SUSE Image Update Advisory: suse/sle-micro/5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2024:353-1
Image Tags        : suse/sle-micro/5.5:2.0.2 , suse/sle-micro/5.5:2.0.2-4.2.85 , suse/sle-micro/5.5:latest
Image Release     : 4.2.85
Severity          : important
Type              : security
References        : 1209282 1216474 1218871 1220763 1221123 1221622 1221941 1222831
                        1222992 CVE-2024-2961 
-----------------------------------------------------------------

The container suse/sle-micro/5.5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1342-1
Released:    Thu Apr 18 16:35:49 2024
Summary:     Recommended update for unixODBC, libtool and libssh2_org
Type:        recommended
Severity:    moderate
References:  1221622,1221941
This update for unixODBC, libtool and libssh2_org fixes the following issue:

- Ship 2 additional 32bit packages: unixODBC-32bit and libssh2-1-32bit for SLES (bsc#1221941).
- Fix an issue with Encrypt-then-MAC family. (bsc#1221622)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1366-1
Released:    Mon Apr 22 11:04:32 2024
Summary:     Recommended update for openssh
Type:        recommended
Severity:    moderate
References:  1216474,1218871,1221123,1222831
This update for openssh fixes the following issues:

- Fix hostbased ssh login failing occasionally with 'signature
  unverified: incorrect signature' by fixing a typo in patch (bsc#1221123)
- Avoid closing IBM Z crypto devices nodes. (bsc#1218871)
- Allow usage of IBM Z crypto adapter cards in seccomp filters (bsc#1216474)

- Change the default value of UpdateHostKeys to Yes (unless
  VerifyHostKeyDNS is enabled).

  This makes ssh update the known_hosts stored keys with all published
  versions by the server (after it's authenticated with an existing
  key), which will allow to identify the server with a different key if
  the existing key is considered insecure at some point in the future
  (bsc#1222831).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1375-1
Released:    Mon Apr 22 14:56:13 2024
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1222992,CVE-2024-2961
This update for glibc fixes the following issues:

- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1376-1
Released:    Mon Apr 22 16:13:38 2024
Summary:     Security update for polkit
Type:        security
Severity:    low
References:  1209282
This update for polkit fixes the following issues:

- Change permissions for rules folders (bsc#1209282)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1398-1
Released:    Tue Apr 23 13:58:22 2024
Summary:     Recommended update for systemd-default-settings
Type:        recommended
Severity:    moderate
References:  
This update for systemd-default-settings fixes the following issues:

- Disable pids controller limit under user instances (jsc#SLE-10123)
- Disable controllers by default (jsc#PED-2276)
- The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, 
  hence the early drop-ins SUSE specific 'feature' has been abandoned.
- User priority '26' for SLE-Micro
- Convert more drop-ins into early ones

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1458-1
Released:    Mon Apr 29 07:47:34 2024
Summary:     Recommended update for vim
Type:        recommended
Severity:    moderate
References:  1220763
This update for vim fixes the following issues:

- Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763)


The following package changes have been done:

- glibc-2.31-150300.74.1 updated
- systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated
- systemd-default-settings-0.10-150300.3.7.1 updated
- glibc-locale-base-2.31-150300.74.1 updated
- libltdl7-2.4.6-150000.3.6.2 updated
- openssh-common-8.4p1-150300.3.37.1 updated
- vim-data-common-9.1.0330-150500.20.12.1 updated
- libpolkit-gobject-1-0-121-150500.3.3.1 updated
- libpolkit-agent-1-0-121-150500.3.3.1 updated
- polkit-121-150500.3.3.1 updated
- vim-small-9.1.0330-150500.20.12.1 updated
- openssh-server-8.4p1-150300.3.37.1 updated
- openssh-clients-8.4p1-150300.3.37.1 updated
- openssh-8.4p1-150300.3.37.1 updated
- container:suse-sle-micro-base-5.5-latest-2.0.2-4.2.60 updated