SUSE: 2023:955-1 suse/sles/15.5/libguestfs-tools Security Update
Summary
Advisory ID: SUSE-RU-2023:622-1 Released: Mon Mar 6 11:17:57 2023 Summary: Recommended update for tcl Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:632-1 Released: Mon Mar 6 20:33:59 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:668-1 Released: Wed Mar 8 11:17:33 2023 Summary: Security update for libX11 Type: security Severity: moderate Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:743-1 Released: Wed Mar 15 11:18:23 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:788-1 Released: Thu Mar 16 19:37:59 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate
References
References : 1178233 1202853 1203248 1203249 1203355 1203537 1203715 1204425
1204548 1204956 1205570 1205636 1206623 1206949 1207183 1207571
1207957 1207975 1208237 1208358 1208471 1208881 1209001 1209209
1209210 1209211 1209212 1209214 1209533 CVE-2022-3555 CVE-2022-4899
CVE-2023-0687 CVE-2023-24329 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535
CVE-2023-27536 CVE-2023-27538
1206623
This update for tcl fixes the following issues:
- Fix string compare -length on big endian and improve string equal on little endian. (bsc#1206623)
1207183,1208237
This update for gnutls fixes the following issues:
- FIPS: Fix pct_test() return code in case of error (bsc#1207183)
- Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562]
1204425,1208881,CVE-2022-3555
This update for libX11 fixes the following issues:
- Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881)
1202853
This update for console-setup and kbd fixes the following issue:
- Fix Caps_Lock mapping for us.map and others (bsc#1202853)
1209001
This update for gnutls fixes the following issues:
FIPS: Establish PBKDF2 additional requirements [bsc#1209001]
* Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N)
* Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1)
* Set the minimum iterations count to 1000 (SP 800-132 sec 5.2)
* Set the minimum passlen of 20 characters (SP SP800-132 sec 5)
* Add regression tests for the new PBKDF2 requirements.
This update for gcc12 fixes the following issues:
This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products.
SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided in the SUSE Linux
Enterprise Module for Development Tools.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949
This update for libsolv, libzypp, zypper fixes the following issues:
libsolv:
- Do not autouninstall SUSE PTF packages
- Ensure 'duplinvolvedmap_all' is reset when a solver is reused
- Fix 'keep installed' jobs not disabling 'best update' rules
- New '-P' and '-W' options for `testsolv`
- New introspection interface for weak dependencies similar to ruleinfos
- Ensure special case file dependencies are written correctly in the testcase writer
- Support better info about alternatives
- Support decision reason queries
- Support merging of related decisions
- Support stringification of multiple solvables
- Support stringification of ruleinfo, decisioninfo and decision reasons
libzypp:
- Avoid calling getsockopt when we know the info already.
This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when
accepting new socket connections (bsc#1178233)
- Avoid redirecting 'history.logfile=/dev/null' into the target
- Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956)
- Enhance yaml-cpp detection
- Improve download of optional files
- MultiCurl: Make sure to reset the progress function when falling back.
- Properly reset range requests (bsc#1204548)
- Removing a PTF without enabled repos should always fail (bsc#1203248)
Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well.
To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the
installed PTF packages to theit latest version.
- Skip media.1/media download for http repo status calc.
This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed.
This optimisation only takes place if the repo does specify only downloading base urls.
- Use a dynamic fallback for BLKSIZE in downloads.
When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed,
relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar
metric as the MirrorCache implementation on the server side.
- ProgressData: enforce reporting the INIT||END state (bsc#1206949)
- ps: fix service detection on newer Tumbleweed systems (bsc#1205636)
zypper:
- Allow to (re)add a service with the same URL (bsc#1203715)
- Bump dependency requirement to libzypp-devel 17.31.7 or greater
- Explain outdatedness of repositories
- patterns: Avoid dispylaing superfluous @System entries (bsc#1205570)
- Provide `removeptf` command (bsc#1203249)
A remove command which prefers replacing dependant packages to removing them as well.
A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant
packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the
remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official
update versions.
- Update man page and explain '.no_auto_prune' (bsc#1204956)
1203355,1208471,CVE-2023-24329
This update for python3 fixes the following issues:
- CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
The following non-security bug was fixed:
- Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355).
1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538
This update for curl fixes the following issues:
- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).
1203537
This update for patterns-base fixes the following issues:
- change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537)
1209533,CVE-2022-4899
This update for zstd fixes the following issues:
- CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).
1207571,1207957,1207975,1208358,CVE-2023-0687
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)
Other issues fixed:
- Fix avx2 strncmp offset compare condition check (bsc#1208358)
- elf: Allow dlopen of filter object to work (bsc#1207571)
- powerpc: Fix unrecognized instruction errors with recent GCC
- x86: Cache computation for AMD architecture (bsc#1207957)
The following package changes have been done:
- glibc-2.31-150300.46.1 updated
- libzstd1-1.5.0-150400.3.3.1 updated
- libz1-1.2.13-150500.1.16 updated
- libuuid1-2.37.4-150500.7.10 updated
- libsmartcols1-2.37.4-150500.7.10 updated
- libblkid1-2.37.4-150500.7.10 updated
- libgcrypt20-1.9.4-150500.10.14 updated
- libgcrypt20-hmac-1.9.4-150500.10.14 updated
- libfdisk1-2.37.4-150500.7.10 updated
- libgcc_s1-12.2.1+git416-150000.1.7.1 updated
- libstdc++6-12.2.1+git416-150000.1.7.1 updated
- libopenssl1_1-1.1.1l-150500.13.5 updated
- libopenssl1_1-hmac-1.1.1l-150500.13.5 updated
- libmount1-2.37.4-150500.7.10 updated
- patterns-base-fips-20200124-150400.20.4.1 updated
- libcurl4-7.79.1-150400.5.18.1 updated
- sles-release-15.5-150500.37.4 updated
- libsolv-tools-0.7.23-150400.3.3.1 updated
- libzypp-17.31.8-150400.3.14.1 updated
- zypper-1.14.59-150400.3.12.2 updated
- util-linux-2.37.4-150500.7.10 updated
- curl-7.79.1-150400.5.18.1 updated
- btrfsprogs-udev-rules-5.14-150500.8.20 updated
- kbd-legacy-2.4.0-150400.5.3.1 updated
- libX11-data-1.6.5-150000.3.27.1 updated
- libnettle8-3.8.1-150500.2.20 updated
- libslirp0-4.7.0+44-150500.2.1 updated
- mdadm-4.2-150500.2.7 updated
- qemu-accel-tcg-x86-7.1.0-150500.47.6 updated
- qemu-ipxe-1.0.0+-150500.47.6 updated
- qemu-seabios-1.16.0_0_gd239552-150500.47.6 updated
- qemu-sgabios-8-150500.47.6 updated
- qemu-vgabios-1.16.0_0_gd239552-150500.47.6 updated
- zstd-1.5.0-150400.3.3.1 updated
- kbd-2.4.0-150400.5.3.1 updated
- python3-base-3.6.15-150300.10.45.1 updated
- libpython3_6m1_0-3.6.15-150300.10.45.1 updated
- libhogweed6-3.8.1-150500.2.20 updated
- btrfsprogs-5.14-150500.8.20 updated
- libmpath0-0.9.4+71+suse.c648a77-150500.1.1 updated
- tcl-8.6.12-150300.14.9.1 updated
- libX11-6-1.6.5-150000.3.27.1 updated
- libgnutls30-3.7.3-150400.4.35.1 updated
- libgnutls30-hmac-3.7.3-150400.4.35.1 updated
- xen-libs-4.17.0_06-150500.1.2 updated
- qemu-tools-7.1.0-150500.47.6 updated
- supermin-5.2.2-150500.1.2 updated
- dracut-mkinitrd-deprecated-055+suse.353.g5603b001-150500.1.5 updated
- dracut-055+suse.353.g5603b001-150500.1.5 updated
- kernel-kvmsmall-5.14.21-150500.46.4 updated
- dracut-fips-055+suse.353.g5603b001-150500.1.5 updated
- qemu-x86-7.1.0-150500.47.6 updated
- qemu-7.1.0-150500.47.6 updated
- libguestfs0-1.48.4-150500.1.10 updated
- libguestfs-1.48.4-150500.1.10 updated
- libguestfs-devel-1.48.4-150500.1.10 updated
- container:sles15-image-15.0.0-34.15 updated
