SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:3169-1
Container Tags        : suse/manager/4.3/proxy-salt-broker:4.3.8 , suse/manager/4.3/proxy-salt-broker:4.3.8.9.27.2 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.8 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.8.9.27.2
Container Release     : 9.27.2
Severity              : important
Type                  : security
References            : 1158763 1186606 1194038 1194609 1194900 1195391 1201519 1204844
                        1205161 1206627 1207778 1208194 1209741 1209998 1210702 1210740
                        1211576 1212434 1213185 1213189 1213231 1213240 1213517 1213557
                        1213575 1213673 1213853 1213873 1214052 1214054 1214140 1214248
                        1214290 1214692 1214768 CVE-2023-36054 CVE-2023-3817 CVE-2023-39615
                        CVE-2023-4016 CVE-2023-40217 CVE-2023-4039 
-----------------------------------------------------------------

The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3285-1
Released:    Fri Aug 11 10:30:38 2023
Summary:     Recommended update for shadow
Type:        recommended
Severity:    moderate
References:  1206627,1213189
This update for shadow fixes the following issues:

- Prevent lock files from remaining after power interruptions (bsc#1213189)
- Add --prefix support to passwd, chpasswd and chage (bsc#1206627)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3286-1
Released:    Fri Aug 11 10:32:03 2023
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1194038,1194900
This update for util-linux fixes the following issues:

- Fix blkid for floppy drives (bsc#1194900)
- Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3363-1
Released:    Fri Aug 18 14:54:16 2023
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1214054,CVE-2023-36054
This update for krb5 fixes the following issues:

- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3397-1
Released:    Wed Aug 23 18:35:56 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1213517,1213853,CVE-2023-3817
This update for openssl-1_1 fixes the following issues:

- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
- Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3410-1
Released:    Thu Aug 24 06:56:32 2023
Summary:     Recommended update for audit
Type:        recommended
Severity:    moderate
References:  1201519,1204844
This update for audit fixes the following issues:

- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
- Fix rules not loaded when restarting auditd.service (bsc#1204844)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3451-1
Released:    Mon Aug 28 12:15:22 2023
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873
This update for systemd fixes the following issues:

- Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575)
- Decrease devlink priority for iso disks (bsc#1213185)
- Do not ignore mount point paths longer than 255 characters (bsc#1208194)
- Refuse hibernation if there's no possible way to resume (bsc#1186606)
- Update 'korean' and 'arabic' keyboard layouts (bsc#1210702)
- Drop some entries no longer needed by YaST (bsc#1194609)
- The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741)
- Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3454-1
Released:    Mon Aug 28 13:43:18 2023
Summary:     Security update for ca-certificates-mozilla
Type:        security
Severity:    important
References:  1214248
This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
  Added:
  - Atos TrustedRoot Root CA ECC G2 2020
  - Atos TrustedRoot Root CA ECC TLS 2021
  - Atos TrustedRoot Root CA RSA G2 2020
  - Atos TrustedRoot Root CA RSA TLS 2021
  - BJCA Global Root CA1
  - BJCA Global Root CA2
  - LAWtrust Root CA2 (4096)
  - Sectigo Public Email Protection Root E46
  - Sectigo Public Email Protection Root R46
  - Sectigo Public Server Authentication Root E46
  - Sectigo Public Server Authentication Root R46
  - SSL.com Client ECC Root CA 2022
  - SSL.com Client RSA Root CA 2022
  - SSL.com TLS ECC Root CA 2022
  - SSL.com TLS RSA Root CA 2022
  Removed CAs:
  - Chambers of Commerce Root
  - E-Tugra Certification Authority
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  - Hongkong Post Root CA 1

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3472-1
Released:    Tue Aug 29 10:55:16 2023
Summary:     Security update for procps
Type:        security
Severity:    low
References:  1214290,CVE-2023-4016
This update for procps fixes the following issues:

  - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3514-1
Released:    Fri Sep  1 15:48:52 2023
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1158763,1210740,1213231,1213557,1213673
This update for libzypp, zypper fixes the following issues:

- Fix occasional isue with downloading very small files (bsc#1213673)
- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763)
- Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740)
- Revised explanation of --force-resolution in man page (bsc#1213557)
- Print summary hint if policies were violated due to --force-resolution (bsc#1213557)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3577-1
Released:    Mon Sep 11 15:04:01 2023
Summary:     Recommended update for crypto-policies
Type:        recommended
Severity:    low
References:  1209998
This update for crypto-policies fixes the following issues:

- Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3611-1
Released:    Fri Sep 15 09:28:36 2023
Summary:     Recommended update for sysuser-tools
Type:        recommended
Severity:    moderate
References:  1195391,1205161,1207778,1213240,1214140
This update for sysuser-tools fixes the following issues:

- Update to version 3.2
- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
- Add 'quilt setup' friendly hint to %sysusers_requires usage
- Use append so if a pre file already exists it isn't overridden
- Invoke bash for bash scripts (bsc#1195391) 
- Remove all systemd requires not supported on SLE15 (bsc#1214140)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3661-1
Released:    Mon Sep 18 21:44:09 2023
Summary:     Security update for gcc12
Type:        security
Severity:    important
References:  1214052,CVE-2023-4039
This update for gcc12 fixes the following issues:

- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3699-1
Released:    Wed Sep 20 11:02:50 2023
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1214768,CVE-2023-39615
This update for libxml2 fixes the following issues:

- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3828-1
Released:    Wed Sep 27 19:07:38 2023
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1214692,CVE-2023-40217
This update for python3 fixes the following issues:

- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).


The following package changes have been done:

- libuuid1-2.37.2-150400.8.20.1 updated
- libudev1-249.16-150400.8.33.1 updated
- libsmartcols1-2.37.2-150400.8.20.1 updated
- libblkid1-2.37.2-150400.8.20.1 updated
- libaudit1-3.0.6-150400.4.13.1 updated
- libfdisk1-2.37.2-150400.8.20.1 updated
- libgcc_s1-12.3.0+git1204-150000.1.16.1 updated
- libstdc++6-12.3.0+git1204-150000.1.16.1 updated
- libxml2-2-2.9.14-150400.5.22.1 updated
- libsystemd0-249.16-150400.8.33.1 updated
- libopenssl1_1-1.1.1l-150400.7.53.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.53.1 updated
- libprocps7-3.3.15-150000.7.34.1 updated
- procps-3.3.15-150000.7.34.1 updated
- libmount1-2.37.2-150400.8.20.1 updated
- krb5-1.19.2-150400.3.6.1 updated
- login_defs-4.8.1-150400.10.9.1 updated
- shadow-4.8.1-150400.10.9.1 updated
- libzypp-17.31.20-150400.3.40.1 updated
- sysuser-shadow-3.2-150400.3.5.3 updated
- zypper-1.14.63-150400.3.29.1 updated
- util-linux-2.37.2-150400.8.20.1 updated
- crypto-policies-20210917.c9d86d1-150400.3.3.1 updated
- openssl-1_1-1.1.1l-150400.7.53.1 updated
- ca-certificates-mozilla-2.62-150200.30.1 updated
- libpython3_6m1_0-3.6.15-150300.10.51.1 updated
- python3-base-3.6.15-150300.10.51.1 updated
- python3-3.6.15-150300.10.51.1 updated

SUSE: 2023:3169-1 suse/manager/4.3/proxy-salt-broker Security Update

September 28, 2023
The container suse/manager/4.3/proxy-salt-broker was updated

Summary

Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important Advisory ID: SUSE-SU-2023:3699-1 Released: Wed Sep 20 11:02:50 2023 Summary: Security update for libxml2 Type: security Severity: important Advisory ID: SUSE-SU-2023:3828-1 Released: Wed Sep 27 19:07:38 2023 Summary: Security update for python3 Type: security Severity: important

References

References : 1158763 1186606 1194038 1194609 1194900 1195391 1201519 1204844

1205161 1206627 1207778 1208194 1209741 1209998 1210702 1210740

1211576 1212434 1213185 1213189 1213231 1213240 1213517 1213557

1213575 1213673 1213853 1213873 1214052 1214054 1214140 1214248

1214290 1214692 1214768 CVE-2023-36054 CVE-2023-3817 CVE-2023-39615

CVE-2023-4016 CVE-2023-40217 CVE-2023-4039

1206627,1213189

This update for shadow fixes the following issues:

- Prevent lock files from remaining after power interruptions (bsc#1213189)

- Add --prefix support to passwd, chpasswd and chage (bsc#1206627)

1194038,1194900

This update for util-linux fixes the following issues:

- Fix blkid for floppy drives (bsc#1194900)

- Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038)

1214054,CVE-2023-36054

This update for krb5 fixes the following issues:

- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)

1213517,1213853,CVE-2023-3817

This update for openssl-1_1 fixes the following issues:

- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)

- Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517)

1201519,1204844

This update for audit fixes the following issues:

- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)

- Fix rules not loaded when restarting auditd.service (bsc#1204844)

1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873

This update for systemd fixes the following issues:

- Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575)

- Decrease devlink priority for iso disks (bsc#1213185)

- Do not ignore mount point paths longer than 255 characters (bsc#1208194)

- Refuse hibernation if there's no possible way to resume (bsc#1186606)

- Update 'korean' and 'arabic' keyboard layouts (bsc#1210702)

- Drop some entries no longer needed by YaST (bsc#1194609)

- The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741)

- Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873)

1214248

This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)

Added:

- Atos TrustedRoot Root CA ECC G2 2020

- Atos TrustedRoot Root CA ECC TLS 2021

- Atos TrustedRoot Root CA RSA G2 2020

- Atos TrustedRoot Root CA RSA TLS 2021

- BJCA Global Root CA1

- BJCA Global Root CA2

- LAWtrust Root CA2 (4096)

- Sectigo Public Email Protection Root E46

- Sectigo Public Email Protection Root R46

- Sectigo Public Server Authentication Root E46

- Sectigo Public Server Authentication Root R46

- SSL.com Client ECC Root CA 2022

- SSL.com Client RSA Root CA 2022

- SSL.com TLS ECC Root CA 2022

- SSL.com TLS RSA Root CA 2022

Removed CAs:

- Chambers of Commerce Root

- E-Tugra Certification Authority

- E-Tugra Global Root CA ECC v3

- E-Tugra Global Root CA RSA v3

- Hongkong Post Root CA 1

1214290,CVE-2023-4016

This update for procps fixes the following issues:

- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).

1158763,1210740,1213231,1213557,1213673

This update for libzypp, zypper fixes the following issues:

- Fix occasional isue with downloading very small files (bsc#1213673)

- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)

- Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763)

- Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740)

- Revised explanation of --force-resolution in man page (bsc#1213557)

- Print summary hint if policies were violated due to --force-resolution (bsc#1213557)

1209998

This update for crypto-policies fixes the following issues:

- Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998)

1195391,1205161,1207778,1213240,1214140

This update for sysuser-tools fixes the following issues:

- Update to version 3.2

- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)

- Add 'quilt setup' friendly hint to %sysusers_requires usage

- Use append so if a pre file already exists it isn't overridden

- Invoke bash for bash scripts (bsc#1195391)

- Remove all systemd requires not supported on SLE15 (bsc#1214140)

1214052,CVE-2023-4039

This update for gcc12 fixes the following issues:

- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).

1214768,CVE-2023-39615

This update for libxml2 fixes the following issues:

- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).

1214692,CVE-2023-40217

This update for python3 fixes the following issues:

- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).

The following package changes have been done:

- libuuid1-2.37.2-150400.8.20.1 updated

- libudev1-249.16-150400.8.33.1 updated

- libsmartcols1-2.37.2-150400.8.20.1 updated

- libblkid1-2.37.2-150400.8.20.1 updated

- libaudit1-3.0.6-150400.4.13.1 updated

- libfdisk1-2.37.2-150400.8.20.1 updated

- libgcc_s1-12.3.0+git1204-150000.1.16.1 updated

- libstdc++6-12.3.0+git1204-150000.1.16.1 updated

- libxml2-2-2.9.14-150400.5.22.1 updated

- libsystemd0-249.16-150400.8.33.1 updated

- libopenssl1_1-1.1.1l-150400.7.53.1 updated

- libopenssl1_1-hmac-1.1.1l-150400.7.53.1 updated

- libprocps7-3.3.15-150000.7.34.1 updated

- procps-3.3.15-150000.7.34.1 updated

- libmount1-2.37.2-150400.8.20.1 updated

- krb5-1.19.2-150400.3.6.1 updated

- login_defs-4.8.1-150400.10.9.1 updated

- shadow-4.8.1-150400.10.9.1 updated

- libzypp-17.31.20-150400.3.40.1 updated

- sysuser-shadow-3.2-150400.3.5.3 updated

- zypper-1.14.63-150400.3.29.1 updated

- util-linux-2.37.2-150400.8.20.1 updated

- crypto-policies-20210917.c9d86d1-150400.3.3.1 updated

- openssl-1_1-1.1.1l-150400.7.53.1 updated

- ca-certificates-mozilla-2.62-150200.30.1 updated

- libpython3_6m1_0-3.6.15-150300.10.51.1 updated

- python3-base-3.6.15-150300.10.51.1 updated

- python3-3.6.15-150300.10.51.1 updated

Severity
Container Advisory ID : SUSE-CU-2023:3169-1
Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.8 , suse/manager/4.3/proxy-salt-broker:4.3.8.9.27.2 , suse/manager/4.3/proxy-salt-broker:latest , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.8 , suse/manager/4.3/proxy-salt-broker:susemanager-4.3.8.9.27.2
Container Release : 9.27.2
Severity : important
Type : security

Related News