Container summary for
SUSE-IU-2024:1458-1
| Container Advisory ID | SUSE-IU-2024:1458-1 |
| Container Tags | |
| Container Release | |
The following patches have been included in this update:
SUSE-IU-2024:1457-1
| Container Advisory ID | SUSE-IU-2024:1457-1 |
| Container Tags | |
| Container Release | |
The following patches have been included in this update:
SUSE-IU-2024:1456-1
| Container Advisory ID | SUSE-IU-2024:1456-1 |
| Container Tags | |
| Container Release | |
The following patches have been included in this update:
SUSE-IU-2024:1455-1
| Container Advisory ID | SUSE-IU-2024:1455-1 |
| Container Tags | |
| Container Release | |
The following patches have been included in this update:
SUSE-IU-2024:1454-1
| Container Advisory ID | SUSE-IU-2024:1454-1 |
| Container Tags | |
| Container Release | |
The following patches have been included in this update:
| Advisory ID | 39
|
| Released | Tue Sep 10 11:26:35 2024 |
| Summary | Recommended update for salt |
| Type | recommended |
| Severity | important |
| References | 1211649,1211888,1216063,1219001,1222684 |
Description:
This update for salt fixes the following issues:
- Fix rich rule comparison in firewalld module (bsc#1222684)
- test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL
- Make auth.pam more robust with Salt Bundle and fix tests
- Fix performance of user.list_groups with many remote groups
- Fix 'status.diskusage' function and exclude some tests for Salt Bundle
- Skip certain tests if necessary for some OSes and set flaky ones
- Add a timer to delete old env post update for venv-minion
- Several fixes for tests to avoid errors and failures in some OSes
- Speed up salt.matcher.confirm_top by using __context__
- Do not call the async wrapper calls with the separate thread
- Prevent OOM with high amount of batch async calls (bsc#1216063)
- Add missing contextvars dependency in salt.version
- Skip tests for unsupported algorithm on old OpenSSL version
- Remove redundant `_file_find` call to the master
- Prevent possible exception in tornado.concurrent.Future._set_done
- Make reactor engine less blocking the EventPublisher
- Make salt-master self recoverable on killing EventPublisher
- Improve broken events catching and reporting
- Make logging calls lighter
- Remove unused import causing delays on starting salt-master
- Mark python3-CherryPy as recommended package for the testsuite
- Make 'man' a recommended package instead of required
- Convert oscap output to UTF-8
- Make Salt compatible with Python 3.11
- Ignore non-ascii chars in oscap output (bsc#1219001)
- Fix detected issues in Salt tests when running on VMs
- Make importing seco.range thread safe (bsc#1211649)
- Fix problematic tests and allow smooth tests executions on containers
- Discover Ansible playbook files as '*.yml' or '*.yaml' files (bsc#1211888)
- Provide user(salt)/group(salt) capabilities for RPM 4.19
- Extend dependencies for python3-salt-testsuite and python3-salt packages
- Improve Salt and testsuite packages multibuild
- Enable multibuilld and create test flavor
SUSE-IU-2024:1453-1
| Container Advisory ID | SUSE-IU-2024:1453-1 |
| Container Tags | |
| Container Release | |
The following patches have been included in this update:
SUSE-IU-2024:1452-1
| Container Advisory ID | SUSE-IU-2024:1452-1 |
| Container Tags | |
| Container Release | |
The following patches have been included in this update:
SUSE-IU-2024:1451-1
| Container Advisory ID | SUSE-IU-2024:1451-1 |
| Container Tags | |
| Container Release | |
The following patches have been included in this update:
| Advisory ID | 2
|
| Released | Fri Jun 28 15:17:36 2024 |
| Summary | Recommended update for cloud-init |
| Type | recommended |
| Severity | important |
| References | 1219680 |
Description:
This update for cloud-init fixes the following issue:
- skip renames if the device is already present (bsc#1219680)
SUSE-IU-2024:1450-1
| Container Advisory ID | SUSE-IU-2024:1450-1 |
| Container Tags | |
| Container Release | |
The following patches have been included in this update:
SUSE-IU-2024:1449-1
| Container Advisory ID | SUSE-IU-2024:1449-1 |
| Container Tags | |
| Container Release | |
The following patches have been included in this update:
SUSE-IU-2024:1448-1
| Container Advisory ID | SUSE-IU-2024:1448-1 |
| Container Tags | |
| Container Release | |
The following patches have been included in this update:
SUSE-IU-2024:1447-1
| Container Advisory ID | SUSE-IU-2024:1447-1 |
| Container Tags | |
| Container Release | |
The following patches have been included in this update:
SUSE-IU-2024:1446-1
| Container Advisory ID | SUSE-IU-2024:1446-1 |
| Container Tags | |
| Container Release | |
The following patches have been included in this update:
| Advisory ID | 7
|
| Released | Mon Jul 15 13:04:11 2024 |
| Summary | Security update for less |
| Type | security |
| Severity | important |
| References | 1222849,CVE-2024-32487 |
Description:
This update for less fixes the following issues:
- CVE-2024-32487: Fix a bug where mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
| Advisory ID | 8
|
| Released | Tue Jul 30 09:43:22 2024 |
| Summary | Security update for openssh |
| Type | security |
| Severity | critical |
| References | 1217950,1218215,1226642,1227318,CVE-2023-48795,CVE-2023-51385,CVE-2024-39894,CVE-2024-6387 |
Description:
This update for openssh fixes the following issues:
- CVE-2024-39894: Fixed timing attacks against echo-off password entry (bsc#1227318)
- CVE-2024-6387: Fixed race condition in a signal handler (bsc#1226642).
| Advisory ID | 9
|
| Released | Fri Aug 9 10:33:34 2024 |
| Summary | Recommended update for bash, libcap-ng, libselinux, libselinux-bindings, libsemanage, zypper |
| Type | recommended |
| Severity | low |
| References | |
Description:
This update fixes the following issues:
- No change rebuild due to dependency changes.
| Advisory ID | 30
|
| Released | Wed Sep 4 16:07:40 2024 |
| Summary | Security update for curl |
| Type | security |
| Severity | moderate |
| References | 1221665,1221666,1221667,1221668,1227888,1228535,CVE-2024-2004,CVE-2024-2379,CVE-2024-2398,CVE-2024-2466,CVE-2024-6197,CVE-2024-7264 |
Description:
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2024-7264: ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Freeing stack buffer in utf8asn1str (bsc#1227888)
- CVE-2024-2379: QUIC certificate check bypass with wolfSSL (bsc#1221666)
- CVE-2024-2466: TLS certificate check bypass with mbedTLS (bsc#1221668)
- CVE-2024-2004: Usage of disabled protocol (bsc#1221665)
- CVE-2024-2398: HTTP/2 push headers memory-leak (bsc#1221667)
Non-security issue fixed:
- Fixed various TLS related issues including FTP over SSL transmission timeouts.
| Advisory ID | 44
|
| Released | Wed Sep 11 13:33:01 2024 |
| Summary | Security update for expat |
| Type | security |
| Severity | important |
| References | 1221289,1229930,1229931,1229932,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 |
Description:
This update for expat fixes the following issues:
- CVE-2024-45492: detect integer overflow in function nextScaffoldPart (bsc#1229932)
- CVE-2024-45491: detect integer overflow in dtdCopy (bsc#1229931)
- CVE-2024-45490: reject negative len for XML_ParseBuffer (bsc#1229930)
- CVE-2024-28757: XML Entity Expansion attack when there is isolated use of external parsers (bsc#1221289)