SUSE Container Update Advisory: suse/sles/15.7/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3706-1 Container Tags : suse/sles/15.7/cdi-importer:1.58.0 , suse/sles/15.7/cdi-importer:1.58.0-150700.7.4 , suse/sles/15.7/cdi-importer:1.58.0.28.11 Container Release : 28.11 Severity : important Type : security References : 1222899 1223336 1226463 1227138 1227888 1228535 1228548 1228770 1228872 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 CVE-2024-6197 CVE-2024-7264 CVE-2024-7383 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2637-1 Released: Tue Jul 30 09:17:25 2024 Summary: Recommended update for qemu Type: recommended Severity: moderate References: This update for qemu fixes the following issues: qemu was updated to version 8.2.5: - For the full list of changes (from the various releases) please consult the following: * https://lore.kernel.org/qemu-devel/1718081047.648425.1238605.nullmailer@tls.msk.ru/ - Main changes: * disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs * dockerfiles: Added 'MAKE' env variable to remaining containers * gitlab: Update msys2-64bit runner tags * gitlab: Use 'setarch -R' to workaround tsan bug * gitlab: Use $MAKE instead of 'make' * hvf: arm: Fixed encodings for ID_AA64PFR1_EL1 and debug System registers * hw/intc/arm_gic: Fixed handling of NS view of GICC_APR * hw/intc/riscv_aplic: APLICs should add child earlier than realize * iotests: test NBD+TLS+iothread * qio: Inherit follow_coroutine_ctx across TLS * target/arm: Disable SVE extensions when SVE is disabled * target/i386: Fixed SSE and SSE2 feature check * target/i386: Fixed xsave.flat from kvm-unit-tests * target/i386: No single-step exception after MOV or POP SS * target/loongarch: Fixed a wrong print in cpu dump * target/riscv: Do not set mtval2 for non guest-page faults * target/riscv: Fixed the element agnostic function problem * target/riscv: Prioritize pmp errors in raise_mmu_exception() * target/riscv: rvv: Check single width operator for vector fp widen instructions * target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w * target/riscv: rvv: Fixed Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions * target/riscv: rvv: Removed redudant SEW checking for vector fp narrow/widen instructions * target/riscv: rvzicbo: Fixed CBO extension register calculation * target/riscv/cpu.c: Fixed Zvkb extension config * target/riscv/kvm: Tolerate KVM disable ext errors * target/riscv/kvm.c: Fixed the hart bit setting of AIA * ui/sdl2: Allow host to power down screen ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2813-1 Released: Wed Aug 7 12:01:37 2024 Summary: Security update for libnbd Type: security Severity: important References: 1228872,CVE-2024-7383 This update for libnbd fixes the following issues: - CVE-2024-7383: Fixed incorrect verification of a NBD server's certificate when using TLS to connect to the server (bsc#1228872) Other fixes: - Update to version 1.18.5. The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - curl-8.6.0-150600.4.3.1 updated - qemu-img-8.2.5-150600.3.6.1 updated - libnbd0-1.18.5-150600.18.3.1 updated - containerized-data-importer-importer-1.58.0-150700.7.4 updated - container:sles15-image-15.0.0-50.8 updated