SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2686-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.12 , suse/manager/4.3/proxy-squid:4.3.12.9.51.7 , suse/manager/4.3/proxy-squid:latest Container Release : 9.51.7 Severity : important Type : security References : 1082216 1082233 1176006 1188307 1203823 1210959 1213638 1214934 1215377 1215496 1217000 1217445 1217450 1217589 1217667 1218475 1218492 1218866 1219031 1219243 1219321 1219520 1219576 1220061 1220441 1220724 1220770 1220771 1221218 1221239 1221632 1221940 1222548 1222992 1223423 1223424 1223425 1223596 CVE-2018-6798 CVE-2018-6913 CVE-2023-45918 CVE-2024-0727 CVE-2024-22365 CVE-2024-25062 CVE-2024-2511 CVE-2024-26458 CVE-2024-26461 CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:62-1 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Type: recommended Severity: moderate References: 1215496 This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:833-1 Released: Mon Mar 11 10:31:14 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1006-1 Released: Wed Mar 27 10:48:38 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1485-1 Released: Thu May 2 05:33:36 2024 Summary: Recommended update for python39 Type: recommended Severity: moderate References: This update for python39 fixes the following issues: - Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:613-1 Released: Fri Jun 7 16:01:54 2024 Summary: Security update for libxml2 Type: security Severity: important References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1949-1 Released: Fri Jun 7 17:07:33 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). The following package changes have been done: - glibc-2.31-150300.83.1 updated - libcrypt1-4.4.15-150300.4.7.1 updated - perl-base-5.26.1-150300.17.17.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libaudit1-3.0.6-150400.4.16.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libxml2-2-2.9.14-150400.5.28.1 updated - libopenssl1_1-1.1.1l-150400.7.66.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.66.2 updated - libsemanage1-3.1-150400.3.4.2 updated - krb5-1.19.2-150400.3.9.1 updated - login_defs-4.8.1-150400.10.15.1 updated - coreutils-8.32-150400.9.6.1 updated - sed-4.4-150300.13.3.1 updated - pam-1.3.0-150000.6.66.1 updated - shadow-4.8.1-150400.10.15.1 updated - container:sles15-ltss-image-15.0.0-3.40 added - container:registry.suse.com-bci-bci-base-15.4-- removed