SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:2688-1
Container Tags        : suse/manager/4.3/proxy-tftpd:4.3.12 , suse/manager/4.3/proxy-tftpd:4.3.12.9.42.7 , suse/manager/4.3/proxy-tftpd:latest
Container Release     : 9.42.7
Severity              : important
Type                  : security
References            : 1188500 1210959 1214934 1215496 1217445 1217450 1217589 1217667
                        1218492 1218866 1219031 1219243 1219321 1219520 1220061 1220441
                        1220724 1220770 1220771 1221184 1221239 1221632 1221940 1222548
                        1222992 1223423 1223424 1223425 1223596 CVE-2023-45918 CVE-2024-0727
                        CVE-2024-2511 CVE-2024-26458 CVE-2024-26461 CVE-2024-2961 CVE-2024-33599
                        CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 
-----------------------------------------------------------------

The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:62-1
Released:    Mon Jan  8 11:44:47 2024
Summary:     Recommended update for libxcrypt
Type:        recommended
Severity:    moderate
References:  1215496
This update for libxcrypt fixes the following issues:

- fix variable name for datamember [bsc#1215496]
- added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:833-1
Released:    Mon Mar 11 10:31:14 2024
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1219243,CVE-2024-0727
This update for openssl-1_1 fixes the following issues:

- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:870-1
Released:    Wed Mar 13 13:05:14 2024
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1217445,1217589,1218866
This update for glibc fixes the following issues:

Security issues fixed:

- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)

Other issues fixed:

- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:929-1
Released:    Tue Mar 19 06:36:24 2024
Summary:     Recommended update for coreutils
Type:        recommended
Severity:    moderate
References:  1219321
This update for coreutils fixes the following issues:

- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1006-1
Released:    Wed Mar 27 10:48:38 2024
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1220770,1220771,CVE-2024-26458,CVE-2024-26461
This update for krb5 fixes the following issues:

- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1133-1
Released:    Mon Apr  8 11:29:02 2024
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1220061,CVE-2023-45918
This update for ncurses fixes the following issues:

- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1231-1
Released:    Thu Apr 11 15:20:40 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1220441
This update for glibc fixes the following issues:

- duplocale: protect use of global locale (bsc#1220441, BZ #23970)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1253-1
Released:    Fri Apr 12 08:15:18 2024
Summary:     Recommended update for gcc13
Type:        recommended
Severity:    moderate
References:  1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239
This update for gcc13 fixes the following issues:

- Fix unwinding for JIT code.  [bsc#1221239] 
- Revert libgccjit dependency change.  [bsc#1220724]
- Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
  breaks them.  [bsc#1219520]
- Add support for -fmin-function-alignment.  [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Fix for building TVM.  [bsc#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
  [bsc#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel.  [bsc#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
- Fixed building mariadb on i686.  [bsc#1217667]
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
  cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
  %product_libs_llvm_ver where available and adjust tool discovery
  accordingly.  This should also properly trigger re-builds when
  the patchlevel version of llvmVER changes, possibly changing
  the binary names we link to.  [bsc#1217450]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1375-1
Released:    Mon Apr 22 14:56:13 2024
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1222992,CVE-2024-2961
This update for glibc fixes the following issues:

- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1429-1
Released:    Wed Apr 24 15:13:10 2024
Summary:     Recommended update for ca-certificates
Type:        recommended
Severity:    moderate
References:  1188500,1221184
This update for ca-certificates fixes the following issue:

- Update version (bsc#1221184)
  * Use flock to serialize calls (bsc#1188500)
  * Make certbundle.run container friendly
  * Create /var/lib/ca-certificates if needed

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1665-1
Released:    Thu May 16 08:00:09 2024
Summary:     Recommended update for coreutils
Type:        recommended
Severity:    moderate
References:  1221632
This update for coreutils fixes the following issues:

- ls: avoid triggering automounts (bsc#1221632)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1802-1
Released:    Tue May 28 16:20:18 2024
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    moderate
References:  1223596
This update for e2fsprogs fixes the following issues:

EA Inode handling fixes:
- ext2fs: avoid re-reading inode multiple times (bsc#1223596)
- e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596)
- e2fsck: add more checks for ea inode consistency (bsc#1223596)
- e2fsck: fix golden output of several tests (bsc#1223596)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1895-1
Released:    Mon Jun  3 09:00:20 2024
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602
This update for glibc fixes the following issues:

- CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423)
- CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424)
- CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424)
- CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425)
- CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)

- Avoid creating userspace live patching prologue for _start routine (bsc#1221940)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1949-1
Released:    Fri Jun  7 17:07:33 2024
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1222548,CVE-2024-2511
This update for openssl-1_1 fixes the following issues:

- CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).


The following package changes have been done:

- glibc-2.31-150300.83.1 updated
- libcrypt1-4.4.15-150300.4.7.1 updated
- libcom_err2-1.46.4-150400.3.6.2 updated
- libgcc_s1-13.2.1+git8285-150000.1.9.1 updated
- libstdc++6-13.2.1+git8285-150000.1.9.1 updated
- libncurses6-6.1-150000.5.24.1 updated
- terminfo-base-6.1-150000.5.24.1 updated
- libopenssl1_1-1.1.1l-150400.7.66.2 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.66.2 updated
- krb5-1.19.2-150400.3.9.1 updated
- coreutils-8.32-150400.9.6.1 updated
- openssl-1_1-1.1.1l-150400.7.66.2 updated
- ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated
- container:sles15-ltss-image-15.0.0-3.40 added
- container:registry.suse.com-bci-bci-base-15.4-- removed