Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

SUSE: 2023:3340-1 Important: Toolbox Container Security Fix

suse
Calendar Grey October 10, 2023
Dist Suse Esm H88
Fortify your SUSE container environment by applying the newly released critical enhancements and updates highlighted in the current notification.
The container suse/sle-micro/5.2/toolbox was updated

Summary

Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important Advisory ID: SUSE-RU-2023:4006-1 Released: Mon Oct 9 08:35:50 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate

References

References : 1213854 1214292 1214395 1215007 1215713 CVE-2023-35945

1215713,CVE-2023-35945

This update for nghttp2 fixes the following issues:

- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).

1213854,1214292,1214395,1215007

This update for zypper fixes the following issues:

- Fix name of the bash completion script (bsc#1215007)

- Update notes about failing signature checks (bsc#1214395)

- Improve the SIGINT handler to be signal safe (bsc#1214292)

- Update to version 1.14.64

- Changed location of bash completion script (bsc#1213854).

The following package changes have been done:

- libnghttp2-14-1.40.0-150200.9.1 updated

- zypper-1.14.64-150200.62.1 updated

- container:sles15-image-15.0.0-17.20.192 updated

Severity
important
Lowest
Low
Medium
High
Critical

Container Advisory ID : SUSE-CU-2023:3340-1
Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.291 , suse/sle-micro/5.2/toolbox:latest
Container Release : 6.2.291
Severity : important
Type : security

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.