SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2030-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.27 , suse/sle15:15.3 , suse/sle15:15.3.17.20.27 Container Release : 17.20.27 Severity : moderate Type : security References : 1197178 1198731 1198925 1200842 1202593 CVE-2022-35252 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2982-1 Released: Thu Sep 1 12:33:47 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731,1200842 This update for util-linux fixes the following issues: - su: Change owner and mode for pty (bsc#1200842) - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) - mesg: use only stat() to get the current terminal status (bsc#1200842) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate References: 1198925 This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3004-1 Released: Fri Sep 2 15:02:14 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). The following package changes have been done: - curl-7.66.0-150200.4.39.1 updated - libblkid1-2.36.2-150300.4.23.1 updated - libcurl4-7.66.0-150200.4.39.1 updated - libfdisk1-2.36.2-150300.4.23.1 updated - libmount1-2.36.2-150300.4.23.1 updated - libsmartcols1-2.36.2-150300.4.23.1 updated - libusb-1_0-0-1.0.21-150000.3.5.1 updated - libuuid1-2.36.2-150300.4.23.1 updated - util-linux-2.36.2-150300.4.23.1 updated