SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:740-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.5 , suse/manager/4.3/proxy-squid:4.3.5.9.25.1 , suse/manager/4.3/proxy-squid:latest Container Release : 9.25.1 Severity : important Type : security References : 1207789 1207990 1207991 1207992 1207994 1208924 1208925 1208926 1208998 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. The following package changes have been done: - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libsystemd0-249.15-150400.8.22.1 updated - libopenssl1_1-1.1.1l-150400.7.28.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.28.1 updated - libcurl4-7.79.1-150400.5.15.1 updated