SUSE Container Update Advisory: rancher/elemental-teal-iso/5.4
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:2958-1
Container Tags        : rancher/elemental-teal-iso/5.4:1.2.2 , rancher/elemental-teal-iso/5.4:1.2.2-2.9 , rancher/elemental-teal-iso/5.4:latest
Container Release     : 2.9
Severity              : important
Type                  : security
References            : 1168481 1187364 1187364 1187365 1187366 1187366 1187367 1187367
                        1198773 1198773 1200441 1200441 1201519 1201551 1201551 1204844
                        1206346 1207004 1208074 1208962 1209884 1209888 1210004 1210298
                        1211079 1211124 1211418 1211419 1211578 CVE-2021-3592 CVE-2021-3592
                        CVE-2021-3593 CVE-2021-3594 CVE-2021-3594 CVE-2021-3595 CVE-2021-3595
                        CVE-2023-25809 CVE-2023-2602 CVE-2023-2603 CVE-2023-27561 CVE-2023-28642
-----------------------------------------------------------------

The container rancher/elemental-teal-iso/5.4 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1465-1
Released:    Fri Apr 29 11:36:02 2022
Summary:     Security update for libslirp
Type:        security
Severity:    important
References:  1187364,1187366,1187367,1198773,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595
This update for libslirp fixes the following issues:

- CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364).
- CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367).
- CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366).
- Fix a dhcp regression [bsc#1198773]
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1730-1
Released:    Wed May 18 16:56:21 2022
Summary:     Security update for libslirp
Type:        security
Severity:    important
References:  1187364,1187366,1187367,1198773,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595
This update for libslirp fixes the following issues:

- CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364).
- CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367).
- CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366).
- Fix a dhcp regression [bsc#1198773]
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2941-1
Released:    Tue Aug 30 10:51:09 2022
Summary:     Security update for libslirp
Type:        security
Severity:    moderate
References:  1187365,1201551,CVE-2021-3593
This update for libslirp fixes the following issues:

- CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365).

Non-security fixes:

- Fix the version header (bsc#1201551)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1913-1
Released:    Wed Apr 19 14:23:14 2023
Summary:     Recommended update for libslirp, slirp4netns
Type:        recommended
Severity:    moderate
References:  1201551
This update for libslirp and slirp4netns fixes the following issues:

libslirp was updated to version 4.7.0+44 (current git master):

* Fix vmstate regression
* Align outgoing packets
* Bump incoming packet alignment to 8 bytes
* vmstate: only enable when building under GNU C
* ncsitest: Fix build with msvc
* Separate out SLIRP_PACKED to SLIRP_PACKED_BEGIN/END
* ncsi: Add Mellanox Get Mac Address handler
* slirp: Add out-of-band ethernet address
* ncsi: Add OEM command handler
* ncsi: Add basic test for Get Version ID response
* ncsi: Use response header for payload length
* ncsi: Pass command header to response handlers
* ncsi: Add Get Version ID command
* ncsi: Pass Slirp structure to response handlers
* slirp: Add manufacturer's ID

Release v4.7.0

* slirp: invoke client callback before creating timers
* pingtest: port to timer_new_opaque
* introduce timer_new_opaque callback
* introduce slirp_timer_new wrapper
* icmp6: make ndp_send_ra static
* socket: Handle ECONNABORTED from recv
* bootp: fix g_str_has_prefix warning/critical
* slirp: Don't duplicate packet in tcp_reass
* Rename insque/remque -> slirp_[ins|rem]que
* mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG
* Replace inet_ntoa() with safer inet_ntop()
* Add VMS_END marker
* bootp: add support for UEFI HTTP boot
* IPv6 DNS proxying support
* Add missing scope_id in caching
* socket: Move closesocket(so->s_aux) to sofree
* socket: Check so_type instead of so_tcpcb for Unix-to-inet translation
* socket: Add s_aux field to struct socket for storing auxilliary socket
* socket: Initialize so_type in socreate
* socket: Allocate Unix-to-TCP hostfwd port from OS by binding to port 0
* Allow to disable internal DHCP server
* slirp_pollfds_fill: Explain why dividing so_snd.sb_datalen by two
* CI: run integration tests with slirp4netns
* socket: Check address family for Unix-to-inet accept translation
* socket: Add debug args for tcpx_listen (inet and Unix sockets)
* socket: Restore original definition of fhost
* socket: Move  include to socket.h
* Support Unix sockets in hostfwd
* resolv: fix IPv6 resolution on Darwin
* Use the exact sockaddr size in getnameinfo call
* Initialize sin6_scope_id to zero
* slirp_socketpair_with_oob: Connect pair through 127.0.0.1
* resolv: fix memory leak when using libresolv
* pingtest: Add a trivial ping test
* icmp: Support falling back on trying a SOCK_RAW socket

Update to version 4.6.1+7:

* Haiku: proper path to resolv.conf for DNS server
* Fix for Haiku
* dhcp: Always send DHCP_OPT_LEN bytes in options

Update to version 4.6.1:

* Fix 'DHCP broken in libslirp v4.6.0'

Update to version 4.6.0:

* udp: check upd_input buffer size
* tftp: introduce a header structure
* tftp: check tftp_input buffer size
* upd6: check udp6_input buffer size
* bootp: check bootp_input buffer size
* bootp: limit vendor-specific area to input packet memory buffer

Update to version 4.4.0:

* socket: consume empty packets
* slirp: check pkt_len before reading protocol header
* Add DNS resolving for iOS
* sosendoob: better document what urgc is used for
* TCPIPHDR_DELTA: Fix potential negative value
* udp, udp6, icmp, icmp6: Enable forwarding errors on Linux
* icmp, icmp6: Add icmp_forward_error and icmp6_forward_error
* udp, udp6, icmp: handle TTL value
* ip_stripoptions use memmove

slirp4netns was updated to 1.2.0:


* Add slirp4netns --target-type=bess /path/to/bess.sock for supporting UML (#281)
* Explicitly support DHCP (#270)
* Update parson to v1.1.3 (#273) kgabis/parson@70dc239...2d7b3dd

Update to version 1.1.11:

* Add --macaddress option to specify the MAC address of the tap interface.
* Updated the man page.

Update to version 1.1.8:

Update to 1.0.0:

* --enable-sandbox is now out of experimental

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2003-1
Released:    Tue Apr 25 18:05:42 2023
Summary:     Security update for runc
Type:        security
Severity:    important
References:  1168481,1208962,1209884,1209888,CVE-2023-25809,CVE-2023-27561,CVE-2023-28642
This update for runc fixes the following issues:

Update to runc v1.1.5:

Security fixes:

- CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884).
- CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962).
- CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888).

Other fixes:

 - Fix the inability to use `/dev/null` when inside a container.
 - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481).
 - Fix rare runc exec/enter unshare error on older kernels.
 - nsexec: Check for errors in `write_log()`.
 - Drop version-specific Go requirement.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2256-1
Released:    Fri May 19 15:26:43 2023
Summary:     Security update for runc
Type:        security
Severity:    important
References:  1200441

This update of runc fixes the following issues:

- rebuild the package with the go 19.9 secure release (bsc#1200441).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2325-1
Released:    Tue May 30 15:57:30 2023
Summary:     Security update for cni
Type:        security
Severity:    important
References:  1200441

This update of cni fixes the following issues:

- rebuild the package with the go 1.19 security release (bsc#1200441).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2657-1
Released:    Tue Jun 27 14:43:57 2023
Summary:     Recommended update for libcontainers-common
Type:        recommended
Severity:    moderate
References:  1211124
This update for libcontainers-common fixes the following issues:

- New subpackage libcontainers-sles-mounts which adds SLE-specific mounts on SLE systems (bsc#1211124)
- Own /etc/containers/systemd and /usr/share/containers/systemd for podman quadlet
- Remove container-storage-driver.sh to default to the overlay driver instead of btrfs

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2658-1
Released:    Tue Jun 27 14:46:15 2023
Summary:     Recommended update for containerd, docker, runc
Type:        recommended
Severity:    moderate
References:  1207004,1208074,1210298,1211578
This update for containerd, docker, runc fixes the following issues:

- Update to containerd v1.6.21 (bsc#1211578)
- Update to Docker 23.0.6-ce (bsc#1211578)
- Update to runc v1.1.7
- Require a minimum Go version explicitly (bsc#1210298)
- Re-unify packaging for SLE-12 and SLE-15
- Fix build on SLE-12 by switching back to libbtrfs-devel headers
- Allow man pages to be built without internet access in OBS
- Add apparmor-parser as a Recommends to make sure that most users will end up with it installed   
  even if they are primarily running SELinux
- Fix syntax of boolean dependency
- Allow to install container-selinux instead of apparmor-parser
- Change to using systemd-sysusers
- Update runc.keyring to upstream version
- Fix the inability to use `/dev/null` when inside a container (bsc#1207004)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2765-1
Released:    Mon Jul  3 20:28:14 2023
Summary:     Security update for libcap
Type:        security
Severity:    moderate
References:  1211418,1211419,CVE-2023-2602,CVE-2023-2603
This update for libcap fixes the following issues:

- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2847-1
Released:    Mon Jul 17 08:40:42 2023
Summary:     Recommended update for audit
Type:        recommended
Severity:    moderate
References:  1210004
This update for audit fixes the following issues:

- Check for AF_UNIX unnamed sockets (bsc#1210004)
- Enable livepatching on main library on x86_64

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2868-1
Released:    Tue Jul 18 11:35:52 2023
Summary:     Security update for cni
Type:        security
Severity:    important
References:  1206346

This update of cni fixes the following issues:

- rebuild the package with the go 1.20 security release (bsc#1206346).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3217-1
Released:    Mon Aug  7 16:51:10 2023
Summary:     Recommended update for cryptsetup
Type:        recommended
Severity:    moderate
References:  1211079
This update for cryptsetup fixes the following issues:

- Handle system with low memory and no swap space (bsc#1211079)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3410-1
Released:    Thu Aug 24 06:56:32 2023
Summary:     Recommended update for audit
Type:        recommended
Severity:    moderate
References:  1201519,1204844
This update for audit fixes the following issues:

- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
- Fix rules not loaded when restarting auditd.service (bsc#1204844)


The following package changes have been done:

- libsemanage-conf-3.4-150400.1.8 added
- libsepol2-3.4-150400.1.11 added
- libsemanage2-3.4-150400.1.8 added
- libcontainers-common-20230214-150400.3.8.1 updated
- libslirp0-4.7.0+44-150300.15.2 added
- runc-1.1.7-150000.46.1 updated
- cni-0.7.1-150100.3.12.1 updated
- slirp4netns-1.2.0-150300.8.5.2 updated
- util-linux-systemd-2.37.2-150400.8.20.1 removed

SUSE: 2023:2958-1 rancher/elemental-teal-iso/5.4 Security Update

September 14, 2023
The container rancher/elemental-teal-iso/5.4 was updated

Summary

Advisory ID: SUSE-SU-2022:1465-1 Released: Fri Apr 29 11:36:02 2022 Summary: Security update for libslirp Type: security Severity: important Advisory ID: SUSE-SU-2022:1730-1 Released: Wed May 18 16:56:21 2022 Summary: Security update for libslirp Type: security Severity: important Advisory ID: SUSE-SU-2022:2941-1 Released: Tue Aug 30 10:51:09 2022 Summary: Security update for libslirp Type: security Severity: moderate Advisory ID: SUSE-RU-2023:1913-1 Released: Wed Apr 19 14:23:14 2023 Summary: Recommended update for libslirp, slirp4netns Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:2003-1 Released: Tue Apr 25 18:05:42 2023 Summary: Security update for runc Type: security Severity: important Advisory ID: SUSE-SU-2023:2256-1 Released: Fri May 19 15:26:43 2023 Summary: Security update for runc Type: security Severity: important Advisory ID: SUSE-SU-2023:2325-1 Released: Tue May 30 15:57:30 2023 Summary: Security update for cni Type: security Severity: important Advisory ID: SUSE-RU-2023:2657-1 Released: Tue Jun 27 14:43:57 2023 Summary: Recommended update for libcontainers-common Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:2658-1 Released: Tue Jun 27 14:46:15 2023 Summary: Recommended update for containerd, docker, runc Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:2868-1 Released: Tue Jul 18 11:35:52 2023 Summary: Security update for cni Type: security Severity: important Advisory ID: SUSE-RU-2023:3217-1 Released: Mon Aug 7 16:51:10 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate

References

References : 1168481 1187364 1187364 1187365 1187366 1187366 1187367 1187367

1198773 1198773 1200441 1200441 1201519 1201551 1201551 1204844

1206346 1207004 1208074 1208962 1209884 1209888 1210004 1210298

1211079 1211124 1211418 1211419 1211578 CVE-2021-3592 CVE-2021-3592

CVE-2021-3593 CVE-2021-3594 CVE-2021-3594 CVE-2021-3595 CVE-2021-3595

CVE-2023-25809 CVE-2023-2602 CVE-2023-2603 CVE-2023-27561 CVE-2023-28642

1187364,1187366,1187367,1198773,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595

This update for libslirp fixes the following issues:

- CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364).

- CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367).

- CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366).

- Fix a dhcp regression [bsc#1198773]

1187364,1187366,1187367,1198773,CVE-2021-3592,CVE-2021-3594,CVE-2021-3595

This update for libslirp fixes the following issues:

- CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364).

- CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367).

- CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366).

- Fix a dhcp regression [bsc#1198773]

1187365,1201551,CVE-2021-3593

This update for libslirp fixes the following issues:

- CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365).

Non-security fixes:

- Fix the version header (bsc#1201551)

1201551

This update for libslirp and slirp4netns fixes the following issues:

libslirp was updated to version 4.7.0+44 (current git master):

* Fix vmstate regression

* Align outgoing packets

* Bump incoming packet alignment to 8 bytes

* vmstate: only enable when building under GNU C

* ncsitest: Fix build with msvc

* Separate out SLIRP_PACKED to SLIRP_PACKED_BEGIN/END

* ncsi: Add Mellanox Get Mac Address handler

* slirp: Add out-of-band ethernet address

* ncsi: Add OEM command handler

* ncsi: Add basic test for Get Version ID response

* ncsi: Use response header for payload length

* ncsi: Pass command header to response handlers

* ncsi: Add Get Version ID command

* ncsi: Pass Slirp structure to response handlers

* slirp: Add manufacturer's ID

Release v4.7.0

* slirp: invoke client callback before creating timers

* pingtest: port to timer_new_opaque

* introduce timer_new_opaque callback

* introduce slirp_timer_new wrapper

* icmp6: make ndp_send_ra static

* socket: Handle ECONNABORTED from recv

* bootp: fix g_str_has_prefix warning/critical

* slirp: Don't duplicate packet in tcp_reass

* Rename insque/remque -> slirp_[ins|rem]que

* mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG

* Replace inet_ntoa() with safer inet_ntop()

* Add VMS_END marker

* bootp: add support for UEFI HTTP boot

* IPv6 DNS proxying support

* Add missing scope_id in caching

* socket: Move closesocket(so->s_aux) to sofree

* socket: Check so_type instead of so_tcpcb for Unix-to-inet translation

* socket: Add s_aux field to struct socket for storing auxilliary socket

* socket: Initialize so_type in socreate

* socket: Allocate Unix-to-TCP hostfwd port from OS by binding to port 0

* Allow to disable internal DHCP server

* slirp_pollfds_fill: Explain why dividing so_snd.sb_datalen by two

* CI: run integration tests with slirp4netns

* socket: Check address family for Unix-to-inet accept translation

* socket: Add debug args for tcpx_listen (inet and Unix sockets)

* socket: Restore original definition of fhost

* socket: Move include to socket.h

* Support Unix sockets in hostfwd

* resolv: fix IPv6 resolution on Darwin

* Use the exact sockaddr size in getnameinfo call

* Initialize sin6_scope_id to zero

* slirp_socketpair_with_oob: Connect pair through 127.0.0.1

* resolv: fix memory leak when using libresolv

* pingtest: Add a trivial ping test

* icmp: Support falling back on trying a SOCK_RAW socket

Update to version 4.6.1+7:

* Haiku: proper path to resolv.conf for DNS server

* Fix for Haiku

* dhcp: Always send DHCP_OPT_LEN bytes in options

Update to version 4.6.1:

* Fix 'DHCP broken in libslirp v4.6.0'

Update to version 4.6.0:

* udp: check upd_input buffer size

* tftp: introduce a header structure

* tftp: check tftp_input buffer size

* upd6: check udp6_input buffer size

* bootp: check bootp_input buffer size

* bootp: limit vendor-specific area to input packet memory buffer

Update to version 4.4.0:

* socket: consume empty packets

* slirp: check pkt_len before reading protocol header

* Add DNS resolving for iOS

* sosendoob: better document what urgc is used for

* TCPIPHDR_DELTA: Fix potential negative value

* udp, udp6, icmp, icmp6: Enable forwarding errors on Linux

* icmp, icmp6: Add icmp_forward_error and icmp6_forward_error

* udp, udp6, icmp: handle TTL value

* ip_stripoptions use memmove

slirp4netns was updated to 1.2.0:

* Add slirp4netns --target-type=bess /path/to/bess.sock for supporting UML (#281)

* Explicitly support DHCP (#270)

* Update parson to v1.1.3 (#273) kgabis/parson@70dc239...2d7b3dd

Update to version 1.1.11:

* Add --macaddress option to specify the MAC address of the tap interface.

* Updated the man page.

Update to version 1.1.8:

Update to 1.0.0:

* --enable-sandbox is now out of experimental

1168481,1208962,1209884,1209888,CVE-2023-25809,CVE-2023-27561,CVE-2023-28642

This update for runc fixes the following issues:

Update to runc v1.1.5:

Security fixes:

- CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884).

- CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962).

- CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888).

Other fixes:

- Fix the inability to use `/dev/null` when inside a container.

- Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481).

- Fix rare runc exec/enter unshare error on older kernels.

- nsexec: Check for errors in `write_log()`.

- Drop version-specific Go requirement.

1200441

This update of runc fixes the following issues:

- rebuild the package with the go 19.9 secure release (bsc#1200441).

1200441

This update of cni fixes the following issues:

- rebuild the package with the go 1.19 security release (bsc#1200441).

1211124

This update for libcontainers-common fixes the following issues:

- New subpackage libcontainers-sles-mounts which adds SLE-specific mounts on SLE systems (bsc#1211124)

- Own /etc/containers/systemd and /usr/share/containers/systemd for podman quadlet

- Remove container-storage-driver.sh to default to the overlay driver instead of btrfs

1207004,1208074,1210298,1211578

This update for containerd, docker, runc fixes the following issues:

- Update to containerd v1.6.21 (bsc#1211578)

- Update to Docker 23.0.6-ce (bsc#1211578)

- Update to runc v1.1.7

- Require a minimum Go version explicitly (bsc#1210298)

- Re-unify packaging for SLE-12 and SLE-15

- Fix build on SLE-12 by switching back to libbtrfs-devel headers

- Allow man pages to be built without internet access in OBS

- Add apparmor-parser as a Recommends to make sure that most users will end up with it installed

even if they are primarily running SELinux

- Fix syntax of boolean dependency

- Allow to install container-selinux instead of apparmor-parser

- Change to using systemd-sysusers

- Update runc.keyring to upstream version

- Fix the inability to use `/dev/null` when inside a container (bsc#1207004)

1211418,1211419,CVE-2023-2602,CVE-2023-2603

This update for libcap fixes the following issues:

- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).

- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).

1210004

This update for audit fixes the following issues:

- Check for AF_UNIX unnamed sockets (bsc#1210004)

- Enable livepatching on main library on x86_64

1206346

This update of cni fixes the following issues:

- rebuild the package with the go 1.20 security release (bsc#1206346).

1211079

This update for cryptsetup fixes the following issues:

- Handle system with low memory and no swap space (bsc#1211079)

1201519,1204844

This update for audit fixes the following issues:

- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)

- Fix rules not loaded when restarting auditd.service (bsc#1204844)

The following package changes have been done:

- libsemanage-conf-3.4-150400.1.8 added

- libsepol2-3.4-150400.1.11 added

- libsemanage2-3.4-150400.1.8 added

- libcontainers-common-20230214-150400.3.8.1 updated

- libslirp0-4.7.0+44-150300.15.2 added

- runc-1.1.7-150000.46.1 updated

- cni-0.7.1-150100.3.12.1 updated

- slirp4netns-1.2.0-150300.8.5.2 updated

- util-linux-systemd-2.37.2-150400.8.20.1 removed

Severity
Container Advisory ID : SUSE-CU-2023:2958-1
Container Tags : rancher/elemental-teal-iso/5.4:1.2.2 , rancher/elemental-teal-iso/5.4:1.2.2-2.9 , rancher/elemental-teal-iso/5.4:latest
Container Release : 2.9
Severity : important
Type : security

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo