SUSE: 2022:2955-1 suse/manager/4.3/proxy-httpd Security Update | Li...

What Are You Looking For?

Popular Tags

Contribute
SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2955-1
Container Tags        : suse/manager/4.3/proxy-httpd:4.3.2 , suse/manager/4.3/proxy-httpd:4.3.2.9.10.8 , suse/manager/4.3/proxy-httpd:latest
Container Release     : 9.10.8
Severity              : important
Type                  : security
References            : 1087072 1190651 1194047 1202148 1203911 1204111 1204112 1204113
                        1204383 1204386 1204708 CVE-2022-32221 CVE-2022-42010 CVE-2022-42011
                        CVE-2022-42012 CVE-2022-42916 CVE-2022-43680 
-----------------------------------------------------------------

The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3785-1
Released:    Wed Oct 26 20:20:19 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1204383,1204386,CVE-2022-32221,CVE-2022-42916
This update for curl fixes the following issues:

  - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
  - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3787-1
Released:    Thu Oct 27 04:41:09 2022
Summary:     Recommended update for permissions
Type:        recommended
Severity:    important
References:  1194047,1203911
This update for permissions fixes the following issues:

- Fix regression introduced by backport of security fix (bsc#1203911)
- Add permissions for enlightenment helper on 32bit arches (bsc#1194047)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3806-1
Released:    Thu Oct 27 17:21:11 2022
Summary:     Security update for dbus-1
Type:        security
Severity:    important
References:  1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012
This update for dbus-1 fixes the following issues:

  - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).
  - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).
  - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).

  Bugfixes:

  - Disable asserts (bsc#1087072).


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3870-1
Released:    Fri Nov  4 11:12:08 2022
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1190651,1202148
This update for openssl-1_1 fixes the following issues:

- FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148)
- FIPS: OpenSSL service-level indicator:  Allow AES XTS 256 (bsc#1190651)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3884-1
Released:    Mon Nov  7 10:59:26 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1204708,CVE-2022-43680
This update for expat fixes the following issues:

  - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).


The following package changes have been done:

- libopenssl1_1-1.1.1l-150400.7.13.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated
- libcurl4-7.79.1-150400.5.9.1 updated
- permissions-20201225-150400.5.16.1 updated
- curl-7.79.1-150400.5.9.1 updated
- libdbus-1-3-1.12.2-150400.18.5.1 updated
- libexpat1-2.4.4-150400.3.12.1 updated
- dbus-1-1.12.2-150400.18.5.1 updated

SUSE: 2022:2955-1 suse/manager/4.3/proxy-httpd Security Update

November 11, 2022
The container suse/manager/4.3/proxy-httpd was updated

Summary

Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important

References

References : 1087072 1190651 1194047 1202148 1203911 1204111 1204112 1204113

1204383 1204386 1204708 CVE-2022-32221 CVE-2022-42010 CVE-2022-42011

CVE-2022-42012 CVE-2022-42916 CVE-2022-43680

1204383,1204386,CVE-2022-32221,CVE-2022-42916

This update for curl fixes the following issues:

- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).

- CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386).

1194047,1203911

This update for permissions fixes the following issues:

- Fix regression introduced by backport of security fix (bsc#1203911)

- Add permissions for enlightenment helper on 32bit arches (bsc#1194047)

1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012

This update for dbus-1 fixes the following issues:

- CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).

- CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).

- CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).

Bugfixes:

- Disable asserts (bsc#1087072).

1190651,1202148

This update for openssl-1_1 fixes the following issues:

- FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148)

- FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651)

1204708,CVE-2022-43680

This update for expat fixes the following issues:

- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).

The following package changes have been done:

- libopenssl1_1-1.1.1l-150400.7.13.1 updated

- libopenssl1_1-hmac-1.1.1l-150400.7.13.1 updated

- libcurl4-7.79.1-150400.5.9.1 updated

- permissions-20201225-150400.5.16.1 updated

- curl-7.79.1-150400.5.9.1 updated

- libdbus-1-3-1.12.2-150400.18.5.1 updated

- libexpat1-2.4.4-150400.3.12.1 updated

- dbus-1-1.12.2-150400.18.5.1 updated

Severity
Container Advisory ID : SUSE-CU-2022:2955-1
Container Tags : suse/manager/4.3/proxy-httpd:4.3.2 , suse/manager/4.3/proxy-httpd:4.3.2.9.10.8 , suse/manager/4.3/proxy-httpd:latest
Container Release : 9.10.8
Severity : important
Type : security

Related News

Patches Updated For Hooking eBPF Programs Into The Linux Kernel Scheduler

Tails 5.9 Fixes Numerous Bugs and Enhances Security Measures

AWS Plugs Holes in ECR APIs

Delving into Container Security

News

Advisories

HOWTOs

Features

Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack
ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy