SUSE-CU-2019:699-1: Security update of caasp/v4/helm-tiller

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jan 14 00:07:01 MST 2020 

SUSE Container Update Advisory: caasp/v4/helm-tiller
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2019:699-1
Container Tags        : caasp/v4/helm-tiller:2.8.2 , caasp/v4/helm-tiller:2.8.2-rev2 , caasp/v4/helm-tiller:2.8.2-rev2-build1.1 , caasp/v4/helm-tiller:beta
Severity              : important
Type                  : security
References            : 1107617 1117993 1123710 1124847 1127223 1127308 1131330 1133808
                        1134193 1134217 1135123 1135709 1137053 1138939 1139083 1139083
                        1141093 CVE-2009-5155 CVE-2019-12900 CVE-2019-12900 CVE-2019-12904
                        CVE-2019-13050 CVE-2019-9169 
-----------------------------------------------------------------

The container caasp/v4/helm-tiller was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1631-1
Released:    Fri Jun 21 11:17:21 2019
Summary:     Recommended update for xz
Type:        recommended
Severity:    low
References:  1135709
Description:

This update for xz fixes the following issues:

  Add SUSE-Public-Domain licence as some parts of xz utils (liblzma,
  xz, xzdec, lzmadec, documentation, translated messages, tests,
  debug, extra directory) are in public domain licence [bsc#1135709]
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1635-1
Released:    Fri Jun 21 12:45:53 2019
Summary:     Recommended update for krb5
Type:        recommended
Severity:    moderate
References:  1134217
Description:

 This update for krb5 provides the following fix:
- Move LDAP schema files from /usr/share/doc/packages/krb5 to /usr/share/kerberos/ldap.
  (bsc#1134217)

  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1700-1
Released:    Tue Jun 25 13:19:21 2019
Summary:     Security update for libssh
Type:        recommended
Severity:    moderate
References:  1134193
Description:

This update for libssh fixes the following issue:

Issue addressed:

- Added support for new AES-GCM encryption types (bsc#1134193).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1808-1
Released:    Wed Jul 10 13:16:29 2019
Summary:     Recommended update for libgcrypt
Type:        recommended
Severity:    moderate
References:  1133808
Description:

This update for libgcrypt fixes the following issues:

- Fixed redundant fips tests in some situations causing sudo to stop
  working when pam-kwallet is installed. bsc#1133808

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1846-1
Released:    Mon Jul 15 11:36:33 2019
Summary:     Security update for bzip2
Type:        security
Severity:    important
References:  1139083,CVE-2019-12900
Description:

This update for bzip2 fixes the following issues:

Security issue fixed:

- CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1853-1
Released:    Mon Jul 15 16:03:36 2019
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1107617,1137053
Description:

This update for systemd fixes the following issues:

- conf-parse: remove 4K line length limit (bsc#1137053)
- udevd: change the default value of udev.children-max (again) (bsc#1107617)
- meson: stop creating enablement symlinks in /etc during installation (sequel)
- Fixed build for openSUSE Leap 15+
- Make sure we don't ship any static enablement symlinks in /etc
  Those symlinks must only be created by the presets. There are no
  changes in practice since systemd/udev doesn't ship such symlinks in
  /etc but let's make sure no future changes will introduce new ones
  by mistake.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1877-1
Released:    Thu Jul 18 11:31:46 2019
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1117993,1123710,1127223,1127308,1131330,CVE-2009-5155,CVE-2019-9169
Description:

This update for glibc fixes the following issues:

Security issues fixed:

- CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308).
- CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223).

Non-security issues fixed:

- Does no longer compress debug sections in crt*.o files (bsc#1123710)
- Fixes a concurrency problem in ldconfig (bsc#1117993)
- Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1971-1
Released:    Thu Jul 25 14:58:52 2019
Summary:     Security update for libgcrypt
Type:        security
Severity:    moderate
References:  1138939,CVE-2019-12904
Description:

This update for libgcrypt fixes the following issues:

Security issue fixed:

- CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1994-1
Released:    Fri Jul 26 16:12:05 2019
Summary:     Recommended update for libxml2
Type:        recommended
Severity:    moderate
References:  1135123
Description:

This update for libxml2 fixes the following issues:

- Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2004-1
Released:    Mon Jul 29 13:01:59 2019
Summary:     Security update for bzip2
Type:        security
Severity:    important
References:  1139083,CVE-2019-12900
Description:

This update for bzip2 fixes the following issues:

- Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities
  with files that used many selectors (bsc#1139083).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2006-1
Released:    Mon Jul 29 13:02:49 2019
Summary:     Security update for gpg2
Type:        security
Severity:    important
References:  1124847,1141093,CVE-2019-13050
Description:

This update for gpg2 fixes the following issues:

Security issue fixed:

- CVE-2019-13050: Fixed a denial of service attacks via big keys (bsc#1141093).

Non-security issue fixed:

- Allow coredumps in X11 desktop sessions (bsc#1124847)

More information about the sle-security-updates mailing list