SUSE: 2022:1696-1 bci/nodejs Security Update | LinuxSecurity.com

Advisories

SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:1696-1
Container Tags        : bci/node:12 , bci/node:12-16.116 , bci/nodejs:12 , bci/nodejs:12-16.116
Container Release     : 16.116
Severity              : important
Type                  : security
References            : 1194550 1196125 1197684 1199042 1200855 1201225 1201431 1201560
                        1201640 CVE-2022-29187 CVE-2022-34903 
-----------------------------------------------------------------

The container bci/nodejs was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released:    Thu Jul 21 15:16:42 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    important
References:  1200855,1201560,1201640
This update for glibc fixes the following issues:

- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released:    Mon Jul 25 14:43:22 2022
Summary:     Security update for gpg2
Type:        security
Severity:    important
References:  1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:

- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2550-1
Released:    Tue Jul 26 14:00:21 2022
Summary:     Security update for git
Type:        security
Severity:    important
References:  1201431,CVE-2022-29187
This update for git fixes the following issues:

- CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released:    Thu Jul 28 04:22:33 2022
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:

libzypp:

- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were 
  removed at the  beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER

zypper:

- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well


The following package changes have been done:

- git-core-2.35.3-150300.10.15.1 updated
- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- libzypp-17.30.2-150200.39.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.6 updated

SUSE: 2022:1696-1 bci/nodejs Security Update

July 29, 2022
The container bci/nodejs was updated

Summary

Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate

References

References : 1194550 1196125 1197684 1199042 1200855 1201225 1201431 1201560

1201640 CVE-2022-29187 CVE-2022-34903

1200855,1201560,1201640

This update for glibc fixes the following issues:

- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)

- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)

1196125,1201225,CVE-2022-34903

This update for gpg2 fixes the following issues:

- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).

- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)

1201431,CVE-2022-29187

This update for git fixes the following issues:

- CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431).

1194550,1197684,1199042

This update for libzypp, zypper fixes the following issues:

libzypp:

- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)

- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag

- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh

- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)

- singletrans: no dry-run commit if doing just download-only

- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were

removed at the beginning of the repo.

- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER

zypper:

- Basic JobReport for 'cmdout/monitor'

- versioncmp: if verbose, also print the edition 'parts' which are compared

- Make sure MediaAccess is closed on exception (bsc#1194550)

- Display plus-content hint conditionally

- Honor the NO_COLOR environment variable when auto-detecting whether to use color

- Define table columns which should be sorted natural [case insensitive]

- lr/ls: Use highlight color on name and alias as well

The following package changes have been done:

- git-core-2.35.3-150300.10.15.1 updated

- glibc-2.31-150300.37.1 updated

- gpg2-2.2.27-150300.3.5.1 updated

- libzypp-17.30.2-150200.39.1 updated

- zypper-1.14.53-150200.33.1 updated

- container:sles15-image-15.0.0-17.20.6 updated

Severity
Container Advisory ID : SUSE-CU-2022:1696-1
Container Tags : bci/node:12 , bci/node:12-16.116 , bci/nodejs:12 , bci/nodejs:12-16.116
Container Release : 16.116
Severity : important
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.