SUSE-CU-2020:25-1: Security update of sles12/registry
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Jan 23 07:47:39 MST 2020
SUSE Container Update Advisory: sles12/registry
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:25-1
Container Tags : sles12/registry:2.6.2
Severity : important
Type : security
References : 1049825 1082318 1093414 1104902 1107617 1114674 1116995 1123919
1124847 1128828 1131830 1134550 1136298 1137053 1137832 1139870
1139942 1140039 1140631 1140914 1141093 1142614 1142661 1143194
1143273 1145521 1145575 1145738 1145740 1145741 1145742 1146415
1148987 1149429 1149496 1150003 1150250 1150595 1150734 1151577
1153386 1153557 1154036 1154037 1154043 1154862 1154948 1155199
1155338 1155339 1157198 1158586 1158763 1159162 1160571 CVE-2018-10754
CVE-2018-18311 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10098
CVE-2019-12749 CVE-2019-13050 CVE-2019-13057 CVE-2019-13565 CVE-2019-13627
CVE-2019-14866 CVE-2019-1547 CVE-2019-1563 CVE-2019-15903 CVE-2019-17498
CVE-2019-17594 CVE-2019-17595 CVE-2019-18900 CVE-2019-3688 CVE-2019-3690
CVE-2019-5188 CVE-2019-5482 CVE-2019-9517 CVE-2019-9893 SLE-10396
SLE-7081 SLE-7257
-----------------------------------------------------------------
The container sles12/registry was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2120-1
Released: Wed Aug 14 11:17:39 2019
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1136298,SLE-7257
Description:
This update for pam fixes the following issues:
- Enable pam_userdb.so (SLE-7257,bsc#1136298)
- Upgraded pam_userdb to 1.3.1. (bsc#1136298)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2264-1
Released: Mon Sep 2 09:07:12 2019
Summary: Security update for perl
Type: security
Severity: important
References: 1114674,CVE-2018-18311
Description:
This update for perl fixes the following issues:
Security issue fixed:
- CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2288-1
Released: Wed Sep 4 14:22:47 2019
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1104902,1107617,1137053,1142661
Description:
This update for systemd fixes the following issues:
- Fixes an issue where the Kernel took very long to unmount a user's runtime directory (bsc#1104902)
- udevd: changed the default value of udev.children-max (again) (bsc#1107617)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2329-1
Released: Fri Sep 6 16:08:08 2019
Summary: Security update for apache2
Type: security
Severity: important
References: 1145575,1145738,1145740,1145741,1145742,CVE-2019-10081,CVE-2019-10082,CVE-2019-10092,CVE-2019-10098,CVE-2019-9517
Description:
This update for apache2 fixes the following issues:
Security issues fixed:
- CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1145575).
- CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes (bsc#1145742).
- CVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in h2 connection shutdown (bsc#1145741).
- CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy (bsc#1145740).
- CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open redirect (bsc#1145738).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2372-1
Released: Thu Sep 12 14:01:27 2019
Summary: Recommended update for krb5
Type: recommended
Severity: moderate
References: 1139942,1140914,SLE-7081
Description:
This update for krb5 fixes the following issues:
- Fix missing responder if there is no pre-auth; (bsc#1139942)
- Load mechglue config files from /etc/gss/mech.d; (bsc#1140914, jsc#SLE-7081)
- Fix impersonate_name to work with interposers; (bsc#1140914, jsc#SLE-7081)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2339-1
Released: Thu Sep 12 14:17:53 2019
Summary: Security update for curl
Type: security
Severity: important
References: 1149496,CVE-2019-5482
Description:
This update for curl fixes the following issues:
Security issue fixed:
- CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2390-1
Released: Tue Sep 17 15:46:02 2019
Summary: Security update for openldap2
Type: security
Severity: moderate
References: 1143194,1143273,CVE-2019-13057,CVE-2019-13565
Description:
This update for openldap2 fixes the following issues:
Security issues fixed:
- CVE-2019-13565: Fixed ssf memory reuse that leads to incorrect authorization of another connection, granting excess connection rights (ssf) (bsc#1143194).
- CVE-2019-13057: Fixed rootDN of a backend that may proxyauth incorrectly to another backend, violating multi-tenant isolation (bsc#1143273).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2413-1
Released: Fri Sep 20 10:44:26 2019
Summary: Security update for openssl
Type: security
Severity: moderate
References: 1150003,1150250,CVE-2019-1547,CVE-2019-1563
Description:
This update for openssl fixes the following issues:
OpenSSL Security Advisory [10 September 2019]
- CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003).
- CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2440-1
Released: Mon Sep 23 17:15:13 2019
Summary: Security update for expat
Type: security
Severity: moderate
References: 1149429,CVE-2019-15903
Description:
This update for expat fixes the following issues:
Security issue fixed:
- CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. (bsc#1149429)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2480-1
Released: Fri Sep 27 13:12:08 2019
Summary: Security update for gpg2
Type: security
Severity: moderate
References: 1124847,1141093,CVE-2019-13050
Description:
This update for gpg2 fixes the following issues:
Security issue fixed:
- CVE-2019-13050: Fixed denial-of-service attacks via big keys. (bsc#1141093)
Non-security issue fixed:
- Allow coredumps in X11 desktop sessions (bsc#1124847).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2510-1
Released: Tue Oct 1 17:37:12 2019
Summary: Security update for libgcrypt
Type: security
Severity: moderate
References: 1148987,CVE-2019-13627
Description:
This update for libgcrypt fixes the following issues:
Security issues fixed:
- CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2818-1
Released: Tue Oct 29 17:22:01 2019
Summary: Recommended update for zypper and libzypp
Type: recommended
Severity: important
References: 1049825,1116995,1140039,1145521,1146415,1153557
Description:
This update for zypper and libzypp fixes the following issues:
Package: zypper
- Fixed an issue where zypper exited on a SIGPIPE during package download (bsc#1145521)
- Rephrased the file conflicts check summary (bsc#1140039)
- Fixes an issue where the bash completion was wrongly expanded (bsc#1049825)
Package: libzypp
- Fixed an issue where YaST2 was not able to find base products via libzypp (bsc#1153557)
- Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus
mode when resolving jobs (bsc#1146415)
- Fixes a file descriptor leak in the media backend (bsc#1116995)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2820-1
Released: Wed Oct 30 10:21:18 2019
Summary: Security update for dbus-1
Type: security
Severity: important
References: 1137832,CVE-2019-12749
Description:
This update for dbus-1 fixes the following issues:
Security issue fixed:
- CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which
could have allowed local attackers to bypass authentication (bsc#1137832).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2887-1
Released: Mon Nov 4 17:31:49 2019
Summary: Recommended update for apparmor
Type: recommended
Severity: moderate
References: 1139870
Description:
This update for apparmor provides the following fix:
- Change pathname in logprof.conf and use check_qualifiers() in autodep to make sure
apparmor does not generate profiles for programs marked as not having their own
profiles. (bsc#1139870)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2898-1
Released: Tue Nov 5 17:00:27 2019
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1140631,1150595,1154948
Description:
This update for systemd fixes the following issues:
- sd-bus: deal with cookie overruns (bsc#1150595)
- rules: Add by-id symlinks for persistent memory (bsc#1140631)
- Drop the old fds used for logging and reopen them in the
sub process before doing any new logging. (bsc#1154948)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2936-1
Released: Fri Nov 8 13:19:55 2019
Summary: Security update for libssh2_org
Type: security
Severity: moderate
References: 1154862,CVE-2019-17498
Description:
This update for libssh2_org fixes the following issue:
- CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2941-1
Released: Tue Nov 12 10:03:32 2019
Summary: Security update for libseccomp
Type: security
Severity: moderate
References: 1082318,1128828,1142614,CVE-2019-9893
Description:
This update for libseccomp fixes the following issues:
Update to new upstream release 2.4.1:
* Fix a BPF generation bug where the optimizer mistakenly
identified duplicate BPF code blocks.
Updated to 2.4.0 (bsc#1128828 CVE-2019-9893):
* Update the syscall table for Linux v5.0-rc5
* Added support for the SCMP_ACT_KILL_PROCESS action
* Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute
* Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension
* Added support for the parisc and parisc64 architectures
* Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3)
* Return -EDOM on an endian mismatch when adding an architecture to a filter
* Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run()
* Fix PFC generation when a syscall is prioritized, but no rule exists
* Numerous fixes to the seccomp-bpf filter generation code
* Switch our internal hashing function to jhash/Lookup3 to MurmurHash3
* Numerous tests added to the included test suite, coverage now at ~92%
* Update our Travis CI configuration to use Ubuntu 16.04
* Numerous documentation fixes and updates
Update to release 2.3.3:
* Updated the syscall table for Linux v4.15-rc7
Update to release 2.3.2:
* Achieved full compliance with the CII Best Practices program
* Added Travis CI builds to the GitHub repository
* Added code coverage reporting with the '--enable-code-coverage' configure
flag and added Coveralls to the GitHub repository
* Updated the syscall tables to match Linux v4.10-rc6+
* Support for building with Python v3.x
* Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is
set to true
* Several small documentation fixes
- ignore make check error for ppc64/ppc64le, bypass bsc#1142614
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3003-1
Released: Tue Nov 19 10:12:33 2019
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1153386,SLE-10396
Description:
This update for procps provides the following fixes:
- Backport the MemAvailable patch into SLE12-SP4/SP5 procps. (jsc#SLE-10396)
- Add missing ShmemPmdMapped entry for pmap with newer kernels. (bsc#1153386)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3064-1
Released: Mon Nov 25 18:44:36 2019
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1155199,CVE-2019-14866
Description:
This update for cpio fixes the following issues:
- CVE-2019-14866: Fixed an improper validation of the values written
in the header of a TAR file through the to_oct() function which could
have led to unexpected TAR generation (bsc#1155199).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3085-1
Released: Thu Nov 28 10:01:53 2019
Summary: Security update for libxml2
Type: security
Severity: low
References: 1123919
Description:
This update for libxml2 doesn't fix any additional security issues, but correct the rpm changelog to reflect
all CVEs that have been fixed over the past.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3094-1
Released: Thu Nov 28 16:47:52 2019
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1131830,1134550,1154036,1154037,CVE-2018-10754,CVE-2019-17594,CVE-2019-17595
Description:
This update for ncurses fixes the following issues:
Security issue fixed:
- CVE-2018-10754: Fixed a denial of service caused by a NULL Pointer Dereference in the _nc_parse_entry() (bsc#1131830).
- CVE-2019-17594: Fixed a heap-based buffer over-read in _nc_find_entry function in tinfo/comp_hash.c (bsc#1154036).
- CVE-2019-17595: Fixed a heap-based buffer over-read in fmt_entry function in tinfo/comp_hash.c (bsc#1154037).
Bug fixes:
- Fixed ppc64le build configuration (bsc#1134550).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3132-1
Released: Tue Dec 3 10:52:14 2019
Summary: Recommended update for update-alternatives
Type: recommended
Severity: moderate
References: 1154043
Description:
This update for update-alternatives fixes the following issues:
- Fix post install scripts: test if there is actual file before calling update-alternatives. (bsc#1154043)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3180-1
Released: Thu Dec 5 11:42:40 2019
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1093414,1150734,1157198,CVE-2019-3688,CVE-2019-3690
Description:
This update for permissions fixes the following issues:
- CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid
which could have allowed a squid user to gain persistence by changing the
binary (bsc#1093414).
- CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic
links (bsc#1150734).
- Fixed a regression which caused segmentation fault (bsc#1157198).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3342-1
Released: Thu Dec 19 11:04:35 2019
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References: 1151577
Description:
This update for elfutils fixes the following issues:
- Add require of 'libebl1' for 'libelf1'. (bsc#1151577)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3364-1
Released: Thu Dec 19 19:20:52 2019
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References: 1158586,1159162
Description:
This update for ncurses fixes the following issues:
- Work around a bug of old upstream gen-pkgconfig (bsc#1159162)
- Remove doubled library path options (bsc#1159162)
- Also remove private requirements as (lib)tinfo are binary compatible
with normal and wide version of (lib)ncurses (bsc#1158586, bsc#1159162)
- Fix last change, that is add missed library linker paths as well
as missed include directories for none standard paths (bsc#1158586,
bsc#1159162)
- Do not mix include directories of different ncurses ABI (bsc#1158586)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:79-1
Released: Mon Jan 13 10:37:34 2020
Summary: Security update for libzypp
Type: security
Severity: moderate
References: 1158763,CVE-2019-18900
Description:
This update for libzypp fixes the following issues:
Security issue fixed:
- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:86-1
Released: Mon Jan 13 14:12:22 2020
Summary: Security update for e2fsprogs
Type: security
Severity: moderate
References: 1160571,CVE-2019-5188
Description:
This update for e2fsprogs fixes the following issues:
- CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:106-1
Released: Wed Jan 15 12:50:55 2020
Summary: Recommended update for libgcrypt
Type: recommended
Severity: important
References: 1155338,1155339
Description:
This update for libgcrypt fixes the following issues:
- Fix test dsa-rfc6979 in FIPS mode: Disabled tests in elliptic curves with 192 bits which are not recommended in FIPS mode
- Added CMAC AES and TDES FIPS self-tests: (bsc#1155339, bsc#1155338)
More information about the sle-security-updates
mailing list