SUSE Container Update Advisory: suse/sles/15.4/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2020-1 Container Tags : suse/sles/15.4/libguestfs-tools:0.49.0 , suse/sles/15.4/libguestfs-tools:0.49.0-150400.1.37 , suse/sles/15.4/libguestfs-tools:0.49.0.16.17 Container Release : 16.17 Severity : important Type : security References : 1190698 1195059 1198341 1198979 1199524 1200485 1201795 1202020 CVE-2022-1706 CVE-2022-2509 ----------------------------------------------------------------- The container suse/sles/15.4/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2919-1 Released: Fri Aug 26 15:04:20 2022 Summary: Security update for gnutls Type: security Severity: important References: 1190698,1198979,1202020,CVE-2022-2509 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). Non-security fixes: - FIPS: Check minimum keylength for symmetric key generation [bsc#1190698] - FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698] - FIPS: Provides interface for running library self tests on-demand [bsc#1198979] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libudev1-249.12-150400.8.10.1 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - sles-release-15.5-150500.9.1 updated - btrfsprogs-udev-rules-5.14-150500.8.1 updated - libasm1-0.185-150400.5.3.1 updated - libnettle8-3.8.1-150500.1.2 updated - systemd-presets-common-SUSE-15-150100.8.17.1 updated - elfutils-0.185-150400.5.3.1 updated - libndctl6-74-150500.1.1 updated - libhogweed6-3.8.1-150500.1.2 updated - btrfsprogs-5.14-150500.8.1 updated - libgnutls30-3.7.3-150400.4.10.1 updated - libgnutls30-hmac-3.7.3-150400.4.10.1 updated - systemd-249.12-150400.8.10.1 updated - systemd-sysvinit-249.12-150400.8.10.1 updated - udev-249.12-150400.8.10.1 updated - container:sles15-image-15.0.0-31.9 updated