SUSE Container Update Advisory: suse/sles/15.4/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2274-1 Container Tags : suse/sles/15.4/virt-controller:0.49.0 , suse/sles/15.4/virt-controller:0.49.0-150400.1.37 , suse/sles/15.4/virt-controller:0.49.0.16.26 Container Release : 16.26 Severity : important Type : security References : 1197178 1198731 1198752 1200800 1202175 1202310 1202593 CVE-2022-35252 CVE-2022-37434 ----------------------------------------------------------------- The container suse/sles/15.4/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.11.1 updated - libuuid1-2.37.2-150400.8.3.1 updated - libsmartcols1-2.37.2-150400.8.3.1 updated - libblkid1-2.37.2-150400.8.3.1 updated - libfdisk1-2.37.2-150400.8.3.1 updated - libz1-1.2.11-150000.3.33.1 updated - libmount1-2.37.2-150400.8.3.1 updated - libtirpc3-1.2.6-150300.3.11.1 updated - sles-release-15.5-150500.10.2 updated - libcurl4-7.79.1-150400.5.6.1 updated - util-linux-2.37.2-150400.8.3.1 updated - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-31.13 updated