SUSE: 2022:2725-1 bci/python Security Update | LinuxSecurity.com
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2725-1
Container Tags        : bci/python:3 , bci/python:3.6 , bci/python:3.6-30.5
Container Release     : 30.5
Severity              : important
Type                  : security
References            : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020
                        1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870
                        1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304
-----------------------------------------------------------------

The container bci/python was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2796-1
Released:    Fri Aug 12 14:34:31 2022
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  
This update for jitterentropy fixes the following issues:

jitterentropy is included in version 3.4.0 (jsc#SLE-24941):

This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, 
used by other FIPS libraries.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3328-1
Released:    Wed Sep 21 12:48:56 2022
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  1202870
This update for jitterentropy fixes the following issues:

- Hide the non-GNUC constructs that are library internal from the 
  exported header, to make it usable in builds with strict C99
  compliance. (bsc#1202870)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3551-1
Released:    Fri Oct  7 17:03:55 2022
Summary:     Recommended update for libgcrypt
Type:        recommended
Severity:    moderate
References:  1182983,1190700,1191020,1202117
This update for libgcrypt fixes the following issues:

- FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while
  typing Tab key to Auto-Completion. [bsc#1182983]

- FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]

  * Enable the jitter based entropy generator by default in random.conf
  * Update the internal jitterentropy to version 3.4.0

- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]

  * Consider approved keylength greater or equal to 112 bits.

- FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3555-1
Released:    Mon Oct 10 14:05:12 2022
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    important
References:  1199492
This update for aaa_base fixes the following issues:

- The wrapper rootsh is not a restricted shell. (bsc#1199492)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3663-1
Released:    Wed Oct 19 19:05:21 2022
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069
This update for openssl-1_1 fixes the following issues:

- FIPS: Default to RFC-7919 groups for genparam and dhparam
- FIPS: list only FIPS approved digest and public key algorithms
  [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472]
- FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069]
- FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293]
  * The FIPS_drbg implementation is not FIPS validated anymore. To
    provide backwards compatibility for applications that need FIPS
    compliant RNG number generation and use FIPS_drbg_generate,
    this function was re-wired to call the FIPS validated DRBG
    instance instead through the RAND_bytes() call.
- FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046]
- FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941]
  libcrypto.so now requires libjitterentropy3 library.
- FIPS: OpenSSL Provide a service-level indicator [bsc#1190651]
- FIPS: Add zeroization of temporary variables to the hmac integrity
  function FIPSCHECK_verify(). [bsc#1190653]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3692-1
Released:    Fri Oct 21 16:15:07 2022
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1204366,1204367,CVE-2022-40303,CVE-2022-40304
This update for libxml2 fixes the following issues:

  - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
  - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).


The following package changes have been done:

- file-magic-5.32-7.14.1 added
- system-user-root-20190513-3.3.1 added
- filesystem-15.0-11.8.1 added
- cracklib-dict-small-2.9.7-11.6.1 added
- libldap-data-2.4.46-150200.14.11.2 added
- libtirpc-netconfig-1.2.6-150300.3.14.1 added
- glibc-2.31-150300.41.1 added
- libsasl2-3-2.1.27-150300.4.6.1 added
- libcrypt1-4.4.15-150300.4.4.3 added
- perl-base-5.26.1-150300.17.11.1 added
- libssh-config-0.9.6-150400.1.5 added
- libzstd1-1.5.0-150400.1.71 added
- libsepol1-3.1-150400.1.70 added
- liblz4-1-1.9.3-150400.1.7 added
- libgpg-error0-1.42-150400.1.101 added
- libeconf0-0.4.4+git20220104.962774f-150400.1.38 added
- libcap2-2.63-150400.1.7 added
- libbz2-1-1.0.8-150400.1.122 added
- libaudit1-3.0.6-150400.2.13 added
- libnghttp2-14-1.40.0-6.1 added
- libbrotlicommon1-1.0.7-3.3.1 added
- libbrotlidec1-1.0.7-3.3.1 added
- libuuid1-2.37.2-150400.8.3.1 added
- libudev1-249.12-150400.8.10.1 added
- libsmartcols1-2.37.2-150400.8.3.1 added
- libcom_err2-1.46.4-150400.3.3.1 added
- libblkid1-2.37.2-150400.8.3.1 added
- libgcrypt20-1.9.4-150400.6.5.1 added
- libgcrypt20-hmac-1.9.4-150400.6.5.1 added
- libfdisk1-2.37.2-150400.8.3.1 added
- libcap-ng0-0.7.9-4.37 added
- libunistring2-0.9.10-1.1 added
- libz1-1.2.11-150000.3.33.1 added
- libsqlite3-0-3.39.3-150000.3.17.1 added
- libpcre1-8.45-150000.20.13.1 added
- liblzma5-5.2.3-150000.4.7.1 added
- liblua5_3-5-5.3.6-3.6.1 added
- libkeyutils1-1.6.3-5.6.1 added
- libjitterentropy3-3.4.0-150000.1.6.1 added
- libgmp10-6.1.2-4.9.1 added
- libgcc_s1-11.3.0+git1637-150000.1.11.2 added
- libidn2-0-2.2.0-3.6.1 added
- libmagic1-5.32-7.14.1 added
- libstdc++6-11.3.0+git1637-150000.1.11.2 added
- libpsl5-0.20.1-150000.3.3.1 added
- libncurses6-6.1-150000.5.12.1 added
- terminfo-base-6.1-150000.5.12.1 added
- ncurses-utils-6.1-150000.5.12.1 added
- libverto1-0.2.6-3.20 added
- libpopt0-1.16-3.22 added
- libattr1-2.4.47-2.19 added
- fillup-1.42-2.18 added
- libzio1-1.06-2.20 added
- libselinux1-3.1-150400.1.69 added
- libreadline7-7.0-150400.25.22 added
- libsemanage1-3.1-150400.1.65 added
- bash-4.4-150400.25.22 added
- bash-sh-4.4-150400.25.22 added
- login_defs-4.8.1-150400.8.57 added
- cpio-2.13-150400.1.98 added
- libelf1-0.185-150400.5.3.1 added
- libxml2-2-2.9.14-150400.5.10.1 added
- libsystemd0-249.12-150400.8.10.1 added
- libopenssl1_1-1.1.1l-150400.7.10.5 added
- libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added
- libmount1-2.37.2-150400.8.3.1 added
- libdw1-0.185-150400.5.3.1 added
- libcrack2-2.9.7-11.6.1 added
- cracklib-2.9.7-11.6.1 added
- libldap-2_4-2-2.4.46-150200.14.11.2 added
- libacl1-2.2.52-4.3.1 added
- findutils-4.8.0-1.20 added
- info-6.5-4.17 added
- patterns-base-fips-20200124-150400.18.4 added
- krb5-1.19.2-150400.1.9 added
- coreutils-8.32-150400.7.5 added
- libssh4-0.9.6-150400.1.5 added
- sles-release-15.4-150400.55.1 added
- sed-4.4-11.6 added
- grep-3.1-150000.4.6.1 added
- diffutils-3.6-4.3.1 added
- libtirpc3-1.2.6-150300.3.14.1 added
- libcurl4-7.79.1-150400.5.6.1 added
- rpm-config-SUSE-1-150400.14.3.1 added
- permissions-20201225-150400.5.11.1 added
- libnsl2-1.2.0-2.44 added
- rpm-ndb-4.14.3-150300.49.1 added
- pam-1.3.0-150000.6.58.3 added
- shadow-4.8.1-150400.8.57 added
- sysuser-shadow-3.1-150400.1.35 added
- system-group-hardware-20170617-150400.22.33 added
- libutempter0-1.1.6-3.42 added
- util-linux-2.37.2-150400.8.3.1 added
- aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added
- libtasn1-6-4.13-4.5.1 added
- libtasn1-4.13-4.5.1 added
- timezone-2022a-150000.75.10.1 added
- curl-7.79.1-150400.5.6.1 added
- libffi7-3.2.1.git259-10.8 added
- crypto-policies-20210917.c9d86d1-150400.1.7 added
- libp11-kit0-0.23.22-150400.1.10 added
- p11-kit-0.23.22-150400.1.10 added
- p11-kit-tools-0.23.22-150400.1.10 added
- openssl-1_1-1.1.1l-150400.7.10.5 added
- ca-certificates-2+git20210309.21162a6-2.1 added
- container:sles15-image-15.0.0-27.14.5 updated

SUSE: 2022:2725-1 bci/python Security Update

October 26, 2022
The container bci/python was updated

Summary

Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important

References

References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020

1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870

1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304

This update for jitterentropy fixes the following issues:

jitterentropy is included in version 3.4.0 (jsc#SLE-24941):

This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library,

used by other FIPS libraries.

1202870

This update for jitterentropy fixes the following issues:

- Hide the non-GNUC constructs that are library internal from the

exported header, to make it usable in builds with strict C99

compliance. (bsc#1202870)

1182983,1190700,1191020,1202117

This update for libgcrypt fixes the following issues:

- FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while

typing Tab key to Auto-Completion. [bsc#1182983]

- FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]

* Enable the jitter based entropy generator by default in random.conf

* Update the internal jitterentropy to version 3.4.0

- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]

- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]

* Consider approved keylength greater or equal to 112 bits.

- FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020]

1199492

This update for aaa_base fixes the following issues:

- The wrapper rootsh is not a restricted shell. (bsc#1199492)

1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069

This update for openssl-1_1 fixes the following issues:

- FIPS: Default to RFC-7919 groups for genparam and dhparam

- FIPS: list only FIPS approved digest and public key algorithms

[bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472]

- FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069]

- FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293]

* The FIPS_drbg implementation is not FIPS validated anymore. To

provide backwards compatibility for applications that need FIPS

compliant RNG number generation and use FIPS_drbg_generate,

this function was re-wired to call the FIPS validated DRBG

instance instead through the RAND_bytes() call.

- FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046]

- FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941]

libcrypto.so now requires libjitterentropy3 library.

- FIPS: OpenSSL Provide a service-level indicator [bsc#1190651]

- FIPS: Add zeroization of temporary variables to the hmac integrity

function FIPSCHECK_verify(). [bsc#1190653]

1204366,1204367,CVE-2022-40303,CVE-2022-40304

This update for libxml2 fixes the following issues:

- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).

- CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).

The following package changes have been done:

- file-magic-5.32-7.14.1 added

- system-user-root-20190513-3.3.1 added

- filesystem-15.0-11.8.1 added

- cracklib-dict-small-2.9.7-11.6.1 added

- libldap-data-2.4.46-150200.14.11.2 added

- libtirpc-netconfig-1.2.6-150300.3.14.1 added

- glibc-2.31-150300.41.1 added

- libsasl2-3-2.1.27-150300.4.6.1 added

- libcrypt1-4.4.15-150300.4.4.3 added

- perl-base-5.26.1-150300.17.11.1 added

- libssh-config-0.9.6-150400.1.5 added

- libzstd1-1.5.0-150400.1.71 added

- libsepol1-3.1-150400.1.70 added

- liblz4-1-1.9.3-150400.1.7 added

- libgpg-error0-1.42-150400.1.101 added

- libeconf0-0.4.4+git20220104.962774f-150400.1.38 added

- libcap2-2.63-150400.1.7 added

- libbz2-1-1.0.8-150400.1.122 added

- libaudit1-3.0.6-150400.2.13 added

- libnghttp2-14-1.40.0-6.1 added

- libbrotlicommon1-1.0.7-3.3.1 added

- libbrotlidec1-1.0.7-3.3.1 added

- libuuid1-2.37.2-150400.8.3.1 added

- libudev1-249.12-150400.8.10.1 added

- libsmartcols1-2.37.2-150400.8.3.1 added

- libcom_err2-1.46.4-150400.3.3.1 added

- libblkid1-2.37.2-150400.8.3.1 added

- libgcrypt20-1.9.4-150400.6.5.1 added

- libgcrypt20-hmac-1.9.4-150400.6.5.1 added

- libfdisk1-2.37.2-150400.8.3.1 added

- libcap-ng0-0.7.9-4.37 added

- libunistring2-0.9.10-1.1 added

- libz1-1.2.11-150000.3.33.1 added

- libsqlite3-0-3.39.3-150000.3.17.1 added

- libpcre1-8.45-150000.20.13.1 added

- liblzma5-5.2.3-150000.4.7.1 added

- liblua5_3-5-5.3.6-3.6.1 added

- libkeyutils1-1.6.3-5.6.1 added

- libjitterentropy3-3.4.0-150000.1.6.1 added

- libgmp10-6.1.2-4.9.1 added

- libgcc_s1-11.3.0+git1637-150000.1.11.2 added

- libidn2-0-2.2.0-3.6.1 added

- libmagic1-5.32-7.14.1 added

- libstdc++6-11.3.0+git1637-150000.1.11.2 added

- libpsl5-0.20.1-150000.3.3.1 added

- libncurses6-6.1-150000.5.12.1 added

- terminfo-base-6.1-150000.5.12.1 added

- ncurses-utils-6.1-150000.5.12.1 added

- libverto1-0.2.6-3.20 added

- libpopt0-1.16-3.22 added

- libattr1-2.4.47-2.19 added

- fillup-1.42-2.18 added

- libzio1-1.06-2.20 added

- libselinux1-3.1-150400.1.69 added

- libreadline7-7.0-150400.25.22 added

- libsemanage1-3.1-150400.1.65 added

- bash-4.4-150400.25.22 added

- bash-sh-4.4-150400.25.22 added

- login_defs-4.8.1-150400.8.57 added

- cpio-2.13-150400.1.98 added

- libelf1-0.185-150400.5.3.1 added

- libxml2-2-2.9.14-150400.5.10.1 added

- libsystemd0-249.12-150400.8.10.1 added

- libopenssl1_1-1.1.1l-150400.7.10.5 added

- libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added

- libmount1-2.37.2-150400.8.3.1 added

- libdw1-0.185-150400.5.3.1 added

- libcrack2-2.9.7-11.6.1 added

- cracklib-2.9.7-11.6.1 added

- libldap-2_4-2-2.4.46-150200.14.11.2 added

- libacl1-2.2.52-4.3.1 added

- findutils-4.8.0-1.20 added

- info-6.5-4.17 added

- patterns-base-fips-20200124-150400.18.4 added

- krb5-1.19.2-150400.1.9 added

- coreutils-8.32-150400.7.5 added

- libssh4-0.9.6-150400.1.5 added

- sles-release-15.4-150400.55.1 added

- sed-4.4-11.6 added

- grep-3.1-150000.4.6.1 added

- diffutils-3.6-4.3.1 added

- libtirpc3-1.2.6-150300.3.14.1 added

- libcurl4-7.79.1-150400.5.6.1 added

- rpm-config-SUSE-1-150400.14.3.1 added

- permissions-20201225-150400.5.11.1 added

- libnsl2-1.2.0-2.44 added

- rpm-ndb-4.14.3-150300.49.1 added

- pam-1.3.0-150000.6.58.3 added

- shadow-4.8.1-150400.8.57 added

- sysuser-shadow-3.1-150400.1.35 added

- system-group-hardware-20170617-150400.22.33 added

- libutempter0-1.1.6-3.42 added

- util-linux-2.37.2-150400.8.3.1 added

- aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added

- libtasn1-6-4.13-4.5.1 added

- libtasn1-4.13-4.5.1 added

- timezone-2022a-150000.75.10.1 added

- curl-7.79.1-150400.5.6.1 added

- libffi7-3.2.1.git259-10.8 added

- crypto-policies-20210917.c9d86d1-150400.1.7 added

- libp11-kit0-0.23.22-150400.1.10 added

- p11-kit-0.23.22-150400.1.10 added

- p11-kit-tools-0.23.22-150400.1.10 added

- openssl-1_1-1.1.1l-150400.7.10.5 added

- ca-certificates-2+git20210309.21162a6-2.1 added

- container:sles15-image-15.0.0-27.14.5 updated

Severity
Container Advisory ID : SUSE-CU-2022:2725-1
Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-30.5
Container Release : 30.5
Severity : important
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.