SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20230915-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2023:615-1
Image Tags        : suse-sles-15-sp5-chost-byos-v20230915-x86_64-gen2:20230915
Image Release     : 
Severity          : critical
Type              : security
References        : 1027519 1158763 1182142 1186606 1193412 1194609 1195391 1201519
                        1204844 1205161 1207778 1208194 1208574 1209741 1209998 1210070
                        1210419 1210702 1210740 1210797 1210996 1211256 1211257 1211461
                        1211576 1211757 1212368 1212434 1212684 1213120 1213185 1213212
                        1213229 1213231 1213240 1213500 1213557 1213575 1213582 1213607
                        1213616 1213673 1213826 1213873 1213940 1213951 1214006 1214025
                        1214071 1214081 1214082 1214083 1214107 1214108 1214109 1214140
                        1214248 1214290 CVE-2021-30560 CVE-2022-40982 CVE-2023-2004 CVE-2023-20569
                        CVE-2023-20593 CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 CVE-2023-26112
                        CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 CVE-2023-4016 CVE-2023-4156
-----------------------------------------------------------------

The container suse-sles-15-sp5-chost-byos-v20230915-x86_64-gen2 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2548-1
Released:    Tue Jul 26 13:48:28 2022
Summary:     Critical update for python-cssselect
Type:        recommended
Severity:    critical
References:  
This update for python-cssselect implements packages to the unrestrictied repository.
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:557-1
Released:    Tue Feb 28 09:29:15 2023
Summary:     Security update for libxslt
Type:        security
Severity:    important
References:  1208574,CVE-2021-30560
This update for libxslt fixes the following issues:

- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2023:2898-1
Released:    Thu Jul 20 09:15:33 2023
Summary:     Recommended update for python-instance-billing-flavor-check
Type:        feature
Severity:    critical
References:  
This update for python-instance-billing-flavor-check fixes the following issues:


- Include PAYG checker package in SLE (jsc#PED-4791) 
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3369-1
Released:    Tue Aug 22 11:12:02 2023
Summary:     Security update for python-configobj
Type:        security
Severity:    low
References:  1210070,CVE-2023-26112
This update for python-configobj fixes the following issues:
  
- CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3371-1
Released:    Tue Aug 22 13:30:18 2023
Summary:     Recommended update for liblognorm
Type:        recommended
Severity:    moderate
References:  
This update for liblognorm fixes the following issues:

- Update to liblognorm v2.0.6 (jsc#PED-4883)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3372-1
Released:    Tue Aug 22 13:44:38 2023
Summary:     Recommended update for rsyslog
Type:        recommended
Severity:    moderate
References:  1211757,1213212
This update for rsyslog fixes the following issues:

- Fix removal of imfile state files (bsc#1213212)
- Fix segfaults in modExit() of imklog.c (bsc#1211757)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3393-1
Released:    Wed Aug 23 17:41:55 2023
Summary:     Recommended update for dracut
Type:        recommended
Severity:    important
References:  1214081
This update for dracut fixes the following issues:

- Protect against broken links pointing to themselves
- Exit if resolving executable dependencies fails (bsc#1214081)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3410-1
Released:    Thu Aug 24 06:56:32 2023
Summary:     Recommended update for audit
Type:        recommended
Severity:    moderate
References:  1201519,1204844
This update for audit fixes the following issues:

- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
- Fix rules not loaded when restarting auditd.service (bsc#1204844)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3440-1
Released:    Mon Aug 28 08:57:10 2023
Summary:     Security update for gawk
Type:        security
Severity:    low
References:  1214025,CVE-2023-4156
This update for gawk fixes the following issues:

- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3447-1
Released:    Mon Aug 28 10:57:05 2023
Summary:     Security update for xen
Type:        security
Severity:    moderate
References:  1027519,1212684,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593
This update for xen fixes the following issues:

- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434)
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435)
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3451-1
Released:    Mon Aug 28 12:15:22 2023
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873
This update for systemd fixes the following issues:

- Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575)
- Decrease devlink priority for iso disks (bsc#1213185)
- Do not ignore mount point paths longer than 255 characters (bsc#1208194)
- Refuse hibernation if there's no possible way to resume (bsc#1186606)
- Update 'korean' and 'arabic' keyboard layouts (bsc#1210702)
- Drop some entries no longer needed by YaST (bsc#1194609)
- The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741)
- Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3452-1
Released:    Mon Aug 28 12:41:11 2023
Summary:     Recommended update for supportutils-plugin-suse-public-cloud
Type:        recommended
Severity:    moderate
References:  1213951
This update for supportutils-plugin-suse-public-cloud fixes the following issues:

- Update from version 1.0.7 to 1.0.8 (bsc#1213951)
  - Capture CSP billing adapter config and log
  - Accept upper case Amazon string in DMI table

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3454-1
Released:    Mon Aug 28 13:43:18 2023
Summary:     Security update for ca-certificates-mozilla
Type:        security
Severity:    important
References:  1214248
This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
  Added:
  - Atos TrustedRoot Root CA ECC G2 2020
  - Atos TrustedRoot Root CA ECC TLS 2021
  - Atos TrustedRoot Root CA RSA G2 2020
  - Atos TrustedRoot Root CA RSA TLS 2021
  - BJCA Global Root CA1
  - BJCA Global Root CA2
  - LAWtrust Root CA2 (4096)
  - Sectigo Public Email Protection Root E46
  - Sectigo Public Email Protection Root R46
  - Sectigo Public Server Authentication Root E46
  - Sectigo Public Server Authentication Root R46
  - SSL.com Client ECC Root CA 2022
  - SSL.com Client RSA Root CA 2022
  - SSL.com TLS ECC Root CA 2022
  - SSL.com TLS RSA Root CA 2022
  Removed CAs:
  - Chambers of Commerce Root
  - E-Tugra Certification Authority
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  - Hongkong Post Root CA 1

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3461-1
Released:    Mon Aug 28 17:25:09 2023
Summary:     Security update for freetype2
Type:        security
Severity:    moderate
References:  1210419,CVE-2023-2004
This update for freetype2 fixes the following issues:

- CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3465-1
Released:    Tue Aug 29 07:30:00 2023
Summary:     Recommended update for samba
Type:        recommended
Severity:    moderate
References:  1213607,1213826,1213940
This update for samba fixes the following issues:

- Fix DFS not working with widelinks enabled; (bsc#1213607)
- Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940)
- net ads lookup with unspecified realm fails (bsc#1213826)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3468-1
Released:    Tue Aug 29 09:22:18 2023
Summary:     Recommended update for python3
Type:        recommended
Severity:    low
References:  
This update for python3 fixes the following issue:

- Rename sources in preparation of python3.11 (jsc#PED-68)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3470-1
Released:    Tue Aug 29 10:49:33 2023
Summary:     Recommended update for parted
Type:        recommended
Severity:    low
References:  1182142,1193412
This update for parted fixes the following issues:

- fix null pointer dereference (bsc#1193412)
- update mkpart options in manpage (bsc#1182142)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3472-1
Released:    Tue Aug 29 10:55:16 2023
Summary:     Security update for procps
Type:        security
Severity:    low
References:  1214290,CVE-2023-4016
This update for procps fixes the following issues:

  - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3485-1
Released:    Tue Aug 29 14:20:56 2023
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1214071
This update for lvm2 fixes the following issues:

- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3497-1
Released:    Wed Aug 30 21:25:05 2023
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1210996,1211256,1211257,1211461,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610
This update for vim fixes the following issues:

Updated to version 9.0 with patch level 1572.

- CVE-2023-2426: Fixed Out-of-range Pointer Offset use (bsc#1210996).
- CVE-2023-2609: Fixed NULL Pointer Dereference (bsc#1211256).
- CVE-2023-2610: Fixed nteger Overflow or Wraparound (bsc#1211257).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3514-1
Released:    Fri Sep  1 15:48:52 2023
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1158763,1210740,1213231,1213557,1213673
This update for libzypp, zypper fixes the following issues:

- Fix occasional isue with downloading very small files (bsc#1213673)
- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763)
- Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740)
- Revised explanation of --force-resolution in man page (bsc#1213557)
- Print summary hint if policies were violated due to --force-resolution (bsc#1213557)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3521-1
Released:    Tue Sep  5 08:56:45 2023
Summary:     Recommended update for python-iniconfig
Type:        recommended
Severity:    moderate
References:  1213582

This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3536-1
Released:    Tue Sep  5 15:00:27 2023
Summary:     Security update for docker
Type:        security
Severity:    moderate
References:  1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842
This update for docker fixes the following issues:

- Update to Docker 24.0.5-ce.

  See upstream changelong online at
   bsc#1213229 

- Update to Docker 24.0.4-ce.

  See upstream changelog online at
  . bsc#1213500

- Update to Docker 24.0.3-ce.

  See upstream changelog online at
  . bsc#1213120

- Recommend docker-rootless-extras instead of Require(ing) it, given
  it's an additional functionality and not inherently required for
  docker to function.

- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless/)

- Update to Docker 24.0.2-ce. See upstream changelog online at
  . bsc#1212368

  * Includes the upstreamed fix for the mount table pollution issue.
    bsc#1210797

- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
  being provided by this package.

- was rebuilt against current GO compiler.


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3543-1
Released:    Wed Sep  6 08:27:22 2023
Summary:     Recommended update for protobuf-c
Type:        recommended
Severity:    moderate
References:  1214006
This update for protobuf-c fixes the following issues:

- Add missing Provides/Obsoletes after package merge (bsc#1214006)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3577-1
Released:    Mon Sep 11 15:04:01 2023
Summary:     Recommended update for crypto-policies
Type:        recommended
Severity:    low
References:  1209998
This update for crypto-policies fixes the following issues:

- Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3611-1
Released:    Fri Sep 15 09:28:36 2023
Summary:     Recommended update for sysuser-tools
Type:        recommended
Severity:    moderate
References:  1195391,1205161,1207778,1213240,1214140
This update for sysuser-tools fixes the following issues:

- Update to version 3.2
- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
- Add 'quilt setup' friendly hint to %sysusers_requires usage
- Use append so if a pre file already exists it isn't overridden
- Invoke bash for bash scripts (bsc#1195391) 
- Remove all systemd requires not supported on SLE15 (bsc#1214140)


The following package changes have been done:

- audit-3.0.6-150400.4.13.1 updated
- ca-certificates-mozilla-2.62-150200.30.1 updated
- crypto-policies-20210917.c9d86d1-150400.3.3.1 updated
- docker-24.0.5_ce-150000.185.1 updated
- dracut-055+suse.369.gde6c81bf-150500.3.9.1 updated
- gawk-4.2.1-150000.3.3.1 updated
- libaudit1-3.0.6-150400.4.13.1 updated
- libauparse0-3.0.6-150400.4.13.1 updated
- libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 updated
- libfreetype6-2.10.4-150000.4.15.1 updated
- liblognorm5-2.0.6-150000.3.3.1 updated
- libparted0-3.2-150300.21.3.1 updated
- libprocps7-3.3.15-150000.7.34.1 updated
- libprotobuf-c1-1.3.2-150200.3.9.1 updated
- libsystemd0-249.16-150400.8.33.1 updated
- libudev1-249.16-150400.8.33.1 updated
- libxslt1-1.1.34-150400.3.3.1 added
- libzypp-17.31.20-150400.3.40.1 updated
- parted-3.2-150300.21.3.1 updated
- procps-3.3.15-150000.7.34.1 updated
- python-instance-billing-flavor-check-0.0.2-150000.1.3.1 added
- python3-configobj-5.0.6-150000.3.3.1 updated
- python3-cssselect-1.0.3-150000.3.3.1 added
- python3-iniconfig-1.1.1-150000.1.11.1 updated
- python3-lxml-4.9.1-150500.1.2 added
- python3-more-itertools-8.10.0-150400.5.69 updated
- python3-ordered-set-4.0.2-150400.8.34 updated
- python3-pyOpenSSL-21.0.0-150400.7.62 updated
- rsyslog-module-relp-8.2306.0-150400.5.18.1 updated
- rsyslog-8.2306.0-150400.5.18.1 updated
- samba-client-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 updated
- supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 updated
- system-group-audit-3.0.6-150400.4.13.1 updated
- systemd-sysvinit-249.16-150400.8.33.1 updated
- systemd-249.16-150400.8.33.1 updated
- sysuser-shadow-3.2-150400.3.5.3 updated
- udev-249.16-150400.8.33.1 updated
- vim-data-common-9.0.1632-150500.20.3.1 updated
- vim-9.0.1632-150500.20.3.1 updated
- xen-libs-4.17.2_02-150500.3.6.1 updated
- zypper-1.14.63-150400.3.29.1 updated
- samba-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 removed

SUSE: 2023:615-1 suse-sles-15-sp5-chost-byos-v20230915-x86_64-gen2 Security Update

September 19, 2023
The container suse-sles-15-sp5-chost-byos-v20230915-x86_64-gen2 was updated

Summary

Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical Advisory ID: SUSE-SU-2023:557-1 Released: Tue Feb 28 09:29:15 2023 Summary: Security update for libxslt Type: security Severity: important Advisory ID: SUSE-feature-2023:2898-1 Released: Thu Jul 20 09:15:33 2023 Summary: Recommended update for python-instance-billing-flavor-check Type: feature Severity: critical Advisory ID: SUSE-SU-2023:3369-1 Released: Tue Aug 22 11:12:02 2023 Summary: Security update for python-configobj Type: security Severity: low Advisory ID: SUSE-RU-2023:3371-1 Released: Tue Aug 22 13:30:18 2023 Summary: Recommended update for liblognorm Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3372-1 Released: Tue Aug 22 13:44:38 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3393-1 Released: Wed Aug 23 17:41:55 2023 Summary: Recommended update for dracut Type: recommended Severity: important Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low Advisory ID: SUSE-SU-2023:3447-1 Released: Mon Aug 28 10:57:05 2023 Summary: Security update for xen Type: security Severity: moderate Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3452-1 Released: Mon Aug 28 12:41:11 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate Advisory ID: SUSE-RU-2023:3465-1 Released: Tue Aug 29 07:30:00 2023 Summary: Recommended update for samba Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3468-1 Released: Tue Aug 29 09:22:18 2023 Summary: Recommended update for python3 Type: recommended Severity: low Advisory ID: SUSE-RU-2023:3470-1 Released: Tue Aug 29 10:49:33 2023 Summary: Recommended update for parted Type: recommended Severity: low Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low Advisory ID: SUSE-RU-2023:3485-1 Released: Tue Aug 29 14:20:56 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3497-1 Released: Wed Aug 30 21:25:05 2023 Summary: Security update for vim Type: security Severity: important Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3521-1 Released: Tue Sep 5 08:56:45 2023 Summary: Recommended update for python-iniconfig Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3536-1 Released: Tue Sep 5 15:00:27 2023 Summary: Security update for docker Type: security Severity: moderate Advisory ID: SUSE-RU-2023:3543-1 Released: Wed Sep 6 08:27:22 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate

References

References : 1027519 1158763 1182142 1186606 1193412 1194609 1195391 1201519

1204844 1205161 1207778 1208194 1208574 1209741 1209998 1210070

1210419 1210702 1210740 1210797 1210996 1211256 1211257 1211461

1211576 1211757 1212368 1212434 1212684 1213120 1213185 1213212

1213229 1213231 1213240 1213500 1213557 1213575 1213582 1213607

1213616 1213673 1213826 1213873 1213940 1213951 1214006 1214025

1214071 1214081 1214082 1214083 1214107 1214108 1214109 1214140

1214248 1214290 CVE-2021-30560 CVE-2022-40982 CVE-2023-2004 CVE-2023-20569

CVE-2023-20593 CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 CVE-2023-26112

CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 CVE-2023-4016 CVE-2023-4156

This update for python-cssselect implements packages to the unrestrictied repository.

1208574,CVE-2021-30560

This update for libxslt fixes the following issues:

- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).

This update for python-instance-billing-flavor-check fixes the following issues:

- Include PAYG checker package in SLE (jsc#PED-4791)

1210070,CVE-2023-26112

This update for python-configobj fixes the following issues:

- CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070).

This update for liblognorm fixes the following issues:

- Update to liblognorm v2.0.6 (jsc#PED-4883)

1211757,1213212

This update for rsyslog fixes the following issues:

- Fix removal of imfile state files (bsc#1213212)

- Fix segfaults in modExit() of imklog.c (bsc#1211757)

1214081

This update for dracut fixes the following issues:

- Protect against broken links pointing to themselves

- Exit if resolving executable dependencies fails (bsc#1214081)

1201519,1204844

This update for audit fixes the following issues:

- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)

- Fix rules not loaded when restarting auditd.service (bsc#1204844)

1214025,CVE-2023-4156

This update for gawk fixes the following issues:

- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)

1027519,1212684,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593

This update for xen fixes the following issues:

- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434)

- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435)

- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)

1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873

This update for systemd fixes the following issues:

- Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575)

- Decrease devlink priority for iso disks (bsc#1213185)

- Do not ignore mount point paths longer than 255 characters (bsc#1208194)

- Refuse hibernation if there's no possible way to resume (bsc#1186606)

- Update 'korean' and 'arabic' keyboard layouts (bsc#1210702)

- Drop some entries no longer needed by YaST (bsc#1194609)

- The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741)

- Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873)

1213951

This update for supportutils-plugin-suse-public-cloud fixes the following issues:

- Update from version 1.0.7 to 1.0.8 (bsc#1213951)

- Capture CSP billing adapter config and log

- Accept upper case Amazon string in DMI table

1214248

This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)

Added:

- Atos TrustedRoot Root CA ECC G2 2020

- Atos TrustedRoot Root CA ECC TLS 2021

- Atos TrustedRoot Root CA RSA G2 2020

- Atos TrustedRoot Root CA RSA TLS 2021

- BJCA Global Root CA1

- BJCA Global Root CA2

- LAWtrust Root CA2 (4096)

- Sectigo Public Email Protection Root E46

- Sectigo Public Email Protection Root R46

- Sectigo Public Server Authentication Root E46

- Sectigo Public Server Authentication Root R46

- SSL.com Client ECC Root CA 2022

- SSL.com Client RSA Root CA 2022

- SSL.com TLS ECC Root CA 2022

- SSL.com TLS RSA Root CA 2022

Removed CAs:

- Chambers of Commerce Root

- E-Tugra Certification Authority

- E-Tugra Global Root CA ECC v3

- E-Tugra Global Root CA RSA v3

- Hongkong Post Root CA 1

1210419,CVE-2023-2004

This update for freetype2 fixes the following issues:

- CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419).

1213607,1213826,1213940

This update for samba fixes the following issues:

- Fix DFS not working with widelinks enabled; (bsc#1213607)

- Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940)

- net ads lookup with unspecified realm fails (bsc#1213826)

This update for python3 fixes the following issue:

- Rename sources in preparation of python3.11 (jsc#PED-68)

1182142,1193412

This update for parted fixes the following issues:

- fix null pointer dereference (bsc#1193412)

- update mkpart options in manpage (bsc#1182142)

1214290,CVE-2023-4016

This update for procps fixes the following issues:

- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).

1214071

This update for lvm2 fixes the following issues:

- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)

1210996,1211256,1211257,1211461,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610

This update for vim fixes the following issues:

Updated to version 9.0 with patch level 1572.

- CVE-2023-2426: Fixed Out-of-range Pointer Offset use (bsc#1210996).

- CVE-2023-2609: Fixed NULL Pointer Dereference (bsc#1211256).

- CVE-2023-2610: Fixed nteger Overflow or Wraparound (bsc#1211257).

1158763,1210740,1213231,1213557,1213673

This update for libzypp, zypper fixes the following issues:

- Fix occasional isue with downloading very small files (bsc#1213673)

- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)

- Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763)

- Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740)

- Revised explanation of --force-resolution in man page (bsc#1213557)

- Print summary hint if policies were violated due to --force-resolution (bsc#1213557)

1213582

This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2.

1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842

This update for docker fixes the following issues:

- Update to Docker 24.0.5-ce.

See upstream changelong online at

bsc#1213229

- Update to Docker 24.0.4-ce.

See upstream changelog online at

. bsc#1213500

- Update to Docker 24.0.3-ce.

See upstream changelog online at

. bsc#1213120

- Recommend docker-rootless-extras instead of Require(ing) it, given

it's an additional functionality and not inherently required for

docker to function.

- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless/)

- Update to Docker 24.0.2-ce. See upstream changelog online at

. bsc#1212368

* Includes the upstreamed fix for the mount table pollution issue.

bsc#1210797

- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as

being provided by this package.

- was rebuilt against current GO compiler.

1214006

This update for protobuf-c fixes the following issues:

- Add missing Provides/Obsoletes after package merge (bsc#1214006)

1209998

This update for crypto-policies fixes the following issues:

- Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998)

1195391,1205161,1207778,1213240,1214140

This update for sysuser-tools fixes the following issues:

- Update to version 3.2

- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)

- Add 'quilt setup' friendly hint to %sysusers_requires usage

- Use append so if a pre file already exists it isn't overridden

- Invoke bash for bash scripts (bsc#1195391)

- Remove all systemd requires not supported on SLE15 (bsc#1214140)

The following package changes have been done:

- audit-3.0.6-150400.4.13.1 updated

- ca-certificates-mozilla-2.62-150200.30.1 updated

- crypto-policies-20210917.c9d86d1-150400.3.3.1 updated

- docker-24.0.5_ce-150000.185.1 updated

- dracut-055+suse.369.gde6c81bf-150500.3.9.1 updated

- gawk-4.2.1-150000.3.3.1 updated

- libaudit1-3.0.6-150400.4.13.1 updated

- libauparse0-3.0.6-150400.4.13.1 updated

- libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 updated

- libfreetype6-2.10.4-150000.4.15.1 updated

- liblognorm5-2.0.6-150000.3.3.1 updated

- libparted0-3.2-150300.21.3.1 updated

- libprocps7-3.3.15-150000.7.34.1 updated

- libprotobuf-c1-1.3.2-150200.3.9.1 updated

- libsystemd0-249.16-150400.8.33.1 updated

- libudev1-249.16-150400.8.33.1 updated

- libxslt1-1.1.34-150400.3.3.1 added

- libzypp-17.31.20-150400.3.40.1 updated

- parted-3.2-150300.21.3.1 updated

- procps-3.3.15-150000.7.34.1 updated

- python-instance-billing-flavor-check-0.0.2-150000.1.3.1 added

- python3-configobj-5.0.6-150000.3.3.1 updated

- python3-cssselect-1.0.3-150000.3.3.1 added

- python3-iniconfig-1.1.1-150000.1.11.1 updated

- python3-lxml-4.9.1-150500.1.2 added

- python3-more-itertools-8.10.0-150400.5.69 updated

- python3-ordered-set-4.0.2-150400.8.34 updated

- python3-pyOpenSSL-21.0.0-150400.7.62 updated

- rsyslog-module-relp-8.2306.0-150400.5.18.1 updated

- rsyslog-8.2306.0-150400.5.18.1 updated

- samba-client-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 updated

- supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 updated

- system-group-audit-3.0.6-150400.4.13.1 updated

- systemd-sysvinit-249.16-150400.8.33.1 updated

- systemd-249.16-150400.8.33.1 updated

- sysuser-shadow-3.2-150400.3.5.3 updated

- udev-249.16-150400.8.33.1 updated

- vim-data-common-9.0.1632-150500.20.3.1 updated

- vim-9.0.1632-150500.20.3.1 updated

- xen-libs-4.17.2_02-150500.3.6.1 updated

- zypper-1.14.63-150400.3.29.1 updated

- samba-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 removed

Severity
Image Advisory ID : SUSE-IU-2023:615-1
Image Tags : suse-sles-15-sp5-chost-byos-v20230915-x86_64-gen2:20230915
Image Release :
Severity : critical
Type : security

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo