SUSE-CU-2019:703-1: Security update of caasp/v4/caaspctl-tooling

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Jan 15 11:24:29 MST 2020 

SUSE Container Update Advisory: caasp/v4/caaspctl-tooling
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2019:703-1
Container Tags        : caasp/v4/caaspctl-tooling:0.1.0 , caasp/v4/caaspctl-tooling:0.1.0-rev1 , caasp/v4/caaspctl-tooling:0.1.0-rev1-build1.62 , caasp/v4/caaspctl-tooling:beta
Severity              : important
Type                  : security
References            : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1036463
                        1096191 1105435 1106390 1107066 1107067 1111973 1112723 1112726
                        1118087 1121563 1123685 1124122 1125007 1125352 1125604 1126056
                        1127557 1128383 1130230 1132348 1132400 1132721 1133506 1133509
                        1134524 1134856 1135170 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609
                        CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-1000654
                        CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-16868 CVE-2018-18310
                        CVE-2018-18520 CVE-2018-18521 CVE-2019-3842 CVE-2019-3843 CVE-2019-3844
                        CVE-2019-5021 CVE-2019-5436 CVE-2019-6454 CVE-2019-7150 CVE-2019-7665
                        SLE-5933 
-----------------------------------------------------------------

The container caasp/v4/caaspctl-tooling was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1312-1
Released:    Wed May 22 12:19:12 2019
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1096191
Description:

This update for aaa_base fixes the following issue:

  * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers
    (bsc#1096191)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1351-1
Released:    Fri May 24 14:41:10 2019
Summary:     Security update for gnutls
Type:        security
Severity:    important
References:  1118087,1134856,CVE-2018-16868
Description:

This update for gnutls fixes the following issues:

Security issue fixed:

- CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087).

Non-security issue fixed:

- Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1357-1
Released:    Mon May 27 13:29:15 2019
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1135170,CVE-2019-5436
Description:

This update for curl fixes the following issues:

Security issue fixed:

- CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1364-1
Released:    Tue May 28 10:51:38 2019
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1036463,1121563,1124122,1125352,1125604,1126056,1127557,1130230,1132348,1132400,1132721,1133506,1133509,CVE-2019-3842,CVE-2019-3843,CVE-2019-3844,CVE-2019-6454,SLE-5933
Description:

This update for systemd fixes the following issues:

Security issues fixed:

- CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348).
- CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352).
- CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509).

Non-security issued fixed:

- logind: fix killing of scopes (bsc#1125604)
- namespace: make MountFlags=shared work again (bsc#1124122)
- rules: load drivers only on 'add' events (bsc#1126056)
- sysctl: Don't pass null directive argument to '%s' (bsc#1121563)
- systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933)
- udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400)
- sd-bus: bump message queue size again (bsc#1132721)
- Do not automatically online memory on s390x (bsc#1127557)
- Removed sg.conf (bsc#1036463)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1368-1
Released:    Tue May 28 13:15:38 2019
Summary:     Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root
Type:        security
Severity:    important
References:  1134524,CVE-2019-5021
Description:

This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues:

- CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1372-1
Released:    Tue May 28 16:53:28 2019
Summary:     Security update for libtasn1
Type:        security
Severity:    moderate
References:  1105435,CVE-2018-1000654
Description:

This update for libtasn1 fixes the following issues:

Security issue fixed:

- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1484-1
Released:    Thu Jun 13 07:46:46 2019
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    moderate
References:  1128383
Description:

This update for e2fsprogs fixes the following issues:

- Check and fix tails of all bitmap blocks (bsc#1128383)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1486-1
Released:    Thu Jun 13 09:40:24 2019
Summary:     Security update for elfutils
Type:        security
Severity:    moderate
References:  1033084,1033085,1033086,1033087,1033088,1033089,1033090,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665
Description:

This update for elfutils fixes the following issues:

Security issues fixed:  

- CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084)
- CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085)
- CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088)
- CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089)
- CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090)
- CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
- CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066)
- CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726)
- CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007)

More information about the sle-updates mailing list