SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:898-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-15.25 Container Release : 15.25 Severity : important Type : security References : 1198880 1200551 1217390 CVE-2021-40633 CVE-2022-28506 CVE-2023-48161 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:786-1 Released: Wed Mar 6 21:07:20 2024 Summary: Security update for giflib Type: security Severity: important References: 1198880,1200551,1217390,CVE-2021-40633,CVE-2022-28506,CVE-2023-48161 This update for giflib fixes the following issues: Update to version 5.2.2 * Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880) * #138 Documentation for obsolete utilities still installed * #139: Typo in 'LZW image data' page ('110_2 = 4_10') * #140: Typo in 'LZW image data' page ('LWZ') * #141: Typo in 'Bits and bytes' page ('filed') * Note as already fixed SF issue #143: cannot compile under mingw * #144: giflib-5.2.1 cannot be build on windows and other platforms using c89 * #145: Remove manual pages installation for binaries that are not installed too * #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7 * #147 [PATCH] Fixes to doc/whatsinagif/ content * #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB * Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1 * Declared Won't-fix on SF issue 149: Out of source builds no longer possible * #151: A heap-buffer-overflow in gif2rgb.c:294:45 * #152: Fix some typos on the html documentation and man pages * #153: Fix segmentation faults due to non correct checking for args * #154: Recover the giffilter manual page * #155: Add gifsponge docs * #157: An OutofMemory-Exception or Memory Leak in gif2rgb * #158: There is a null pointer problem in gif2rgb * #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45 * #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c * #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c * #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c * #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c The following package changes have been done: - libgif7-5.2.2-150000.4.13.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - fillup-1.42-2.18 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - krb5-1.20.1-150500.3.3.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libnsl2-1.2.0-2.44 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.10.3-150500.5.14.1 removed - libzstd1-1.5.0-150400.3.3.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.37.4-150500.9.3.1 removed