SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1097-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.45.2.80 , suse/sle15:15.6 , suse/sle15:15.6.45.2.80 Container Release : 45.2.80 Severity : important Type : security References : 1087072 1195654 1196025 1196026 1196168 1196169 1196171 1196784 1199944 1203438 1204111 1204112 1204113 1204708 1212126 1216296 CVE-2022-1664 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-40674 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-43680 CVE-2023-34969 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4973-1 Released: Tue Dec 26 04:44:10 2023 Summary: Recommended update for duktape Type: recommended Severity: moderate References: 1216296 This update of duktape fixes the following issue: - duktape-devel is shipped to Basesystem module (bsc#1216296). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:637-1 Released: Tue Feb 27 10:06:55 2024 Summary: Recommended update for duktape Type: recommended Severity: moderate References: This update for duktape fixes the following issues: - Ship libduktape206-32bit: needed by libproxy since version 0.5. The following package changes have been done: - dbus-1-1.12.2-150400.18.8.1 added - gio-branding-SLE-15-150600.33.2 added - glib2-tools-2.78.3-150600.1.6 added - libdbus-1-3-1.12.2-150400.18.8.1 added - libduktape206-2.6.0-150500.4.5.1 added - libexpat1-2.4.4-150400.3.12.1 added - libgio-2_0-0-2.78.3-150600.1.6 added - libgmodule-2_0-0-2.78.3-150600.1.6 added - libgobject-2_0-0-2.78.3-150600.1.6 added - libgpgme11-1.23.0-150600.1.27 updated - libproxy1-0.5.3-150600.1.1 updated - libpxbackend-1_0-0.5.3-150600.1.1 added - libssh-config-0.9.8-150600.8.3 updated - libssh4-0.9.8-150600.8.3 updated - libsystemd0-254.9-150600.2.14 updated - libudev1-254.9-150600.2.14 updated - libzypp-17.31.31-150600.8.6 updated - shared-mime-info-2.4-150600.1.2 added - sle-module-basesystem-release-15.6-150600.28.1 updated - sle-module-python3-release-15.6-150600.28.1 updated - sle-module-server-applications-release-15.6-150600.28.1 updated - sles-release-15.6-150600.28.2 updated - update-alternatives-1.19.0.4-150000.4.4.1 added