SUSE Container Update Advisory: suse/sles/15.6/virt-launcher
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1720-1
Container Tags        : suse/sles/15.6/virt-launcher:1.1.1 , suse/sles/15.6/virt-launcher:1.1.1-150600.2.5 , suse/sles/15.6/virt-launcher:1.1.1.28.21
Container Release     : 28.21
Severity              : important
Type                  : security
References            : 1059627 1173034 1176932 1177039 1178481 1179020 1182661 1183012
                        1183051 1186282 1187332 1201590 1208079 1210959 1211272 1214934
                        1215005 1217316 1217320 1217321 1217324 1217326 1217329 1217330
                        1217432 1217450 1217667 1217964 1218492 1219031 1219321 1219520
                        1219559 1219581 1220061 1220724 1221239 1221289 CVE-2023-45918
                        CVE-2023-4750 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234
                        CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-52425
                        CVE-2024-22667 CVE-2024-28757 
-----------------------------------------------------------------

The container suse/sles/15.6/virt-launcher was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2735-1
Released:    Thu Sep 24 13:32:25 2020
Summary:     Recommended update for systemd-rpm-macros
Type:        recommended
Severity:    moderate
References:  1173034
This update for systemd-rpm-macros fixes the following issues:

- Introduce macro '%service_del_postun_without_restart' to resolve blocking new releases based on this. (bsc#1173034)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2782-1
Released:    Tue Sep 29 11:40:22 2020
Summary:     Recommended update for systemd-rpm-macros
Type:        recommended
Severity:    important
References:  1176932
This update for systemd-rpm-macros fixes the following issues:

- Backport missing macros of directory paths from upstream
  + %_environmentdir
  + %_modulesloaddir
  + %_modprobedir

- Make sure %_restart_on_update_never and %_stop_on_removal_never don't expand to the
  empty string. (bsc#1176932)
  Otherwise sequences like the following code:
     if [ ... ]; then
        %_restart_on_update_never
     fi
  would result in the following incorrect shell syntax:
     if [ ... ]; then
     fi

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2020:3795-1
Released:    Mon Dec 14 17:43:26 2020
Summary:     Optional update for systemd-rpm-macros
Type:        optional
Severity:    low
References:  1059627,1178481,1179020
This update for systemd-rpm-macros fixes the following issues:

- Deprecate '-f'/'-n' options
  When used with %service_del_preun, support for these options will be
  dropped as DISABLE_STOP_ON_REMOVAL support will be removed on the
  next version of SLE (jsc#SLE-8968)
  When used with %service_del_postun, they should be replaced with
  their counterpart
  %service_del_postun_with_restart/%service_del_postun_without_restart
- Introduced %service_del_postun_with_restart()
  It's the counterpart of %service_del_postun_without_restart() and
  replaces the '-f' option of %service_del_postun().
- Does no longer apply presets when migrating from a disabled initscript (bsc#1178481)
- Fix importing of %{_unitdir}

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:707-1
Released:    Thu Mar  4 09:19:36 2021
Summary:     Recommended update for systemd-rpm-macros
Type:        recommended
Severity:    moderate
References:  1177039
This update for systemd-rpm-macros fixes the following issues:

- Bump to version 6

- Make upstream '%systemd_{pre,post,preun,postun}' aliases to their SUSE counterparts.
  Packagers can now choose to use the upstream or the SUSE variants
  indifferently. For consistency the SUSE variants should be preferred
  since almost all SUSE packages already use them but the upstream
  versions might be usefull in certain cases where packages need to
  support multiple distros based on RPM.

- Improve the logic used to apply the presets. (bsc#1177039)
  Before presests were applied at a) package installation b) new units
  introduced via a package update (but after making sure that it was
  not a SysV initscript being converted).
  The problem is that a) didn't handle package a renaming or split
  properly since the package with the new name is installed rather
  being updated and therefore the presets were applied even if they
  were already with the old name.
  We now cover this case (and the other ones) by applying presets only
  if the units are new and the services are not being migrated. This
  regardless of whether this happens during an install or an update.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:795-1
Released:    Tue Mar 16 10:28:02 2021
Summary:     Recommended update for systemd-rpm-macros
Type:        recommended
Severity:    low
References:  1182661,1183012,1183051
This update for systemd-rpm-macros fixes the following issues:

- Added a %systemd_user_pre macro (bsc#1183051, bsc#1183012)
- Fixed an issue with %systemd_user_post, where the --global parameter was treated like if
  it was another service (bsc#1183051, bsc#1182661)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2899-1
Released:    Wed Sep  1 08:30:58 2021
Summary:     Recommended update for systemd-rpm-macros
Type:        recommended
Severity:    moderate
References:  1186282,1187332
This update for systemd-rpm-macros fixes the following issues:

- Fixed an issue whe zypper ignores the ordering constraints. (bsc#1187332)
- Introduce '%sysusers_create_package': '%sysusers_create' and '%sysusers_create_inline' are now deprecated and the new macro should be used instead.
- %sysusers_create_inline: use here-docs instead of echo (bsc#1186282)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4009-1
Released:    Mon Dec 13 11:24:43 2021
Summary:     Recommended update for systemd-rpm-macros
Type:        recommended
Severity:    low
References:  
This update for systemd-rpm-macros fixes the following issues:

- Introduce rpm macro %_systemd_util_dir

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:353-1
Released:    Tue Feb  8 17:41:48 2022
Summary:     Recommended update for systemd-rpm-macros
Type:        recommended
Severity:    moderate
References:  
This update for systemd-rpm-macros fixes the following issues:

- Bump version to 10

- %sysusers_create_inline was wrongly marked as deprecated
- %sysusers_create can be useful in certain cases and won't go away until we'll
  move to file triggers. So don't mark it as deprecated too

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4062-1
Released:    Fri Nov 18 09:05:07 2022
Summary:     Recommended update for libusb-1_0
Type:        recommended
Severity:    moderate
References:  1201590
This update for libusb-1_0 fixes the following issues:

- Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1880-1
Released:    Tue Apr 18 11:11:27 2023
Summary:     Recommended update for systemd-rpm-macros
Type:        recommended
Severity:    low
References:  1208079
This update for systemd-rpm-macros fixes the following issue:

- Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2482-1
Released:    Mon Jun 12 07:19:53 2023
Summary:     Recommended update for systemd-rpm-macros
Type:        recommended
Severity:    moderate
References:  1211272
This update for systemd-rpm-macros fixes the following issues:

- Adjust functions so they are disabled when called from a chroot (bsc#1211272)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4138-1
Released:    Thu Oct 19 17:15:38 2023
Summary:     Recommended update for systemd-rpm-macros
Type:        recommended
Severity:    moderate
References:  
This update for systemd-rpm-macros fixes the following issues:

- Switch to `systemd-hwdb` tool when updating the HW database. It's been
  introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:929-1
Released:    Tue Mar 19 06:36:24 2024
Summary:     Recommended update for coreutils
Type:        recommended
Severity:    moderate
References:  1219321
This update for coreutils fixes the following issues:

- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:982-1
Released:    Mon Mar 25 12:56:33 2024
Summary:     Recommended update for systemd-rpm-macros
Type:        recommended
Severity:    moderate
References:  1217964
This update for systemd-rpm-macros fixes the following issue:

- Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1129-1
Released:    Mon Apr  8 09:12:08 2024
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1219559,1221289,CVE-2023-52425,CVE-2024-28757
This update for expat fixes the following issues:

- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) 
- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1133-1
Released:    Mon Apr  8 11:29:02 2024
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1220061,CVE-2023-45918
This update for ncurses fixes the following issues:

- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1253-1
Released:    Fri Apr 12 08:15:18 2024
Summary:     Recommended update for gcc13
Type:        recommended
Severity:    moderate
References:  1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239
This update for gcc13 fixes the following issues:

- Fix unwinding for JIT code.  [bsc#1221239] 
- Revert libgccjit dependency change.  [bsc#1220724]
- Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
  breaks them.  [bsc#1219520]
- Add support for -fmin-function-alignment.  [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Fix for building TVM.  [bsc#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
  [bsc#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel.  [bsc#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
- Fixed building mariadb on i686.  [bsc#1217667]
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
  cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
  %product_libs_llvm_ver where available and adjust tool discovery
  accordingly.  This should also properly trigger re-builds when
  the patchlevel version of llvmVER changes, possibly changing
  the binary names we link to.  [bsc#1217450]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1287-1
Released:    Mon Apr 15 15:03:40 2024
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667
This update for vim fixes the following issues:

Updated to version 9.1.0111, fixes the following security problems

- CVE-2023-48231: Use-After-Free in win_close() (bsc#1217316).
- CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320).
- CVE-2023-48233: overflow with count for :s command (bsc#1217321).
- CVE-2023-48234: overflow in nv_z_get_count (bsc#1217324).
- CVE-2023-48235: overflow in ex address parsing (CVE-2023-48235).
- CVE-2023-48236: overflow in get_number (bsc#1217329).
- CVE-2023-48237: overflow in shift_line (bsc#1217330).
- CVE-2023-48706: heap-use-after-free in ex_substitute (bsc#1217432).
- CVE-2024-22667: stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).
- CVE-2023-4750: Heap use-after-free in function bt_quickfix (bsc#1215005).


The following package changes have been done:

- libldap-data-2.4.46-150600.23.14 updated
- libssh-config-0.9.8-150600.9.1 updated
- glibc-2.38-150600.9.2 updated
- libnghttp2-14-1.40.0-150600.23.1 updated
- libgcrypt20-1.10.3-150600.1.17 updated
- libgcc_s1-13.2.1+git8285-150000.1.9.1 updated
- libstdc++6-13.2.1+git8285-150000.1.9.1 updated
- libncurses6-6.1-150000.5.24.1 updated
- terminfo-base-6.1-150000.5.24.1 updated
- ncurses-utils-6.1-150000.5.24.1 updated
- libexpat1-2.4.4-150400.3.17.1 updated
- libopenssl3-3.1.4-150600.2.17 updated
- libudev1-254.10-150600.1.2 updated
- libsystemd0-254.10-150600.1.2 updated
- libopenssl-3-fips-provider-3.1.4-150600.2.17 updated
- libldap-2_4-2-2.4.46-150600.23.14 updated
- libssh4-0.9.8-150600.9.1 updated
- libusb-1_0-0-1.0.24-150400.3.3.1 added
- coreutils-8.32-150400.9.3.1 updated
- sles-release-15.6-150600.33.1 updated
- kubevirt-container-disk-1.1.1-150600.2.5 updated
- libnettle8-3.9.1-150600.1.40 updated
- libssh2-1-1.11.0-150600.18.1 updated
- qemu-accel-tcg-x86-8.2.1-150600.3.25 updated
- qemu-hw-usb-host-8.2.1-150600.3.25 added
- qemu-ipxe-8.2.1-150600.3.25 updated
- qemu-seabios-8.2.11.16.3_3_ga95067eb-150600.3.25 updated
- qemu-vgabios-8.2.11.16.3_3_ga95067eb-150600.3.25 updated
- systemd-rpm-macros-15-150000.7.39.1 updated
- vim-data-common-9.1.0111-150500.20.9.1 updated
- libhogweed6-3.9.1-150600.1.40 updated
- virtiofsd-1.10.1-150600.2.4 updated
- qemu-hw-usb-redirect-8.2.1-150600.3.25 updated
- vim-small-9.1.0111-150500.20.9.1 updated
- libgnutls30-3.8.3-150600.2.6 updated
- xen-libs-4.18.2_02-150600.1.3 updated
- systemd-254.10-150600.1.2 updated
- qemu-img-8.2.1-150600.3.25 updated
- libvirt-libs-10.0.0-150600.6.1 updated
- gnutls-3.8.3-150600.2.6 updated
- udev-254.10-150600.1.2 updated
- systemd-container-254.10-150600.1.2 updated
- libvirt-daemon-log-10.0.0-150600.6.1 updated
- kubevirt-virt-launcher-1.1.1-150600.2.5 updated
- libvirt-client-10.0.0-150600.6.1 updated
- libvirt-daemon-common-10.0.0-150600.6.1 updated
- qemu-ovmf-x86_64-202308-150600.2.2 updated
- qemu-x86-8.2.1-150600.3.25 updated
- qemu-8.2.1-150600.3.25 updated
- libvirt-daemon-driver-qemu-10.0.0-150600.6.1 updated
- container:sles15-image-15.0.0-45.10 updated