SUSE-CU-2022:2018-1: Security update of suse/sles/15.4/virt-handler

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Sat Sep 3 07:18:12 UTC 2022


SUSE Container Update Advisory: suse/sles/15.4/virt-handler
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2018-1
Container Tags        : suse/sles/15.4/virt-handler:0.49.0 , suse/sles/15.4/virt-handler:0.49.0-150400.1.37 , suse/sles/15.4/virt-handler:0.49.0.17.18
Container Release     : 17.18
Severity              : important
Type                  : security
References            : 1190698 1195059 1198341 1198979 1199524 1200485 1201795 1202020
                        CVE-2022-1706 CVE-2022-2509 
-----------------------------------------------------------------

The container suse/sles/15.4/virt-handler was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released:    Mon Aug 22 15:36:30 2022
Summary:     Security update for systemd-presets-common-SUSE
Type:        security
Severity:    moderate
References:  1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:

- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).

The following non-security bugs were fixed:

- Modify branding-preset-states to fix systemd-presets-common-SUSE
  not enabling new user systemd service preset configuration just
  as it handles system service presets. By passing an (optional)
  second parameter 'user', the save/apply-changes commands now
  work with user services instead of system ones (bsc#1200485)

- Add the wireplumber user service preset to enable it by default
  in SLE15-SP4 where it replaced pipewire-media-session, but keep
  pipewire-media-session preset so we don't have to branch the
  systemd-presets-common-SUSE package for SP4 (bsc#1200485)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released:    Fri Aug 26 03:34:23 2022
Summary:     Recommended update for elfutils
Type:        recommended
Severity:    moderate
References:  
This update for elfutils fixes the following issues:

- Fix runtime dependency for devel package

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released:    Fri Aug 26 05:28:34 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1198341
This update for openldap2 fixes the following issues:

- Prevent memory reuse which may lead to instability (bsc#1198341)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2919-1
Released:    Fri Aug 26 15:04:20 2022
Summary:     Security update for gnutls
Type:        security
Severity:    important
References:  1190698,1198979,1202020,CVE-2022-2509
This update for gnutls fixes the following issues:

- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).

Non-security fixes:

- FIPS: Check minimum keylength for symmetric key generation [bsc#1190698]
- FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698]
- FIPS: Provides interface for running library self tests on-demand [bsc#1198979]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2920-1
Released:    Fri Aug 26 15:17:02 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1195059,1201795
This update for systemd fixes the following issues:

- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters 
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message  
- tmpfiles: Check for the correct directory


The following package changes have been done:

- libldap-data-2.4.46-150200.14.11.2 updated
- libudev1-249.12-150400.8.10.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- sles-release-15.5-150500.9.1 updated
- libnettle8-3.8.1-150500.1.2 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- libhogweed6-3.8.1-150500.1.2 updated
- libgnutls30-3.7.3-150400.4.10.1 updated
- libgnutls30-hmac-3.7.3-150400.4.10.1 updated
- systemd-249.12-150400.8.10.1 updated
- gnutls-3.7.3-150400.4.10.1 updated
- container:sles15-image-15.0.0-31.9 updated


More information about the sle-security-updates mailing list