SUSE-CU-2020:363-1: Security update of suse/sle15
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Jul 9 12:00:35 MDT 2020
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:363-1
Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.264
Container Release : 6.2.264
Severity : important
Type : security
References : 1130873 1154803 1164543 1165476 1165573 1166610 1167122 1168990
1169947 1170801 1171224 1171883 1172135 1172698 1172704 1172925
CVE-2020-8023
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1856-1
Released: Mon Jul 6 17:05:51 2020
Summary: Security update for openldap2
Type: security
Severity: important
References: 1172698,1172704,CVE-2020-8023
This update for openldap2 fixes the following issues:
- CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698).
- Changed DB_CONFIG to root:ldap permissions (bsc#1172704).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1860-1
Released: Mon Jul 6 17:09:44 2020
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1171883
This update for permissions fixes the following issues:
- Removed conflicting entries which might expose pcp to security issues (bsc#1171883)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1869-1
Released: Tue Jul 7 15:08:12 2020
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: moderate
References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925
This update for libsolv, libzypp, zypper fixes the following issues:
libsolv was updated to 0.7.14:
- Enable zstd compression support
- Support blacklisted packages in solver_findproblemrule()
(bnc#1172135)
- Support rules with multiple negative literals in choice rule
generation
- Fix solvable swapping messing up idarrays
- fix ruleinfo of complex dependencies returning the wrong origin
libzypp was updated to 17.23.7:
- Enable zchunk metadata download if libsolv supports it.
- Older kernel-devel packages are not properly purged (bsc#1171224)
- doc: enhance service plugin example.
- Get retracted patch status from updateinfo data (jsc#SLE-8770)
libsolv injects the indicator provides into packages only.
- remove 'using namespace std;' (bsc#1166610, fixes #218)
- Online doc: add 'Hardware (modalias) dependencies' page
(fixes #216)
- Add HistoryLogReader actionFilter to parse only specific
HistoryActionIDs.
- RepoVariables: Add safe guard in case the caller does not own a
zypp instance.
- Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake.
- Fix package status computation regarding unneeded, orphaned, recommended
and suggested packages (broken in 17.23.0) (bsc#1165476)
- Log patch status changes to history (jsc#SLE-5116)
- Allow to disable all WebServer dependent tests when building. OBS
wants to be able to get rid of the nginx/FastCGI-devel build
requirement. Use 'rpmbuild --without mediabackend_tests' or
'cmake -DDISABLE_MEDIABACKEND_TESTS=1'.
- boost: Fix deprecated auto_unit_test.hpp includes.
- Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck.
- Fix decision whether to download ZCHUNK files.
libzypp and libsolv must both be able to read the format.
- yum::Downloader: Prefer zchunk compressed metadata if libvsolv
supports it.
- Selectable: Fix highestAvailableVersionObj if only retracted
packages are available. Avoid using retracted items as candidate
(jsc#SLE-8770)
- RpmDb: Become rpmdb backend independent (jsc#SLE-7272)
- RpmDb: Close API offering a custom rpmdb path
It's actually not needed and for this to work also libsolv needs
to support it. You can sill use a librpmDb::db_const_iterator to
access a database at a custom location (ro).
- Remove legacy rpmV3database conversion code.
- Fix core dump with corrupted history file (bsc#1170801)
zypper was updated to 1.14.37:
- Reformat manpages to workaround asciidoctor shortcomings
(bsc#1154803, bsc#1167122, bsc#1168990)
- Remove undocumented rug legacy stuff.
- Remove 'using namespace std;' (bsc#1166610)
- patch table: Add 'Since' column if history data are available
(jsc#SLE-5116)
- Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770)
- Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770)
- Relax 'Do not allow the abbreviation of cli arguments' in
legacy distibutions (bsc#1164543)
- Correctly detect ambigous switch abbreviations (bsc#1165573)
- zypper-aptitude: don't supplement zypper.
supplementing zypper means zypper-aptitude gets installed by
default and pulls in perl. Neither is desired on small systems.
- Do not allow the abbreviation of cli arguments (bsc#1164543)
- accoring to according in all translation files.
- Always show exception history if available.
- Use default package cache location for temporary repos (bsc#1130873)
- Print switch abbrev warning to stderr (bsc#1172925)
- Fix typo in man page (bsc#1169947)
More information about the sle-security-updates
mailing list