SUSE Container Update Advisory: ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3172-1 Container Tags : suse/sle-micro-rancher/5.2:latest Container Release : 7.5.378 Severity : important Type : security References : 1219559 1220664 1221563 1221854 1222075 1226447 1226448 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-4032 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2483-1 Released: Mon Jul 15 14:17:58 2024 Summary: Optional update for openscap Type: optional Severity: moderate References: This update for openscap provides the SCAP tooling for SLE Micro 5.1 and 5.2. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libxmlsec1-1-1.2.28-150100.7.15.1 updated - libxmlsec1-openssl1-1.2.28-150100.7.15.1 updated - python3-base-3.6.15-150300.10.65.1 updated