SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:308-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.24.9 , suse/sle15:15.4 , suse/sle15:15.4.24.9 Container Release : 24.9 Severity : important Type : security References : 1194265 1194845 1195468 1195654 1196036 1196494 1196495 CVE-2022-24407 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) The following package changes have been done: - bash-4.4-150400.23.77 updated - cpio-2.13-150400.1.66 updated - libaudit1-3.0.6-150400.1.18 updated - libblkid1-2.37.2-150400.5.3 updated - libbz2-1-1.0.8-150400.1.84 updated - libcom_err2-1.46.4-150400.1.49 updated - libdw1-0.185-150400.3.5 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.9 updated - libelf1-0.185-150400.3.5 updated - libfdisk1-2.37.2-150400.5.3 updated - libgcrypt20-hmac-1.9.4-150400.2.14 updated - libgcrypt20-1.9.4-150400.2.14 updated - libgpg-error0-1.42-150400.1.90 updated - libgpgme11-1.16.0-150400.1.55 updated - libldap-2_4-2-2.4.46-9.61.1 updated - libldap-data-2.4.46-9.61.1 updated - libmount1-2.37.2-150400.5.3 updated - libopenssl1_1-hmac-1.1.1l-150400.3.15 updated - libopenssl1_1-1.1.1l-150400.3.15 updated - libprocps7-3.3.15-7.22.1 updated - libreadline7-7.0-150400.23.77 updated - libsasl2-3-2.1.27-150300.4.6.1 updated - libselinux1-3.1-150400.1.36 updated - libsemanage1-3.1-150400.1.34 updated - libsepol1-3.1-150400.1.37 updated - libsmartcols1-2.37.2-150400.5.3 updated - libsolv-tools-0.7.21-150400.1.1 updated - libsystemd0-249.10-150400.3.7 updated - libudev1-249.10-150400.3.7 updated - libuuid1-2.37.2-150400.5.3 updated - libzstd1-1.5.0-150400.1.42 updated - libzypp-17.29.6-150400.1.1 updated - login_defs-4.8.1-150400.8.24 updated - openssl-1_1-1.1.1l-150400.3.15 updated - permissions-20201225-150400.1.1 updated - procps-3.3.15-7.22.1 updated - rpm-config-SUSE-1-150400.12.7 updated - shadow-4.8.1-150400.8.24 updated - sles-release-15.4-150400.44.1 updated - suse-build-key-12.0-8.19.1 updated - system-group-hardware-20170617-150400.21.56 updated - update-alternatives-1.19.0.4-4.3.1 updated - util-linux-2.37.2-150400.5.3 updated - zypper-1.14.52-150400.1.2 updated