Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

SUSE: 2023:677-1 Critical: CDI-Controller Security Update - Key Fixes

suse
Calendar Grey March 16, 2023
Scroller Suse
Dive into SUSE's recent advisory concerning updates for the cdi-controller. This release highlights essential security patches and enhancements aimed at strengthening container management.
The container suse/sles/15.5/cdi-controller was updated

Summary

Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security

References

References : 1029961 1120610 1120610 1130496 1130496 1177047 1180713 1181131

1181131 1184124 1186642 1198062 1198922 1200657 1200657 1202436

1202436 1202436 1203600 1207753 1207789 CVE-2018-20482 CVE-2018-20482

CVE-2019-9923 CVE-2019-9923 CVE-2021-20193 CVE-2021-20193 CVE-2022-1271

CVE-2022-48303

1120610,1130496,CVE-2018-20482,CVE-2019-9923

This update for tar fixes the following issues:

Security issues fixed:

- CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496).

- CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610).

This update for gzip fixes the following issue:

Severity
important
Lowest
Low
Medium
High
Critical

Container Advisory ID : SUSE-CU-2023:677-1
Container Tags : suse/sles/15.5/cdi-controller:1.55.0 , suse/sles/15.5/cdi-controller:1.55.0-150500.3.13 , suse/sles/15.5/cdi-controller:1.55.0.17.170
Container Release : 17.170
Severity : important
Type : security

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.