SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1364-1 Container Tags : bci/bci-busybox:15.4 , bci/bci-busybox:15.4.8.1 , bci/bci-busybox:latest Container Release : 8.1 Severity : important Type : security References : 1040589 1047218 1078466 1134524 1146705 1172973 1172974 1175519 1178775 1180020 1180083 1180596 1181011 1181831 1182604 1182959 1183094 1185540 1186049 1186489 1187911 1190447 1191592 1194640 1194768 1194770 1194785 1195149 1195792 1195856 1196275 1196406 1198751 CVE-2019-20838 CVE-2019-5021 CVE-2020-14155 CVE-2021-33574 CVE-2021-35942 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1368-1 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Type: security Severity: important References: 1134524,CVE-2019-5021 This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3291-1 Released: Wed Oct 6 16:45:36 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489). - CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). The following package changes have been done: - busybox-adduser-1.34.1-150400.2.23 added - busybox-attr-1.34.1-150400.2.23 added - busybox-bc-1.34.1-150400.2.23 added - busybox-bind-utils-1.34.1-150400.2.23 added - busybox-bzip2-1.34.1-150400.2.23 added - busybox-coreutils-1.34.1-150400.2.23 added - busybox-cpio-1.34.1-150400.2.23 added - busybox-diffutils-1.34.1-150400.2.23 added - busybox-dos2unix-1.34.1-150400.2.23 added - busybox-ed-1.34.1-150400.2.23 added - busybox-findutils-1.34.1-150400.2.23 added - busybox-gawk-1.34.1-150400.2.23 added - busybox-grep-1.34.1-150400.2.23 added - busybox-gzip-1.34.1-150400.2.23 added - busybox-hostname-1.34.1-150400.2.23 added - busybox-iproute2-1.34.1-150400.2.23 added - busybox-iputils-1.34.1-150400.2.23 added - busybox-kbd-1.34.1-150400.2.23 added - busybox-less-1.34.1-150400.2.23 added - busybox-links-1.34.1-150400.2.23 added - busybox-man-1.34.1-150400.2.23 added - busybox-misc-1.34.1-150400.2.23 added - busybox-ncurses-utils-1.34.1-150400.2.23 added - busybox-net-tools-1.34.1-150400.2.23 added - busybox-netcat-1.34.1-150400.2.23 added - busybox-patch-1.34.1-150400.2.23 added - busybox-policycoreutils-1.34.1-150400.2.23 added - busybox-procps-1.34.1-150400.2.23 added - busybox-psmisc-1.34.1-150400.2.23 added - busybox-sed-1.34.1-150400.2.23 added - busybox-selinux-tools-1.34.1-150400.2.23 added - busybox-sendmail-1.34.1-150400.2.23 added - busybox-sharutils-1.34.1-150400.2.23 added - busybox-sh-1.34.1-150400.2.23 added - busybox-syslogd-1.34.1-150400.2.23 added - busybox-sysvinit-tools-1.34.1-150400.2.23 added - busybox-tar-1.34.1-150400.2.23 added - busybox-telnet-1.34.1-150400.2.23 added - busybox-tftp-1.34.1-150400.2.23 added - busybox-time-1.34.1-150400.2.23 added - busybox-traceroute-1.34.1-150400.2.23 added - busybox-tunctl-1.34.1-150400.2.23 added - busybox-unzip-1.34.1-150400.2.23 added - busybox-util-linux-1.34.1-150400.2.23 added - busybox-vi-1.34.1-150400.2.23 added - busybox-vlan-1.34.1-150400.2.23 added - busybox-wget-1.34.1-150400.2.23 added - busybox-which-1.34.1-150400.2.23 added - busybox-whois-1.34.1-150400.2.23 added - busybox-xz-1.34.1-150400.2.23 added - busybox-1.34.1-150400.1.8 added - ca-certificates-mozilla-prebuilt-2.44-21.1 added - filesystem-15.0-11.8.1 added - glibc-2.31-150300.26.5 added - libcrypt1-4.4.15-150300.4.2.41 added - libpcre1-8.45-20.10.1 added - libselinux1-3.1-150400.1.69 added - libsepol1-3.1-150400.1.70 added - sles-release-15.4-150400.55.1 added - system-user-nobody-20170617-150400.22.33 added - system-user-root-20190513-3.3.1 added - sysuser-shadow-3.1-150400.1.35 added