SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2172-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.13.6 Container Release : 13.6 Severity : important Type : security References : 1078466 1134524 1146705 1175519 1178775 1180020 1180083 1180596 1181011 1181831 1181994 1182959 1183094 1188006 1190447 1195149 1195391 1195792 1195856 1196275 1196406 1197718 1199079 1199140 1200334 1200855 1202868 1205161 1206212 1206622 1207778 1213240 1214140 1214248 1214538 1215496 CVE-2019-5021 CVE-2022-48174 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1368-1 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Type: security Severity: important References: 1134524,CVE-2019-5021 This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:31:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3820-1 Released: Wed Sep 27 18:37:54 2023 Summary: Security update for busybox Type: security Severity: important References: 1214538,CVE-2022-48174 This update for busybox fixes the following issues: - CVE-2022-48174: Fixed stack overflow vulnerability. (bsc#1214538) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:62-1 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Type: recommended Severity: moderate References: 1215496 This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 The following package changes have been done: - busybox-adduser-1.35.0-150500.7.2.3 added - busybox-attr-1.35.0-150500.7.2.3 added - busybox-bc-1.35.0-150500.7.2.3 added - busybox-bind-utils-1.35.0-150500.7.2.3 added - busybox-bzip2-1.35.0-150500.7.2.3 added - busybox-coreutils-1.35.0-150500.7.2.3 added - busybox-cpio-1.35.0-150500.7.2.3 added - busybox-diffutils-1.35.0-150500.7.2.3 added - busybox-dos2unix-1.35.0-150500.7.2.3 added - busybox-ed-1.35.0-150500.7.2.3 added - busybox-findutils-1.35.0-150500.7.2.3 added - busybox-gawk-1.35.0-150500.7.2.3 added - busybox-grep-1.35.0-150500.7.2.3 added - busybox-gzip-1.35.0-150500.7.2.3 added - busybox-hostname-1.35.0-150500.7.2.3 added - busybox-iproute2-1.35.0-150500.7.2.3 added - busybox-iputils-1.35.0-150500.7.2.3 added - busybox-kbd-1.35.0-150500.7.2.3 added - busybox-less-1.35.0-150500.7.2.3 added - busybox-links-1.35.0-150500.7.2.3 added - busybox-man-1.35.0-150500.7.2.3 added - busybox-misc-1.35.0-150500.7.2.3 added - busybox-ncurses-utils-1.35.0-150500.7.2.3 added - busybox-net-tools-1.35.0-150500.7.2.3 added - busybox-netcat-1.35.0-150500.7.2.3 added - busybox-patch-1.35.0-150500.7.2.3 added - busybox-policycoreutils-1.35.0-150500.7.2.3 added - busybox-procps-1.35.0-150500.7.2.3 added - busybox-psmisc-1.35.0-150500.7.2.3 added - busybox-sed-1.35.0-150500.7.2.3 added - busybox-selinux-tools-1.35.0-150500.7.2.3 added - busybox-sendmail-1.35.0-150500.7.2.3 added - busybox-sharutils-1.35.0-150500.7.2.3 added - busybox-sh-1.35.0-150500.7.2.3 added - busybox-syslogd-1.35.0-150500.7.2.3 added - busybox-sysvinit-tools-1.35.0-150500.7.2.3 added - busybox-tar-1.35.0-150500.7.2.3 added - busybox-telnet-1.35.0-150500.7.2.3 added - busybox-tftp-1.35.0-150500.7.2.3 added - busybox-time-1.35.0-150500.7.2.3 added - busybox-traceroute-1.35.0-150500.7.2.3 added - busybox-tunctl-1.35.0-150500.7.2.3 added - busybox-unzip-1.35.0-150500.7.2.3 added - busybox-util-linux-1.35.0-150500.7.2.3 added - busybox-vi-1.35.0-150500.7.2.3 added - busybox-vlan-1.35.0-150500.7.2.3 added - busybox-wget-1.35.0-150500.7.2.3 added - busybox-which-1.35.0-150500.7.2.3 added - busybox-whois-1.35.0-150500.7.2.3 added - busybox-xz-1.35.0-150500.7.2.3 added - busybox-1.35.0-150500.10.3.3 added - ca-certificates-mozilla-prebuilt-2.62-150200.30.1 added - filesystem-15.0-11.8.1 added - glibc-2.38-150600.12.1 added - libcrypt1-4.4.15-150300.4.7.1 added - libpcre2-8-0-10.42-150600.1.26 added - libselinux1-3.5-150600.1.46 added - libsepol1-3.1-150400.1.70 added - skelcd-EULA-bci-2024.05.03.1-150600.1.1 added - sles-release-15.6-150600.37.2 added - system-user-nobody-20170617-150400.24.2.1 added - system-user-root-20190513-3.3.1 added - sysuser-shadow-3.2-150400.3.5.3 added