915-hvm-ssd-x86_64

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon Sep 18 07:01:55 UTC 2023


SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20230915-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2023:611-1
Image Tags        : suse-sles-15-sp5-chost-byos-v20230915-hvm-ssd-x86_64:20230915
Image Release     : 
Severity          : critical
Type              : security
References        : 1027519 1158763 1182142 1186606 1193412 1194609 1195391 1201519
                        1204844 1205161 1207778 1208194 1208574 1209741 1209998 1210070
                        1210419 1210702 1210740 1210797 1210996 1211256 1211257 1211461
                        1211576 1211757 1212368 1212434 1212684 1213120 1213185 1213212
                        1213229 1213231 1213240 1213500 1213557 1213575 1213582 1213607
                        1213616 1213673 1213826 1213873 1213940 1213951 1214006 1214025
                        1214071 1214081 1214082 1214083 1214107 1214108 1214109 1214140
                        1214248 1214290 CVE-2021-30560 CVE-2022-40982 CVE-2023-2004 CVE-2023-20569
                        CVE-2023-20593 CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 CVE-2023-26112
                        CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 CVE-2023-4016 CVE-2023-4156
-----------------------------------------------------------------

The container suse-sles-15-sp5-chost-byos-v20230915-hvm-ssd-x86_64 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2548-1
Released:    Tue Jul 26 13:48:28 2022
Summary:     Critical update for python-cssselect
Type:        recommended
Severity:    critical
References:  
This update for python-cssselect implements packages to the unrestrictied repository.
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:557-1
Released:    Tue Feb 28 09:29:15 2023
Summary:     Security update for libxslt
Type:        security
Severity:    important
References:  1208574,CVE-2021-30560
This update for libxslt fixes the following issues:

- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2023:2898-1
Released:    Thu Jul 20 09:15:33 2023
Summary:     Recommended update for python-instance-billing-flavor-check
Type:        feature
Severity:    critical
References:  
This update for python-instance-billing-flavor-check fixes the following issues:


- Include PAYG checker package in SLE (jsc#PED-4791) 
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3369-1
Released:    Tue Aug 22 11:12:02 2023
Summary:     Security update for python-configobj
Type:        security
Severity:    low
References:  1210070,CVE-2023-26112
This update for python-configobj fixes the following issues:
  
- CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3371-1
Released:    Tue Aug 22 13:30:18 2023
Summary:     Recommended update for liblognorm
Type:        recommended
Severity:    moderate
References:  
This update for liblognorm fixes the following issues:

- Update to liblognorm v2.0.6 (jsc#PED-4883)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3372-1
Released:    Tue Aug 22 13:44:38 2023
Summary:     Recommended update for rsyslog
Type:        recommended
Severity:    moderate
References:  1211757,1213212
This update for rsyslog fixes the following issues:

- Fix removal of imfile state files (bsc#1213212)
- Fix segfaults in modExit() of imklog.c (bsc#1211757)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3393-1
Released:    Wed Aug 23 17:41:55 2023
Summary:     Recommended update for dracut
Type:        recommended
Severity:    important
References:  1214081
This update for dracut fixes the following issues:

- Protect against broken links pointing to themselves
- Exit if resolving executable dependencies fails (bsc#1214081)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3410-1
Released:    Thu Aug 24 06:56:32 2023
Summary:     Recommended update for audit
Type:        recommended
Severity:    moderate
References:  1201519,1204844
This update for audit fixes the following issues:

- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
- Fix rules not loaded when restarting auditd.service (bsc#1204844)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3440-1
Released:    Mon Aug 28 08:57:10 2023
Summary:     Security update for gawk
Type:        security
Severity:    low
References:  1214025,CVE-2023-4156
This update for gawk fixes the following issues:

- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3447-1
Released:    Mon Aug 28 10:57:05 2023
Summary:     Security update for xen
Type:        security
Severity:    moderate
References:  1027519,1212684,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593
This update for xen fixes the following issues:

- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434)
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435)
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3451-1
Released:    Mon Aug 28 12:15:22 2023
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873
This update for systemd fixes the following issues:

- Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575)
- Decrease devlink priority for iso disks (bsc#1213185)
- Do not ignore mount point paths longer than 255 characters (bsc#1208194)
- Refuse hibernation if there's no possible way to resume (bsc#1186606)
- Update 'korean' and 'arabic' keyboard layouts (bsc#1210702)
- Drop some entries no longer needed by YaST (bsc#1194609)
- The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741)
- Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3452-1
Released:    Mon Aug 28 12:41:11 2023
Summary:     Recommended update for supportutils-plugin-suse-public-cloud
Type:        recommended
Severity:    moderate
References:  1213951
This update for supportutils-plugin-suse-public-cloud fixes the following issues:

- Update from version 1.0.7 to 1.0.8 (bsc#1213951)
  - Capture CSP billing adapter config and log
  - Accept upper case Amazon string in DMI table

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3454-1
Released:    Mon Aug 28 13:43:18 2023
Summary:     Security update for ca-certificates-mozilla
Type:        security
Severity:    important
References:  1214248
This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
  Added:
  - Atos TrustedRoot Root CA ECC G2 2020
  - Atos TrustedRoot Root CA ECC TLS 2021
  - Atos TrustedRoot Root CA RSA G2 2020
  - Atos TrustedRoot Root CA RSA TLS 2021
  - BJCA Global Root CA1
  - BJCA Global Root CA2
  - LAWtrust Root CA2 (4096)
  - Sectigo Public Email Protection Root E46
  - Sectigo Public Email Protection Root R46
  - Sectigo Public Server Authentication Root E46
  - Sectigo Public Server Authentication Root R46
  - SSL.com Client ECC Root CA 2022
  - SSL.com Client RSA Root CA 2022
  - SSL.com TLS ECC Root CA 2022
  - SSL.com TLS RSA Root CA 2022
  Removed CAs:
  - Chambers of Commerce Root
  - E-Tugra Certification Authority
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  - Hongkong Post Root CA 1

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3461-1
Released:    Mon Aug 28 17:25:09 2023
Summary:     Security update for freetype2
Type:        security
Severity:    moderate
References:  1210419,CVE-2023-2004
This update for freetype2 fixes the following issues:

- CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3465-1
Released:    Tue Aug 29 07:30:00 2023
Summary:     Recommended update for samba
Type:        recommended
Severity:    moderate
References:  1213607,1213826,1213940
This update for samba fixes the following issues:

- Fix DFS not working with widelinks enabled; (bsc#1213607)
- Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940)
- net ads lookup with unspecified realm fails (bsc#1213826)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3468-1
Released:    Tue Aug 29 09:22:18 2023
Summary:     Recommended update for python3
Type:        recommended
Severity:    low
References:  
This update for python3 fixes the following issue:

- Rename sources in preparation of python3.11 (jsc#PED-68)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3470-1
Released:    Tue Aug 29 10:49:33 2023
Summary:     Recommended update for parted
Type:        recommended
Severity:    low
References:  1182142,1193412
This update for parted fixes the following issues:

- fix null pointer dereference (bsc#1193412)
- update mkpart options in manpage (bsc#1182142)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3472-1
Released:    Tue Aug 29 10:55:16 2023
Summary:     Security update for procps
Type:        security
Severity:    low
References:  1214290,CVE-2023-4016
This update for procps fixes the following issues:

  - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3485-1
Released:    Tue Aug 29 14:20:56 2023
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1214071
This update for lvm2 fixes the following issues:

- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3497-1
Released:    Wed Aug 30 21:25:05 2023
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1210996,1211256,1211257,1211461,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610
This update for vim fixes the following issues:

Updated to version 9.0 with patch level 1572.

- CVE-2023-2426: Fixed Out-of-range Pointer Offset use (bsc#1210996).
- CVE-2023-2609: Fixed NULL Pointer Dereference (bsc#1211256).
- CVE-2023-2610: Fixed nteger Overflow or Wraparound (bsc#1211257).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3514-1
Released:    Fri Sep  1 15:48:52 2023
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1158763,1210740,1213231,1213557,1213673
This update for libzypp, zypper fixes the following issues:

- Fix occasional isue with downloading very small files (bsc#1213673)
- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763)
- Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740)
- Revised explanation of --force-resolution in man page (bsc#1213557)
- Print summary hint if policies were violated due to --force-resolution (bsc#1213557)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3521-1
Released:    Tue Sep  5 08:56:45 2023
Summary:     Recommended update for python-iniconfig
Type:        recommended
Severity:    moderate
References:  1213582

This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3536-1
Released:    Tue Sep  5 15:00:27 2023
Summary:     Security update for docker
Type:        security
Severity:    moderate
References:  1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842
This update for docker fixes the following issues:

- Update to Docker 24.0.5-ce.

  See upstream changelong online at
  <https://docs.docker.com/engine/release-notes/24.0/#2405> bsc#1213229 

- Update to Docker 24.0.4-ce.

  See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500

- Update to Docker 24.0.3-ce.

  See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120

- Recommend docker-rootless-extras instead of Require(ing) it, given
  it's an additional functionality and not inherently required for
  docker to function.

- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless)

- Update to Docker 24.0.2-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368

  * Includes the upstreamed fix for the mount table pollution issue.
    bsc#1210797

- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
  being provided by this package.

- was rebuilt against current GO compiler.


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3543-1
Released:    Wed Sep  6 08:27:22 2023
Summary:     Recommended update for protobuf-c
Type:        recommended
Severity:    moderate
References:  1214006
This update for protobuf-c fixes the following issues:

- Add missing Provides/Obsoletes after package merge (bsc#1214006)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3577-1
Released:    Mon Sep 11 15:04:01 2023
Summary:     Recommended update for crypto-policies
Type:        recommended
Severity:    low
References:  1209998
This update for crypto-policies fixes the following issues:

- Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3611-1
Released:    Fri Sep 15 09:28:36 2023
Summary:     Recommended update for sysuser-tools
Type:        recommended
Severity:    moderate
References:  1195391,1205161,1207778,1213240,1214140
This update for sysuser-tools fixes the following issues:

- Update to version 3.2
- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
- Add 'quilt setup' friendly hint to %sysusers_requires usage
- Use append so if a pre file already exists it isn't overridden
- Invoke bash for bash scripts (bsc#1195391) 
- Remove all systemd requires not supported on SLE15 (bsc#1214140)


The following package changes have been done:

- audit-3.0.6-150400.4.13.1 updated
- ca-certificates-mozilla-2.62-150200.30.1 updated
- crypto-policies-20210917.c9d86d1-150400.3.3.1 updated
- docker-24.0.5_ce-150000.185.1 updated
- dracut-055+suse.369.gde6c81bf-150500.3.9.1 updated
- gawk-4.2.1-150000.3.3.1 updated
- libaudit1-3.0.6-150400.4.13.1 updated
- libauparse0-3.0.6-150400.4.13.1 updated
- libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 updated
- libfreetype6-2.10.4-150000.4.15.1 updated
- liblognorm5-2.0.6-150000.3.3.1 updated
- libparted0-3.2-150300.21.3.1 updated
- libprocps7-3.3.15-150000.7.34.1 updated
- libprotobuf-c1-1.3.2-150200.3.9.1 updated
- libsystemd0-249.16-150400.8.33.1 updated
- libudev1-249.16-150400.8.33.1 updated
- libxslt1-1.1.34-150400.3.3.1 added
- libzypp-17.31.20-150400.3.40.1 updated
- parted-3.2-150300.21.3.1 updated
- procps-3.3.15-150000.7.34.1 updated
- python-instance-billing-flavor-check-0.0.2-150000.1.3.1 added
- python3-configobj-5.0.6-150000.3.3.1 updated
- python3-cssselect-1.0.3-150000.3.3.1 added
- python3-iniconfig-1.1.1-150000.1.11.1 updated
- python3-lxml-4.9.1-150500.1.2 added
- python3-more-itertools-8.10.0-150400.5.69 updated
- python3-ordered-set-4.0.2-150400.8.34 updated
- python3-pyOpenSSL-21.0.0-150400.7.62 updated
- rsyslog-module-relp-8.2306.0-150400.5.18.1 updated
- rsyslog-8.2306.0-150400.5.18.1 updated
- samba-client-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 updated
- supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 updated
- system-group-audit-3.0.6-150400.4.13.1 updated
- systemd-sysvinit-249.16-150400.8.33.1 updated
- systemd-249.16-150400.8.33.1 updated
- sysuser-shadow-3.2-150400.3.5.3 updated
- udev-249.16-150400.8.33.1 updated
- vim-data-common-9.0.1632-150500.20.3.1 updated
- vim-9.0.1632-150500.20.3.1 updated
- xen-libs-4.17.2_02-150500.3.6.1 updated
- xen-tools-domU-4.17.2_02-150500.3.6.1 updated
- zypper-1.14.63-150400.3.29.1 updated
- samba-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 removed


More information about the sle-updates mailing list