SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1438-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.149 , suse/sle-micro/5.5:latest Image Release : 5.5.149 Severity : moderate Type : security References : 1226413 1227216 1228216 1228661 1229028 1229476 1229930 1229931 1229932 1230092 1230516 CVE-2024-45310 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3222-1 Released: Thu Sep 12 13:20:47 2024 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3242-1 Released: Fri Sep 13 15:57:29 2024 Summary: Recommended update for strace Type: recommended Severity: moderate References: 1228216 This update for strace fixes the following issue: - Change the license to the correct LGPL-2.1-or-later (bsc#1228216). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3451-1 Released: Thu Sep 26 09:10:50 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3481-1 Released: Fri Sep 27 15:58:46 2024 Summary: Recommended update for mdadm Type: recommended Severity: moderate References: 1226413 This update for mdadm fixes the following issues: - mdadm: define DEV_MD_DIR (bsc#1226413). - mdadm: refactor ident-name handling (bsc#1226413). - mdadm: Follow POSIX Portable Character Set (bsc#1226413). - Detail: remove duplicated code (bsc#1226413). - mdadm: Fix native --detail --export (bsc#1226413). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3487-1 Released: Fri Sep 27 19:56:02 2024 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - libuuid1-2.37.4-150500.9.17.2 updated - libsmartcols1-2.37.4-150500.9.17.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - libblkid1-2.37.4-150500.9.17.2 updated - libfdisk1-2.37.4-150500.9.17.2 updated - libmount1-2.37.4-150500.9.17.2 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - pam-config-1.1-150200.3.9.1 updated - util-linux-2.37.4-150500.9.17.2 updated - util-linux-systemd-2.37.4-150500.9.17.2 updated - logrotate-3.18.1-150400.3.10.1 updated - libcurl4-8.0.1-150400.5.53.2 updated - glibc-locale-base-2.31-150300.89.2 updated - mdadm-4.2-150500.6.6.2 updated - runc-1.1.14-150000.70.1 updated - strace-5.14-150400.3.3.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.93 updated