SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4184-1 Container Tags : suse/postgres:15 , suse/postgres:15-30.1 , suse/postgres:15.8 , suse/postgres:15.8 , suse/postgres:15.8-30.1 , suse/postgres:15.8-30.1 Container Release : 30.1 Severity : important Type : security References : 1194818 1218297 1221479 1224282 1226414 1226463 1227138 1227186 1227187 1228043 1228091 1228770 1229013 1229013 916845 CVE-2013-4235 CVE-2013-4235 CVE-2023-7008 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-5535 CVE-2024-7348 CVE-2024-7348 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3168-1 Released: Mon Sep 9 12:48:13 2024 Summary: Security update for postgresql16 Type: security Severity: important References: 1229013,CVE-2024-7348 This update for postgresql16 fixes the following issues: - Upgrade to 15.8 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3170-1 Released: Mon Sep 9 12:51:44 2024 Summary: Security update for postgresql16 Type: security Severity: important References: 1229013,CVE-2024-7348 This update for postgresql16 fixes the following issues: - Upgrade to 16.4 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) The following package changes have been done: - glibc-2.31-150300.86.3 updated - login_defs-4.8.1-150400.10.21.1 updated - libxml2-2-2.10.3-150500.5.17.1 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.34.1 updated - krb5-1.20.1-150500.3.9.1 updated - patterns-base-fips-20200124-150400.20.10.1 updated - pam-1.3.0-150000.6.71.2 updated - shadow-4.8.1-150400.10.21.1 updated - libsystemd0-249.17-150400.8.43.1 updated - glibc-locale-base-2.31-150300.86.3 updated - libpq5-16.4-150200.5.16.1 updated - glibc-locale-2.31-150300.86.3 updated - postgresql15-15.8-150200.5.30.1 updated - postgresql15-server-15.8-150200.5.30.1 updated - container:sles15-image-15.0.0-36.14.21 updated