SUSE: 2023:1546-1 rancher/elemental-builder-image/5.3 Security Upda...

What Are You Looking For?

Popular Tags

Sign Up
SUSE Container Update Advisory: rancher/elemental-builder-image/5.3
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:1546-1
Container Tags        : rancher/elemental-builder-image/5.3:0.2.5 , rancher/elemental-builder-image/5.3:0.2.5-4.2.19 , rancher/elemental-builder-image/5.3:latest
Container Release     : 4.2.19
Severity              : moderate
Type                  : security
References            : 1206513 1209713 1209714 1209918 1210135 1210411 1210412 1210434
                        1210507 CVE-2023-24593 CVE-2023-25180 CVE-2023-28484 CVE-2023-29383
                        CVE-2023-29469 CVE-2023-29491 
-----------------------------------------------------------------

The container rancher/elemental-builder-image/5.3 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2053-1
Released:    Thu Apr 27 11:31:08 2023
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469
This update for libxml2 fixes the following issues:

- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).

The following non-security bug was fixed:

- Remove unneeded dependency (bsc#1209918). 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2060-1
Released:    Thu Apr 27 17:04:25 2023
Summary:     Security update for glib2
Type:        security
Severity:    moderate
References:  1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180
This update for glib2 fixes the following issues:

- CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714).
- CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713).

The following non-security bug was fixed:

- Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2066-1
Released:    Fri Apr 28 13:54:17 2023
Summary:     Security update for shadow
Type:        security
Severity:    moderate
References:  1210507,CVE-2023-29383
This update for shadow fixes the following issues:

- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2111-1
Released:    Fri May  5 14:34:00 2023
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1210434,CVE-2023-29491
This update for ncurses fixes the following issues:

- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2133-1
Released:    Tue May  9 13:37:10 2023
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1206513
This update for zlib fixes the following issues:

- Add DFLTCC support for using inflate() with a small window (bsc#1206513)


The following package changes have been done:

- libz1-1.2.11-150000.3.42.1 updated
- libncurses6-6.1-150000.5.15.1 updated
- terminfo-base-6.1-150000.5.15.1 updated
- ncurses-utils-6.1-150000.5.15.1 updated
- libglib-2_0-0-2.70.5-150400.3.8.1 updated
- libxml2-2-2.9.14-150400.5.16.1 updated
- login_defs-4.8.1-150400.10.6.1 updated
- shadow-4.8.1-150400.10.6.1 updated
- container:sles15-image-15.0.0-27.14.60 updated

SUSE: 2023:1546-1 rancher/elemental-builder-image/5.3 Security Update

May 12, 2023
The container rancher/elemental-builder-image/5.3 was updated

Summary

Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate

References

References : 1206513 1209713 1209714 1209918 1210135 1210411 1210412 1210434

1210507 CVE-2023-24593 CVE-2023-25180 CVE-2023-28484 CVE-2023-29383

CVE-2023-29469 CVE-2023-29491

1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469

This update for libxml2 fixes the following issues:

- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).

- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).

The following non-security bug was fixed:

- Remove unneeded dependency (bsc#1209918).

1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180

This update for glib2 fixes the following issues:

- CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714).

- CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713).

The following non-security bug was fixed:

- Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978).

1210507,CVE-2023-29383

This update for shadow fixes the following issues:

- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).

1210434,CVE-2023-29491

This update for ncurses fixes the following issues:

- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).

1206513

This update for zlib fixes the following issues:

- Add DFLTCC support for using inflate() with a small window (bsc#1206513)

The following package changes have been done:

- libz1-1.2.11-150000.3.42.1 updated

- libncurses6-6.1-150000.5.15.1 updated

- terminfo-base-6.1-150000.5.15.1 updated

- ncurses-utils-6.1-150000.5.15.1 updated

- libglib-2_0-0-2.70.5-150400.3.8.1 updated

- libxml2-2-2.9.14-150400.5.16.1 updated

- login_defs-4.8.1-150400.10.6.1 updated

- shadow-4.8.1-150400.10.6.1 updated

- container:sles15-image-15.0.0-27.14.60 updated

Severity
Container Advisory ID : SUSE-CU-2023:1546-1
Container Tags : rancher/elemental-builder-image/5.3:0.2.5 , rancher/elemental-builder-image/5.3:0.2.5-4.2.19 , rancher/elemental-builder-image/5.3:latest
Container Release : 4.2.19
Severity : moderate
Type : security

Related News

Important runC Privilege Escalation Flaws Fixed

New Patches Aim To Tackle Linux x86_64 PIE Support

What eBPF Means for Container Threat Detection

Kubernetes Architecture and its Security

News

Advisories

HOWTOs

Features

Linux Container Security Primer
Email Phishing Using Kali Linux
Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy