SUSE-CU-2022:973-1: Security update of ses/6/cephcsi/cephcsi

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu May 12 07:19:37 UTC 2022


SUSE Container Update Advisory: ses/6/cephcsi/cephcsi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:973-1
Container Tags        : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.632 , ses/6/cephcsi/cephcsi:latest
Container Release     : 1.5.632
Severity              : important
Type                  : security
References            : 1121227 1121230 1122004 1122021 1172427 1177047 1177460 1180713
                        1184501 1193489 1194172 1194642 1194848 1194883 1195251 1195628
                        1195899 1195999 1196061 1196093 1196107 1196275 1196317 1196368
                        1196406 1196514 1196925 1196939 1197024 1197134 1197297 1197459
                        1197788 1197903 1198062 1198062 1198237 CVE-2018-20573 CVE-2018-20574
                        CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2022-1097 CVE-2022-1271
                        CVE-2022-1271 
-----------------------------------------------------------------

The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:936-1
Released:    Tue Mar 22 18:10:17 2022
Summary:     Recommended update for filesystem and systemd-rpm-macros
Type:        recommended
Severity:    moderate
References:  1196275,1196406
This update for filesystem and systemd-rpm-macros fixes the following issues:

filesystem:

- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)

systemd-rpm-macros:

- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1021-1
Released:    Tue Mar 29 13:24:21 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1195899
This update for systemd fixes the following issues:

- allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released:    Wed Mar 30 16:20:56 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1196093,1197024
This update for pam fixes the following issues:

- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. 
  This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released:    Wed Mar 30 18:27:06 2022
Summary:     Security update for zlib
Type:        security
Severity:    important
References:  1197459,CVE-2018-25032
This update for zlib fixes the following issues:

- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1073-1
Released:    Fri Apr  1 11:45:01 2022
Summary:     Security update for yaml-cpp
Type:        security
Severity:    moderate
References:  1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:

- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released:    Mon Apr  4 12:53:05 2022
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1194883
This update for aaa_base fixes the following issues:

- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
  multi byte characters as well as support the vi mode of readline library

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1109-1
Released:    Mon Apr  4 17:50:01 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    important
References:  1172427,1194642
This update for util-linux fixes the following issues:

- Improve throughput and reduce clock sequence increments for high load situation with time based 
  version 1 uuids. (bsc#1194642)
- Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642)
- Warn if uuidd lock state is not usable. (bsc#1194642)
- Fix 'su -s' bash completion. (bsc#1172427)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released:    Tue Apr  5 18:34:06 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2022a (bsc#1177460):
  * Palestine will spring forward on 2022-03-27, not on 03-26
  * `zdump -v` now outputs better failure indications
  * Bug fixes for code that reads corrupted TZif data

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1126-1
Released:    Thu Apr  7 14:05:02 2022
Summary:     Recommended update for nfs-utils
Type:        recommended
Severity:    moderate
References:  1197297,1197788
This update for nfs-utils fixes the following issues:

- Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297)
  * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels.
- Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1131-1
Released:    Fri Apr  8 09:43:53 2022
Summary:     Security update for libsolv, libzypp, zypper
Type:        security
Severity:    important
References:  1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:

Security relevant fix:

- Harden package signature checks (bsc#1184501).

libsolv to 0.7.22:

- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
  new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members
  ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
  new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
  new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime

libzypp to 17.30.0:

- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
  Pay attention that header and payload are secured by a valid
  signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
  A previously released ISO image may need a bit more time to
  release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm
  protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)

zypper to 1.14.52:

- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1149-1
Released:    Mon Apr 11 16:29:14 2022
Summary:     Security update for mozilla-nss
Type:        security
Severity:    important
References:  1197903,CVE-2022-1097
This update for mozilla-nss fixes the following issues:

Mozilla NSS 3.68.3 (bsc#1197903):
  - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11
    tokens are removed while in use.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released:    Tue Apr 12 14:44:43 2022
Summary:     Security update for xz
Type:        security
Severity:    important
References:  1198062,CVE-2022-1271
This update for xz fixes the following issues:

- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1250-1
Released:    Sun Apr 17 15:39:47 2022
Summary:     Security update for gzip
Type:        security
Severity:    important
References:  1177047,1180713,1198062,CVE-2022-1271
This update for gzip fixes the following issues:

- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)

The following non-security bugs were fixed:

- Fixed an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713)
- Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released:    Fri Apr 22 10:04:46 2022
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    moderate
References:  1196939
This update for e2fsprogs fixes the following issues:

- Add support for 'libreadline7' for Leap. (bsc#1196939)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released:    Tue Apr 26 12:54:57 2022
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1195628,1196107
This update for gcc11 fixes the following issues:

- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
  packages provided by older GCC work.  Add a requires from that
  package to the corresponding libstc++6 package to keep those
  at the same version.  [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
  to Recommends.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1438-1
Released:    Wed Apr 27 15:27:19 2022
Summary:     Recommended update for systemd-presets-common-SUSE
Type:        recommended
Severity:    low
References:  1195251
This update for systemd-presets-common-SUSE fixes the following issue:

- enable vgauthd service for VMWare by default (bsc#1195251)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1439-1
Released:    Wed Apr 27 16:08:04 2022
Summary:     Recommended update for binutils
Type:        recommended
Severity:    moderate
References:  1198237
This update for binutils fixes the following issues:

- The official name IBM z16 for IBM zSeries arch14 is recognized.  (bsc#1198237)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1452-1
Released:    Thu Apr 28 10:48:06 2022
Summary:     Recommended update for perl
Type:        recommended
Severity:    moderate
References:  1193489
This update for perl fixes the following issues:

- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1491-1
Released:    Tue May  3 07:09:44 2022
Summary:     Recommended update for psmisc
Type:        recommended
Severity:    moderate
References:  1194172
This update for psmisc fixes the following issues:

- Add a fallback if the system call name_to_handle_at() is not supported by the used file system.
- Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from 
  pthreads(7) (bsc#1194172)
- Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process (bsc#1194172)


The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- binutils-2.37-150100.7.29.1 updated
- e2fsprogs-1.43.8-150000.4.29.1 updated
- filesystem-15.0-11.8.1 updated
- gzip-1.10-150000.4.12.1 updated
- libblkid1-2.33.2-150100.4.21.1 updated
- libcom_err2-1.43.8-150000.4.29.1 updated
- libctf-nobfd0-2.37-150100.7.29.1 updated
- libctf0-2.37-150100.7.29.1 updated
- libext2fs2-1.43.8-150000.4.29.1 updated
- libfdisk1-2.33.2-150100.4.21.1 updated
- libfreebl3-3.68.3-150000.3.67.1 updated
- libgcc_s1-11.2.1+git610-150000.1.6.6 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.33.2-150100.4.21.1 updated
- libquadmath0-11.2.1+git610-150000.1.6.6 updated
- libsmartcols1-2.33.2-150100.4.21.1 updated
- libsoftokn3-3.68.3-150000.3.67.1 updated
- libsolv-tools-0.7.22-150100.4.6.1 updated
- libstdc++6-11.2.1+git610-150000.1.6.6 updated
- libsystemd0-234-24.108.1 updated
- libudev1-234-24.108.1 updated
- libuuid1-2.33.2-150100.4.21.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.30.1 updated
- libzypp-17.30.0-150100.3.78.1 updated
- mozilla-nss-certs-3.68.3-150000.3.67.1 updated
- mozilla-nss-3.68.3-150000.3.67.1 updated
- nfs-client-2.1.1-150100.10.24.1 updated
- nfs-kernel-server-2.1.1-150100.10.24.1 updated
- pam-1.3.0-150000.6.55.3 updated
- perl-base-5.26.1-150000.7.15.1 updated
- psmisc-23.0-150000.6.22.1 updated
- systemd-presets-common-SUSE-15-150100.8.12.1 updated
- systemd-234-24.108.1 updated
- timezone-2022a-150000.75.7.1 updated
- udev-234-24.108.1 updated
- util-linux-2.33.2-150100.4.21.1 updated
- xz-5.2.3-150000.4.7.1 updated
- zypper-1.14.52-150100.3.55.2 updated
- container:sles15-image-15.0.0-6.2.613 updated


More information about the sle-security-updates mailing list