SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230928-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2023:704-1
Image Tags        : suse-sles-15-sp4-chost-byos-v20230928-x86_64-gen2:20230928
Image Release     : 
Severity          : important
Type              : security
References        : 1181477 1195391 1196933 1204942 1205161 1205533 1206402 1206608
                        1207543 1207598 1207778 1208928 1209979 1209998 1210015 1210797
                        1210950 1211598 1211599 1211829 1212368 1212475 1212819 1212910
                        1213120 1213127 1213229 1213240 1213500 1213582 1214006 1214052
                        1214081 1214107 1214108 1214109 1214140 1214254 1214458 1214535
                        1214692 1214768 1215026 1215064 1215145 1215204 1215472 1215474
                        CVE-2022-45154 CVE-2023-20588 CVE-2023-28840 CVE-2023-28841 CVE-2023-28842
                        CVE-2023-32360 CVE-2023-3341 CVE-2023-34322 CVE-2023-38039 CVE-2023-39615
                        CVE-2023-40217 CVE-2023-4039 CVE-2023-4504 
-----------------------------------------------------------------

The container suse-sles-15-sp4-chost-byos-v20230928-x86_64-gen2 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3521-1
Released:    Tue Sep  5 08:56:45 2023
Summary:     Recommended update for python-iniconfig
Type:        recommended
Severity:    moderate
References:  1213582

This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3536-1
Released:    Tue Sep  5 15:00:27 2023
Summary:     Security update for docker
Type:        security
Severity:    moderate
References:  1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842
This update for docker fixes the following issues:

- Update to Docker 24.0.5-ce.

  See upstream changelong online at
   bsc#1213229 

- Update to Docker 24.0.4-ce.

  See upstream changelog online at
  . bsc#1213500

- Update to Docker 24.0.3-ce.

  See upstream changelog online at
  . bsc#1213120

- Recommend docker-rootless-extras instead of Require(ing) it, given
  it's an additional functionality and not inherently required for
  docker to function.

- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless/)

- Update to Docker 24.0.2-ce. See upstream changelog online at
  . bsc#1212368

  * Includes the upstreamed fix for the mount table pollution issue.
    bsc#1210797

- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
  being provided by this package.

- was rebuilt against current GO compiler.


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3538-1
Released:    Tue Sep  5 16:37:14 2023
Summary:     Recommended update for dracut
Type:        recommended
Severity:    important
References:  1214081
This update for dracut fixes the following issues:

- Protect against broken links pointing to themselves
- Exit if resolving executable dependencies fails (bsc#1214081)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3543-1
Released:    Wed Sep  6 08:27:22 2023
Summary:     Recommended update for protobuf-c
Type:        recommended
Severity:    moderate
References:  1214006
This update for protobuf-c fixes the following issues:

- Add missing Provides/Obsoletes after package merge (bsc#1214006)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3577-1
Released:    Mon Sep 11 15:04:01 2023
Summary:     Recommended update for crypto-policies
Type:        recommended
Severity:    low
References:  1209998
This update for crypto-policies fixes the following issues:

- Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3611-1
Released:    Fri Sep 15 09:28:36 2023
Summary:     Recommended update for sysuser-tools
Type:        recommended
Severity:    moderate
References:  1195391,1205161,1207778,1213240,1214140
This update for sysuser-tools fixes the following issues:

- Update to version 3.2
- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
- Add 'quilt setup' friendly hint to %sysusers_requires usage
- Use append so if a pre file already exists it isn't overridden
- Invoke bash for bash scripts (bsc#1195391) 
- Remove all systemd requires not supported on SLE15 (bsc#1214140)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3661-1
Released:    Mon Sep 18 21:44:09 2023
Summary:     Security update for gcc12
Type:        security
Severity:    important
References:  1214052,CVE-2023-4039
This update for gcc12 fixes the following issues:

- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3663-1
Released:    Mon Sep 18 21:49:09 2023
Summary:     Recommended update for perl-Bootloader
Type:        recommended
Severity:    important
References:  1215064
This update for perl-Bootloader fixes the following issues:

- bootloader_entry script can have an optional 'force-default'
  argument (bsc#1215064)
- skip warning about unsupported options when in compat mode
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3699-1
Released:    Wed Sep 20 11:02:50 2023
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1214768,CVE-2023-39615
This update for libxml2 fixes the following issues:

- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3707-1
Released:    Wed Sep 20 17:12:03 2023
Summary:     Security update for cups
Type:        security
Severity:    important
References:  1214254,1215204,CVE-2023-32360,CVE-2023-4504
This update for cups fixes the following issues:

- CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204).
- CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3737-1
Released:    Fri Sep 22 20:31:25 2023
Summary:     Security update for bind
Type:        security
Severity:    important
References:  1215472,CVE-2023-3341
This update for bind fixes the following issues:

Update to release 9.16.44:

  - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3780-1
Released:    Tue Sep 26 10:58:21 2023
Summary:     Recommended update hidapi
Type:        recommended
Severity:    moderate
References:  1214535

This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3814-1
Released:    Wed Sep 27 18:08:17 2023
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1211829,1212819,1212910
This update for glibc fixes the following issues:

- nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415)
- Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457)
- elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688)
- elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676)
- ld.so: Always use MAP_COPY to map the first segment (BZ #30452)
- add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3817-1
Released:    Wed Sep 27 18:31:14 2023
Summary:     Security update for containerd
Type:        security
Severity:    important
References:  1212475

This update of containerd fixes the following issues:

- rebuild the package with the go 1.21 security release (bsc#1212475).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3822-1
Released:    Wed Sep 27 18:40:14 2023
Summary:     Security update for supportutils
Type:        security
Severity:    moderate
References:  1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154
This update for supportutils fixes the following issues:

Security fixes:

- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).

Other Fixes:

- Changes in version 3.1.26
  + powerpc plugin to collect the slots and active memory (bsc#1210950)
  + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
  + supportconfig: collect BPF information (pr#154)
  + Added additional iscsi information (pr#155)

- Added run time detection (bsc#1213127)

- Changes for supportutils version 3.1.25
  + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
  + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
  + powerpc: collect invscout logs (pr#150)
  + powerpc: collect RMC status logs (pr#151)
  + Added missing nvme nbft commands (bsc#1211599)
  + Fixed invalid nvme commands (bsc#1211598)
  + Added missing podman information (PED-1703, bsc#1181477)
  + Removed dependency on sysfstools
  + Check for systool use (bsc#1210015)
  + Added selinux checking (bsc#1209979)
  + Updated SLES_VER matrix

- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)

- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
  that `numactl --hardware` data is provided in supportconfigs

- Changes to supportconfig.rc version 3.1.11-35
  + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)

- Changes to supportconfig version 3.1.11-46.4
  + Added plymouth_info 

- Changes to getappcore version 1.53.02
  + The location of chkbin was updated earlier. This documents that
    change (bsc#1205533, bsc#1204942)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3823-1
Released:    Wed Sep 27 18:42:38 2023
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1215026,CVE-2023-38039
This update for curl fixes the following issues:

- CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3828-1
Released:    Wed Sep 27 19:07:38 2023
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1214692,CVE-2023-40217
This update for python3 fixes the following issues:

- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3832-1
Released:    Wed Sep 27 19:15:53 2023
Summary:     Security update for xen
Type:        security
Severity:    important
References:  1215145,1215474,CVE-2023-20588,CVE-2023-34322
This update for xen fixes the following issues:

- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3843-1
Released:    Wed Sep 27 20:18:06 2023
Summary:     Recommended update for suse-build-key
Type:        recommended
Severity:    important
References:  
This update for suse-build-key fixes the following issues:

This update adds and runs a import-suse-build-key script.

It is run after installation with libzypp based installers. (jsc#PED-2777)

It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.

To manually import them you can also run:

# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3856-1
Released:    Thu Sep 28 09:42:16 2023
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1214458
This update for apparmor fixes the following issues:

- Update zgrep profile to allow egrep helper use (bsc#1214458)


The following package changes have been done:

- apparmor-abstractions-3.0.4-150400.5.9.1 updated
- apparmor-parser-3.0.4-150400.5.9.1 updated
- bind-utils-9.16.44-150400.5.37.2 updated
- containerd-ctr-1.6.21-150000.95.1 updated
- containerd-1.6.21-150000.95.1 updated
- crypto-policies-20210917.c9d86d1-150400.3.3.1 updated
- cups-config-2.2.7-150000.3.51.2 updated
- curl-8.0.1-150400.5.29.1 updated
- docker-24.0.5_ce-150000.185.1 updated
- dracut-055+suse.347.gdcb9bdbf-150400.3.28.1 updated
- glibc-locale-base-2.31-150300.58.1 updated
- glibc-locale-2.31-150300.58.1 updated
- glibc-2.31-150300.58.1 updated
- kernel-default-5.14.21-150400.24.84.1 updated
- libapparmor1-3.0.4-150400.5.9.1 updated
- libcups2-2.2.7-150000.3.51.2 updated
- libcurl4-8.0.1-150400.5.29.1 updated
- libgcc_s1-12.3.0+git1204-150000.1.16.1 updated
- libhidapi-hidraw0-0.10.1-150300.3.2.1 updated
- libprotobuf-c1-1.3.2-150200.3.9.1 updated
- libpython3_6m1_0-3.6.15-150300.10.51.1 updated
- libstdc++6-12.3.0+git1204-150000.1.16.1 updated
- libxml2-2-2.9.14-150400.5.22.1 updated
- perl-Bootloader-0.945-150400.3.9.1 updated
- python3-base-3.6.15-150300.10.51.1 updated
- python3-bind-9.16.44-150400.5.37.2 updated
- python3-iniconfig-1.1.1-150000.1.11.1 updated
- python3-3.6.15-150300.10.51.1 updated
- supportutils-3.1.26-150300.7.35.21.1 updated
- suse-build-key-12.0-150000.8.34.1 updated
- sysuser-shadow-3.2-150400.3.5.3 updated
- xen-libs-4.16.5_04-150400.4.34.1 updated
- sysfsutils-2.1.0-3.3.1 removed

SUSE: 2023:704-1 suse-sles-15-sp4-chost-byos-v20230928-x86_64-gen2 Security Update

October 3, 2023
The container suse-sles-15-sp4-chost-byos-v20230928-x86_64-gen2 was updated

Summary

Advisory ID: SUSE-RU-2023:3521-1 Released: Tue Sep 5 08:56:45 2023 Summary: Recommended update for python-iniconfig Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3536-1 Released: Tue Sep 5 15:00:27 2023 Summary: Security update for docker Type: security Severity: moderate Advisory ID: SUSE-RU-2023:3538-1 Released: Tue Sep 5 16:37:14 2023 Summary: Recommended update for dracut Type: recommended Severity: important Advisory ID: SUSE-RU-2023:3543-1 Released: Wed Sep 6 08:27:22 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important Advisory ID: SUSE-RU-2023:3663-1 Released: Mon Sep 18 21:49:09 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important Advisory ID: SUSE-SU-2023:3699-1 Released: Wed Sep 20 11:02:50 2023 Summary: Security update for libxml2 Type: security Severity: important Advisory ID: SUSE-SU-2023:3707-1 Released: Wed Sep 20 17:12:03 2023 Summary: Security update for cups Type: security Severity: important Advisory ID: SUSE-SU-2023:3737-1 Released: Fri Sep 22 20:31:25 2023 Summary: Security update for bind Type: security Severity: important Advisory ID: SUSE-RU-2023:3780-1 Released: Tue Sep 26 10:58:21 2023 Summary: Recommended update hidapi Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3817-1 Released: Wed Sep 27 18:31:14 2023 Summary: Security update for containerd Type: security Severity: important Advisory ID: SUSE-SU-2023:3822-1 Released: Wed Sep 27 18:40:14 2023 Summary: Security update for supportutils Type: security Severity: moderate Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important Advisory ID: SUSE-SU-2023:3828-1 Released: Wed Sep 27 19:07:38 2023 Summary: Security update for python3 Type: security Severity: important Advisory ID: SUSE-SU-2023:3832-1 Released: Wed Sep 27 19:15:53 2023 Summary: Security update for xen Type: security Severity: important Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important Advisory ID: SUSE-RU-2023:3856-1 Released: Thu Sep 28 09:42:16 2023 Summary: Recommended update for apparmor Type: recommended Severity: moderate

References

References : 1181477 1195391 1196933 1204942 1205161 1205533 1206402 1206608

1207543 1207598 1207778 1208928 1209979 1209998 1210015 1210797

1210950 1211598 1211599 1211829 1212368 1212475 1212819 1212910

1213120 1213127 1213229 1213240 1213500 1213582 1214006 1214052

1214081 1214107 1214108 1214109 1214140 1214254 1214458 1214535

1214692 1214768 1215026 1215064 1215145 1215204 1215472 1215474

CVE-2022-45154 CVE-2023-20588 CVE-2023-28840 CVE-2023-28841 CVE-2023-28842

CVE-2023-32360 CVE-2023-3341 CVE-2023-34322 CVE-2023-38039 CVE-2023-39615

CVE-2023-40217 CVE-2023-4039 CVE-2023-4504

1213582

This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2.

1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842

This update for docker fixes the following issues:

- Update to Docker 24.0.5-ce.

See upstream changelong online at

bsc#1213229

- Update to Docker 24.0.4-ce.

See upstream changelog online at

. bsc#1213500

- Update to Docker 24.0.3-ce.

See upstream changelog online at

. bsc#1213120

- Recommend docker-rootless-extras instead of Require(ing) it, given

it's an additional functionality and not inherently required for

docker to function.

- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless/)

- Update to Docker 24.0.2-ce. See upstream changelog online at

. bsc#1212368

* Includes the upstreamed fix for the mount table pollution issue.

bsc#1210797

- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as

being provided by this package.

- was rebuilt against current GO compiler.

1214081

This update for dracut fixes the following issues:

- Protect against broken links pointing to themselves

- Exit if resolving executable dependencies fails (bsc#1214081)

1214006

This update for protobuf-c fixes the following issues:

- Add missing Provides/Obsoletes after package merge (bsc#1214006)

1209998

This update for crypto-policies fixes the following issues:

- Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998)

1195391,1205161,1207778,1213240,1214140

This update for sysuser-tools fixes the following issues:

- Update to version 3.2

- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)

- Add 'quilt setup' friendly hint to %sysusers_requires usage

- Use append so if a pre file already exists it isn't overridden

- Invoke bash for bash scripts (bsc#1195391)

- Remove all systemd requires not supported on SLE15 (bsc#1214140)

1214052,CVE-2023-4039

This update for gcc12 fixes the following issues:

- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).

1215064

This update for perl-Bootloader fixes the following issues:

- bootloader_entry script can have an optional 'force-default'

argument (bsc#1215064)

- skip warning about unsupported options when in compat mode

1214768,CVE-2023-39615

This update for libxml2 fixes the following issues:

- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).

1214254,1215204,CVE-2023-32360,CVE-2023-4504

This update for cups fixes the following issues:

- CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204).

- CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254).

1215472,CVE-2023-3341

This update for bind fixes the following issues:

Update to release 9.16.44:

- CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472).

1214535

This update for hidapi ships the missing libhidapi-raw0 library to SLE and Leap Micro 5.3 and 5.4.

1211829,1212819,1212910

This update for glibc fixes the following issues:

- nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415)

- Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457)

- elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688)

- elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676)

- ld.so: Always use MAP_COPY to map the first segment (BZ #30452)

- add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)

1212475

This update of containerd fixes the following issues:

- rebuild the package with the go 1.21 security release (bsc#1212475).

1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154

This update for supportutils fixes the following issues:

Security fixes:

- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).

Other Fixes:

- Changes in version 3.1.26

+ powerpc plugin to collect the slots and active memory (bsc#1210950)

+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154

+ supportconfig: collect BPF information (pr#154)

+ Added additional iscsi information (pr#155)

- Added run time detection (bsc#1213127)

- Changes for supportutils version 3.1.25

+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)

+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)

+ powerpc: collect invscout logs (pr#150)

+ powerpc: collect RMC status logs (pr#151)

+ Added missing nvme nbft commands (bsc#1211599)

+ Fixed invalid nvme commands (bsc#1211598)

+ Added missing podman information (PED-1703, bsc#1181477)

+ Removed dependency on sysfstools

+ Check for systool use (bsc#1210015)

+ Added selinux checking (bsc#1209979)

+ Updated SLES_VER matrix

- Fixed missing status detail for apparmor (bsc#1196933)

- Corrected invalid argument list in docker.txt (bsc#1206608)

- Applies limit equally to sar data and text files (bsc#1207543)

- Collects hwinfo hardware logs (bsc#1208928)

- Collects lparnumascore logs (issue#148)

- Add dependency to `numactl` on ppc64le and `s390x`, this enforces

that `numactl --hardware` data is provided in supportconfigs

- Changes to supportconfig.rc version 3.1.11-35

+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)

- Changes to supportconfig version 3.1.11-46.4

+ Added plymouth_info

- Changes to getappcore version 1.53.02

+ The location of chkbin was updated earlier. This documents that

change (bsc#1205533, bsc#1204942)

1215026,CVE-2023-38039

This update for curl fixes the following issues:

- CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026)

1214692,CVE-2023-40217

This update for python3 fixes the following issues:

- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).

1215145,1215474,CVE-2023-20588,CVE-2023-34322

This update for xen fixes the following issues:

- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).

- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).

This update for suse-build-key fixes the following issues:

This update adds and runs a import-suse-build-key script.

It is run after installation with libzypp based installers. (jsc#PED-2777)

It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.

To manually import them you can also run:

# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc

# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc

1214458

This update for apparmor fixes the following issues:

- Update zgrep profile to allow egrep helper use (bsc#1214458)

The following package changes have been done:

- apparmor-abstractions-3.0.4-150400.5.9.1 updated

- apparmor-parser-3.0.4-150400.5.9.1 updated

- bind-utils-9.16.44-150400.5.37.2 updated

- containerd-ctr-1.6.21-150000.95.1 updated

- containerd-1.6.21-150000.95.1 updated

- crypto-policies-20210917.c9d86d1-150400.3.3.1 updated

- cups-config-2.2.7-150000.3.51.2 updated

- curl-8.0.1-150400.5.29.1 updated

- docker-24.0.5_ce-150000.185.1 updated

- dracut-055+suse.347.gdcb9bdbf-150400.3.28.1 updated

- glibc-locale-base-2.31-150300.58.1 updated

- glibc-locale-2.31-150300.58.1 updated

- glibc-2.31-150300.58.1 updated

- kernel-default-5.14.21-150400.24.84.1 updated

- libapparmor1-3.0.4-150400.5.9.1 updated

- libcups2-2.2.7-150000.3.51.2 updated

- libcurl4-8.0.1-150400.5.29.1 updated

- libgcc_s1-12.3.0+git1204-150000.1.16.1 updated

- libhidapi-hidraw0-0.10.1-150300.3.2.1 updated

- libprotobuf-c1-1.3.2-150200.3.9.1 updated

- libpython3_6m1_0-3.6.15-150300.10.51.1 updated

- libstdc++6-12.3.0+git1204-150000.1.16.1 updated

- libxml2-2-2.9.14-150400.5.22.1 updated

- perl-Bootloader-0.945-150400.3.9.1 updated

- python3-base-3.6.15-150300.10.51.1 updated

- python3-bind-9.16.44-150400.5.37.2 updated

- python3-iniconfig-1.1.1-150000.1.11.1 updated

- python3-3.6.15-150300.10.51.1 updated

- supportutils-3.1.26-150300.7.35.21.1 updated

- suse-build-key-12.0-150000.8.34.1 updated

- sysuser-shadow-3.2-150400.3.5.3 updated

- xen-libs-4.16.5_04-150400.4.34.1 updated

- sysfsutils-2.1.0-3.3.1 removed

Severity
Image Advisory ID : SUSE-IU-2023:704-1
Image Tags : suse-sles-15-sp4-chost-byos-v20230928-x86_64-gen2:20230928
Image Release :
Severity : important
Type : security

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo