SUSE Container Update Advisory: rancher/seedimage-builder
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1546-1
Container Tags        : rancher/seedimage-builder:1.4.3 , rancher/seedimage-builder:1.4.3-3.2.35 , rancher/seedimage-builder:latest
Container Release     : 3.2.35
Severity              : important
Type                  : security
References            : 1210959 1214934 1217445 1217450 1217589 1217667 1218492 1218866
                        1219031 1219243 1219321 1219520 1220061 1220385 1220441 1220724
                        1220770 1220771 1220772 1221239 1221399 1221665 1221667 CVE-2023-45918
                        CVE-2024-0727 CVE-2024-2004 CVE-2024-2398 CVE-2024-26458 CVE-2024-26461
                        CVE-2024-26462 CVE-2024-28182 
-----------------------------------------------------------------

The container rancher/seedimage-builder was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:549-1
Released:    Tue Feb 20 17:05:52 2024
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1219243,CVE-2024-0727
This update for openssl-1_1 fixes the following issues:

- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:766-1
Released:    Tue Mar  5 13:50:28 2024
Summary:     Recommended update for libssh
Type:        recommended
Severity:    important
References:  1220385
This update for libssh fixes the following issues:

- Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:870-1
Released:    Wed Mar 13 13:05:14 2024
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1217445,1217589,1218866
This update for glibc fixes the following issues:

Security issues fixed:

- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)

Other issues fixed:

- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:929-1
Released:    Tue Mar 19 06:36:24 2024
Summary:     Recommended update for coreutils
Type:        recommended
Severity:    moderate
References:  1219321
This update for coreutils fixes the following issues:

- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:997-1
Released:    Tue Mar 26 11:03:37 2024
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462
This update for krb5 fixes the following issues:

- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
- CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1133-1
Released:    Mon Apr  8 11:29:02 2024
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1220061,CVE-2023-45918
This update for ncurses fixes the following issues:

- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1151-1
Released:    Mon Apr  8 11:36:23 2024
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1221665,1221667,CVE-2024-2004,CVE-2024-2398
This update for curl fixes the following issues:

- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1167-1
Released:    Mon Apr  8 15:11:11 2024
Summary:     Security update for nghttp2
Type:        security
Severity:    important
References:  1221399,CVE-2024-28182
This update for nghttp2 fixes the following issues:

- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1231-1
Released:    Thu Apr 11 15:20:40 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1220441
This update for glibc fixes the following issues:

- duplocale: protect use of global locale (bsc#1220441, BZ #23970)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1253-1
Released:    Fri Apr 12 08:15:18 2024
Summary:     Recommended update for gcc13
Type:        recommended
Severity:    moderate
References:  1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239
This update for gcc13 fixes the following issues:

- Fix unwinding for JIT code.  [bsc#1221239] 
- Revert libgccjit dependency change.  [bsc#1220724]
- Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
  breaks them.  [bsc#1219520]
- Add support for -fmin-function-alignment.  [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Fix for building TVM.  [bsc#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
  [bsc#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel.  [bsc#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
- Fixed building mariadb on i686.  [bsc#1217667]
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
  cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
  %product_libs_llvm_ver where available and adjust tool discovery
  accordingly.  This should also properly trigger re-builds when
  the patchlevel version of llvmVER changes, possibly changing
  the binary names we link to.  [bsc#1217450]


The following package changes have been done:

- libssh-config-0.9.8-150400.3.6.1 updated
- glibc-2.31-150300.71.1 updated
- libnghttp2-14-1.40.0-150200.17.1 updated
- libgcc_s1-13.2.1+git8285-150000.1.9.1 updated
- libstdc++6-13.2.1+git8285-150000.1.9.1 updated
- libncurses6-6.1-150000.5.24.1 updated
- terminfo-base-6.1-150000.5.24.1 updated
- libopenssl1_1-1.1.1l-150500.17.25.1 updated
- libopenssl1_1-hmac-1.1.1l-150500.17.25.1 updated
- krb5-1.20.1-150500.3.6.1 updated
- libssh4-0.9.8-150400.3.6.1 updated
- coreutils-8.32-150400.9.3.1 updated
- libcurl4-8.0.1-150400.5.44.1 updated
- curl-8.0.1-150400.5.44.1 updated
- openssl-1_1-1.1.1l-150500.17.25.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 removed
- cpio-2.13-150400.3.3.1 removed
- cracklib-2.9.7-11.6.1 removed
- cracklib-dict-small-2.9.7-11.6.1 removed
- diffutils-3.6-4.3.1 removed
- file-magic-5.32-7.14.1 removed
- fillup-1.42-2.18 removed
- gpg2-2.2.27-150300.3.8.1 removed
- grep-3.1-150000.4.6.1 removed
- gzip-1.10-150200.10.1 removed
- libassuan0-2.5.5-150000.4.5.2 removed
- libaudit1-3.0.6-150400.4.13.1 removed
- libblkid1-2.37.4-150500.9.3.1 removed
- libcap-ng0-0.7.9-4.37 removed
- libcrack2-2.9.7-11.6.1 removed
- libcrypt1-4.4.15-150300.4.7.1 removed
- libdw1-0.185-150400.5.3.1 removed
- libeconf0-0.5.2-150400.3.6.1 removed
- libelf1-0.185-150400.5.3.1 removed
- libfdisk1-2.37.4-150500.9.3.1 removed
- libgcrypt20-1.9.4-150500.10.19 removed
- libgcrypt20-hmac-1.9.4-150500.10.19 removed
- libglib-2_0-0-2.70.5-150400.3.8.1 removed
- libgpg-error0-1.42-150400.1.101 removed
- libgpgme11-1.16.0-150400.1.80 removed
- libksba8-1.3.5-150000.4.6.1 removed
- liblua5_3-5-5.3.6-3.6.1 removed
- liblz4-1-1.9.3-150400.1.7 removed
- libmagic1-5.32-7.14.1 removed
- libmount1-2.37.4-150500.9.3.1 removed
- libnpth0-1.5-2.11 removed
- libnsl2-1.2.0-2.44 removed
- libpcre1-8.45-150000.20.13.1 removed
- libpopt0-1.16-3.22 removed
- libsmartcols1-2.37.4-150500.9.3.1 removed
- libsqlite3-0-3.44.0-150000.3.23.1 removed
- libsystemd0-249.17-150400.8.40.1 removed
- libtirpc-netconfig-1.3.4-150300.3.23.1 removed
- libtirpc3-1.3.4-150300.3.23.1 removed
- libudev1-249.17-150400.8.40.1 removed
- libusb-1_0-0-1.0.24-150400.3.3.1 removed
- libutempter0-1.1.6-3.42 removed
- libuuid1-2.37.4-150500.9.3.1 removed
- libxml2-2-2.10.3-150500.5.11.1 removed
- login_defs-4.8.1-150400.10.12.1 removed
- ncurses-utils-6.1-150000.5.20.1 removed
- netcfg-11.6-3.3.1 removed
- pam-1.3.0-150000.6.66.1 removed
- perl-base-5.26.1-150300.17.14.1 removed
- permissions-20201225-150400.5.16.1 removed
- pinentry-1.1.0-4.3.1 removed
- rpm-config-SUSE-1-150400.14.3.1 removed
- sed-4.4-11.6 removed
- shadow-4.8.1-150400.10.12.1 removed
- system-group-hardware-20170617-150400.24.2.1 removed
- sysuser-shadow-3.2-150400.3.5.3 removed
- tar-1.34-150000.3.34.1 removed
- timezone-2023c-150000.75.23.1 removed
- util-linux-2.37.4-150500.9.3.1 removed