SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-ssh
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:4374-1
Container Tags        : suse/manager/5.0/x86_64/proxy-ssh:5.0.1 , suse/manager/5.0/x86_64/proxy-ssh:5.0.1.7.5.1 , suse/manager/5.0/x86_64/proxy-ssh:latest
Container Release     : 7.5.1
Severity              : critical
Type                  : security
References            : 1188441 1219559 1220664 1221482 1221563 1221632 1221854 1222075
                        1222985 1223428 1223571 1223596 1224014 1224016 1224388 1225291
                        1225551 1225907 1226415 1226447 1226448 1226463 1227138 1227186
                        1227187 1227308 1227456 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450
                        CVE-2024-37370 CVE-2024-37371 CVE-2024-4032 CVE-2024-4603 CVE-2024-4741
                        CVE-2024-5535 
-----------------------------------------------------------------

The container suse/manager/5.0/x86_64/proxy-ssh was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1665-1
Released:    Thu May 16 08:00:09 2024
Summary:     Recommended update for coreutils
Type:        recommended
Severity:    moderate
References:  1221632
This update for coreutils fixes the following issues:

- ls: avoid triggering automounts (bsc#1221632)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1934-1
Released:    Thu Jun  6 11:19:24 2024
Summary:     Recommended update for sles15-image
Type:        recommended
Severity:    moderate
References:  
This update for sles15-image fixes the following issues:

- update to SUSE LLC and use https (it's 2024)
- use more specific lifecycle url
- remove deprecated label duplication as those labels are
  inherited into all derived containers as well causing
  confusion
- set supportlevel to released and L3
- use the base-container-images landing page
- rename kiwi file to match package name
- move artifacthub.io labels outside labelling helper to
  avoid duplication

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1954-1
Released:    Fri Jun  7 18:01:06 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1221482
This update for glibc fixes the following issues:

- Also include stat64 in the 32-bit libc_nonshared.a workaround
  (bsc#1221482)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1997-1
Released:    Tue Jun 11 17:24:32 2024
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    moderate
References:  1223596
This update for e2fsprogs fixes the following issues:

- EA Inode handling fixes:
  - e2fsck: add more checks for ea inode consistency (bsc#1223596)
  - e2fsck: fix golden output of several tests (bsc#1223596)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2066-1
Released:    Tue Jun 18 13:16:09 2024
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741
This update for openssl-3 fixes the following issues:

Security issues fixed:

- CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388)
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)

Other issues fixed:

- Enable livepatching support (bsc#1223428)
- Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, +  gh#openssl/openssl#23456)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2086-1
Released:    Wed Jun 19 11:48:24 2024
Summary:     Recommended update for gcc13
Type:        recommended
Severity:    moderate
References:  1188441
This update for gcc13 fixes the following issues:

Update to GCC 13.3 release

- Removed Fiji support from the GCN offload compiler as that is requiring
  Code Object version 3 which is no longer supported by llvm18.
- Avoid combine spending too much compile-time and memory doing nothing
  on s390x.  [bsc#1188441]
- Make requirement to lld version specific to avoid requiring the
  meta-package.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2239-1
Released:    Wed Jun 26 13:09:10 2024
Summary:     Recommended update for systemd
Type:        recommended
Severity:    critical
References:  1226415
This update for systemd contains the following fixes:

- testsuite: move a misplaced %endif

- Do not remove existing configuration files in /etc. If these files were
  modified on the systemd, that may cause unwanted side effects (bsc#1226415).

- Import upstream commit (merge of v254.13)
  Use the pty slave fd opened from the namespace when transient service is running in a container.
  This revert the backport of the broken commit until a fix is released in the v254-stable tree.

- Import upstream commit (merge of v254.11)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2307-1
Released:    Fri Jul  5 12:04:34 2024
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1227186,1227187,CVE-2024-37370,CVE-2024-37371
This update for krb5 fixes the following issues:

- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2479-1
Released:    Mon Jul 15 10:33:22 2024
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032
This update for python3 fixes the following issues:

- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2587-1
Released:    Mon Jul 22 13:44:54 2024
Summary:     Recommended update for openssh
Type:        recommended
Severity:    moderate
References:  1227456
This update for openssh fixes the following issues:

- Remove empty line at the end of sshd-sle.pamd (bsc#1227456)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2912-1
Released:    Wed Aug 14 20:20:13 2024
Summary:     Recommended update for cloud-regionsrv-client
Type:        recommended
Severity:    important
References:  1222985,1223571,1224014,1224016,1227308
This update for cloud-regionsrv-client contains the following fixes:

- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
  + Add support for sidecar registry
    Podman and rootless Docker support to set up the necessary
    configuration for the container engines to run as defined
  + Add running command as root through sudoers file

- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
  + In addition to logging, write message to stderr when registration fails
  + Detect transactional-update system with read only setup and use
    the transactional-update command to register
  + Handle operation in a different target root directory for credentials
    checking

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2933-1
Released:    Thu Aug 15 12:12:50 2024
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1225907,1226463,1227138,CVE-2024-5535
This update for openssl-1_1 fixes the following issues:

- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)

Other fixes:
- Build with no-afalgeng. (bsc#1226463)
- Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907)


The following package changes have been done:

- glibc-2.38-150600.14.5.1 updated
- libcom_err2-1.47.0-150600.4.3.2 updated
- libgcc_s1-13.3.0+git8781-150000.1.12.1 updated
- libstdc++6-13.3.0+git8781-150000.1.12.1 updated
- libopenssl3-3.1.4-150600.5.7.1 updated
- libudev1-254.13-150600.4.5.1 updated
- libsystemd0-254.13-150600.4.5.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.7.1 updated
- krb5-1.20.1-150600.11.3.1 updated
- coreutils-8.32-150400.9.6.1 updated
- libyaml-0-2-0.1.7-150000.3.2.1 added
- openssh-common-9.6p1-150600.6.9.1 updated
- libopenssl1_1-1.1.1w-150600.5.6.1 updated
- openssh-fips-9.6p1-150600.6.9.1 updated
- openssh-server-9.6p1-150600.6.9.1 updated
- openssh-clients-9.6p1-150600.6.9.1 updated
- libpython3_6m1_0-3.6.15-150300.10.65.1 updated
- python3-base-3.6.15-150300.10.65.1 updated
- python3-3.6.15-150300.10.65.2 updated
- openssh-9.6p1-150600.6.9.1 updated
- python3-PyYAML-5.4.1-150300.3.3.1 updated
- container:sles15-image-15.6.0-47.9.1 updated