SUSE Container Update Advisory: ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2758-1 Container Tags : suse/sle-micro-rancher/5.3:latest Container Release : 7.2.22 Severity : critical Type : security References : 1087072 1192115 1194047 1198038 1201367 1203911 1204111 1204112 1204113 1204383 1204386 1204690 CVE-2021-46848 CVE-2022-0216 CVE-2022-32221 CVE-2022-35414 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42916 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3795-1 Released: Thu Oct 27 12:45:45 2022 Summary: Security update for qemu Type: security Severity: moderate References: 1192115,1198038,1201367,CVE-2022-0216,CVE-2022-35414 This update for qemu fixes the following issues: - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). The following package changes have been done: - curl-7.79.1-150400.5.9.1 updated - dbus-1-1.12.2-150400.18.5.1 updated - libcurl4-7.79.1-150400.5.9.1 updated - libdbus-1-3-1.12.2-150400.18.5.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - permissions-20201225-150400.5.16.1 updated - qemu-guest-agent-6.2.0-150400.37.8.2 updated