SUSE-CU-2020:129-1: Security update of sles12/registry

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Sat Apr 18 13:56:24 MDT 2020


SUSE Container Update Advisory: sles12/registry
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:129-1
Container Tags        : sles12/registry:2.6.2 , sles12/registry:2.6.2-build4.15.1
Container Release     : 4.15.1
Severity              : important
Type                  : security
References            : 1106383 1110929 1114592 1117951 1123886 1133495 1135254 1139459
                        1141897 1142649 1142654 1148517 1149145 1151377 1151506 1154043
                        1154871 1155574 1156482 1157578 1158809 1159814 1160100 1160163
                        1160594 1160764 1161675 1161779 1162027 1162108 1162518 1163922
                        1165915 1165919 1166510 1168195 CVE-2019-14250 CVE-2019-1551
                        CVE-2019-15847 CVE-2020-1712 CVE-2020-8013 
-----------------------------------------------------------------

The container sles12/registry was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:276-1
Released:    Thu Jan 30 18:01:53 2020
Summary:     Recommended update for apache2
Type:        recommended
Severity:    important
References:  1160100,1161675
This update for apache2 fixes the following issues:

- Fix crash in mod_ssl: work around leaks on (graceful) restart (bsc#1161675)

- apache2-devel now provides httpd-devel [bsc#1160100]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:403-1
Released:    Wed Feb 19 09:05:00 2020
Summary:     Recommended update for apache2
Type:        recommended
Severity:    moderate
References:  1162027
This update for apache2 fixes the following issues:

- For for SSL Certificate chain error when using mod_ssl and mod_md in a complex setup. (bsc#1162027)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:404-1
Released:    Wed Feb 19 09:05:47 2020
Summary:     Recommended update for p11-kit
Type:        recommended
Severity:    moderate
References:  1154871
This update for p11-kit fixes the following issues:

- Support loading NSS attribute 'CKA_NSS_MOZILLA_CA_POLICY' so Firefox detects built-in certificates. (bsc#1154871)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:474-1
Released:    Tue Feb 25 13:24:15 2020
Summary:     Security update for openssl
Type:        security
Severity:    moderate
References:  1117951,1158809,1160163,CVE-2019-1551
This update for openssl fixes the following issues:

Security issue fixed:

- CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809).

Non-security issue fixed:

- Fixed a crash in BN_copy (bsc#1160163).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:545-1
Released:    Fri Feb 28 15:50:46 2020
Summary:     Security update for permissions
Type:        security
Severity:    moderate
References:  1123886,1160594,1160764,1161779,1163922,CVE-2020-8013
This update for permissions fixes the following issues:

Security issues fixed:

- CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922).

Non-security issues fixed:

- Fixed a regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594).
- Fixed capability handling when doing multiple permission changes at once (bsc#1161779).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:561-1
Released:    Mon Mar  2 17:24:59 2020
Summary:     Recommended update for elfutils
Type:        recommended
Severity:    moderate
References:  1110929,1157578
This update for elfutils fixes the following issues:

- Fix 'eu-nm' issue in elfutils: Symbol iteration will be set to start at 0 instead of 1 to avoid missing symbols in the output. (bsc#1157578)
- Fix for '.ko' file corruption in debug info. (bsc#1110929)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:571-1
Released:    Tue Mar  3 13:23:35 2020
Summary:     Recommended update for cyrus-sasl
Type:        recommended
Severity:    moderate
References:  1162518
This update for cyrus-sasl fixes the following issues:

- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:331-1
Released:    Wed Mar 18 12:52:46 2020
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1106383,1133495,1139459,1151377,1151506,1154043,1155574,1156482,1159814,1162108,CVE-2020-1712
This update for systemd fixes the following issues:

- CVE-2020-1712 (bsc#bsc#1162108)
  Fix a heap use-after-free vulnerability, when asynchronous
  Polkit queries were performed while handling Dbus messages. A local
  unprivileged attacker could have abused this flaw to crash systemd services or
  potentially execute code and elevate their privileges, by sending specially
  crafted Dbus messages.

- Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459)
- Fix warnings thrown during package installation. (bsc#1154043)
- Fix for system-udevd prevent crash within OES2018. (bsc#1151506)
- Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482)
- Wait for workers to finish when exiting. (bsc#1106383)
- Improve log message when inotify limit is reached. (bsc#1155574)
- Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377)
- Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:786-1
Released:    Wed Mar 25 06:47:18 2020
Summary:     Recommended update for p11-kit
Type:        recommended
Severity:    moderate
References:  1165915,1165919
This update for p11-kit fixes the following issues:

- tag this version with 'p11-kit-tools-supports-CKA_NSS_MOZILLA_CA_POLICY'
  provides so we can pull it in. (bsc#1165915 bsc#1165919)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:822-1
Released:    Tue Mar 31 13:06:24 2020
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1166510
This update for pam fixes the following issues:

- Moved pam_userdb to a separate package pam-extra  (bsc#1166510)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:915-1
Released:    Fri Apr  3 13:15:11 2020
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1168195

This update for openldap2 fixes the following issue:

- The openldap2-ppolicy-check-password plugin is now included (FATE#319461 bsc#1168195)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:394-1
Released:    Tue Apr 14 17:25:16 2020
Summary:     Security update for gcc9
Type:        security
Severity:    moderate
References:  1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847
This update for gcc9 fixes the following issues:

The GNU Compiler Collection is shipped in version 9.

A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html

The compilers have been added to the SUSE Linux Enterprise Toolchain Module.

To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9
CXX=g++-9 set.


For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and
other compiler libraries have been switched from their gcc8 variants to
their gcc9 variants.

Security issues fixed:

- CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
- CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)

Non-security issues fixed:

- Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
- Fixed miscompilation for vector shift on s390. (bsc#1141897)



More information about the sle-security-updates mailing list