SUSE-IU-2024:680-1 SUSE Image security@suse.de SUSE Security Team SUSE Image SUSE-IU-2024:680-1 Interim 1 1 2026-03-19T08:54:07Z current 2024-07-26T01:00:00Z 2024-07-26T01:00:00Z cve-database/bin/generate-cvrf-publiccloud.pl 2021-02-18T01:00:00Z Image update for SUSE-IU-2024:680-1 / google/sles-15-sp5-chost-byos-v20240726-arm64 This image update for google/sles-15-sp5-chost-byos-v20240726-arm64 contains the following changes: Package containerd was updated: - Revert noarch for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds Package krb5 was updated: - Fix vulnerabilities in GSS message token handling, add patch 0011-Fix-vulnerabilities-in-GSS-message-token-handling.patch * CVE-2024-37370, bsc#1227186 * CVE-2024-37371, bsc#1227187 Package oniguruma was updated: - Added oniguruma-6.8.2-CVE-2019-13225-fix.patch (boo#1141157 CVE-2019-13225) oniguruma: null-pointer dereference in match_at() in regexec.c Package libxml2 was updated: - Security fix (CVE-2024-34459, bsc#1224282) buffer over-read in xmlHTMLPrintFileContext in xmllint.c * Added libxml2-CVE-2024-34459.patch Package 000release-packages:sle-module-basesystem-release was updated: Package 000release-packages:sle-module-containers-release was updated: Package 000release-packages:sle-module-public-cloud-release was updated: Package 000release-packages:sle-module-server-applications-release was updated: Package 000release-packages:SLES-release was updated: Package suse-build-key was updated: - added missing ; in shell script (bsc#1227681) - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them. (bsc#1227429) gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key. Package xfsprogs was updated: - xfs_copy: don't use cached buffer reads until after libxfs_mount (bsc#1227150) - Add xfsprogs-xfs_copy-don-t-use-cached-buffer-reads-until-after-l.patch The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://publiccloudimagechangeinfo.suse.com/google/sles-15-sp5-chost-byos-v20240726-arm64/ Public Cloud Image Info https://www.suse.com/support/security/rating/ SUSE Security Ratings Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64 containerd-1.7.17-150000.114.1 containerd-ctr-1.7.17-150000.114.1 krb5-1.20.1-150500.3.9.1 libonig4-6.7.0-150000.3.6.1 libprocps8-3.3.17-150000.7.39.1 libpython3_6m1_0-3.6.15-150300.10.65.1 libxml2-2-2.10.3-150500.5.17.1 procps-3.3.17-150000.7.39.1 python3-3.6.15-150300.10.65.2 python3-base-3.6.15-150300.10.65.1 suse-build-key-12.0-150000.8.49.2 xfsprogs-5.13.0-150400.3.10.2 containerd-1.7.17-150000.114.1 as a component of Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64 containerd-ctr-1.7.17-150000.114.1 as a component of Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64 krb5-1.20.1-150500.3.9.1 as a component of Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64 libonig4-6.7.0-150000.3.6.1 as a component of Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64 libprocps8-3.3.17-150000.7.39.1 as a component of Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64 libpython3_6m1_0-3.6.15-150300.10.65.1 as a component of Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64 libxml2-2-2.10.3-150500.5.17.1 as a component of Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64 procps-3.3.17-150000.7.39.1 as a component of Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64 python3-3.6.15-150300.10.65.2 as a component of Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64 python3-base-3.6.15-150300.10.65.1 as a component of Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64 suse-build-key-12.0-150000.8.49.2 as a component of Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64 xfsprogs-5.13.0-150400.3.10.2 as a component of Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64 A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. CVE-2019-13225 Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64:libonig4-6.7.0-150000.3.6.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. CVE-2024-34459 Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64:libxml2-2-2.10.3-150500.5.17.1 moderate In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. CVE-2024-37370 Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64:krb5-1.20.1-150500.3.9.1 moderate In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. CVE-2024-37371 Public Cloud Image google/sles-15-sp5-chost-byos-v20240726-arm64:krb5-1.20.1-150500.3.9.1 moderate