SUSE: 2022:2015-1 suse/sles/15.4/cdi-uploadserver Security Update |...
SUSE Container Update Advisory: suse/sles/15.4/cdi-uploadserver
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2015-1
Container Tags        : suse/sles/15.4/cdi-uploadserver:1.43.0 , suse/sles/15.4/cdi-uploadserver:1.43.0-150400.2.4 , suse/sles/15.4/cdi-uploadserver:1.43.0.16.17
Container Release     : 16.17
Severity              : important
Type                  : security
References            : 1190698 1195059 1198341 1198979 1201795 1202020 CVE-2022-2509
-----------------------------------------------------------------

The container suse/sles/15.4/cdi-uploadserver was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released:    Fri Aug 26 03:34:23 2022
Summary:     Recommended update for elfutils
Type:        recommended
Severity:    moderate
References:  
This update for elfutils fixes the following issues:

- Fix runtime dependency for devel package

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released:    Fri Aug 26 05:28:34 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1198341
This update for openldap2 fixes the following issues:

- Prevent memory reuse which may lead to instability (bsc#1198341)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2919-1
Released:    Fri Aug 26 15:04:20 2022
Summary:     Security update for gnutls
Type:        security
Severity:    important
References:  1190698,1198979,1202020,CVE-2022-2509
This update for gnutls fixes the following issues:

- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).

Non-security fixes:

- FIPS: Check minimum keylength for symmetric key generation [bsc#1190698]
- FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698]
- FIPS: Provides interface for running library self tests on-demand [bsc#1198979]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2920-1
Released:    Fri Aug 26 15:17:02 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1195059,1201795
This update for systemd fixes the following issues:

- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters 
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message  
- tmpfiles: Check for the correct directory


The following package changes have been done:

- libldap-data-2.4.46-150200.14.11.2 updated
- libudev1-249.12-150400.8.10.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- sles-release-15.5-150500.9.1 updated
- libnettle8-3.8.1-150500.1.2 updated
- libhogweed6-3.8.1-150500.1.2 updated
- libgnutls30-3.7.3-150400.4.10.1 updated
- libgnutls30-hmac-3.7.3-150400.4.10.1 updated
- container:sles15-image-15.0.0-31.9 updated

SUSE: 2022:2015-1 suse/sles/15.4/cdi-uploadserver Security Update

September 3, 2022
The container suse/sles/15.4/cdi-uploadserver was updated

Summary

Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2919-1 Released: Fri Aug 26 15:04:20 2022 Summary: Security update for gnutls Type: security Severity: important Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important

References

References : 1190698 1195059 1198341 1198979 1201795 1202020 CVE-2022-2509

This update for elfutils fixes the following issues:

- Fix runtime dependency for devel package

1198341

This update for openldap2 fixes the following issues:

- Prevent memory reuse which may lead to instability (bsc#1198341)

1190698,1198979,1202020,CVE-2022-2509

This update for gnutls fixes the following issues:

- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).

Non-security fixes:

- FIPS: Check minimum keylength for symmetric key generation [bsc#1190698]

- FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698]

- FIPS: Provides interface for running library self tests on-demand [bsc#1198979]

1195059,1201795

This update for systemd fixes the following issues:

- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)

- Drop or soften some of the deprecation warnings (jsc#PED-944)

- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)

- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default

- analyze: Fix offline check for syscal filter

- calendarspec: Fix timer skipping the next elapse

- core: Allow command argument to be longer

- hwdb: Add AV production controllers to hwdb and add uaccess

- hwdb: Allow console users access to rfkill

- hwdb: Allow end-users root-less access to TL866 EPROM readers

- hwdb: Permit unsetting power/persist for USB devices

- hwdb: Tag IR cameras as such

- hwdb: Fix parsing issue

- hwdb: Make usb match patterns uppercase

- hwdb: Update the hardware database

- journal-file: Stop using the event loop if it's already shutting down

- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called

- journald: Ensure resources are properly allocated for SIGTERM handling

- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed

- macro: Account for negative values in DECIMAL_STR_WIDTH()

- manager: Disallow clone3() function call in seccomp filters

- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing

- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable

- resolve: Fix typo in dns_class_is_pseudo()

- sd-event: Improve handling of process events and termination of processes

- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces

- stdio-bridge: Improve the meaning of the error message

- tmpfiles: Check for the correct directory

The following package changes have been done:

- libldap-data-2.4.46-150200.14.11.2 updated

- libudev1-249.12-150400.8.10.1 updated

- libelf1-0.185-150400.5.3.1 updated

- libsystemd0-249.12-150400.8.10.1 updated

- libdw1-0.185-150400.5.3.1 updated

- libldap-2_4-2-2.4.46-150200.14.11.2 updated

- sles-release-15.5-150500.9.1 updated

- libnettle8-3.8.1-150500.1.2 updated

- libhogweed6-3.8.1-150500.1.2 updated

- libgnutls30-3.7.3-150400.4.10.1 updated

- libgnutls30-hmac-3.7.3-150400.4.10.1 updated

- container:sles15-image-15.0.0-31.9 updated

Severity
Container Advisory ID : SUSE-CU-2022:2015-1
Container Tags : suse/sles/15.4/cdi-uploadserver:1.43.0 , suse/sles/15.4/cdi-uploadserver:1.43.0-150400.2.4 , suse/sles/15.4/cdi-uploadserver:1.43.0.16.17
Container Release : 16.17
Severity : important
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.