SUSE-CU-2020:30-1: Security update of suse/sle15

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Jan 31 00:14:15 MST 2020 

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:30-1
Container Tags        : suse/sle15:15.0 , suse/sle15:15.0.4.22.140
Container Release     : 4.22.140
Severity              : moderate
Type                  : security
References            : 1149332 1151582 1157292 1157794 1157893 1158996 1160571 1160970
                        CVE-2019-19126 CVE-2019-5188 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:256-1
Released:    Wed Jan 29 09:39:17 2020
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1157794,1160970
Description:

This update for aaa_base fixes the following issues:

- Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794)
- Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:262-1
Released:    Thu Jan 30 11:02:42 2020
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1149332,1151582,1157292,1157893,1158996,CVE-2019-19126
Description:

This update for glibc fixes the following issues:

Security issue fixed:

- CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292).

Bug fixes:

- Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893).
- Fixed Hardware support in toolchain (bsc#1151582).
- Fixed syscalls during early process initialization (SLE-8348).
- Fixed an array overflow in backtrace for PowerPC (bsc#1158996).
- Moved to posix_spawn on popen (bsc#1149332).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:265-1
Released:    Thu Jan 30 14:05:34 2020
Summary:     Security update for e2fsprogs
Type:        security
Severity:    moderate
References:  1160571,CVE-2019-5188
Description:

This update for e2fsprogs fixes the following issues:

- CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571).

More information about the sle-security-updates mailing list