SUSE-CU-2020:859-1: Security update of ses/7/ceph/ceph

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Dec 23 03:50:50 MST 2020


SUSE Container Update Advisory: ses/7/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:859-1
Container Tags        : ses/7/ceph/ceph:15.2.8.80 , ses/7/ceph/ceph:15.2.8.80.4.55 , ses/7/ceph/ceph:latest , ses/7/ceph/ceph:sle15.2.octopus
Container Release     : 4.55
Severity              : important
Type                  : security
References            : 1084671 1169006 1173513 1174942 1175514 1175623 1177120 1178346
                        1178554 1178825 1178860 1179016 1179398 1179399 1179452 1179491
                        1179526 1179593 1180107 1180155 CVE-2020-14145 CVE-2020-1971
                        CVE-2020-26137 CVE-2020-27781 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286
-----------------------------------------------------------------

The container ses/7/ceph/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3721-1
Released:    Wed Dec  9 13:36:46 2020
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1179491,CVE-2020-1971
This update for openssl-1_1 fixes the following issues:
	  
- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3723-1
Released:    Wed Dec  9 13:37:55 2020
Summary:     Security update for python-urllib3
Type:        security
Severity:    moderate
References:  1177120,CVE-2020-26137
This update for python-urllib3 fixes the following issues:

- CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120).	  

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3735-1
Released:    Wed Dec  9 18:19:24 2020
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286
This update for curl fixes the following issues:

- CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). 
- CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399).
- CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398).	  

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3736-1
Released:    Wed Dec  9 18:19:58 2020
Summary:     Security update for openssh
Type:        security
Severity:    moderate
References:  1173513,CVE-2020-14145
This update for openssh fixes the following issues:

- CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3747-1
Released:    Thu Dec 10 13:54:49 2020
Summary:     Recommended update for ceph
Type:        recommended
Severity:    moderate
References:  1179452,1179526
This update for ceph fixes the following issues:
  
- Fixed an issue when reading a large 'RGW' object takes too long and can cause data loss. (bsc#1179526)
- Fixed a build issue caused by missing nautilus module named 'six'. (bsc#1179452)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3791-1
Released:    Mon Dec 14 17:39:19 2020
Summary:     Recommended update for gzip
Type:        recommended
Severity:    moderate
References:  
This update for gzip fixes the following issue:

- Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775)
  
  Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3809-1
Released:    Tue Dec 15 13:46:05 2020
Summary:     Recommended update for glib2
Type:        recommended
Severity:    moderate
References:  1178346
This update for glib2 fixes the following issues:

Update from version 2.62.5 to version 2.62.6:

- Support for slim format of timezone. (bsc#1178346)
- Fix DST incorrect end day when using slim format. (bsc#1178346)
- Fix SOCKS5 username/password authentication.
- Updated translations.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3853-1
Released:    Wed Dec 16 12:27:27 2020
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1084671,1169006,1174942,1175514,1175623,1178554,1178825
This update for util-linux fixes the following issue:

- Do not trigger the automatic close of CDROM. (bsc#1084671)
- Try to automatically configure broken serial lines. (bsc#1175514)
- Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514)
- Build with `libudev` support to support non-root users. (bsc#1169006)
- Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
- Fix warning on mounts to `CIFS` with mount –a. (bsc#1174942)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3894-1
Released:    Mon Dec 21 12:56:05 2020
Summary:     Security update for ceph
Type:        security
Severity:    important
References:  1178860,1179016,1180107,1180155,CVE-2020-27781
This update for ceph fixes the following issues:

Security issue fixed:

- CVE-2020-27781: Fixed a privilege escalation via the ceph_volume_client Python interface (bsc#1180155).

Non-security issues fixed:

- Update to 15.2.8-80-g1f4b6229ca:
  + Rebase on tip of upstream 'octopus' branch, SHA1 bdf3eebcd22d7d0b3dd4d5501bee5bac354d5b55
    * upstream Octopus v15.2.8 release, see https://ceph.io/releases/v15-2-8-octopus-released/

- Update to 15.2.7-776-g343cd10fe5:
  + Rebase on tip of upstream 'octopus' branch, SHA1 1b8a634fdcd94dfb3ba650793fb1b6d09af65e05
    * (bsc#1178860) mgr/dashboard: Disable TLS 1.0 and 1.1
  + (bsc#1179016) rpm: require smartmontools on SUSE
  + (bsc#1180107) ceph-volume: pass --filter-for-batch from drive-group subcommand



More information about the sle-security-updates mailing list