SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2720-1 Container Tags : bci/node:14 , bci/node:14-35.6 , bci/nodejs:14 , bci/nodejs:14-35.6 Container Release : 35.6 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libudev1-249.12-150400.8.10.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - netcfg-11.6-3.3.1 added - timezone-2022a-150000.75.10.1 added - libffi7-3.2.1.git259-10.8 added - container:sles15-image-15.0.0-27.14.5 updated