SUSE-CU-2020:353-1: Security update of suse/sle15

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Jul 1 04:17:15 MDT 2020 

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:353-1
Container Tags        : suse/sle15:15.0 , suse/sle15:15.0.4.22.227
Container Release     : 4.22.227
Severity              : important
Type                  : security
References            : 1157315 1162698 1164538 1169488 1171145 1172072 1173027 CVE-2020-8177
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1760-1
Released:    Thu Jun 25 18:46:13 2020
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1157315,1162698,1164538,1169488,1171145,1172072
This update for systemd fixes the following issues:

- Merge branch 'SUSE/v234' into SLE15 
  units: starting suspend.target should not fail when suspend is successful (bsc#1172072)
  core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set
  mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488)
  mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too
  udev: rename the persistent link for ATA devices (bsc#1164538)
  shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315)
  tmpfiles: remove unnecessary assert (bsc#1171145)
  test-engine: manager_free() was called too early
  pid1: by default make user units inherit their umask from the user manager (bsc#1162698)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1773-1
Released:    Fri Jun 26 08:05:59 2020
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1173027,CVE-2020-8177
This update for curl fixes the following issues:

- CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious 
  server to overwrite a local file when using the -J option (bsc#1173027).

More information about the sle-security-updates mailing list