SUSE Container Update Advisory: suse/sles/15.7/cdi-cloner
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:4557-1
Container Tags        : suse/sles/15.7/cdi-cloner:1.58.0 , suse/sles/15.7/cdi-cloner:1.58.0-150700.7.11 , suse/sles/15.7/cdi-cloner:1.58.0.28.22
Container Release     : 28.22
Severity              : moderate
Type                  : security
References            : 1202870 1207789 1209627 1220523 1220690 1220693 1220696 1221365
                        1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822
                        1221824 1221827 1228042 1228968 1229028 1229329 1229465 1229476
                        1230093 CVE-2024-6119 CVE-2024-8096 
-----------------------------------------------------------------

The container suse/sles/15.7/cdi-cloner was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2796-1
Released:    Fri Aug 12 14:34:31 2022
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  
This update for jitterentropy fixes the following issues:

jitterentropy is included in version 3.4.0 (jsc#SLE-24941):

This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, 
used by other FIPS libraries.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3328-1
Released:    Wed Sep 21 12:48:56 2022
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  1202870
This update for jitterentropy fixes the following issues:

- Hide the non-GNUC constructs that are library internal from the 
  exported header, to make it usable in builds with strict C99
  compliance. (bsc#1202870)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:617-1
Released:    Fri Mar  3 16:49:06 2023
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  1207789
This update for jitterentropy fixes the following issues:

- build jitterentropy library with debuginfo (bsc#1207789)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2024-1
Released:    Thu Jun 13 16:15:18 2024
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  1209627
This update for jitterentropy fixes the following issues:

- Fixed a stack corruption on s390x: [bsc#1209627]
  * Output size of the STCKE command on s390x is 16 bytes, compared
    to 8 bytes of the STCK command. Fix a stack corruption in the
    s390x version of jent_get_nstime(). Add some more detailed
    information on the STCKE command.

Updated to 3.4.1

* add FIPS 140 hints to man page
* simplify the test tool to search for optimal configurations
* fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0
* enhancement: add ARM64 assembler code to read high-res timer
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3106-1
Released:    Tue Sep  3 17:00:40 2024
Summary:     Security update for openssl-3
Type:        security
Severity:    moderate
References:  1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119
This update for openssl-3 fixes the following issues:

- CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)

Other fixes:    
    
- FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365).
- FIPS: RSA keygen PCT requirements.
- FIPS: Check that the fips provider is available before setting
  it as the default provider in FIPS mode (bsc#1220523).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: Block non-Approved Elliptic Curves (bsc#1221786).
- FIPS: Service Level Indicator (bsc#1221365).
- FIPS: Output the FIPS-validation name and module version which uniquely
  identify the FIPS validated module (bsc#1221751).
- FIPS: Add required selftests: (bsc#1221760).
- FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821).
- FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827).
- FIPS: Zero initialization required (bsc#1221752).
- FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696).
- FIPS: NIST SP 800-56Brev2 (bsc#1221824).
- FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: NIST SP 800-56Arev3 (bsc#1221822).
- FIPS: Error state has to be enforced (bsc#1221753).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3132-1
Released:    Tue Sep  3 17:43:10 2024
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1228968,1229329
This update for permissions fixes the following issues:

- Update to version 20240826:
  * permissions: remove outdated entries (bsc#1228968)

- Update to version 20240826:
  * cockpit: revert path change (bsc#1229329)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3166-1
Released:    Mon Sep  9 12:25:30 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1228042
This update for glibc fixes the following issue:

- s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3204-1
Released:    Wed Sep 11 10:55:22 2024
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1230093,CVE-2024-8096
This update for curl fixes the following issues:

- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3239-1
Released:    Fri Sep 13 12:00:58 2024
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1229476
This update for util-linux fixes the following issue:

- Skip aarch64 decode path for rest of the architectures (bsc#1229476).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3300-1
Released:    Wed Sep 18 14:27:53 2024
Summary:     Recommended update for ncurses
Type:        recommended
Severity:    moderate
References:  1229028
This update for ncurses fixes the following issues:

- Allow the terminal description based on static fallback entries to be freed (bsc#1229028)


The following package changes have been done:

- glibc-2.38-150600.14.8.2 updated
- libuuid1-2.39.3-150600.4.12.2 updated
- libsmartcols1-2.39.3-150600.4.12.2 updated
- libblkid1-2.39.3-150600.4.12.2 updated
- libfdisk1-2.39.3-150600.4.12.2 updated
- libjitterentropy3-3.4.1-150000.1.12.1 added
- libncurses6-6.1-150000.5.27.1 updated
- terminfo-base-6.1-150000.5.27.1 updated
- libmount1-2.39.3-150600.4.12.2 updated
- libopenssl3-3.1.4-150600.5.15.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated
- libcurl4-8.6.0-150600.4.6.1 updated
- permissions-20240826-150600.10.9.1 updated
- util-linux-2.39.3-150600.4.12.2 updated
- curl-8.6.0-150600.4.6.1 updated
- containerized-data-importer-cloner-1.58.0-150700.7.11 updated
- container:sles15-image-15.0.0-50.18 updated