SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-salt-broker
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:4372-1
Container Tags        : suse/manager/5.0/x86_64/proxy-salt-broker:5.0.1 , suse/manager/5.0/x86_64/proxy-salt-broker:5.0.1.7.5.1 , suse/manager/5.0/x86_64/proxy-salt-broker:latest
Container Release     : 7.5.1
Severity              : critical
Type                  : security
References            : 1082216 1082233 1188441 1211721 1213638 1218609 1219559 1220117
                        1220664 1221361 1221361 1221407 1221482 1221563 1221632 1221831
                        1221854 1222075 1222086 1222547 1222985 1223428 1223430 1223571
                        1223596 1223605 1223766 1224014 1224016 1224044 1224242 1224282
                        1224388 1225291 1225551 1225598 1225907 1226415 1226447 1226448
                        1226463 1227138 1227186 1227187 1227308 CVE-2018-6798 CVE-2018-6913
                        CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-28085 CVE-2024-34397
                        CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-4032 CVE-2024-4603
                        CVE-2024-4741 CVE-2024-5535 
-----------------------------------------------------------------

The container suse/manager/5.0/x86_64/proxy-salt-broker was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1487-1
Released:    Thu May  2 10:43:53 2024
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1211721,1221361,1221407,1222547
This update for aaa_base fixes the following issues:

- home and end button not working from ssh client (bsc#1221407)
- use autosetup in prep stage of specfile
- drop the stderr redirection for csh (bsc#1221361)
- drop sysctl.d/50-default-s390.conf (bsc#1211721)
- make sure the script does not exit with 1 if a file with content is found (bsc#1222547)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1665-1
Released:    Thu May 16 08:00:09 2024
Summary:     Recommended update for coreutils
Type:        recommended
Severity:    moderate
References:  1221632
This update for coreutils fixes the following issues:

- ls: avoid triggering automounts (bsc#1221632)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1762-1
Released:    Wed May 22 16:14:17 2024
Summary:     Security update for perl
Type:        security
Severity:    important
References:  1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913
This update for perl fixes the following issues:

Security issues fixed:

- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)

Non-security issue fixed:

- make Net::FTP work with TLS 1.3 (bsc#1213638)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1876-1
Released:    Fri May 31 06:47:32 2024
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1221361
This update for aaa_base fixes the following issues:

- Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1934-1
Released:    Thu Jun  6 11:19:24 2024
Summary:     Recommended update for sles15-image
Type:        recommended
Severity:    moderate
References:  
This update for sles15-image fixes the following issues:

- update to SUSE LLC and use https (it's 2024)
- use more specific lifecycle url
- remove deprecated label duplication as those labels are
  inherited into all derived containers as well causing
  confusion
- set supportlevel to released and L3
- use the base-container-images landing page
- rename kiwi file to match package name
- move artifacthub.io labels outside labelling helper to
  avoid duplication

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1943-1
Released:    Fri Jun  7 17:04:06 2024
Summary:     Security update for util-linux
Type:        security
Severity:    important
References:  1218609,1220117,1221831,1223605,CVE-2024-28085
This update for util-linux fixes the following issues:

-  CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1950-1
Released:    Fri Jun  7 17:20:14 2024
Summary:     Security update for glib2
Type:        security
Severity:    moderate
References:  1224044,CVE-2024-34397
This update for glib2 fixes the following issues:

Update to version 2.78.6:

+ Fix a regression with IBus caused by the fix for CVE-2024-34397

Changes in version 2.78.5:

+ Fix CVE-2024-34397: GDBus signal subscriptions for well-known
  names are vulnerable to unicast spoofing. (bsc#1224044)
+ Bugs fixed:
  - gvfs-udisks2-volume-monitor SIGSEGV in
    g_content_type_guess_for_tree() due to filename with bad
    encoding
  - gcontenttype: Make filename valid utf-8 string before processing.
  - gdbusconnection: Don't deliver signals if the sender doesn't match.

Changes in version 2.78.4:

+ Bugs fixed:
  - Fix generated RST anchors for methods, signals and properties.
  - docs/reference: depend on a native gtk-doc.
  - gobject_gdb.py: Do not break bt on optimized build.
  - gregex: clean up usage of _GRegex.jit_status.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1954-1
Released:    Fri Jun  7 18:01:06 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1221482
This update for glibc fixes the following issues:

- Also include stat64 in the 32-bit libc_nonshared.a workaround
  (bsc#1221482)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1997-1
Released:    Tue Jun 11 17:24:32 2024
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    moderate
References:  1223596
This update for e2fsprogs fixes the following issues:

- EA Inode handling fixes:
  - e2fsck: add more checks for ea inode consistency (bsc#1223596)
  - e2fsck: fix golden output of several tests (bsc#1223596)

-----------------------------------------------------------------
Advisory ID: 33664
Released:    Thu Jun 13 21:03:11 2024
Summary:     Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings
Type:        recommended
Severity:    important
References:  1222086,1223430,1223766,1224242
This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues:

- Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242)
- Improve updating of installed multiversion packages
- Fix decision introspection going into an endless loop in some cases
- Split libsolv-tools into libsolv-tools-base [jsc#PED-8153]
- Improve checks against corrupt rpm
- Fixed check for outdated repo metadata as non-root user (bsc#1222086)
- Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153)
- Dynamically resolve libproxy (jsc#PED-8153)
- Fix download from gpgkey URL (bsc#1223430)
- Delay zypp lock until command options are parsed (bsc#1223766)
- Unify message format

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2066-1
Released:    Tue Jun 18 13:16:09 2024
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741
This update for openssl-3 fixes the following issues:

Security issues fixed:

- CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388)
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)

Other issues fixed:

- Enable livepatching support (bsc#1223428)
- Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, +  gh#openssl/openssl#23456)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2086-1
Released:    Wed Jun 19 11:48:24 2024
Summary:     Recommended update for gcc13
Type:        recommended
Severity:    moderate
References:  1188441
This update for gcc13 fixes the following issues:

Update to GCC 13.3 release

- Removed Fiji support from the GCN offload compiler as that is requiring
  Code Object version 3 which is no longer supported by llvm18.
- Avoid combine spending too much compile-time and memory doing nothing
  on s390x.  [bsc#1188441]
- Make requirement to lld version specific to avoid requiring the
  meta-package.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2214-1
Released:    Tue Jun 25 17:11:26 2024
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1225598
This update for util-linux fixes the following issue:

- Fix hang of lscpu -e (bsc#1225598)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2239-1
Released:    Wed Jun 26 13:09:10 2024
Summary:     Recommended update for systemd
Type:        recommended
Severity:    critical
References:  1226415
This update for systemd contains the following fixes:

- testsuite: move a misplaced %endif

- Do not remove existing configuration files in /etc. If these files were
  modified on the systemd, that may cause unwanted side effects (bsc#1226415).

- Import upstream commit (merge of v254.13)
  Use the pty slave fd opened from the namespace when transient service is running in a container.
  This revert the backport of the broken commit until a fix is released in the v254-stable tree.

- Import upstream commit (merge of v254.11)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc
  
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2024:2282-1
Released:    Tue Jul  2 22:41:28 2024
Summary:     Optional update for openscap, scap-security-guide
Type:        optional
Severity:    moderate
References:  

This update for scap-security-guide and openscap provides the SCAP tooling
for SLE Micro 5.3, 5.4, 5.5.

This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2290-1
Released:    Wed Jul  3 11:35:00 2024
Summary:     Security update for libxml2
Type:        security
Severity:    low
References:  1224282,CVE-2024-34459
This update for libxml2 fixes the following issues:

- CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2307-1
Released:    Fri Jul  5 12:04:34 2024
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1227186,1227187,CVE-2024-37370,CVE-2024-37371
This update for krb5 fixes the following issues:

- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2479-1
Released:    Mon Jul 15 10:33:22 2024
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032
This update for python3 fixes the following issues:

- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2912-1
Released:    Wed Aug 14 20:20:13 2024
Summary:     Recommended update for cloud-regionsrv-client
Type:        recommended
Severity:    important
References:  1222985,1223571,1224014,1224016,1227308
This update for cloud-regionsrv-client contains the following fixes:

- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
  + Add support for sidecar registry
    Podman and rootless Docker support to set up the necessary
    configuration for the container engines to run as defined
  + Add running command as root through sudoers file

- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
  + In addition to logging, write message to stderr when registration fails
  + Detect transactional-update system with read only setup and use
    the transactional-update command to register
  + Handle operation in a different target root directory for credentials
    checking

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2933-1
Released:    Thu Aug 15 12:12:50 2024
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1225907,1226463,1227138,CVE-2024-5535
This update for openssl-1_1 fixes the following issues:

- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)

Other fixes:
- Build with no-afalgeng. (bsc#1226463)
- Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907)


The following package changes have been done:

- glibc-2.38-150600.14.5.1 updated
- libuuid1-2.39.3-150600.4.6.2 updated
- libsmartcols1-2.39.3-150600.4.6.2 updated
- libcom_err2-1.47.0-150600.4.3.2 updated
- libblkid1-2.39.3-150600.4.6.2 updated
- libfdisk1-2.39.3-150600.4.6.2 updated
- libxml2-2-2.10.3-150500.5.17.1 updated
- perl-base-5.26.1-150300.17.17.1 updated
- libgcc_s1-13.3.0+git8781-150000.1.12.1 updated
- libstdc++6-13.3.0+git8781-150000.1.12.1 updated
- libglib-2_0-0-2.78.6-150600.4.3.1 updated
- libmount1-2.39.3-150600.4.6.2 updated
- libopenssl3-3.1.4-150600.5.7.1 updated
- libudev1-254.13-150600.4.5.1 updated
- libsystemd0-254.13-150600.4.5.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.7.1 updated
- krb5-1.20.1-150600.11.3.1 updated
- libprocps8-3.3.17-150000.7.39.1 updated
- procps-3.3.17-150000.7.39.1 updated
- coreutils-8.32-150400.9.6.1 updated
- libsolv-tools-base-0.7.29-150400.3.22.4 added
- libzypp-17.34.1-150600.3.4.6 updated
- zypper-1.14.71-150600.10.2.7 updated
- util-linux-2.39.3-150600.4.6.2 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated
- openssl-3-3.1.4-150600.5.7.1 updated
- libyaml-0-2-0.1.7-150000.3.2.1 added
- libopenssl1_1-1.1.1w-150600.5.6.1 updated
- libpython3_6m1_0-3.6.15-150300.10.65.1 updated
- python3-base-3.6.15-150300.10.65.1 updated
- python3-3.6.15-150300.10.65.2 updated
- python3-PyYAML-5.4.1-150300.3.3.1 updated
- container:sles15-image-15.6.0-47.9.1 updated
- gio-branding-SLE-15-150600.33.2 removed
- glib2-tools-2.78.3-150600.2.2 removed
- libabsl2401_0_0-20240116.1-150600.17.7 removed
- libgio-2_0-0-2.78.3-150600.2.2 removed
- libgmodule-2_0-0-2.78.3-150600.2.2 removed
- libgobject-2_0-0-2.78.3-150600.2.2 removed
- libprotobuf-lite25_1_0-25.1-150600.14.3 removed
- shared-mime-info-2.4-150600.1.3 removed