SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:888-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.365 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.365 Severity : moderate Type : security References : 1203201 1206483 1209361 1209362 CVE-2023-28486 CVE-2023-28487 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1698-1 Released: Thu Mar 30 12:16:57 2023 Summary: Security update for sudo Type: security Severity: moderate References: 1203201,1206483,1209361,1209362,CVE-2023-28486,CVE-2023-28487 This update for sudo fixes the following issue: Security fixes: - CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362). - CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361). Other fixes: - Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). The following package changes have been done: - sudo-1.9.5p2-150300.3.24.1 updated