SUSE Container Update Advisory: ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1292-1 Container Tags : suse/sle-micro-rancher/5.2:latest Container Release : 7.5.316 Severity : important Type : security References : 1216594 1216598 1220061 1220996 1221194 1221358 1221399 1221665 1221667 CVE-2023-38469 CVE-2023-38471 CVE-2023-45918 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1118-1 Released: Fri Apr 5 06:33:40 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1216594,1216598,CVE-2023-38469,CVE-2023-38471 This update for avahi fixes the following issues: - CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594). - CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1120-1 Released: Fri Apr 5 14:03:46 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1126-1 Released: Mon Apr 8 07:06:47 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1220996,1221194,1221358 This update for wicked fixes the following issues: - Fix fallback-lease drop in addrconf (bsc#1220996) - Use upstream `nvme nbft show` (bsc#1221358) - Hide secrets in debug log (bsc#1221194) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - avahi-0.7-150100.3.32.1 updated - curl-7.66.0-150200.4.69.1 updated - libavahi-common3-0.7-150100.3.32.1 updated - libavahi-core7-0.7-150100.3.32.1 updated - libcurl4-7.66.0-150200.4.69.1 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - wicked-service-0.6.74-150300.4.21.1 updated - wicked-0.6.74-150300.4.21.1 updated