SUSE-CU-2020:33-1: Security update of ses/6/cephcsi/cephcsi

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Sat Feb 1 01:36:07 MST 2020


SUSE Container Update Advisory: ses/6/cephcsi/cephcsi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:33-1
Container Tags        : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.110 , ses/6/cephcsi/cephcsi:latest
Container Release     : 1.5.110
Severity              : moderate
Type                  : security
References            : 1013125 1149332 1151582 1157292 1157794 1157893 1158830 1158996
                        1160571 1160970 1161074 1161312 CVE-2019-19126 CVE-2019-5188
                        CVE-2020-1699 CVE-2020-1700 
-----------------------------------------------------------------

The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:225-1
Released:    Fri Jan 24 06:49:07 2020
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1158830
Description:

This update for procps fixes the following issues:

- Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:256-1
Released:    Wed Jan 29 09:39:17 2020
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1157794,1160970
Description:

This update for aaa_base fixes the following issues:

- Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794)
- Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:262-1
Released:    Thu Jan 30 11:02:42 2020
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1149332,1151582,1157292,1157893,1158996,CVE-2019-19126
Description:

This update for glibc fixes the following issues:

Security issue fixed:

- CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292).

Bug fixes:

- Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893).
- Fixed Hardware support in toolchain (bsc#1151582).
- Fixed syscalls during early process initialization (SLE-8348).
- Fixed an array overflow in backtrace for PowerPC (bsc#1158996).
- Moved to posix_spawn on popen (bsc#1149332).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:265-1
Released:    Thu Jan 30 14:05:34 2020
Summary:     Security update for e2fsprogs
Type:        security
Severity:    moderate
References:  1160571,CVE-2019-5188
Description:

This update for e2fsprogs fixes the following issues:

- CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:279-1
Released:    Fri Jan 31 12:01:39 2020
Summary:     Recommended update for p11-kit
Type:        recommended
Severity:    moderate
References:  1013125
Description:

This update for p11-kit fixes the following issues:

- Also build documentation (bsc#1013125)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:297-1
Released:    Fri Jan 31 17:24:13 2020
Summary:     Security update for ceph
Type:        security
Severity:    moderate
References:  1161074,1161312,CVE-2020-1699,CVE-2020-1700
Description:

This update for ceph fixes the following issues:

- CVE-2020-1700: Fixed a denial of service against the RGW server via connection leakage (bsc#1161312).
- CVE-2020-1699: Fixed a information disclosure by improper URL checking (bsc#1161074).



More information about the sle-security-updates mailing list