What Are You Looking For?

Sign Up
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:3348-1
Container Tags        : bci/golang:1.19-openssl , bci/golang:1.19-openssl-7.6 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-7.6
Container Release     : 7.6
Severity              : important
Type                  : security
References            : 1211078 1215533 1215713 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079
                        CVE-2023-32181 CVE-2023-35945 
-----------------------------------------------------------------

The container bci/golang was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3954-1
Released:    Tue Oct  3 20:09:47 2023
Summary:     Security update for libeconf
Type:        security
Severity:    important
References:  1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181
This update for libeconf fixes the following issues:

Update to version 0.5.2.

- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3994-1
Released:    Fri Oct  6 13:44:15 2023
Summary:     Recommended update for git
Type:        recommended
Severity:    moderate
References:  1215533
This update for git fixes the following issues:

- Downgrade openssh dependency to recommends (bsc#1215533)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3997-1
Released:    Fri Oct  6 14:13:56 2023
Summary:     Security update for nghttp2
Type:        security
Severity:    important
References:  1215713,CVE-2023-35945
This update for nghttp2 fixes the following issues:

- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).


The following package changes have been done:

- libnghttp2-14-1.40.0-150200.9.1 updated
- libeconf0-0.5.2-150400.3.6.1 updated
- git-core-2.35.3-150300.10.30.1 updated
- container:sles15-image-15.0.0-36.5.39 updated
- libcbor0-0.5.0-150100.4.6.1 removed
- libedit0-3.1.snap20150325-2.12 removed
- libfido2-1-1.13.0-150400.5.6.1 removed
- libhidapi-hidraw0-0.10.1-150300.3.2.1 removed
- libudev1-249.16-150400.8.33.1 removed
- openssh-clients-8.4p1-150300.3.22.1 removed
- openssh-common-8.4p1-150300.3.22.1 removed
- openssh-fips-8.4p1-150300.3.22.1 removed

SUSE: 2023:3348-1 bci/golang Security Update

October 10, 2023
The container bci/golang was updated

Summary

Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important

References

References : 1211078 1215533 1215713 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079

CVE-2023-32181 CVE-2023-35945

1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181

This update for libeconf fixes the following issues:

Update to version 0.5.2.

- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).

- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)

1215533

This update for git fixes the following issues:

- Downgrade openssh dependency to recommends (bsc#1215533)

1215713,CVE-2023-35945

This update for nghttp2 fixes the following issues:

- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).

The following package changes have been done:

- libnghttp2-14-1.40.0-150200.9.1 updated

- libeconf0-0.5.2-150400.3.6.1 updated

- git-core-2.35.3-150300.10.30.1 updated

- container:sles15-image-15.0.0-36.5.39 updated

- libcbor0-0.5.0-150100.4.6.1 removed

- libedit0-3.1.snap20150325-2.12 removed

- libfido2-1-1.13.0-150400.5.6.1 removed

- libhidapi-hidraw0-0.10.1-150300.3.2.1 removed

- libudev1-249.16-150400.8.33.1 removed

- openssh-clients-8.4p1-150300.3.22.1 removed

- openssh-common-8.4p1-150300.3.22.1 removed

- openssh-fips-8.4p1-150300.3.22.1 removed

Severity
Container Advisory ID : SUSE-CU-2023:3348-1
Container Tags : bci/golang:1.19-openssl , bci/golang:1.19-openssl-7.6 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-7.6
Container Release : 7.6
Severity : important
Type : security

Related News

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Linux 6.7 Introduces "make hardening.config" To Help Build A Hardened Kernel

Nov 5, 2023

Linux 6.6 Brings New Scheduler, File Sharing and Security

Nov 2, 2023

Ubuntu Linux 23.10 Is Adding an Important New Security Feature

Oct 11, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo