SUSE-CU-2020:191-1: Security update of suse/sle15

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Jun 12 07:21:38 MDT 2020


SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:191-1
Container Tags        : suse/sle15:15.0 , suse/sle15:15.0.4.22.220
Container Release     : 4.22.220
Severity              : important
Type                  : security
References            : 1156159 1172295 1172461 1172506 CVE-2020-13777 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1579-1
Released:    Tue Jun  9 17:05:23 2020
Summary:     Recommended update for audit
Type:        recommended
Severity:    important
References:  1156159,1172295
This update for audit fixes the following issues:

- Fix hang on startup. (bsc#1156159)
- Fix specfile to require libauparse0 and libaudit1 after splitting audit-libs. (bsc#1172295)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1584-1
Released:    Tue Jun  9 18:39:15 2020
Summary:     Security update for gnutls
Type:        security
Severity:    important
References:  1172461,1172506,CVE-2020-13777
This update for gnutls fixes the following issues:

- CVE-2020-13777: Fixed an insecure session ticket key construction which could 
  have made the TLS server to not bind the session ticket encryption key with a
  value supplied by the application until the initial key rotation, allowing
  an attacker to bypass authentication in TLS 1.3 and recover previous
  conversations in TLS 1.2 (bsc#1172506).
- Fixed an  improper handling of certificate chain with cross-signed intermediate
  CA certificates (bsc#1172461).



More information about the sle-security-updates mailing list