SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4570-1 Container Tags : suse/sles/15.7/libguestfs-tools:1.1.1 , suse/sles/15.7/libguestfs-tools:1.1.1-150700.9.13 , suse/sles/15.7/libguestfs-tools:1.1.1.28.36 Container Release : 28.36 Severity : important Type : security References : 1081596 1209266 1220523 1220690 1220693 1220696 1221365 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228042 1228138 1228206 1228208 1228398 1228420 1228647 1228787 1228847 1228968 1229028 1229160 1229329 1229465 1229476 1229930 1229931 1229932 1229975 1230093 1230267 222971 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-6119 CVE-2024-8096 ----------------------------------------------------------------- The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3103-1 Released: Tue Sep 3 16:59:06 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1229160 This update for xfsprogs fixes the following issue: - xfs_repair: allow symlinks with short remote targets (bsc#1229160) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3124-1 Released: Tue Sep 3 17:38:34 2024 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1229975 This update for cryptsetup fixes the following issues: - FIPS: Extend the password for PBKDF2 benchmarking to be more than 20 chars to meet FIPS 140-3 requirements (bsc#1229975) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3134-1 Released: Tue Sep 3 17:49:43 2024 Summary: Recommended update for ovmf Type: recommended Severity: moderate References: 1209266 This update for ovmf fixes the following issues: - We do not official support AMD SEV yet. On the other hand, the secure boot will be disabled in SEV flavor, so we do not need revert the patch anymore (bsc#1209266). - Add backslash to the end of '-D BUILD_SHELL=FALSE' in BUILD_OPTIONS_X86. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3147-1 Released: Thu Sep 5 09:30:37 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228398,1228847 This update for dracut fixes the following issues: - Version update with: * feat(systemd*) include systemd config files from /usr/lib/systemd (bsc#1228398) * fix(convertfs) error in conditional expressions (bsc#1228847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3346-1 Released: Thu Sep 19 17:20:06 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) The following package changes have been done: - glibc-2.38-150600.14.8.2 updated - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - libmount1-2.39.3-150600.4.12.2 updated - libopenssl3-3.1.4-150600.5.15.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.15.1 updated - libcurl4-8.6.0-150600.4.6.1 updated - sles-release-15.7-150700.6.1 updated - permissions-20240826-150600.10.9.1 updated - libsolv-tools-base-0.7.30-150600.8.2.1 updated - libzypp-17.35.11-150600.3.24.1 updated - zypper-1.14.77-150600.10.11.2 updated - util-linux-2.39.3-150600.4.12.2 updated - curl-8.6.0-150600.4.6.1 updated - libguestfs-winsupport-1.53.6-150700.1.3 updated - guestfs-tools-1.53.3-150700.1.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - osinfo-db-20240701-150700.1.1 updated - qemu-accel-tcg-x86-9.1.0-150700.1.1 updated - qemu-ipxe-9.1.0-150700.1.1 updated - qemu-seabios-9.1.01.16.3_3_gc13ff2cd-150700.1.1 updated - qemu-vgabios-9.1.01.16.3_3_gc13ff2cd-150700.1.1 updated - libcryptsetup12-2.7.0-150600.3.3.1 updated - xfsprogs-6.7.0-150600.3.6.2 updated - cryptsetup-2.7.0-150600.3.3.1 updated - libmpath0-0.10.0+103+suse.0fc97cd-150700.1.2 updated - xen-libs-4.19.0_02-150700.1.7 updated - qemu-vmsr-helper-9.1.0-150700.1.1 added - qemu-pr-helper-9.1.0-150700.1.1 updated - qemu-img-9.1.0-150700.1.1 updated - qemu-tools-9.1.0-150700.1.1 updated - util-linux-systemd-2.39.3-150600.4.12.2 updated - libvirt-libs-10.7.0-150700.1.1 updated - dracut-059+suse.531.g48487c31-150600.3.6.2 updated - supermin-5.3.5-150700.1.2 updated - dracut-fips-059+suse.531.g48487c31-150600.3.6.2 updated - qemu-x86-9.1.0-150700.1.1 updated - qemu-9.1.0-150700.1.1 updated - qemu-ovmf-x86_64-202308-150600.5.3.2 updated - libguestfs0-1.53.6-150700.1.3 updated - libguestfs-devel-1.53.6-150700.1.3 updated - libguestfs-appliance-1.53.6-150700.1.3 updated - libguestfs-1.53.6-150700.1.3 updated - container:sles15-image-15.0.0-50.18 updated - libabsl2401_0_0-20240116.1-150600.17.7 removed - libprocps8-3.3.17-150000.7.39.1 removed - libprotobuf-lite25_1_0-25.1-150600.16.4.2 removed - procps-3.3.17-150000.7.39.1 removed