SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:907-1 Container Tags : bci/python:3 , bci/python:3-17.24 , bci/python:3.11 , bci/python:3.11-17.24 , bci/python:latest Container Release : 17.24 Severity : important Type : security References : 1196025 1210638 1219666 CVE-2022-25236 CVE-2023-27043 CVE-2023-6597 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:782-1 Released: Wed Mar 6 16:33:49 2024 Summary: Security update for python311 Type: security Severity: important References: 1196025,1210638,1219666,CVE-2022-25236,CVE-2023-27043,CVE-2023-6597 This update for python311 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2023-27043: Fixed incorrect e-mqil parsing (bsc#1210638). - CVE-2022-25236: Fixed an expat vulnerability by supporting expat >= 2.4.4 (bsc#1212015). The following package changes have been done: - libpython3_11-1_0-3.11.8-150400.9.23.1 updated - python311-base-3.11.8-150400.9.23.1 updated - python311-3.11.8-150400.9.23.1 updated - python311-devel-3.11.8-150400.9.23.1 updated - container:sles15-image-15.0.0-36.11.10 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - fillup-1.42-2.18 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcrack2-2.9.7-11.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libgpg-error0-1.42-150400.1.101 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmount1-2.37.4-150500.9.3.1 removed - libpopt0-1.16-3.22 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libutempter0-1.1.6-3.42 removed - libxml2-2-2.10.3-150500.5.14.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.7.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - sles-release-15.5-150500.43.4 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.37.4-150500.9.3.1 removed