SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:3372-1
Container Tags        : suse/manager/4.3/proxy-httpd:4.3.3 , suse/manager/4.3/proxy-httpd:4.3.3.9.22.1 , suse/manager/4.3/proxy-httpd:latest
Container Release     : 9.22.1
Severity              : important
Type                  : security
References            : 1177460 1188607 1190651 1198165 1199074 1199944 1200169 1200296
                        1201476 1201590 1201606 1201607 1201634 1201788 1201893 1201959
                        1202093 1202217 1202324 1202344 1202750 1202785 1203125 1203216
                        1203283 1203451 1203482 1203532 1203580 1203588 1203599 1203611
                        1203633 1203652 1203685 1203698 1203884 1204029 1204061 1204179
                        1204195 1204211 1204437 1204444 1204517 1204519 1204541 1204577
                        1204649 1204651 1204699 1204968 1205126 1205156 1205212 1205339
                        1205470 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2022-1664
                        CVE-2022-2255 CVE-2022-37454 CVE-2022-3821 CVE-2022-42898 
-----------------------------------------------------------------

The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3961-1
Released:    Mon Nov 14 07:33:50 2022
Summary:     Recommended update for zlib
Type:        recommended
Severity:    important
References:  1203652
This update for zlib fixes the following issues:

- Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3974-1
Released:    Mon Nov 14 15:39:20 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1201959,1204211
This update for util-linux fixes the following issues:

- Fix file conflict during upgrade (bsc#1204211)
- libuuid improvements (bsc#1201959, PED-1150):
  libuuid: Fix range when parsing UUIDs.
  Improve cache handling for short running applications-increment the cache size over runtime.
  Implement continuous clock handling for time based UUIDs.
  Check clock value from clock file to provide seamless libuuid.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3999-1
Released:    Tue Nov 15 17:08:04 2022
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1204179,1204968,CVE-2022-3821
This update for systemd fixes the following issues:

- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).

- Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428
  * 0469b9f2bc pstore: do not try to load all known pstore modules
  * ad05f54439 pstore: Run after modules are loaded
  * ccad817445 core: Add trigger limit for path units
  * 281d818fe3 core/mount: also add default before dependency for automount mount units
  * ffe5b4afa8 logind: fix crash in logind on user-specified message string

- Document udev naming scheme (bsc#1204179)
- Make 'sle15-sp3' net naming scheme still available for backward compatibility
  reason

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4010-1
Released:    Wed Nov 16 11:07:36 2022
Summary:     Security update for apache2-mod_wsgi
Type:        security
Severity:    moderate
References:  1201634,CVE-2022-2255
This update for apache2-mod_wsgi fixes the following issues:

- CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4019-1
Released:    Wed Nov 16 15:44:20 2022
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    low
References:  1202344
This update for apparmor fixes the following issues:

- profiles: permit php-fpm pid files directly under run/ (bsc#1202344)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4062-1
Released:    Fri Nov 18 09:05:07 2022
Summary:     Recommended update for libusb-1_0
Type:        recommended
Severity:    moderate
References:  1201590
This update for libusb-1_0 fixes the following issues:

- Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4063-1
Released:    Fri Nov 18 09:07:50 2022
Summary:     Recommended update for hwdata
Type:        recommended
Severity:    moderate
References:  
This update for hwdata fixes the following issues:

- Updated pci, usb and vendor ids

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4066-1
Released:    Fri Nov 18 10:43:00 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1177460,1202324,1204649,1205156
This update for timezone fixes the following issues:

Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156):

- Mexico will no longer observe DST except near the US border
- Chihuahua moves to year-round -06 on 2022-10-30
- Fiji no longer observes DST
- In vanguard form, GMT is now a Zone and Etc/GMT a link
- zic now supports links to links, and vanguard form uses this
- Simplify four Ontario zones
- Fix a Y2438 bug when reading TZif data
- Enable 64-bit time_t on 32-bit glibc platforms
- Omit large-file support when no longer needed
- Jordan and Syria switch from +02/+03 with DST to year-round +03
- Palestine transitions are now Saturdays at 02:00
- Simplify three Ukraine zones into one
- Improve tzselect on intercontinental Zones
- Chile's DST is delayed by a week in September 2022 (bsc#1202324)
- Iran no longer observes DST after 2022
- Rename Europe/Kiev to Europe/Kyiv
- New `zic -R` command option
- Vanguard form now uses %z

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4081-1
Released:    Fri Nov 18 15:40:46 2022
Summary:     Security update for dpkg
Type:        security
Severity:    low
References:  1199944,CVE-2022-1664
This update for dpkg fixes the following issues:

- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4135-1
Released:    Mon Nov 21 00:13:40 2022
Summary:     Recommended update for libeconf
Type:        recommended
Severity:    moderate
References:  1198165
This update for libeconf fixes the following issues:

- Update to version 0.4.6+git
  - econftool:
    Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter.
  - libeconf:
    Parse files correctly on space characters (1198165)

- Update to version 0.4.5+git
  - econftool:
    New call 'syntax' for checking the configuration files only. Returns an error string with line number if error.
    New options '--comment' and '--delimeters'

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4153-1
Released:    Mon Nov 21 14:34:09 2022
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1205126,CVE-2022-42898
This update for krb5 fixes the following issues:

- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4198-1
Released:    Wed Nov 23 13:15:04 2022
Summary:     Recommended update for rpm
Type:        recommended
Severity:    moderate
References:  1202750
This update for rpm fixes the following issues:

- Strip critical bit in signature subpackage parsing
- No longer deadlock DNF after pubkey import (bsc#1202750)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4212-1
Released:    Thu Nov 24 15:53:48 2022
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1190651
This update for openssl-1_1 fixes the following issues:

- FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651)
- FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651)
- FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4256-1
Released:    Mon Nov 28 12:36:32 2022
Summary:     Recommended update for gcc12
Type:        recommended
Severity:    moderate
References:  
This update for gcc12 fixes the following issues:

This update ship the GCC 12 compiler suite and its base libraries.

The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.

The Go, D and Ada language compiler parts are available unsupported via the
PackageHub repositories.

To use gcc12 compilers use:

- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out

	https://gcc.gnu.org/gcc-12/changes.html


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4262-1
Released:    Tue Nov 29 05:45:23 2022
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    important
References:  1199074,1203216,1203482
This update for lvm2 fixes the following issues:

- Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216)
- Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074)
- Fix lvmlockd to support sanlock (bsc#1203482)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4281-1
Released:    Tue Nov 29 15:46:10 2022
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454
This update for python3 fixes the following issues:

- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)
- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)

The following non-security bug was fixed:

- Fixed a crash in the garbage collection (bsc#1188607).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4417-1
Released:    Tue Dec 13 08:24:11 2022
Summary:     Maintenance update for SUSE Manager 4.3: Server and Proxy
Type:        recommended
Severity:    moderate
References:  1200169,1200296,1201476,1201606,1201607,1201788,1201893,1202093,1202217,1202785,1203283,1203451,1203532,1203580,1203588,1203599,1203611,1203633,1203685,1203698,1203884,1204029,1204061,1204195,1204437,1204444,1204517,1204519,1204541,1204651,1204699,1205212,1205339,1205470
Maintenance update for SUSE Manager 4.3: Server and Proxy:

This is a codestream only update
  

The following package changes have been done:

- libuuid1-2.37.2-150400.8.8.1 updated
- libudev1-249.12-150400.8.13.1 updated
- libsmartcols1-2.37.2-150400.8.8.1 updated
- libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated
- libblkid1-2.37.2-150400.8.8.1 updated
- libusb-1_0-0-1.0.24-150400.3.3.1 updated
- libfdisk1-2.37.2-150400.8.8.1 updated
- libz1-1.2.11-150000.3.36.1 updated
- libgcc_s1-12.2.1+git416-150000.1.5.1 updated
- libstdc++6-12.2.1+git416-150000.1.5.1 updated
- libsystemd0-249.12-150400.8.13.1 updated
- libopenssl1_1-1.1.1l-150400.7.16.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated
- libmount1-2.37.2-150400.8.8.1 updated
- krb5-1.19.2-150400.3.3.1 updated
- util-linux-2.37.2-150400.8.8.1 updated
- timezone-2022f-150000.75.15.1 updated
- libapparmor1-3.0.4-150400.5.3.1 updated
- libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated
- update-alternatives-1.19.0.4-150000.4.4.1 updated
- libpython3_6m1_0-3.6.15-150300.10.37.2 updated
- python3-base-3.6.15-150300.10.37.2 updated
- python3-3.6.15-150300.10.37.2 updated
- python3-rpm-4.14.3-150300.52.1 updated
- hwdata-0.363-150000.3.51.1 updated
- systemd-249.12-150400.8.13.1 updated
- apache2-mod_wsgi-4.7.1-150400.3.3.1 updated
- spacewalk-backend-4.3.17-150400.3.9.9 updated
- python3-spacewalk-client-tools-4.3.13-150400.3.9.9 updated
- spacewalk-client-tools-4.3.13-150400.3.9.9 updated
- spacewalk-proxy-package-manager-4.3.13-150400.3.8.7 updated
- spacewalk-proxy-common-4.3.13-150400.3.8.7 updated
- spacewalk-proxy-broker-4.3.13-150400.3.8.7 updated
- spacewalk-proxy-redirect-4.3.13-150400.3.8.7 updated