SUSE Container Update Advisory: ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1576-1 Container Tags : suse/sle-micro-rancher/5.2:latest Container Release : 6.2.78 Severity : important Type : security References : 1027942 1185637 1197084 1197158 1197718 1198035 1198037 1198511 1198712 1199018 1199140 1199166 1199232 1199924 1200334 1200550 1200735 1200737 1200855 1201099 CVE-2015-20107 CVE-2021-4206 CVE-2021-4207 CVE-2022-1292 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-26354 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2254-1 Released: Mon Jul 4 12:12:51 2022 Summary: Security update for qemu Type: security Severity: important References: 1197084,1198035,1198037,1198712,1199018,1199924,CVE-2021-4206,CVE-2021-4207,CVE-2022-26354 This update for qemu fixes the following issues: - CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak (bsc#1198712) - CVE-2021-4207: Fixed double fetch in qxl_cursor() can lead to heap buffer overflow (bsc#1198037) - CVE-2021-4206: Fixed integer overflow in cursor_alloc() can lead to heap buffer overflow (bsc#1198035) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2269-1 Released: Tue Jul 5 15:34:04 2022 Summary: Recommended update for virt-manager Type: recommended Severity: moderate References: 1027942 This update for virt-manager fixes the following issues: - Upstream bug fixes: (bsc#1027942) Volume upload use 1MiB read size. Console: fix error with old pygobject. Virtinst: fix message format string. Createnet: Remove some unnecessary annotations. Fix forgetting password from keyring. - Add support for detecting SUSE Linux Enterprise Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2364-1 Released: Tue Jul 12 13:55:20 2022 Summary: Recommended update for mdadm Type: recommended Severity: moderate References: 1197158 This update for mdadm fixes the following issue: - Resource RAID failed during cluster patch, Mdadm gets floating point error (bsc#1197158) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). The following package changes have been done: - curl-7.66.0-150200.4.36.1 updated - glibc-locale-base-2.31-150300.31.2 updated - glibc-2.31-150300.31.2 updated - kernel-default-5.3.18-150300.59.81.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libcurl4-7.66.0-150200.4.36.1 updated - libopeniscsiusr0_2_0-2.1.7-150300.32.18.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - mdadm-4.1-150300.24.15.1 updated - open-iscsi-2.1.7-150300.32.18.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated - python3-base-3.6.15-150300.10.27.1 updated - qemu-guest-agent-5.2.0-150300.115.2 updated