SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:707-1
Image Tags        : suse/sl-micro/6.0/rt-os-container:2.1.1 , suse/sl-micro/6.0/rt-os-container:2.1.1-4.1 , suse/sl-micro/6.0/rt-os-container:latest
Image Release     : 4.1
Severity          : important
Type              : security
References        : 1221289 1221665 1221666 1221667 1221668 1227888 1228535 1229930
                        1229931 1229932 CVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466
                        CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-6197
                        CVE-2024-7264 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 9
Released:    Fri Aug  9 10:33:34 2024
Summary:     Recommended update for bash, libcap-ng, libselinux, libselinux-bindings, libsemanage, zypper
Type:        recommended
Severity:    low
References:  
This update fixes the following issues:

- No change rebuild due to dependency changes.

-----------------------------------------------------------------
Advisory ID: 16
Released:    Wed Aug 14 16:04:13 2024
Summary:     Recommended update for elemental-system-agent, elemental, systemd-presets-branding-Elemental, elemental-toolkit, elemental-agent, elemental-operator
Type:        recommended
Severity:    moderate
References:  
This update for elemental-system-agent, elemental, systemd-presets-branding-Elemental, elemental-toolkit, elemental-agent, elemental-operator fixes the following issues:

elemental:
  - Update to version v2.1.2
    * Fix grub2-x86_64-efi installation
    * Removing syslinux from base image
    * Workaround to remove any pre-existing Elemental initrd

elemental-agent:
  - Update to version 0.5.0+git20240729.4482c01:
    * Fix rke2 cluster class (#80)
    * Fix rootfs layout (#76)
    * Exclude cloud-config-defaults feature (#75)
    * Use toolkit nightly builds (#74)
    * Align images to Elemental dev (#73)
    * Only use essential elemental services (#71)
    * Actualyze elemental init arguments and improve iso build setup (#70)
    * Fix missing mtools dependency (#68)
    * Unify root password
    * Prevent associating multiple ElementalHosts (#65)
    * Remove CodeQL github action workaround (#66)
    * upgrade elemental-toolkit to 2.1.0 version (#61)
    * tests: align Ginkgo version in the Makefile (#63)
    * Dockerfiles: ensure /usr/libexec is present on the image FS (#64)
    * minor/setup_kind_cluster.sh: print the command to write the my-config.yaml (#62)
    * Fix RKE2 ClusterClass and RKE2 default registration method (#60)
    * Remove unused Codecov config (#59)
    * Actualize RKE2 templates (#58)
    * Remove CodeCov action (#57)
    * Update codeql action (#56)
    * Display host phases (#51)
    * Bump CAPI version (#54)
    * Print test agent config by default (#55)
    * Deprecate release-action (#53)
    * Display association status (#49)
    * Add registration ready condition (#50)
    * Prevent kubelet and containerd from running in Recovery (#43)
    * Mitigate time sync issues on JWT validation (#41)
    * Improve kubeadm image (#39)
  - Update to version 0.5.0+git20240319.13ad570:
    * Update dependencies and fix CodeQL failure (#36)
    * Update to go 1.22 (#32)
    * Update k3s provider urls (#34)
    * Remove tumbleweed dracut patches (#33)
    * Refer to CONTROL_PLANE_ENDPOINT_HOST
    * Update metadata.yaml
    * Update quickstart (#30)
    * Remove uninitialized taint from nodes (#29)
    * Set providerid on nodes (#22)
    * Bump yip to v1.4.10
  - Initial version 0.5.0

elemental-operator:
  - Update to version 1.6.4:
    * register: always register when called (#816)

  - Update to version 1.6.3:
    * Backport to v1.6.x (#796)
    * Enable PR workflow for v1.6 maintenance branch
    * Add toggle to automatically delete no longer in sync versions (#780) (#783)
    * [v1.6.x] Add managedosversion finalizer (#775 & #784)  (#782)
    * Ensure re-sync is triggered
    * [v1.6.x][BACKPORT] operator: fix ManagedOSVersionChannel sync  (#771)
    * Use YAML content for Elemental Agent config (#765) (#770)
    * Allow yip configs (#751) (#762)
    * Update deployment.yaml (#757) (#761)
    * Flag no longer in sync ManagedOSVersions (#750) (#752)
    * Let elemental-register digest system hardware data (#748) (#749)
    * register: don't send new Disks and Controllers data (#741)
    * Added the ability to create a node reset marker for unmanaged hosts (#731) (#737)

  - Update to version 1.6.2:
    * chart: add chart name and version to the operator deployment (#694)
    * Add Metadata CRD (#717)

elemental-system-agent:
  - Update to version 0.3.7:
    * Add support for CATTLE_AGENT_VAR_DIR in suc plan
    * add the step for creating GH release, and fix typo in filename
    * Migrate from Drone to GitHub Action
    * Version bump for Alpine and Kubectl
    * Add support for CATTLE_AGENT_STRICT_VERIFY|STRICT_VERIFY environment variables to ensure kubeconfig CA data is valid (#171)

elemental-toolkit:
  - Update to version 2.1.1:
    * [backport] Disable boot entry if efivars is read-only (#2059) (#2145)
    * [backport] CI refactor to v2.1.x branch (#2146)
    * Remove pre-existing Elemental initrds

systemd-presets-branding-Elemental:
  - Include elemental-register.timer as service enabled by default


-----------------------------------------------------------------
Advisory ID: 30
Released:    Wed Sep  4 16:07:40 2024
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1221665,1221666,1221667,1221668,1227888,1228535,CVE-2024-2004,CVE-2024-2379,CVE-2024-2398,CVE-2024-2466,CVE-2024-6197,CVE-2024-7264
This update for curl fixes the following issues:

Security issues fixed:

- CVE-2024-7264: ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Freeing stack buffer in utf8asn1str (bsc#1227888)
- CVE-2024-2379: QUIC certificate check bypass with wolfSSL (bsc#1221666)
- CVE-2024-2466: TLS certificate check bypass with mbedTLS (bsc#1221668)
- CVE-2024-2004: Usage of disabled protocol (bsc#1221665)
- CVE-2024-2398: HTTP/2 push headers memory-leak (bsc#1221667)

Non-security issue fixed:

- Fixed various TLS related issues including FTP over SSL transmission timeouts.

-----------------------------------------------------------------
Advisory ID: 44
Released:    Wed Sep 11 13:33:01 2024
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1221289,1229930,1229931,1229932,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492
This update for expat fixes the following issues:

- CVE-2024-45492: detect integer overflow in function nextScaffoldPart (bsc#1229932) 
- CVE-2024-45491: detect integer overflow in dtdCopy (bsc#1229931)
- CVE-2024-45490: reject negative len for XML_ParseBuffer (bsc#1229930)
- CVE-2024-28757: XML Entity Expansion attack when there is isolated use of external parsers (bsc#1221289) 


The following package changes have been done:

- system-user-root-20190513-2.208 added
- filesystem-84.87-5.2 added
- crypto-policies-20230920.570ea89-1.50 added
- file-magic-5.44-4.151 added
- glibc-2.38-6.4 added
- kbd-legacy-2.6.4-1.3 added
- libsemanage-conf-3.5-3.1 added
- pkgconf-m4-1.8.0-2.205 added
- libzstd1-1.5.5-8.142 added
- libz1-1.2.13-6.138 added
- libuuid1-2.39.3-2.7 added
- libunistring5-1.1-2.8 added
- libsmartcols1-2.39.3-2.7 added
- libsepol2-3.5-2.196 added
- libseccomp2-2.5.4-2.199 added
- libpopt0-1.19-2.184 added
- libpkgconf3-1.8.0-2.205 added
- libpcre2-8-0-10.42-2.179 added
- libnss_usrfiles2-2.27-2.185 added
- liblzma5-5.4.3-4.166 added
- liblz4-1-1.9.4-2.8 added
- liblua5_4-5-5.4.6-1.68 added
- libjson-c5-0.16-2.9 added
- libip4tc2-1.8.9-2.9 added
- libgpg-error0-1.47-4.136 added
- libgmp10-6.3.0-1.119 added
- libgcc_s1-13.2.1+git8285-1.15 added
- libffi8-3.4.4-2.182 added
- libexpat1-2.5.0-2.188 added
- libeconf0-0.6.1-1.13 added
- libcrypt1-4.4.36-1.134 added
- libcap2-2.69-2.83 added
- libcap-ng0-0.8.3-4.1 added
- libbz2-1-1.0.8-2.191 added
- libbrotlicommon1-1.1.0-1.6 added
- libblkid1-2.39.3-2.7 added
- libaudit1-3.0.9-3.143 added
- libattr1-2.5.1-2.193 added
- libargon2-1-20190702-2.7 added
- libalternatives1-1.2+30.a5431e9-2.12 added
- libacl1-2.3.1-2.187 added
- fillup-1.42-2.7 added
- diffutils-3.10-2.101 added
- pigz-2.8-1.8 added
- libopenssl3-3.1.4-5.6 added
- libelf1-0.189-4.143 added
- libidn2-0-2.3.4-2.6 added
- pkgconf-1.8.0-2.205 added
- libselinux1-3.5-3.1 added
- netcfg-11.6-4.42 added
- libxml2-2-2.11.6-2.1 added
- libgcrypt20-1.10.3-1.37 added
- libmpfr6-4.2.1-1.117 added
- libstdc++6-13.2.1+git8285-1.15 added
- libp11-kit0-0.25.3-1.6 added
- perl-base-5.38.2-1.52 added
- libudev1-254.9-1.9 added
- chkstat-1600_20240206-1.8 added
- libmagic1-5.44-4.151 added
- libbrotlidec1-1.1.0-1.6 added
- libfdisk1-2.39.3-2.7 added
- alts-1.2+30.a5431e9-2.12 added
- libkmod2-30-10.56 added
- libdw1-0.189-4.143 added
- sed-4.9-2.9 added
- libsubid4-4.15.1-1.1 added
- libsemanage2-3.5-3.1 added
- libmount1-2.39.3-2.7 added
- findutils-4.9.0-2.181 added
- libsystemd0-254.9-1.9 added
- libncurses6-6.4.20240224-10.2 added
- terminfo-base-6.4.20240224-10.2 added
- file-5.44-4.151 added
- libasm1-0.189-4.143 added
- ncurses-utils-6.4.20240224-10.2 added
- libreadline8-8.2-2.180 added
- bash-5.2.15-3.1 added
- bash-sh-5.2.15-3.1 added
- zstd-1.5.5-8.142 added
- xz-5.4.3-4.166 added
- systemd-default-settings-branding-openSUSE-0.7-2.4 added
- systemd-default-settings-0.7-2.4 added
- pkgconf-pkg-config-1.8.0-2.205 added
- login_defs-4.15.1-1.1 added
- libdevmapper1_03-2.03.22_1.02.196-1.8 added
- gzip-1.13-1.50 added
- grep-3.11-4.8 added
- gawk-5.3.0-1.53 added
- elfutils-0.189-4.143 added
- cpio-2.15-1.3 added
- coreutils-9.4-4.8 added
- libcryptsetup12-2.6.1-4.13 added
- systemd-rpm-macros-24-1.205 added
- systemd-presets-common-SUSE-15-5.1 added
- rpm-config-SUSE-20240214-1.1 added
- rpm-4.18.0-6.133 added
- permissions-config-1600_20240206-1.8 added
- perl-Bootloader-1.6-2.7 added
- systemd-presets-branding-Elemental-20240109-2.1 added
- permissions-1600_20240206-1.8 added
- pam-1.6.0-2.22 added
- util-linux-2.39.3-2.7 added
- shadow-4.15.1-1.1 added
- pam-config-2.11-1.1 added
- kbd-2.6.4-1.3 added
- SL-Micro-release-6.0-24.5 added
- aaa_base-84.87+git20230815.cab7b44-1.8 added
- dbus-1-daemon-1.14.10-1.11 added
- dbus-1-tools-1.14.10-1.11 added
- systemd-254.9-1.9 added
- sysuser-shadow-3.1-2.197 added
- dbus-1-common-1.14.10-1.11 added
- libdbus-1-3-1.14.10-1.11 added
- dbus-1-1.14.10-1.11 added
- util-linux-systemd-2.39.3-2.7 added
- system-group-kvm-20170617-2.197 added
- system-group-hardware-20170617-2.197 added
- suse-module-tools-16.0.43-1.1 added
- kmod-30-10.56 added
- udev-254.9-1.9 added
- dracut-059+suse.557.g8a62bf73-1.8 added
- suse-module-tools-scriptlets-16.0.43-1.1 added
- libaio1-0.3.113-2.5 added
- libcom_err2-1.47.0-2.3 added
- libdevmapper-event1_03-2.03.22_1.02.196-1.8 added
- libfreebl3-3.90.2-1.5 added
- libglib-2_0-0-2.76.2-4.12 added
- libkeyutils1-1.6.3-2.8 added
- liblzo2-2-2.10-2.8 added
- libndp0-1.8-2.7 added
- libnghttp2-14-1.52.0-4.12 added
- libnl-config-3.7.0-2.8 added
- libpsl5-0.21.2-2.5 added
- libsasl2-3-2.1.28-5.7 added
- libsqlite3-0-3.44.2-1.2 added
- libssh-config-0.10.6-1.12 added
- libverto1-0.3.2-12.5 added
- logrotate-3.21.0-2.12 added
- mozilla-nspr-4.35-3.11 added
- thin-provisioning-tools-0.9.0-2.10 added
- shared-mime-info-2.2-2.8 added
- libgobject-2_0-0-2.76.2-4.12 added
- libgmodule-2_0-0-2.76.2-4.12 added
- libnl3-200-3.7.0-2.8 added
- libldap2-2.6.4-4.12 added
- krb5-1.20.1-4.11 added
- mozilla-nss-certs-3.90.2-1.5 added
- device-mapper-2.03.22_1.02.196-1.8 added
- gio-branding-SLE-15-1.5 added
- libgio-2_0-0-2.76.2-4.12 added
- glib2-tools-2.76.2-4.12 added
- wpa_supplicant-2.10-4.18 added
- libssh4-0.10.6-1.12 added
- mozilla-nss-3.90.2-1.5 added
- libsoftokn3-3.90.2-1.5 added
- libcurl4-8.6.0-1.2 added
- libnm0-1.42.6-5.14 added
- NetworkManager-branding-SLE-42.1-1.5 added
- NetworkManager-1.42.6-5.14 added
- btrfsprogs-udev-rules-6.1.3-6.19 added
- libext2fs2-1.47.0-2.3 added
- btrfsprogs-6.1.3-6.19 added
- liblvm2cmd2_03-2.03.22-1.8 added
- lvm2-2.03.22-1.8 added
- boost-license1_84_0-1.84.0-1.4 added
- dosfstools-4.2-2.9 added
- e2fsprogs-1.47.0-2.3 added
- elemental-register-1.6.1-1.1 added
- elemental-support-1.6.1-1.1 added
- elemental-system-agent-0.3.6-1.1 added
- elemental-updater-2.1.1-1.1 added
- glibc-locale-base-2.38-6.4 added
- gptfdisk-1.0.9-3.5 added
- libbtrfs0-6.1.3-6.19 added
- libbtrfsutil1-6.1.3-6.19 added
- libburn4-1.5.4-1.9 added
- libedit0-20210910.3.1-9.169 added
- libinih0-56-2.9 added
- libjte2-1.22-1.8 added
- libparted-fs-resize0-3.5-2.11 added
- libparted2-3.5-2.11 added
- liburcu8-0.14.0-2.8 added
- libxxhash0-0.8.1-2.194 added
- libzio1-1.08-2.192 added
- libboost_thread1_84_0-1.84.0-1.4 added
- mtools-4.0.43-4.9 added
- libisofs6-1.5.4-1.9 added
- parted-3.5-2.11 added
- xfsprogs-6.5.0-1.9 added
- rsync-3.2.7-3.8 added
- info-7.0.3-4.1 added
- libsnapper7-0.10.5-2.10 added
- libisoburn1-1.5.4-1.9 added
- snapper-0.10.5-2.10 added
- xorriso-1.5.4-1.9 added
- elemental-toolkit-2.1.0-1.1 added
- elemental-2.1.1-1.1 added
- compat-usrmerge-tools-84.87-2.195 added
- kernel-rt-6.4.0-8.1 added
- container:SL-Micro-container-2.1.1-3.29 added