SUSE: 2022:1627-1 bci/python Security Update

Advisories

SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:1627-1
Container Tags        : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.34
Container Release     : 18.34
Severity              : important
Type                  : security
References            : 1137373 1181658 1194708 1195157 1196125 1197570 1198507 1198732
                        1200170 1200855 1201225 1201560 1201640 CVE-2022-34903 
-----------------------------------------------------------------

The container bci/python was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released:    Thu Jul 21 04:40:14 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:

- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating [email protected] (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released:    Thu Jul 21 15:16:42 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    important
References:  1200855,1201560,1201640
This update for glibc fixes the following issues:

- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released:    Mon Jul 25 14:43:22 2022
Summary:     Security update for gpg2
Type:        security
Severity:    important
References:  1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:

- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)


The following package changes have been done:

- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- libsystemd0-246.16-150300.7.48.1 updated
- libudev1-246.16-150300.7.48.1 updated
- container:sles15-image-15.0.0-17.20.4 updated

SUSE: 2022:1627-1 bci/python Security Update

July 26, 2022
The container bci/python was updated

Summary

Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important

References

References : 1137373 1181658 1194708 1195157 1196125 1197570 1198507 1198732

1200170 1200855 1201225 1201560 1201640 CVE-2022-34903

1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170

This update for systemd fixes the following issues:

- Allow control characters in environment variable values (bsc#1200170)

- Call pam_loginuid when creating [email protected] (bsc#1198507)

- Fix parsing error in s390 udev rules conversion script (bsc#1198732)

- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)

- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit

- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'

- basic/env-util: (mostly) follow POSIX for what variable names are allowed

- basic/env-util: make function shorter

- basic/escape: add mode where empty arguments are still shown as ''

- basic/escape: always escape newlines in shell_escape()

- basic/escape: escape control characters, but not utf-8, in shell quoting

- basic/escape: use consistent location for '*' in function declarations

- basic/string-util: inline iterator variable declarations

- basic/string-util: simplify how str_realloc() is used

- basic/string-util: split out helper function

- core/device: device_coldplug(): don't set DEVICE_DEAD

- core/device: do not downgrade device state if it is already enumerated

- core/device: drop unnecessary condition

- string-util: explicitly cast character to unsigned

- string-util: fix build error on aarch64

- test-env-util: Verify that \r is disallowed in env var values

- test-env-util: print function headers

1200855,1201560,1201640

This update for glibc fixes the following issues:

- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)

- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)

1196125,1201225,CVE-2022-34903

This update for gpg2 fixes the following issues:

- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).

- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)

The following package changes have been done:

- glibc-2.31-150300.37.1 updated

- gpg2-2.2.27-150300.3.5.1 updated

- libsystemd0-246.16-150300.7.48.1 updated

- libudev1-246.16-150300.7.48.1 updated

- container:sles15-image-15.0.0-17.20.4 updated

Severity
Container Advisory ID : SUSE-CU-2022:1627-1
Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.34
Container Release : 18.34
Severity : important
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.