SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1684-1 Container Tags : suse/manager/5.0/x86_64/proxy-salt-broker:5.0.0-beta2 , suse/manager/5.0/x86_64/proxy-salt-broker:5.0.0-beta2.3.40 , suse/manager/5.0/x86_64/proxy-salt-broker:latest Container Release : 3.40 Severity : important Type : security References : 1087072 1195654 1199944 1204111 1204112 1204113 1210959 1211886 1212126 1214691 1214934 1215377 1216296 1217450 1217667 1218232 1218492 1219031 1219321 1219520 1219559 1219666 1220061 1220724 1221239 1221289 1222109 CVE-2022-1664 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-48566 CVE-2023-34969 CVE-2023-45918 CVE-2023-52425 CVE-2023-6597 CVE-2024-28757 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4973-1 Released: Tue Dec 26 04:44:10 2023 Summary: Recommended update for duktape Type: recommended Severity: moderate References: 1216296 This update of duktape fixes the following issue: - duktape-devel is shipped to Basesystem module (bsc#1216296). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:637-1 Released: Tue Feb 27 10:06:55 2024 Summary: Recommended update for duktape Type: recommended Severity: moderate References: This update for duktape fixes the following issues: - Ship libduktape206-32bit: needed by libproxy since version 0.5. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.89 updated - crypto-policies-20230920.570ea89-150600.1.9 updated - libldap-data-2.4.46-150600.23.15 updated - libsemanage-conf-3.5-150600.1.48 updated - libssh-config-0.9.8-150600.9.1 updated - glibc-2.38-150600.9.2 updated - libzstd1-1.5.5-150600.1.2 updated - libuuid1-2.39.3-150600.1.15 updated - libsmartcols1-2.39.3-150600.1.15 updated - libsepol2-3.5-150600.1.48 updated - libsasl2-3-2.1.28-150600.5.2 updated - libpcre2-8-0-10.42-150600.1.25 updated - libnghttp2-14-1.40.0-150600.23.1 updated - liblzma5-5.4.1-150600.1.1 updated - liblz4-1-1.9.4-150600.1.3 updated - libgpg-error0-1.47-150600.1.2 updated - libfa1-1.14.1-150600.1.2 updated - libcom_err2-1.47.0-150600.2.25 updated - libblkid1-2.39.3-150600.1.15 updated - libselinux1-3.5-150600.1.45 updated - libglib-2_0-0-2.78.3-150600.1.6 updated - libksba8-1.6.4-150600.1.2 updated - libgcrypt20-1.10.3-150600.1.18 updated - libfdisk1-2.39.3-150600.1.15 updated - libmount1-2.39.3-150600.1.15 updated - libgmodule-2_0-0-2.78.3-150600.1.6 added - update-alternatives-1.19.0.4-150000.4.4.1 added - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - libduktape206-2.6.0-150500.4.5.1 added - libexpat1-2.4.4-150400.3.17.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libsigc-2_0-0-2.12.1-150600.1.2 updated - libabsl2401_0_0-20240116.1-150600.17.3 added - libgobject-2_0-0-2.78.3-150600.1.6 added - libopenssl3-3.1.4-150600.2.18 updated - libaugeas0-1.14.1-150600.1.2 updated - libudev1-254.10-150600.1.3 updated - libsystemd0-254.10-150600.1.3 updated - libsemanage2-3.5-150600.1.48 updated - libprotobuf-lite25_1_0-25.1-150600.14.1 updated - libzck1-1.1.16-150600.9.2 updated - libopenssl-3-fips-provider-3.1.4-150600.2.18 updated - libldap-2_4-2-2.4.46-150600.23.15 updated - krb5-1.20.1-150600.9.1 updated - patterns-base-fips-20200124-150600.29.2 updated - libssh4-0.9.8-150600.9.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 added - coreutils-8.32-150400.9.3.1 updated - shared-mime-info-2.4-150600.1.2 added - login_defs-4.8.1-150600.15.44 updated - libcrack2-2.9.11-150600.1.89 updated - cracklib-2.9.11-150600.1.89 updated - sed-4.9-150600.1.3 updated - libcurl4-8.6.0-150600.2.1 updated - sles-release-15.6-150600.33.2 updated - gpg2-2.4.4-150600.1.3 updated - libgpgme11-1.23.0-150600.1.35 updated - shadow-4.8.1-150600.15.44 updated - dbus-1-1.12.2-150400.18.8.1 added - gio-branding-SLE-15-150600.33.2 added - libgio-2_0-0-2.78.3-150600.1.6 added - glib2-tools-2.78.3-150600.1.6 added - libpxbackend-1_0-0.5.3-150600.1.1 added - libproxy1-0.5.3-150600.1.1 updated - libzypp-17.31.31-150600.8.7 updated - util-linux-2.39.3-150600.1.15 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - netcfg-11.6-150000.3.6.1 updated - curl-8.6.0-150600.2.1 updated - openssl-3.1.4-150600.2.1 updated - openssl-3-3.1.4-150600.2.18 updated - timezone-2024a-150600.89.1 updated - libopenssl1_1-1.1.1w-150600.2.11 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated - python3-3.6.15-150300.10.60.1 updated - container:sles15-image-15.0.0-45.12 updated - gzip-1.10-150200.10.1 removed - libabsl2308_0_0-20230802.1-150400.10.4.1 removed - tar-1.34-150000.3.34.1 removed