SUSE Container Update Advisory: rancher/elemental-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4257-1 Container Tags : rancher/elemental-operator:1.6.4 , rancher/elemental-operator:1.6.4-2.12 , rancher/elemental-operator:latest Container Release : 2.12 Severity : important Type : security References : 1188441 1199079 1220356 1220724 1221239 1221482 1221940 1222992 1223423 1223424 1223425 1227525 1228041 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container rancher/elemental-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 9 Released: Fri Aug 9 10:33:34 2024 Summary: Recommended update for bash, libcap-ng, libselinux, libselinux-bindings, libsemanage, zypper Type: recommended Severity: low References: This update fixes the following issues: - No change rebuild due to dependency changes. ----------------------------------------------------------------- Advisory ID: 24 Released: Wed Aug 28 13:31:01 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1199079,1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: 29 Released: Wed Sep 4 12:41:35 2024 Summary: Recommended update for gcc13 Type: recommended Severity: important References: 1188441,1220724,1221239 This update for gcc13 fixes the following issues: - Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] ----------------------------------------------------------------- Advisory ID: 32 Released: Thu Sep 5 12:12:35 2024 Summary: Security update for glibc Type: security Severity: important References: 1221482,1221940,1222992,1223423,1223424,1223425,1228041,CVE-2024-2961,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: Fixed security issues: - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: - Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) - Fix segfault in wcsncmp (bsc#1228041) - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) - Avoid creating ULP prologue for _start routine (bsc#1221940) - Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482) - malloc: Use __get_nprocs on arena_get2 - linux: Use rseq area unconditionally in sched_getcpu The following package changes have been done: - compat-usrmerge-tools-84.87-2.195 added - system-user-root-20190513-2.208 updated - filesystem-84.87-5.2 updated - glibc-2.38-7.1 updated - libtasn1-6-4.19.0-2.7 updated - libpcre2-8-0-10.42-2.179 added - libgmp10-6.3.0-1.119 updated - libgcc_s1-13.3.0+git8781-1.1 updated - libffi8-3.4.4-2.182 added - libcap2-2.69-2.83 updated - libattr1-2.5.1-2.193 updated - libacl1-2.3.1-2.187 updated - libselinux1-3.5-3.1 updated - libstdc++6-13.3.0+git8781-1.1 updated - libncurses6-6.4.20240224-10.2 updated - terminfo-base-6.4.20240224-10.2 updated - libp11-kit0-0.25.3-1.6 updated - libreadline8-8.2-2.180 added - bash-5.2.15-3.1 updated - p11-kit-0.25.3-1.6 updated - p11-kit-tools-0.25.3-1.6 updated - bash-sh-5.2.15-3.1 updated - coreutils-9.4-4.8 updated - ca-certificates-2+git20230406.2dae8b7-2.8 updated - ca-certificates-mozilla-2.68-1.1 updated - container:suse-toolbox-image-1.0.0-6.51 added - container:suse-sle15-15.5-- removed - crypto-policies-20210917.c9d86d1-150400.3.6.1 removed - findutils-4.8.0-1.20 removed - info-6.5-4.17 removed - libbz2-1-1.0.8-150400.1.122 removed - libffi7-3.2.1.git259-10.8 removed - libjitterentropy3-3.4.1-150000.1.12.1 removed - liblzma5-5.2.3-150000.4.7.1 removed - libopenssl1_1-1.1.1l-150500.17.31.1 removed - libopenssl1_1-hmac-1.1.1l-150500.17.31.1 removed - libreadline7-7.0-150400.25.22 removed - libtasn1-4.13-150000.4.8.1 removed - libz1-1.2.13-150500.4.3.1 removed - libzio1-1.06-2.20 removed - openssl-1_1-1.1.1l-150500.17.31.1 removed - patterns-base-fips-20200124-150400.20.4.1 removed