SUSE Container Update Advisory: ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2765-1 Container Tags : suse/sle-micro-rancher/5.2:latest Container Release : 7.5.190 Severity : important Type : security References : 1188609 1190011 1207205 1210419 1212850 1213414 1213925 1214025 1214248 CVE-2021-3638 CVE-2021-3750 CVE-2023-0330 CVE-2023-2004 CVE-2023-3180 CVE-2023-3301 CVE-2023-3354 CVE-2023-4156 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3444-1 Released: Mon Aug 28 10:40:39 2023 Summary: Security update for qemu Type: security Severity: important References: 1188609,1190011,1207205,1212850,1213414,1213925,CVE-2021-3638,CVE-2021-3750,CVE-2023-0330,CVE-2023-3180,CVE-2023-3301,CVE-2023-3354 This update for qemu fixes the following issues: - CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. (bsc#1207205) - CVE-2023-3354: Fixed a remote unauthenticated DoS due to an improper I/O watch removal in VNC TLS handshake. (bsc#1212850) - CVE-2023-3180: Fixed a heap buffer overflow in virtio_crypto_sym_op_helper(). (bsc#1213925) - CVE-2021-3638: Fixed an out-of-bounds write due to an inconsistent check in ati_2d_blt(). (bsc#1188609) - CVE-2023-3301: Fixed a DoS due to an assertion failure. (bsc#1213414) - CVE-2021-3750: Fixed an use-after-free in DMA reentrancy issue. (bsc#1190011) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.62-150200.30.1 updated - gawk-4.2.1-150000.3.3.1 updated - libfreetype6-2.10.4-150000.4.15.1 updated - qemu-guest-agent-5.2.0-150300.127.3 updated