SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1080-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.63 , suse/sle-micro/base-5.5:latest Image Release : 5.8.63 Severity : important Type : security References : 1159034 1194818 1194818 1220356 1222285 1226463 1227138 1227525 1228322 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libuuid1-2.37.4-150500.9.14.2 updated - libsmartcols1-2.37.4-150500.9.14.2 updated - libblkid1-2.37.4-150500.9.14.2 updated - libfdisk1-2.37.4-150500.9.14.2 updated - libassuan0-2.5.5-150000.4.7.1 updated - login_defs-4.8.1-150400.10.21.1 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.34.1 updated - libmount1-2.37.4-150500.9.14.2 updated - patterns-base-fips-20200124-150400.20.10.1 updated - pam-1.3.0-150000.6.71.2 updated - shadow-4.8.1-150400.10.21.1 updated - util-linux-2.37.4-150500.9.14.2 updated - openssl-1_1-1.1.1l-150500.17.34.1 updated - ca-certificates-mozilla-2.68-150200.33.1 updated