SUSE: 2022:2280-1 suse/sles/15.4/libguestfs-tools Security Update |...

What Are You Looking For?

Popular Tags

Contribute
SUSE Container Update Advisory: suse/sles/15.4/libguestfs-tools
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2280-1
Container Tags        : suse/sles/15.4/libguestfs-tools:0.49.0 , suse/sles/15.4/libguestfs-tools:0.49.0-150400.1.37 , suse/sles/15.4/libguestfs-tools:0.49.0.16.26
Container Release     : 16.26
Severity              : important
Type                  : security
References            : 1181475 1185882 1187365 1194557 1197178 1198405 1198709 1198731
                        1198752 1198925 1199093 1199895 1200800 1200993 1201092 1201551
                        1201576 1201638 1201975 1202011 1202175 1202310 1202593 CVE-2021-3593
                        CVE-2022-24795 CVE-2022-35252 CVE-2022-37434 
-----------------------------------------------------------------

The container suse/sles/15.4/libguestfs-tools was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released:    Mon Aug 29 11:21:47 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1202310
This update for timezone fixes the following issue:

- Reflect new Chile DST change (bsc#1202310)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2941-1
Released:    Tue Aug 30 10:51:09 2022
Summary:     Security update for libslirp
Type:        security
Severity:    moderate
References:  1187365,1201551,CVE-2021-3593
This update for libslirp fixes the following issues:

- CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365).

Non-security fixes:

- Fix the version header (bsc#1201551)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released:    Wed Aug 31 05:39:14 2022
Summary:     Recommended update for procps
Type:        recommended
Severity:    important
References:  1181475
This update for procps fixes the following issues:

- Fix 'free' command reporting misleading 'used' value (bsc#1181475)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released:    Wed Aug 31 09:16:21 2022
Summary:     Security update for zlib
Type:        security
Severity:    important
References:  1202175,CVE-2022-37434
This update for zlib fixes the following issues:

- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2973-1
Released:    Thu Sep  1 11:37:02 2022
Summary:     Recommended update for dracut
Type:        recommended
Severity:    important
References:  1198709,1201975
This update for dracut fixes the following issues:

- Include fixes to make network-manager module work properly with dracut (bsc#1201975)
- Add auto timeout to wicked DHCP test (bsc#1198709)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released:    Thu Sep  1 12:30:19 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1197178,1198731
This update for util-linux fixes the following issues:

- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released:    Fri Sep  2 10:44:54 2022
Summary:     Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type:        recommended
Severity:    moderate
References:  1198925

This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)

No codechanges were done in this update.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released:    Fri Sep  2 15:01:44 2022
Summary:     Security update for curl
Type:        security
Severity:    low
References:  1202593,CVE-2022-35252
This update for curl fixes the following issues:

- CVE-2022-35252: Fixed a potential injection of control characters
  into cookies, which could be exploited by sister sites to cause a
  denial of service (bsc#1202593).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3118-1
Released:    Tue Sep  6 15:43:53 2022
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1202011
This update for lvm2 fixes the following issues:

- Do not use udev for device listing or device information (bsc#1202011)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released:    Wed Sep  7 04:36:10 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1198752,1200800
This update for libtirpc fixes the following issues:

- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3162-1
Released:    Wed Sep  7 15:07:31 2022
Summary:     Security update for libyajl
Type:        security
Severity:    moderate
References:  1198405,CVE-2022-24795
This update for libyajl fixes the following issues:

- CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3219-1
Released:    Thu Sep  8 21:15:24 2022
Summary:     Recommended update for sysconfig
Type:        recommended
Severity:    moderate
References:  1185882,1194557,1199093
This update for sysconfig fixes the following issues:

- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- netconfig: revert NM default policy change change (bsc#1185882)
  With the change to the default policy, netconfig with NetworkManager
  as network.service accepted settings from all services/programs
  directly instead only from NetworkManager, where plugins/services
  have to deliver their settings to apply them.
- Also support service(network) provides
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3220-1
Released:    Fri Sep  9 04:30:52 2022
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1199895,1200993,1201092,1201576,1201638
This update for libzypp, zypper fixes the following issues:

libzypp:

- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test
  the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.

zypper:

- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
- Reject install/remove modifier without argument (bsc#1201576)
- zypper-download: Handle unresolvable arguments as errors
- Put signing key supplying repository name in quotes


The following package changes have been done:

- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- procps-3.3.15-150000.7.25.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- libzypp-17.31.0-150400.3.6.1 updated
- zypper-1.14.55-150400.3.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- curl-7.79.1-150400.5.6.1 updated
- btrfsprogs-udev-rules-5.14-150500.8.2 updated
- libdevmapper1_03-1.02.163-150400.17.3.1 updated
- libnettle8-3.8.1-150500.1.4 updated
- libslirp0-4.3.1-150300.11.1 updated
- libyajl2-2.1.0-150000.4.3.1 updated
- libxcb1-1.13-150000.3.9.1 updated
- libhogweed6-3.8.1-150500.1.4 updated
- btrfsprogs-5.14-150500.8.2 updated
- libmpath0-0.9.1+52+suse.be8809e-150500.1.1 updated
- libblkid-devel-2.37.2-150400.8.3.1 updated
- zlib-devel-1.2.11-150000.3.33.1 updated
- util-linux-systemd-2.37.2-150400.8.3.1 updated
- sysconfig-0.85.9-150200.12.1 updated
- sysconfig-netconfig-0.85.9-150200.12.1 updated
- dracut-mkinitrd-deprecated-055+suse.294.gc5bc4bb5-150400.3.8.1 updated
- dracut-055+suse.294.gc5bc4bb5-150400.3.8.1 updated
- dracut-fips-055+suse.294.gc5bc4bb5-150400.3.8.1 updated
- libmount-devel-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-31.13 updated

SUSE: 2022:2280-1 suse/sles/15.4/libguestfs-tools Security Update

September 16, 2022
The container suse/sles/15.4/libguestfs-tools was updated

Summary

Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2941-1 Released: Tue Aug 30 10:51:09 2022 Summary: Security update for libslirp Type: security Severity: moderate Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important Advisory ID: SUSE-RU-2022:2973-1 Released: Thu Sep 1 11:37:02 2022 Summary: Recommended update for dracut Type: recommended Severity: important Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low Advisory ID: SUSE-RU-2022:3118-1 Released: Tue Sep 6 15:43:53 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3162-1 Released: Wed Sep 7 15:07:31 2022 Summary: Security update for libyajl Type: security Severity: moderate Advisory ID: SUSE-RU-2022:3219-1 Released: Thu Sep 8 21:15:24 2022 Summary: Recommended update for sysconfig Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3220-1 Released: Fri Sep 9 04:30:52 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate

References

References : 1181475 1185882 1187365 1194557 1197178 1198405 1198709 1198731

1198752 1198925 1199093 1199895 1200800 1200993 1201092 1201551

1201576 1201638 1201975 1202011 1202175 1202310 1202593 CVE-2021-3593

CVE-2022-24795 CVE-2022-35252 CVE-2022-37434

1202310

This update for timezone fixes the following issue:

- Reflect new Chile DST change (bsc#1202310)

1187365,1201551,CVE-2021-3593

This update for libslirp fixes the following issues:

- CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365).

Non-security fixes:

- Fix the version header (bsc#1201551)

1181475

This update for procps fixes the following issues:

- Fix 'free' command reporting misleading 'used' value (bsc#1181475)

1202175,CVE-2022-37434

This update for zlib fixes the following issues:

- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).

1198709,1201975

This update for dracut fixes the following issues:

- Include fixes to make network-manager module work properly with dracut (bsc#1201975)

- Add auto timeout to wicked DHCP test (bsc#1198709)

1197178,1198731

This update for util-linux fixes the following issues:

- agetty: Resolve tty name even if stdin is specified (bsc#1197178)

- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)

1198925

This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)

No codechanges were done in this update.

1202593,CVE-2022-35252

This update for curl fixes the following issues:

- CVE-2022-35252: Fixed a potential injection of control characters

into cookies, which could be exploited by sister sites to cause a

denial of service (bsc#1202593).

1202011

This update for lvm2 fixes the following issues:

- Do not use udev for device listing or device information (bsc#1202011)

1198752,1200800

This update for libtirpc fixes the following issues:

- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)

- Fix memory leak in params.r_addr assignement (bsc#1198752)

1198405,CVE-2022-24795

This update for libyajl fixes the following issues:

- CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).

1185882,1194557,1199093

This update for sysconfig fixes the following issues:

- netconfig: remove sed dependency

- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)

- netconfig: cleanup /var/run leftovers (bsc#1194557)

- netconfig: update ntp man page documentation, fix typos

- netconfig: revert NM default policy change change (bsc#1185882)

With the change to the default policy, netconfig with NetworkManager

as network.service accepted settings from all services/programs

directly instead only from NetworkManager, where plugins/services

have to deliver their settings to apply them.

- Also support service(network) provides

1199895,1200993,1201092,1201576,1201638

This update for libzypp, zypper fixes the following issues:

libzypp:

- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)

- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)

- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)

- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test

the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.

zypper:

- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)

- Reject install/remove modifier without argument (bsc#1201576)

- zypper-download: Handle unresolvable arguments as errors

- Put signing key supplying repository name in quotes

The following package changes have been done:

- libtirpc-netconfig-1.2.6-150300.3.11.1 updated

- libuuid1-2.37.2-150400.8.3.1 updated

- libsmartcols1-2.37.2-150400.8.3.1 updated

- libblkid1-2.37.2-150400.8.3.1 updated

- libfdisk1-2.37.2-150400.8.3.1 updated

- libz1-1.2.11-150000.3.33.1 updated

- libmount1-2.37.2-150400.8.3.1 updated

- libprocps7-3.3.15-150000.7.25.1 updated

- procps-3.3.15-150000.7.25.1 updated

- libtirpc3-1.2.6-150300.3.11.1 updated

- sles-release-15.5-150500.10.2 updated

- libcurl4-7.79.1-150400.5.6.1 updated

- libzypp-17.31.0-150400.3.6.1 updated

- zypper-1.14.55-150400.3.6.1 updated

- util-linux-2.37.2-150400.8.3.1 updated

- timezone-2022a-150000.75.10.1 updated

- curl-7.79.1-150400.5.6.1 updated

- btrfsprogs-udev-rules-5.14-150500.8.2 updated

- libdevmapper1_03-1.02.163-150400.17.3.1 updated

- libnettle8-3.8.1-150500.1.4 updated

- libslirp0-4.3.1-150300.11.1 updated

- libyajl2-2.1.0-150000.4.3.1 updated

- libxcb1-1.13-150000.3.9.1 updated

- libhogweed6-3.8.1-150500.1.4 updated

- btrfsprogs-5.14-150500.8.2 updated

- libmpath0-0.9.1+52+suse.be8809e-150500.1.1 updated

- libblkid-devel-2.37.2-150400.8.3.1 updated

- zlib-devel-1.2.11-150000.3.33.1 updated

- util-linux-systemd-2.37.2-150400.8.3.1 updated

- sysconfig-0.85.9-150200.12.1 updated

- sysconfig-netconfig-0.85.9-150200.12.1 updated

- dracut-mkinitrd-deprecated-055+suse.294.gc5bc4bb5-150400.3.8.1 updated

- dracut-055+suse.294.gc5bc4bb5-150400.3.8.1 updated

- dracut-fips-055+suse.294.gc5bc4bb5-150400.3.8.1 updated

- libmount-devel-2.37.2-150400.8.3.1 updated

- container:sles15-image-15.0.0-31.13 updated

Severity
Container Advisory ID : SUSE-CU-2022:2280-1
Container Tags : suse/sles/15.4/libguestfs-tools:0.49.0 , suse/sles/15.4/libguestfs-tools:0.49.0-150400.1.37 , suse/sles/15.4/libguestfs-tools:0.49.0.16.26
Container Release : 16.26
Severity : important
Type : security

Related News

GitHub Publishes RSA SSH Host Keys by Mistake, Issues Update

Patches Updated For Hooking eBPF Programs Into The Linux Kernel Scheduler

Tails 5.9 Fixes Numerous Bugs and Enhances Security Measures

AWS Plugs Holes in ECR APIs

News

Advisories

HOWTOs

Features

Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy