SUSE Container Update Advisory: ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2080-1 Container Tags : suse/sle-micro-rancher/5.2:latest Container Release : 6.2.113 Severity : moderate Type : security References : 1197178 1198731 1198925 1200842 1202593 CVE-2022-35252 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2982-1 Released: Thu Sep 1 12:33:47 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731,1200842 This update for util-linux fixes the following issues: - su: Change owner and mode for pty (bsc#1200842) - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) - mesg: use only stat() to get the current terminal status (bsc#1200842) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate References: 1198925 This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3004-1 Released: Fri Sep 2 15:02:14 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3019-1 Released: Mon Sep 5 11:00:23 2022 Summary: Recommended update for lshw Type: recommended Severity: moderate References: This update for lshw fixes the following issues: - Update to version B.02.19.2+git.20220628 * make version check optional - Update to version B.02.19.2+git.20220310: * Set product name for all netdevs sharing the same PCI number - Update to version B.02.19.2+git.20211222: * Add Spanish translation * Fix mistakes in Catalan translation - Update to version B.02.19.2+git.20211102: * Read and parse network transceiver module eeprom * use max (9) Gzip compression * Add Catalan translation * Update POT file * Add more network speeds - Update to version B.02.19.2+git.20211013: * support for new ethtool capabilities * code clean-up * allow pkg-config override * Translate all words of a phrase together The following package changes have been done: - curl-7.66.0-150200.4.39.1 updated - libblkid1-2.36.2-150300.4.23.1 updated - libcurl4-7.66.0-150200.4.39.1 updated - libfdisk1-2.36.2-150300.4.23.1 updated - libmount1-2.36.2-150300.4.23.1 updated - libsmartcols1-2.36.2-150300.4.23.1 updated - libusb-1_0-0-1.0.21-150000.3.5.1 updated - libuuid1-2.36.2-150300.4.23.1 updated - lshw-B.02.19.2+git.20220628-150200.3.12.1 updated - util-linux-systemd-2.36.2-150300.4.23.1 updated - util-linux-2.36.2-150300.4.23.1 updated