SUSE-CU-2019:761-1: Security update of ses/6/rook/ceph

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Sat Feb 1 01:39:10 MST 2020


SUSE Container Update Advisory: ses/6/rook/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2019:761-1
Container Tags        : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.29 , ses/6/rook/ceph:latest
Container Release     : 1.5.29
Severity              : important
Type                  : security
References            : 1073313 1081947 1081947 1082293 1082318 1085196 1088358 1106214
                        1111388 1112438 1114845 1121197 1122417 1122666 1125689 1125886
                        1127701 1129071 1132663 1132900 1133773 1134616 1135534 1135708
                        1135984 1136245 1137296 1141113 1141883 1143055 1143194 1143273
                        1144047 1144169 1145383 1146182 1146184 1146866 1148494 1149203
                        1149429 1149495 1149496 1150003 1150250 1150895 1151479 1151909
                        1152008 1152326 353876 CVE-2017-17740 CVE-2019-11236 CVE-2019-11324
                        CVE-2019-13057 CVE-2019-13565 CVE-2019-14806 CVE-2019-1547 CVE-2019-1563
                        CVE-2019-15903 CVE-2019-5481 CVE-2019-5482 CVE-2019-6446 CVE-2019-9511
                        CVE-2019-9513 CVE-2019-9740 SLE-6094 SLE-8532 SLE-9132 
-----------------------------------------------------------------

The container ses/6/rook/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2218-1
Released:    Mon Aug 26 11:29:57 2019
Summary:     Recommended update for pinentry
Type:        recommended
Severity:    moderate
References:  1141883
Description:

This update for pinentry fixes the following issues:

- Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2241-1
Released:    Wed Aug 28 14:58:49 2019
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    moderate
References:  1144169
Description:

This update for ca-certificates-mozilla fixes the following issues:

ca-certificates-mozillawas updated to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169)

Removed CAs:
  - Certinomis - Root CA

Includes new root CAs from the 2.32 version:

- emSign ECC Root CA - C3 (email and server auth)
- emSign ECC Root CA - G3 (email and server auth)
- emSign Root CA - C1 (email and server auth)
- emSign Root CA - G1 (email and server auth)
- Hongkong Post Root CA 3 (server auth)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2306-1
Released:    Thu Sep  5 14:39:23 2019
Summary:     Recommended update for parted
Type:        recommended
Severity:    moderate
References:  1082318,1136245
Description:

This update for parted fixes the following issues:

- Included several minor bug fixes - for more details please refer to this rpm's changelog (bsc#1136245)
- Installs the license file in the correct directory (bsc#1082318)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2307-1
Released:    Thu Sep  5 14:45:08 2019
Summary:     Security update for util-linux and shadow
Type:        security
Severity:    moderate
References:  1081947,1082293,1085196,1106214,1121197,1122417,1125886,1127701,1135534,1135708,1141113,353876
Description:

This update for util-linux and shadow fixes the following issues:

util-linux:

- Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197)
- Prevent outdated pam files (bsc#1082293).
- De-duplicate fstrim -A properly (bsc#1127701).
- Do not trim read-only volumes (bsc#1106214).
- Integrate pam_keyinit pam module to login (bsc#1081947).
- Perform one-time reset of /etc/default/su (bsc#1121197).
- Fix problems in reading of login.defs values (bsc#1121197)
- libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417).
- raw.service: Add RemainAfterExit=yes (bsc#1135534).
- agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886)
- libmount: print a blacklist hint for 'unknown filesystem type' (jsc#SUSE-4085, fate#326832)
- Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197).

shadow:

- Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197)
- Fix segfault in useradd during setting password inactivity period. (bsc#1141113)
- Hardening for su wrappers (bsc#353876)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2332-1
Released:    Mon Sep  9 10:17:16 2019
Summary:     Security update for python-urllib3
Type:        security
Severity:    moderate
References:  1129071,1132663,1132900,CVE-2019-11236,CVE-2019-11324,CVE-2019-9740
Description:

This update for python-urllib3 fixes the following issues:

Security issues fixed:

- CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071).
- CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900).
- CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2361-1
Released:    Thu Sep 12 07:54:54 2019
Summary:     Recommended update for krb5
Type:        recommended
Severity:    moderate
References:  1081947,1144047
Description:

This update for krb5 contains the following fixes:

- Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2365-1
Released:    Thu Sep 12 11:23:31 2019
Summary:     Security update for python-Werkzeug
Type:        security
Severity:    moderate
References:  1145383,CVE-2019-14806
Description:

This update for python-Werkzeug fixes the following issues:

Security issue fixed:

- CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container (bsc#1145383).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2367-1
Released:    Thu Sep 12 12:59:37 2019
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1122666,1135984,1137296
Description:

This update for lvm2 fixes the following issues:

- Fix unknown feature in status message (bsc#1135984)
- Fix using device aliases with lvmetad (bsc#1137296)
- Fix devices drop open error message (bsc#1122666)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2373-1
Released:    Thu Sep 12 14:18:53 2019
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1149495,1149496,CVE-2019-5481,CVE-2019-5482
Description:

This update for curl fixes the following issues:

Security issues fixed:

- CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495).
- CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2395-1
Released:    Wed Sep 18 08:31:38 2019
Summary:     Security update for openldap2
Type:        security
Severity:    moderate
References:  1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565
Description:

This update for openldap2 fixes the following issues:

Security issue fixed:

- CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194).
- CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273).
- CVE-2017-17740: When both the nops module and the member of overlay
  are enabled, attempts to free a buffer that was allocated on the stack,
  which allows remote attackers to cause a denial of service (slapd crash)
  via a member MODDN operation. (bsc#1073313)

Non-security issues fixed:

- Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845).
- Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388)
- Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2403-1
Released:    Wed Sep 18 16:14:29 2019
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1150003,1150250,CVE-2019-1547,CVE-2019-1563
Description:

This update for openssl-1_1 fixes the following issues:

OpenSSL Security Advisory [10 September 2019]

* CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003)
* CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2416-1
Released:    Fri Sep 20 12:51:10 2019
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    moderate
References:  1148494,SLE-6094
Description:

This update for suse-module-tools fixes the following issues:

- Remove 'modhash' as it has moved to mokutil package.
    (jsc#SLE-6094, bsc#1148494)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2422-1
Released:    Fri Sep 20 16:36:43 2019
Summary:     Recommended update for python-urllib3
Type:        recommended
Severity:    moderate
References:  1150895
Description:

This update for python-urllib3 fixes the following issues:

- Add missing dependency on python-six (bsc#1150895)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2423-1
Released:    Fri Sep 20 16:41:45 2019
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1146866,SLE-9132
Description:

This update for aaa_base fixes the following issues:

Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132)

Following settings have been tightened (and set to 0):

- net.ipv4.conf.all.accept_redirects
- net.ipv4.conf.default.accept_redirects
- net.ipv4.conf.default.accept_source_route
- net.ipv6.conf.all.accept_redirects
- net.ipv6.conf.default.accept_redirects


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2429-1
Released:    Mon Sep 23 09:28:40 2019
Summary:     Security update for expat
Type:        security
Severity:    moderate
References:  1149429,CVE-2019-15903
Description:

This update for expat fixes the following issues:

Security issues fixed:

- CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2448-1
Released:    Tue Sep 24 13:32:01 2019
Summary:     Recommended update for rook
Type:        recommended
Severity:    low
References:  1151479
Description:

This is a Technical Preview update for rook.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2462-1
Released:    Wed Sep 25 16:43:04 2019
Summary:     Security update for python-numpy
Type:        security
Severity:    moderate
References:  1149203,CVE-2019-6446,SLE-8532
Description:

This update for python-numpy fixes the following issues:

Non-security issues fixed:

- Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2473-1
Released:    Thu Sep 26 10:02:03 2019
Summary:     Security update for nghttp2
Type:        security
Severity:    moderate
References:  1112438,1125689,1134616,1146182,1146184,CVE-2019-9511,CVE-2019-9513
Description:

This update for nghttp2 fixes the following issues:

Security issues fixed:

- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184).
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#11461).

Bug fixes and enhancements:

- Fixed mistake in spec file (bsc#1125689)
- Fixed build issue with boost 1.70.0 (bsc#1134616)
- Feature: Add W&S module (FATE#326776, bsc#1112438)
  
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2019:2483-1
Released:    Fri Sep 27 14:16:23 2019
Summary:     Optional update for python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate.
Type:        optional
Severity:    low
References:  1088358
Description:

This update ships python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate
for the SUSE Linux Enterprise Public Cloud 15 module.
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2019:2488-1
Released:    Mon Sep 30 11:24:28 2019
Summary:     Optional update for ceph
Type:        optional
Severity:    low
References:  1152326
Description:

This update will just be released to the codestream to align the versions (bsc#1152326)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2019:2489-1
Released:    Mon Sep 30 12:04:42 2019
Summary:     SUSE Enterprise Storage 6 Technical Container Preview
Type:        optional
Severity:    low
References:  1151909,1152008
Description:

This is a technical preview for SUSE Enterprise Storage 6.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2418-1
Released:    Thu Nov 14 11:53:03 2019
Summary:     Recommended update for bash
Type:        recommended
Severity:    moderate
References:  1133773,1143055
Description:

This update for bash fixes the following issues:

- Rework patch readline-7.0-screen (bsc#1143055):
   map all 'screen(-xxx)?.yyy(-zzz)?' to 'screen' as well as
   map 'konsole(-xxx)?' and 'gnome(-xxx)?' to 'xterm'
- Add a backport from bash 5.0 to perform better with large numbers of sub processes. (bsc#1133773)



More information about the sle-security-updates mailing list