SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1685-1 Container Tags : suse/manager/5.0/x86_64/proxy-squid:5.0.0-beta2 , suse/manager/5.0/x86_64/proxy-squid:5.0.0-beta2.3.32 , suse/manager/5.0/x86_64/proxy-squid:latest Container Release : 3.32 Severity : important Type : security References : 1196025 1196026 1196168 1196169 1196171 1196784 1203438 1204708 1210959 1214934 1215377 1217450 1217667 1218492 1219031 1219321 1219520 1219559 1220061 1220724 1221239 1221289 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-40674 CVE-2022-43680 CVE-2023-45918 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.89 updated - crypto-policies-20230920.570ea89-150600.1.9 updated - libldap-data-2.4.46-150600.23.15 updated - libsemanage-conf-3.5-150600.1.48 updated - glibc-2.38-150600.9.2 updated - libsepol2-3.5-150600.1.48 updated - libsasl2-3-2.1.28-150600.5.2 updated - libpcre2-8-0-10.42-150600.1.25 updated - liblzma5-5.4.1-150600.1.1 updated - libcom_err2-1.47.0-150600.2.25 updated - libselinux1-3.5-150600.1.45 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 added - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.18 updated - libsemanage2-3.5-150600.1.48 updated - libopenssl-3-fips-provider-3.1.4-150600.2.18 updated - libldap-2_4-2-2.4.46-150600.23.15 updated - krb5-1.20.1-150600.9.1 updated - patterns-base-fips-20200124-150600.29.2 updated - coreutils-8.32-150400.9.3.1 updated - login_defs-4.8.1-150600.15.44 updated - libcrack2-2.9.11-150600.1.89 updated - cracklib-2.9.11-150600.1.89 updated - sed-4.9-150600.1.3 updated - shadow-4.8.1-150600.15.44 updated - container:sles15-image-15.0.0-45.12 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - file-magic-5.32-7.14.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libblkid1-2.39.3-150600.1.14 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcurl4-8.0.1-150600.10.1 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.39.3-150600.1.14 removed - libgcrypt20-1.10.3-150600.1.7 removed - libgpg-error0-1.47-150600.1.1 removed - libidn2-0-2.2.0-3.6.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.4-150600.1.2 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.39.3-150600.1.14 removed - libnghttp2-14-1.40.0-150600.22.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsmartcols1-2.39.3-150600.1.14 removed - libssh-config-0.9.8-150600.8.1 removed - libssh4-0.9.8-150600.8.1 removed - libsystemd0-254.9-150600.2.4 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.39.3-150600.1.14 removed - libzstd1-1.5.5-150600.1.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - sles-release-15.6-150600.26.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.39.3-150600.1.14 removed