SUSE: 2022:3378-1 suse/manager/4.3/proxy-ssh Security Update | Linu...
SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:3378-1
Container Tags        : suse/manager/4.3/proxy-ssh:4.3.3 , suse/manager/4.3/proxy-ssh:4.3.3.9.12.1 , suse/manager/4.3/proxy-ssh:latest
Container Release     : 9.12.1
Severity              : important
Type                  : security
References            : 1177460 1188607 1190651 1190651 1192439 1194047 1198165 1201959
                        1202148 1202324 1203125 1203652 1203911 1204179 1204211 1204383
                        1204386 1204577 1204649 1204708 1204968 1205126 1205156 CVE-2019-18348
                        CVE-2020-10735 CVE-2020-8492 CVE-2022-32221 CVE-2022-37454 CVE-2022-3821
                        CVE-2022-42898 CVE-2022-42916 CVE-2022-43680 
-----------------------------------------------------------------

The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3785-1
Released:    Wed Oct 26 20:20:19 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1204383,1204386,CVE-2022-32221,CVE-2022-42916
This update for curl fixes the following issues:

  - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
  - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3787-1
Released:    Thu Oct 27 04:41:09 2022
Summary:     Recommended update for permissions
Type:        recommended
Severity:    important
References:  1194047,1203911
This update for permissions fixes the following issues:

- Fix regression introduced by backport of security fix (bsc#1203911)
- Add permissions for enlightenment helper on 32bit arches (bsc#1194047)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3870-1
Released:    Fri Nov  4 11:12:08 2022
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1190651,1202148
This update for openssl-1_1 fixes the following issues:

- FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148)
- FIPS: OpenSSL service-level indicator:  Allow AES XTS 256 (bsc#1190651)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3884-1
Released:    Mon Nov  7 10:59:26 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1204708,CVE-2022-43680
This update for expat fixes the following issues:

  - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3904-1
Released:    Tue Nov  8 10:52:13 2022
Summary:     Recommended update for openssh
Type:        recommended
Severity:    moderate
References:  1192439
This update for openssh fixes the following issue:

- Prevent empty messages from being sent. (bsc#1192439)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3910-1
Released:    Tue Nov  8 13:05:04 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  
This update for pam fixes the following issue:

- Update pam_motd to the most current version. (PED-1712)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3961-1
Released:    Mon Nov 14 07:33:50 2022
Summary:     Recommended update for zlib
Type:        recommended
Severity:    important
References:  1203652
This update for zlib fixes the following issues:

- Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3974-1
Released:    Mon Nov 14 15:39:20 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1201959,1204211
This update for util-linux fixes the following issues:

- Fix file conflict during upgrade (bsc#1204211)
- libuuid improvements (bsc#1201959, PED-1150):
  libuuid: Fix range when parsing UUIDs.
  Improve cache handling for short running applications-increment the cache size over runtime.
  Implement continuous clock handling for time based UUIDs.
  Check clock value from clock file to provide seamless libuuid.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3999-1
Released:    Tue Nov 15 17:08:04 2022
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1204179,1204968,CVE-2022-3821
This update for systemd fixes the following issues:

- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).

- Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428
  * 0469b9f2bc pstore: do not try to load all known pstore modules
  * ad05f54439 pstore: Run after modules are loaded
  * ccad817445 core: Add trigger limit for path units
  * 281d818fe3 core/mount: also add default before dependency for automount mount units
  * ffe5b4afa8 logind: fix crash in logind on user-specified message string

- Document udev naming scheme (bsc#1204179)
- Make 'sle15-sp3' net naming scheme still available for backward compatibility
  reason

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4066-1
Released:    Fri Nov 18 10:43:00 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1177460,1202324,1204649,1205156
This update for timezone fixes the following issues:

Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156):

- Mexico will no longer observe DST except near the US border
- Chihuahua moves to year-round -06 on 2022-10-30
- Fiji no longer observes DST
- In vanguard form, GMT is now a Zone and Etc/GMT a link
- zic now supports links to links, and vanguard form uses this
- Simplify four Ontario zones
- Fix a Y2438 bug when reading TZif data
- Enable 64-bit time_t on 32-bit glibc platforms
- Omit large-file support when no longer needed
- Jordan and Syria switch from +02/+03 with DST to year-round +03
- Palestine transitions are now Saturdays at 02:00
- Simplify three Ukraine zones into one
- Improve tzselect on intercontinental Zones
- Chile's DST is delayed by a week in September 2022 (bsc#1202324)
- Iran no longer observes DST after 2022
- Rename Europe/Kiev to Europe/Kyiv
- New `zic -R` command option
- Vanguard form now uses %z

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4135-1
Released:    Mon Nov 21 00:13:40 2022
Summary:     Recommended update for libeconf
Type:        recommended
Severity:    moderate
References:  1198165
This update for libeconf fixes the following issues:

- Update to version 0.4.6+git
  - econftool:
    Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter.
  - libeconf:
    Parse files correctly on space characters (1198165)

- Update to version 0.4.5+git
  - econftool:
    New call 'syntax' for checking the configuration files only. Returns an error string with line number if error.
    New options '--comment' and '--delimeters'

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4153-1
Released:    Mon Nov 21 14:34:09 2022
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1205126,CVE-2022-42898
This update for krb5 fixes the following issues:

- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4212-1
Released:    Thu Nov 24 15:53:48 2022
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1190651
This update for openssl-1_1 fixes the following issues:

- FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651)
- FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651)
- FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4256-1
Released:    Mon Nov 28 12:36:32 2022
Summary:     Recommended update for gcc12
Type:        recommended
Severity:    moderate
References:  
This update for gcc12 fixes the following issues:

This update ship the GCC 12 compiler suite and its base libraries.

The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.

The Go, D and Ada language compiler parts are available unsupported via the
PackageHub repositories.

To use gcc12 compilers use:

- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out

	https://gcc.gnu.org/gcc-12/changes.html


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4281-1
Released:    Tue Nov 29 15:46:10 2022
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454
This update for python3 fixes the following issues:

- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)
- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)

The following non-security bug was fixed:

- Fixed a crash in the garbage collection (bsc#1188607).


The following package changes have been done:

- libuuid1-2.37.2-150400.8.8.1 updated
- libudev1-249.12-150400.8.13.1 updated
- libsmartcols1-2.37.2-150400.8.8.1 updated
- libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated
- libblkid1-2.37.2-150400.8.8.1 updated
- libfdisk1-2.37.2-150400.8.8.1 updated
- libz1-1.2.11-150000.3.36.1 updated
- libgcc_s1-12.2.1+git416-150000.1.5.1 updated
- libstdc++6-12.2.1+git416-150000.1.5.1 updated
- libsystemd0-249.12-150400.8.13.1 updated
- libopenssl1_1-1.1.1l-150400.7.16.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated
- libmount1-2.37.2-150400.8.8.1 updated
- krb5-1.19.2-150400.3.3.1 updated
- libcurl4-7.79.1-150400.5.9.1 updated
- permissions-20201225-150400.5.16.1 updated
- pam-1.3.0-150000.6.61.1 updated
- util-linux-2.37.2-150400.8.8.1 updated
- timezone-2022f-150000.75.15.1 updated
- libexpat1-2.4.4-150400.3.12.1 updated
- openssh-common-8.4p1-150300.3.12.2 updated
- libpython3_6m1_0-3.6.15-150300.10.37.2 updated
- python3-base-3.6.15-150300.10.37.2 updated
- python3-3.6.15-150300.10.37.2 updated
- openssh-fips-8.4p1-150300.3.12.2 updated
- openssh-server-8.4p1-150300.3.12.2 updated
- openssh-clients-8.4p1-150300.3.12.2 updated
- openssh-8.4p1-150300.3.12.2 updated

SUSE: 2022:3378-1 suse/manager/4.3/proxy-ssh Security Update

December 14, 2022
The container suse/manager/4.3/proxy-ssh was updated

Summary

Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important

References

References : 1177460 1188607 1190651 1190651 1192439 1194047 1198165 1201959

1202148 1202324 1203125 1203652 1203911 1204179 1204211 1204383

1204386 1204577 1204649 1204708 1204968 1205126 1205156 CVE-2019-18348

CVE-2020-10735 CVE-2020-8492 CVE-2022-32221 CVE-2022-37454 CVE-2022-3821

CVE-2022-42898 CVE-2022-42916 CVE-2022-43680

1204383,1204386,CVE-2022-32221,CVE-2022-42916

This update for curl fixes the following issues:

- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).

- CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386).

1194047,1203911

This update for permissions fixes the following issues:

- Fix regression introduced by backport of security fix (bsc#1203911)

- Add permissions for enlightenment helper on 32bit arches (bsc#1194047)

1190651,1202148

This update for openssl-1_1 fixes the following issues:

- FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148)

- FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651)

1204708,CVE-2022-43680

This update for expat fixes the following issues:

- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).

1192439

This update for openssh fixes the following issue:

- Prevent empty messages from being sent. (bsc#1192439)

This update for pam fixes the following issue:

- Update pam_motd to the most current version. (PED-1712)

1203652

This update for zlib fixes the following issues:

- Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652)

1201959,1204211

This update for util-linux fixes the following issues:

- Fix file conflict during upgrade (bsc#1204211)

- libuuid improvements (bsc#1201959, PED-1150):

libuuid: Fix range when parsing UUIDs.

Improve cache handling for short running applications-increment the cache size over runtime.

Implement continuous clock handling for time based UUIDs.

Check clock value from clock file to provide seamless libuuid.

1204179,1204968,CVE-2022-3821

This update for systemd fixes the following issues:

- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).

- Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428

* 0469b9f2bc pstore: do not try to load all known pstore modules

* ad05f54439 pstore: Run after modules are loaded

* ccad817445 core: Add trigger limit for path units

* 281d818fe3 core/mount: also add default before dependency for automount mount units

* ffe5b4afa8 logind: fix crash in logind on user-specified message string

- Document udev naming scheme (bsc#1204179)

- Make 'sle15-sp3' net naming scheme still available for backward compatibility

reason

1177460,1202324,1204649,1205156

This update for timezone fixes the following issues:

Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156):

- Mexico will no longer observe DST except near the US border

- Chihuahua moves to year-round -06 on 2022-10-30

- Fiji no longer observes DST

- In vanguard form, GMT is now a Zone and Etc/GMT a link

- zic now supports links to links, and vanguard form uses this

- Simplify four Ontario zones

- Fix a Y2438 bug when reading TZif data

- Enable 64-bit time_t on 32-bit glibc platforms

- Omit large-file support when no longer needed

- Jordan and Syria switch from +02/+03 with DST to year-round +03

- Palestine transitions are now Saturdays at 02:00

- Simplify three Ukraine zones into one

- Improve tzselect on intercontinental Zones

- Chile's DST is delayed by a week in September 2022 (bsc#1202324)

- Iran no longer observes DST after 2022

- Rename Europe/Kiev to Europe/Kyiv

- New `zic -R` command option

- Vanguard form now uses %z

1198165

This update for libeconf fixes the following issues:

- Update to version 0.4.6+git

- econftool:

Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter.

- libeconf:

Parse files correctly on space characters (1198165)

- Update to version 0.4.5+git

- econftool:

New call 'syntax' for checking the configuration files only. Returns an error string with line number if error.

New options '--comment' and '--delimeters'

1205126,CVE-2022-42898

This update for krb5 fixes the following issues:

- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).

1190651

This update for openssl-1_1 fixes the following issues:

- FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651)

- FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651)

- FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651)

This update for gcc12 fixes the following issues:

This update ship the GCC 12 compiler suite and its base libraries.

The compiler baselibraries are provided for all SUSE Linux Enterprise 15

versions and replace the same named GCC 11 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux

Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.

The Go, D and Ada language compiler parts are available unsupported via the

PackageHub repositories.

To use gcc12 compilers use:

- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.

- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out

https://gcc.gnu.org/gcc-12/changes.html

1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454

This update for python3 fixes the following issues:

- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)

- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)

The following non-security bug was fixed:

- Fixed a crash in the garbage collection (bsc#1188607).

The following package changes have been done:

- libuuid1-2.37.2-150400.8.8.1 updated

- libudev1-249.12-150400.8.13.1 updated

- libsmartcols1-2.37.2-150400.8.8.1 updated

- libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated

- libblkid1-2.37.2-150400.8.8.1 updated

- libfdisk1-2.37.2-150400.8.8.1 updated

- libz1-1.2.11-150000.3.36.1 updated

- libgcc_s1-12.2.1+git416-150000.1.5.1 updated

- libstdc++6-12.2.1+git416-150000.1.5.1 updated

- libsystemd0-249.12-150400.8.13.1 updated

- libopenssl1_1-1.1.1l-150400.7.16.1 updated

- libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated

- libmount1-2.37.2-150400.8.8.1 updated

- krb5-1.19.2-150400.3.3.1 updated

- libcurl4-7.79.1-150400.5.9.1 updated

- permissions-20201225-150400.5.16.1 updated

- pam-1.3.0-150000.6.61.1 updated

- util-linux-2.37.2-150400.8.8.1 updated

- timezone-2022f-150000.75.15.1 updated

- libexpat1-2.4.4-150400.3.12.1 updated

- openssh-common-8.4p1-150300.3.12.2 updated

- libpython3_6m1_0-3.6.15-150300.10.37.2 updated

- python3-base-3.6.15-150300.10.37.2 updated

- python3-3.6.15-150300.10.37.2 updated

- openssh-fips-8.4p1-150300.3.12.2 updated

- openssh-server-8.4p1-150300.3.12.2 updated

- openssh-clients-8.4p1-150300.3.12.2 updated

- openssh-8.4p1-150300.3.12.2 updated

Severity
Container Advisory ID : SUSE-CU-2022:3378-1
Container Tags : suse/manager/4.3/proxy-ssh:4.3.3 , suse/manager/4.3/proxy-ssh:4.3.3.9.12.1 , suse/manager/4.3/proxy-ssh:latest
Container Release : 9.12.1
Severity : important
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.