SUSE Container Update Advisory: suse/sle-micro-iso/5.5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:474-1 Container Tags : suse/sle-micro-iso/5.5:2.0.2 , suse/sle-micro-iso/5.5:2.0.2-4.2.27 , suse/sle-micro-iso/5.5:latest Container Release : 4.2.27 Severity : important Type : security References : 1201627 1207534 1207987 1211124 1211430 1212475 1212496 1212613 1213472 1213487 1213517 1213853 1214054 1214071 1214458 1214768 1215215 1215291 1215596 1216006 1216129 1216378 1216922 1216938 CVE-2022-4304 CVE-2023-2650 CVE-2023-3446 CVE-2023-36054 CVE-2023-3817 CVE-2023-39615 CVE-2023-45322 CVE-2023-45853 CVE-2023-5678 ----------------------------------------------------------------- The container suse/sle-micro-iso/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2901-1 Released: Thu Jul 20 09:49:16 2023 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1212613 This update for lvm2 fixes the following issues: - multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2934-1 Released: Fri Jul 21 12:46:57 2023 Summary: Recommended update for libcontainers-common Type: recommended Severity: moderate References: 1211124 This update for libcontainers-common fixes the following issues: - New subpackage libcontainers-sles-mounts which adds SLE-specific mounts on SLE systems (bsc#1211124) - Own /etc/containers/systemd and /usr/share/containers/systemd for podman quadlet - Remove container-storage-driver.sh to default to the overlay driver instead of btrfs - Remove obsolete Requires(post): util-linux-systemd - Add registry.suse.com to the unqualified-search-registries ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2966-1 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3088-1 Released: Tue Aug 1 09:52:03 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1212496 This update for systemd-presets-common-SUSE fixes the following issues: - Fix systemctl being called with an empty argument (bsc#1212496) - Don't call systemctl list-unit-files with an empty argument (bsc#1212496) - Add wtmpdb-update-boot.service and wtmpdb-rotate.timer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3276-1 Released: Fri Aug 11 10:20:40 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1213472 This update for apparmor fixes the following issues: - Add pam_apparmor README (bsc#1213472) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3325-1 Released: Wed Aug 16 08:26:08 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3485-1 Released: Tue Aug 29 14:20:56 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3717-1 Released: Thu Sep 21 06:51:51 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1214458 This update for apparmor fixes the following issues: - Update zgrep profile to allow egrep helper use (bsc#1214458) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3798-1 Released: Wed Sep 27 10:32:31 2023 Summary: Recommended update for libcontainers-common Type: recommended Severity: important References: 1215291 This update for libcontainers-common fixes the following issues: - Require libcontainers-sles-mounts for *all* SLE products, and not just SLES. (bsc#1215291) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4003-1 Released: Mon Oct 9 08:29:33 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1215596 This update for apparmor fixes the following issues: - Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4076-1 Released: Fri Oct 13 14:02:51 2023 Summary: Security update for cni Type: security Severity: important References: 1212475,1216006 This update of cni fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4504-1 Released: Tue Nov 21 13:27:50 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4518-1 Released: Tue Nov 21 17:35:30 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4678-1 Released: Thu Dec 7 01:53:29 2023 Summary: Feature update for lvm2 Type: feature Severity: important References: 1216938 This update for lvm2 fixes the following issues: Updated lvm2 from LVM2.2.03.16 to LVM2.2.03.22 (jsc#PED-6753,jsc#PED-6754): - Version 2.03.22: * Fixed issues with LVM filters no longer working with SUSE Linux Enterprise 15 Service Pack 5 (bsc#1216938) * Fixed pv_major/pv_minor report field types so they are integers, not strings. * Added `lvmdevices --delnotfound` to delete entries for missing devices. * Always use cachepool name for metadata backup LV for `lvconvert --repair`. * Make metadata backup LVs read-only after pool's `lvconvert --repair`. * Improve VDO and Thin support with lvmlockd. * Handle `lvextend --usepolicies` for pools for all activation variants. * Fixed memleak in vgchange autoactivation setup. * Update py-compile building script. * Support conversion from thick to fully provisioned thin LV. * Cache/Thin-pool can use error and zero volumes for testing. * Individual thin volume can be cached, but cannot take snapshot. * Better internal support for handling error and zero target (for testing). * Resize COW above trimmed maximal size is does not return error. * Support parsing of vdo geometry format version 4. * Added lvm.conf thin_restore and cache_restore settings. * Handle multiple mounts while resizing volume with a FS. * Handle leading/trailing spaces in sys_wwid and sys_serial used by deivce_id. * Enhance lvm_import_vdo and use snapshot when converting VDO volume. * Fixed parsing of VDO metadata. * Fixed failing `-S|--select` for non-reporting cmds if using LV info/status fields. * Allow snapshots of raid+integrity LV. * Fixed multisegment RAID1 allocator to prevent using single disk for more legs. - Version 2.03.21: * Fixed activation of vdo-pool for with 0 length headers (converted pools). * Avoid printing internal init messages when creation integration devices. * Allow (write)cache over raid+integrity LV. - Version 2.03.20: * Fixed segfault if using `-S|--select` with log/report_command_log=1 setting. * Configure now fails when requested lvmlockd dependencies are missing. * Added some configure Gentoo enhancements for static builds. - Version 2.03.19: * Configure supports `--with-systemd-run` executed from udev rules. * Enhancement for build with MuslC systemd and non-bash system shells (dash). * Do not reset SYSTEMD_READY variable in udev for PVs on MD and loop devices. * Ensure udev is processing origin LV before its thick snapshots LVs. * Fixed and improve runtime memory size detection for VDO volumes. - Version 2.03.18: * Fixed issues reported by coverity scan. * Fixed warning for thin pool overprovisioning on lvextend (2.03.17). * Added support for writecache metadata_only and pause_writeback settings. * Fixed missing error messages in lvmdbusd. - Version 2.03.17: * Added new options (`--fs, --fsmode`) for FS handling when resizing LVs. * Fixed `lvremove -S|--select LV` to not also remove its historical LV right away. * Fixed lv_active field type to binary so --select and --binary applies properly. * Switch to use mallinfo2 and use it only with glibc. * Error out in lvm shell if using a cmd argument not supported in the shell. * Fixed lvm shell's lastlog command to report previous pre-command failures. * Extend VDO and VDOPOOL without flushing and locking fs. * Added `--valuesonly` option to lvmconfig to print only values without keys. * Updates configure with recent autoconf tooling. * Fixed `lvconvert --test --type vdo-pool` execution. * Added json_std output format for more JSON standard compliant version of output. * Fixed vdo_slab_size_mb value for converted VDO volume. * Fixed many corner cases in device_id, including handling of S/N duplicates. * Fixed various issues in lvmdbusd. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4700-1 Released: Mon Dec 11 07:03:27 2023 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: This update for p11-kit fixes the following issues: - Ensure that programs using can be compiled with CRYPTOKI_GNU. Fixes GnuTLS builds (jsc#PED-6705). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:244-1 Released: Fri Jan 26 13:01:27 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1207987 This update for util-linux fixes the following issues: - Fix performance degradation (bsc#1207987) The following package changes have been done: - filesystem-15.0-150500.1.1 updated - libsemanage-conf-3.4-150500.1.12 updated - libz1-1.2.13-150500.4.3.1 updated - libuuid1-2.37.4-150500.9.3.1 updated - libsmartcols1-2.37.4-150500.9.3.1 updated - libsepol2-3.4-150500.1.18 updated - libblkid1-2.37.4-150500.9.3.1 updated - libapparmor1-3.0.4-150500.11.9.1 updated - libselinux1-3.4-150500.1.12 updated - libxml2-2-2.10.3-150500.5.11.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libgcrypt20-1.9.4-150500.10.19 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - libfdisk1-2.37.4-150500.9.3.1 updated - libsemanage2-3.4-150500.1.12 updated - libmount1-2.37.4-150500.9.3.1 updated - krb5-1.20.1-150500.3.3.1 updated - login_defs-4.8.1-150500.1.10 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 updated - systemd-presets-common-SUSE-15-150500.20.3.1 updated - rpm-4.14.3-150400.59.3.1 added - shadow-4.8.1-150500.1.10 updated - util-linux-2.37.4-150500.9.3.1 updated - libsasl2-3-2.1.28-150500.1.1 updated - cni-1.1.2-150500.3.2.1 updated - libcontainers-sles-mounts-20230214-150500.4.6.1 updated - libslirp0-4.7.0+44-150500.2.1 updated - runc-1.1.10-150000.55.1 updated - libcontainers-common-20230214-150500.4.6.1 updated - perl-5.26.1-150300.17.14.1 added - slirp4netns-1.2.0-150500.1.1 updated - container:suse-sle-micro-5.5-latest-- added - container:bci-bci-busybox-15.5-- added - container:bci-bci-busybox-15.4-- removed - container:rancher-elemental-teal-5.4-latest-- removed - libicu-suse65_1-65.1-150200.4.10.1 removed - libicu65_1-ledata-65.1-150200.4.10.1 removed