SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:3228-1
Container Tags        : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-5.2.48 , suse/sle-micro/5.3/toolbox:latest
Container Release     : 5.2.48
Severity              : important
Type                  : security
References            : 1184689 1188086 1188607 1192252 1192478 1192648 1197428 1200330
                        1202269 1202337 1202417 1202962 1203110 1203125 1203152 1203155
                        1203194 1203272 1203508 1203509 1203796 1203797 1203799 1203818
                        1203820 1203924 1204577 1204779 CVE-2019-18348 CVE-2020-10735
                        CVE-2020-8492 CVE-2021-3928 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037
                        CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235
                        CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352
                        CVE-2022-3705 CVE-2022-37454 
-----------------------------------------------------------------

The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4278-1
Released:    Tue Nov 29 15:43:49 2022
Summary:     Security update for supportutils
Type:        security
Severity:    moderate
References:  1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818
This update for supportutils fixes the following issues:

Security issues fixed:

- Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)

Bug fixes:

- Added lifecycle information
- Fixed KVM virtualization detection on bare metal (bsc#1184689)
- Added logging using journalctl (bsc#1200330)
- Get current sar data before collecting files (bsc#1192648)
- Collects everything in /etc/multipath/ (bsc#1192252)
- Collects power management information in hardware.txt (bsc#1197428)
- Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
- Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269)
- Update to nvme_info and block_info (bsc#1202417)
- Added includedir directories from /etc/sudoers (bsc#1188086)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4281-1
Released:    Tue Nov 29 15:46:10 2022
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454
This update for python3 fixes the following issues:

- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)
- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)

The following non-security bug was fixed:

- Fixed a crash in the garbage collection (bsc#1188607).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4282-1
Released:    Tue Nov 29 15:50:15 2022
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705
This update for vim fixes the following issues:

Updated to version 9.0 with patch level 0814:

- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).
- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).
- CVE-2022-3235: Fixed use-after-free (bsc#1203509).
- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).
- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).
- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).
- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).
- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).
- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).
- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).
- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).
- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).
- CVE-2022-3352: Fixed use-after-free (bsc#1203924).
- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).
- CVE-2022-3037: Fixed use-after-free (bsc#1202962).


The following package changes have been done:

- libpython3_6m1_0-3.6.15-150300.10.37.2 updated
- python3-base-3.6.15-150300.10.37.2 updated
- supportutils-3.1.21-150300.7.35.15.1 updated
- vim-data-common-9.0.0814-150000.5.28.1 updated
- vim-9.0.0814-150000.5.28.1 updated