SUSE: 2022:2730-1 suse/manager/4.3/proxy-ssh Security Update | Linu...
SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2730-1
Container Tags        : suse/manager/4.3/proxy-ssh:4.3.2 , suse/manager/4.3/proxy-ssh:4.3.2.9.9.1 , suse/manager/4.3/proxy-ssh:latest
Container Release     : 9.9.1
Severity              : important
Type                  : security
References            : 1047178 1121365 1180995 1182983 1189802 1190651 1190653 1190700
                        1190888 1191020 1193859 1195773 1198471 1198472 1198752 1199140
                        1199492 1200800 1201293 1201680 1201783 1201942 1202117 1202148
                        1202624 1202870 1203018 1203046 1203069 1203438 1204366 1204367
                        CVE-2017-6512 CVE-2021-28861 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252
                        CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 
-----------------------------------------------------------------

The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2796-1
Released:    Fri Aug 12 14:34:31 2022
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  
This update for jitterentropy fixes the following issues:

jitterentropy is included in version 3.4.0 (jsc#SLE-24941):

This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, 
used by other FIPS libraries.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released:    Wed Sep  7 04:36:10 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1198752,1200800
This update for libtirpc fixes the following issues:

- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released:    Tue Sep 13 15:34:29 2022
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1199140

This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released:    Wed Sep 14 06:45:39 2022
Summary:     Security update for perl
Type:        security
Severity:    moderate
References:  1047178,CVE-2017-6512
This update for perl fixes the following issues:

- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released:    Mon Sep 19 11:45:57 2022
Summary:     Security update for libtirpc
Type:        security
Severity:    important
References:  1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:

- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released:    Mon Sep 19 13:26:51 2022
Summary:     Security update for sqlite3
Type:        security
Severity:    moderate
References:  1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:

- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
  
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3328-1
Released:    Wed Sep 21 12:48:56 2022
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  1202870
This update for jitterentropy fixes the following issues:

- Hide the non-GNUC constructs that are library internal from the 
  exported header, to make it usable in builds with strict C99
  compliance. (bsc#1202870)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released:    Fri Sep 23 15:23:40 2022
Summary:     Security update for permissions
Type:        security
Severity:    moderate
References:  1203018,CVE-2022-31252
This update for permissions fixes the following issues:

- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3452-1
Released:    Wed Sep 28 12:13:43 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1201942
This update for glibc fixes the following issues:

- Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942)
- powerpc: Optimized memcmp for power10 (jsc#PED-987)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3489-1
Released:    Sat Oct  1 13:35:24 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1203438,CVE-2022-40674
This update for expat fixes the following issues:

- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3544-1
Released:    Thu Oct  6 13:48:42 2022
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1202624,CVE-2021-28861
This update for python3 fixes the following issues:

- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3551-1
Released:    Fri Oct  7 17:03:55 2022
Summary:     Recommended update for libgcrypt
Type:        recommended
Severity:    moderate
References:  1182983,1190700,1191020,1202117
This update for libgcrypt fixes the following issues:

- FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while
  typing Tab key to Auto-Completion. [bsc#1182983]

- FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]

  * Enable the jitter based entropy generator by default in random.conf
  * Update the internal jitterentropy to version 3.4.0

- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]

  * Consider approved keylength greater or equal to 112 bits.

- FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3555-1
Released:    Mon Oct 10 14:05:12 2022
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    important
References:  1199492
This update for aaa_base fixes the following issues:

- The wrapper rootsh is not a restricted shell. (bsc#1199492)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3663-1
Released:    Wed Oct 19 19:05:21 2022
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069
This update for openssl-1_1 fixes the following issues:

- FIPS: Default to RFC-7919 groups for genparam and dhparam
- FIPS: list only FIPS approved digest and public key algorithms
  [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472]
- FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069]
- FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293]
  * The FIPS_drbg implementation is not FIPS validated anymore. To
    provide backwards compatibility for applications that need FIPS
    compliant RNG number generation and use FIPS_drbg_generate,
    this function was re-wired to call the FIPS validated DRBG
    instance instead through the RAND_bytes() call.
- FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046]
- FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941]
  libcrypto.so now requires libjitterentropy3 library.
- FIPS: OpenSSL Provide a service-level indicator [bsc#1190651]
- FIPS: Add zeroization of temporary variables to the hmac integrity
  function FIPSCHECK_verify(). [bsc#1190653]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3692-1
Released:    Fri Oct 21 16:15:07 2022
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1204366,1204367,CVE-2022-40303,CVE-2022-40304
This update for libxml2 fixes the following issues:

  - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
  - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).


The following package changes have been done:

- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- glibc-2.31-150300.41.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libgcrypt20-1.9.4-150400.6.5.1 updated
- libgcrypt20-hmac-1.9.4-150400.6.5.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libjitterentropy3-3.4.0-150000.1.6.1 added
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libxml2-2-2.9.14-150400.5.10.1 updated
- libopenssl1_1-1.1.1l-150400.7.10.5 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.10.5 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- permissions-20201225-150400.5.11.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated
- libexpat1-2.4.4-150400.3.9.1 updated
- libpython3_6m1_0-3.6.15-150300.10.30.1 updated
- python3-base-3.6.15-150300.10.30.1 updated
- python3-3.6.15-150300.10.30.1 updated

SUSE: 2022:2730-1 suse/manager/4.3/proxy-ssh Security Update

October 26, 2022
The container suse/manager/4.3/proxy-ssh was updated

Summary

Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important

References

References : 1047178 1121365 1180995 1182983 1189802 1190651 1190653 1190700

1190888 1191020 1193859 1195773 1198471 1198472 1198752 1199140

1199492 1200800 1201293 1201680 1201783 1201942 1202117 1202148

1202624 1202870 1203018 1203046 1203069 1203438 1204366 1204367

CVE-2017-6512 CVE-2021-28861 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252

CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674

This update for jitterentropy fixes the following issues:

jitterentropy is included in version 3.4.0 (jsc#SLE-24941):

This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library,

used by other FIPS libraries.

1198752,1200800

This update for libtirpc fixes the following issues:

- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)

- Fix memory leak in params.r_addr assignement (bsc#1198752)

1199140

This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)

1047178,CVE-2017-6512

This update for perl fixes the following issues:

- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).

1201680,CVE-2021-46828

This update for libtirpc fixes the following issues:

- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).

1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737

This update for sqlite3 fixes the following issues:

- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).

- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).

- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).

1202870

This update for jitterentropy fixes the following issues:

- Hide the non-GNUC constructs that are library internal from the

exported header, to make it usable in builds with strict C99

compliance. (bsc#1202870)

1203018,CVE-2022-31252

This update for permissions fixes the following issues:

- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).

1201942

This update for glibc fixes the following issues:

- Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942)

- powerpc: Optimized memcmp for power10 (jsc#PED-987)

1203438,CVE-2022-40674

This update for expat fixes the following issues:

- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).

1202624,CVE-2021-28861

This update for python3 fixes the following issues:

- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).

1182983,1190700,1191020,1202117

This update for libgcrypt fixes the following issues:

- FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while

typing Tab key to Auto-Completion. [bsc#1182983]

- FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]

* Enable the jitter based entropy generator by default in random.conf

* Update the internal jitterentropy to version 3.4.0

- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]

- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]

* Consider approved keylength greater or equal to 112 bits.

- FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020]

1199492

This update for aaa_base fixes the following issues:

- The wrapper rootsh is not a restricted shell. (bsc#1199492)

1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069

This update for openssl-1_1 fixes the following issues:

- FIPS: Default to RFC-7919 groups for genparam and dhparam

- FIPS: list only FIPS approved digest and public key algorithms

[bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472]

- FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069]

- FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293]

* The FIPS_drbg implementation is not FIPS validated anymore. To

provide backwards compatibility for applications that need FIPS

compliant RNG number generation and use FIPS_drbg_generate,

this function was re-wired to call the FIPS validated DRBG

instance instead through the RAND_bytes() call.

- FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046]

- FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941]

libcrypto.so now requires libjitterentropy3 library.

- FIPS: OpenSSL Provide a service-level indicator [bsc#1190651]

- FIPS: Add zeroization of temporary variables to the hmac integrity

function FIPSCHECK_verify(). [bsc#1190653]

1204366,1204367,CVE-2022-40303,CVE-2022-40304

This update for libxml2 fixes the following issues:

- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).

- CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).

The following package changes have been done:

- libtirpc-netconfig-1.2.6-150300.3.14.1 updated

- glibc-2.31-150300.41.1 updated

- perl-base-5.26.1-150300.17.11.1 updated

- libgcrypt20-1.9.4-150400.6.5.1 updated

- libgcrypt20-hmac-1.9.4-150400.6.5.1 updated

- libsqlite3-0-3.39.3-150000.3.17.1 updated

- libjitterentropy3-3.4.0-150000.1.6.1 added

- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated

- libstdc++6-11.3.0+git1637-150000.1.11.2 updated

- libxml2-2-2.9.14-150400.5.10.1 updated

- libopenssl1_1-1.1.1l-150400.7.10.5 updated

- libopenssl1_1-hmac-1.1.1l-150400.7.10.5 updated

- libtirpc3-1.2.6-150300.3.14.1 updated

- permissions-20201225-150400.5.11.1 updated

- aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated

- libexpat1-2.4.4-150400.3.9.1 updated

- libpython3_6m1_0-3.6.15-150300.10.30.1 updated

- python3-base-3.6.15-150300.10.30.1 updated

- python3-3.6.15-150300.10.30.1 updated

Severity
Container Advisory ID : SUSE-CU-2022:2730-1
Container Tags : suse/manager/4.3/proxy-ssh:4.3.2 , suse/manager/4.3/proxy-ssh:4.3.2.9.9.1 , suse/manager/4.3/proxy-ssh:latest
Container Release : 9.9.1
Severity : important
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.