SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:667-1 Container Tags : suse/sles12sp4:26.102 , suse/sles12sp4:latest Container Release : 26.102 Severity : moderate Type : security References : 1123919 1131830 1134550 1154036 1154037 CVE-2018-10754 CVE-2019-17594 CVE-2019-17595 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3085-1 Released: Thu Nov 28 10:01:53 2019 Summary: Security update for libxml2 Type: security Severity: low References: 1123919 This update for libxml2 doesn't fix any additional security issues, but correct the rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3094-1 Released: Thu Nov 28 16:47:52 2019 Summary: Security update for ncurses Type: security Severity: moderate References: 1131830,1134550,1154036,1154037,CVE-2018-10754,CVE-2019-17594,CVE-2019-17595 This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-10754: Fixed a denial of service caused by a NULL Pointer Dereference in the _nc_parse_entry() (bsc#1131830). - CVE-2019-17594: Fixed a heap-based buffer over-read in _nc_find_entry function in tinfo/comp_hash.c (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in fmt_entry function in tinfo/comp_hash.c (bsc#1154037). Bug fixes: - Fixed ppc64le build configuration (bsc#1134550). The following package changes have been done: - base-container-licenses-3.0-1.123 updated - container-suseconnect-2.0.0-1.45 updated - libncurses5-5.9-69.1 updated - libncurses6-5.9-69.1 updated - libxml2-2-2.9.4-46.23.2 updated - ncurses-utils-5.9-69.1 updated - terminfo-base-5.9-69.1 updated