SUSE-CU-2020:191-1: Security update of suse/sle15
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Jun 12 07:21:38 MDT 2020
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:191-1
Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.220
Container Release : 4.22.220
Severity : important
Type : security
References : 1156159 1172295 1172461 1172506 CVE-2020-13777
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1579-1
Released: Tue Jun 9 17:05:23 2020
Summary: Recommended update for audit
Type: recommended
Severity: important
References: 1156159,1172295
This update for audit fixes the following issues:
- Fix hang on startup. (bsc#1156159)
- Fix specfile to require libauparse0 and libaudit1 after splitting audit-libs. (bsc#1172295)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1584-1
Released: Tue Jun 9 18:39:15 2020
Summary: Security update for gnutls
Type: security
Severity: important
References: 1172461,1172506,CVE-2020-13777
This update for gnutls fixes the following issues:
- CVE-2020-13777: Fixed an insecure session ticket key construction which could
have made the TLS server to not bind the session ticket encryption key with a
value supplied by the application until the initial key rotation, allowing
an attacker to bypass authentication in TLS 1.3 and recover previous
conversations in TLS 1.2 (bsc#1172506).
- Fixed an improper handling of certificate chain with cross-signed intermediate
CA certificates (bsc#1172461).
More information about the sle-security-updates
mailing list