SUSE-CU-2023:3174-1: Security update of suse/sle-micro/5.3/toolbox

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Sep 29 07:05:48 UTC 2023 

SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:3174-1
Container Tags        : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.216 , suse/sle-micro/5.3/toolbox:latest
Container Release     : 5.2.216
Severity              : important
Type                  : security
References            : 1181477 1196933 1204942 1205533 1206402 1206608 1207543 1207598
                        1208928 1209979 1210015 1210950 1211598 1211599 1211829 1212819
                        1212910 1213127 1214458 1214692 CVE-2022-45154 CVE-2023-40217
-----------------------------------------------------------------

The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3814-1
Released:    Wed Sep 27 18:08:17 2023
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1211829,1212819,1212910
This update for glibc fixes the following issues:

- nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415)
- Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457)
- elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688)
- elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676)
- ld.so: Always use MAP_COPY to map the first segment (BZ #30452)
- add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3822-1
Released:    Wed Sep 27 18:40:14 2023
Summary:     Security update for supportutils
Type:        security
Severity:    moderate
References:  1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154
This update for supportutils fixes the following issues:

Security fixes:

- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).

Other Fixes:

- Changes in version 3.1.26
  + powerpc plugin to collect the slots and active memory (bsc#1210950)
  + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
  + supportconfig: collect BPF information (pr#154)
  + Added additional iscsi information (pr#155)

- Added run time detection (bsc#1213127)

- Changes for supportutils version 3.1.25
  + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
  + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
  + powerpc: collect invscout logs (pr#150)
  + powerpc: collect RMC status logs (pr#151)
  + Added missing nvme nbft commands (bsc#1211599)
  + Fixed invalid nvme commands (bsc#1211598)
  + Added missing podman information (PED-1703, bsc#1181477)
  + Removed dependency on sysfstools
  + Check for systool use (bsc#1210015)
  + Added selinux checking (bsc#1209979)
  + Updated SLES_VER matrix

- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)

- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
  that `numactl --hardware` data is provided in supportconfigs

- Changes to supportconfig.rc version 3.1.11-35
  + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)

- Changes to supportconfig version 3.1.11-46.4
  + Added plymouth_info 

- Changes to getappcore version 1.53.02
  + The location of chkbin was updated earlier. This documents that
    change (bsc#1205533, bsc#1204942)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3828-1
Released:    Wed Sep 27 19:07:38 2023
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1214692,CVE-2023-40217
This update for python3 fixes the following issues:

- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3856-1
Released:    Thu Sep 28 09:42:16 2023
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1214458
This update for apparmor fixes the following issues:

- Update zgrep profile to allow egrep helper use (bsc#1214458)


The following package changes have been done:

- glibc-locale-base-2.31-150300.58.1 updated
- glibc-locale-2.31-150300.58.1 updated
- libapparmor1-3.0.4-150400.5.9.1 updated
- libpython3_6m1_0-3.6.15-150300.10.51.1 updated
- python3-base-3.6.15-150300.10.51.1 updated
- supportutils-3.1.26-150300.7.35.21.1 updated
- sysfsutils-2.1.0-3.3.1 removed

More information about the sle-security-updates mailing list