SUSE Container Update Advisory: ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2606-1 Container Tags : suse/sle-micro-rancher/5.3:latest Container Release : 7.2.14 Severity : moderate Type : recommended References : 1121365 1180995 1190651 1190653 1190888 1193859 1198471 1198472 1201293 1202148 1202870 1203046 1203069 1204244 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3670-1 Released: Thu Oct 20 10:44:13 2022 Summary: Recommended update for zchunk Type: recommended Severity: moderate References: 1204244 This update for zchunk fixes the following issues: - Make sure to ship libzck1 to Micro 5.3 (bsc#1204244) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.6.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 updated - libzck1-1.1.16-150400.3.2.1 updated - openssl-1_1-1.1.1l-150400.7.10.5 updated