SUSE-CU-2020:96-1: Security update of sles12/portus
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Mar 24 09:03:02 MDT 2020
SUSE Container Update Advisory: sles12/portus
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:96-1
Container Tags : sles12/portus:2.4.3
Container Release : 2.10.1
Severity : important
Type : security
References : 1043886 1049825 1077717 1082318 1093414 1104902 1106383 1107617
1110929 1114592 1114674 1116995 1117951 1123886 1123919 1124847
1127027 1128828 1131830 1132826 1133495 1134550 1135254 1136298
1137053 1137832 1139459 1139870 1139942 1140039 1140631 1140914
1141093 1141798 1141897 1142058 1142614 1142649 1142654 1142661
1143194 1143215 1143273 1145092 1145521 1146415 1148517 1148987
1149145 1149429 1149496 1150003 1150250 1150451 1150595 1150734
1151377 1151506 1151577 1153386 1153557 1154036 1154037 1154043
1154043 1154162 1154862 1154871 1154948 1155199 1155338 1155339
1155574 1156482 1157198 1157578 1158586 1158763 1158809 1159162
1159814 1160163 1160571 1160594 1160764 1160895 1160912 1161779
1162108 1162388 1162518 1163922 1163985 1165811 CVE-2018-10754
CVE-2018-18311 CVE-2019-10208 CVE-2019-12749 CVE-2019-13050 CVE-2019-13057
CVE-2019-13565 CVE-2019-13627 CVE-2019-14250 CVE-2019-14866 CVE-2019-1547
CVE-2019-1551 CVE-2019-1563 CVE-2019-15847 CVE-2019-15903 CVE-2019-17498
CVE-2019-17594 CVE-2019-17595 CVE-2019-18900 CVE-2019-18901 CVE-2019-2614
CVE-2019-2627 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805
CVE-2019-2974 CVE-2019-3688 CVE-2019-3690 CVE-2019-5188 CVE-2019-5482
CVE-2019-9893 CVE-2020-1712 CVE-2020-1720 CVE-2020-2574 CVE-2020-8013
SLE-10396 SLE-7081 SLE-7257
-----------------------------------------------------------------
The container sles12/portus was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2018:336-1
Released: Wed Feb 21 14:26:52 2018
Summary: Security update for libdb-4_8
Type: security
Severity: moderate
References: 1043886
This update for libdb-4_8 fixes the following issues:
- A DB_CONFIG file in the current working directory allowed local
users to obtain sensitive information via a symlink attack
involving a setgid or setuid application using libdb-4_8. (bsc#1043886)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2120-1
Released: Wed Aug 14 11:17:39 2019
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1136298,SLE-7257
This update for pam fixes the following issues:
- Enable pam_userdb.so (SLE-7257,bsc#1136298)
- Upgraded pam_userdb to 1.3.1. (bsc#1136298)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2264-1
Released: Mon Sep 2 09:07:12 2019
Summary: Security update for perl
Type: security
Severity: important
References: 1114674,CVE-2018-18311
This update for perl fixes the following issues:
Security issue fixed:
- CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2269-1
Released: Mon Sep 2 14:23:28 2019
Summary: Security update for postgresql10
Type: security
Severity: important
References: 1145092,CVE-2019-10208
This update for postgresql10 fixes the following issues:
Security issue fixed:
- CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2288-1
Released: Wed Sep 4 14:22:47 2019
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1104902,1107617,1137053,1142661
This update for systemd fixes the following issues:
- Fixes an issue where the Kernel took very long to unmount a user's runtime directory (bsc#1104902)
- udevd: changed the default value of udev.children-max (again) (bsc#1107617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2372-1
Released: Thu Sep 12 14:01:27 2019
Summary: Recommended update for krb5
Type: recommended
Severity: moderate
References: 1139942,1140914,SLE-7081
This update for krb5 fixes the following issues:
- Fix missing responder if there is no pre-auth; (bsc#1139942)
- Load mechglue config files from /etc/gss/mech.d; (bsc#1140914, jsc#SLE-7081)
- Fix impersonate_name to work with interposers; (bsc#1140914, jsc#SLE-7081)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2339-1
Released: Thu Sep 12 14:17:53 2019
Summary: Security update for curl
Type: security
Severity: important
References: 1149496,CVE-2019-5482
This update for curl fixes the following issues:
Security issue fixed:
- CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2390-1
Released: Tue Sep 17 15:46:02 2019
Summary: Security update for openldap2
Type: security
Severity: moderate
References: 1143194,1143273,CVE-2019-13057,CVE-2019-13565
This update for openldap2 fixes the following issues:
Security issues fixed:
- CVE-2019-13565: Fixed ssf memory reuse that leads to incorrect authorization of another connection, granting excess connection rights (ssf) (bsc#1143194).
- CVE-2019-13057: Fixed rootDN of a backend that may proxyauth incorrectly to another backend, violating multi-tenant isolation (bsc#1143273).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2413-1
Released: Fri Sep 20 10:44:26 2019
Summary: Security update for openssl
Type: security
Severity: moderate
References: 1150003,1150250,CVE-2019-1547,CVE-2019-1563
This update for openssl fixes the following issues:
OpenSSL Security Advisory [10 September 2019]
- CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003).
- CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2440-1
Released: Mon Sep 23 17:15:13 2019
Summary: Security update for expat
Type: security
Severity: moderate
References: 1149429,CVE-2019-15903
This update for expat fixes the following issues:
Security issue fixed:
- CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. (bsc#1149429)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2461-1
Released: Wed Sep 25 16:42:53 2019
Summary: Security update for mariadb
Type: security
Severity: moderate
References: 1127027,1132826,1141798,1142058,1143215,CVE-2019-2614,CVE-2019-2627,CVE-2019-2737,CVE-2019-2739,CVE-2019-2740,CVE-2019-2805
This update for mariadb fixes the following issues:
Updated to MariaDB 10.0.40-1.
Security issues fixed:
- CVE-2019-2805, CVE-2019-2740, CVE-2019-2739, CVE-2019-2737,
CVE-2019-2614, CVE-2019-2627. (bsc#1132826) (bsc#1141798).
Non-security issues fixed:
- Adjusted mysql-systemd-helper ('shutdown protected MySQL' section)
so it checks both ping response and the pid in a process list
as it can take some time till the process is terminated.
Otherwise it can lead to 'found left-over process' situation
when regular mariadb is started. (bsc#1143215)
- Fixed IP resolving in mysql_install_db script. (bsc#1142058, bsc#1127027, MDEV-18526)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2480-1
Released: Fri Sep 27 13:12:08 2019
Summary: Security update for gpg2
Type: security
Severity: moderate
References: 1124847,1141093,CVE-2019-13050
This update for gpg2 fixes the following issues:
Security issue fixed:
- CVE-2019-13050: Fixed denial-of-service attacks via big keys. (bsc#1141093)
Non-security issue fixed:
- Allow coredumps in X11 desktop sessions (bsc#1124847).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2510-1
Released: Tue Oct 1 17:37:12 2019
Summary: Security update for libgcrypt
Type: security
Severity: moderate
References: 1148987,CVE-2019-13627
This update for libgcrypt fixes the following issues:
Security issues fixed:
- CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2740-1
Released: Tue Oct 22 15:34:30 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2818-1
Released: Tue Oct 29 17:22:01 2019
Summary: Recommended update for zypper and libzypp
Type: recommended
Severity: important
References: 1049825,1116995,1140039,1145521,1146415,1153557
This update for zypper and libzypp fixes the following issues:
Package: zypper
- Fixed an issue where zypper exited on a SIGPIPE during package download (bsc#1145521)
- Rephrased the file conflicts check summary (bsc#1140039)
- Fixes an issue where the bash completion was wrongly expanded (bsc#1049825)
Package: libzypp
- Fixed an issue where YaST2 was not able to find base products via libzypp (bsc#1153557)
- Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus
mode when resolving jobs (bsc#1146415)
- Fixes a file descriptor leak in the media backend (bsc#1116995)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2887-1
Released: Mon Nov 4 17:31:49 2019
Summary: Recommended update for apparmor
Type: recommended
Severity: moderate
References: 1139870
This update for apparmor provides the following fix:
- Change pathname in logprof.conf and use check_qualifiers() in autodep to make sure
apparmor does not generate profiles for programs marked as not having their own
profiles. (bsc#1139870)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2898-1
Released: Tue Nov 5 17:00:27 2019
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1140631,1150595,1154948
This update for systemd fixes the following issues:
- sd-bus: deal with cookie overruns (bsc#1150595)
- rules: Add by-id symlinks for persistent memory (bsc#1140631)
- Drop the old fds used for logging and reopen them in the
sub process before doing any new logging. (bsc#1154948)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2936-1
Released: Fri Nov 8 13:19:55 2019
Summary: Security update for libssh2_org
Type: security
Severity: moderate
References: 1154862,CVE-2019-17498
This update for libssh2_org fixes the following issue:
- CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2941-1
Released: Tue Nov 12 10:03:32 2019
Summary: Security update for libseccomp
Type: security
Severity: moderate
References: 1082318,1128828,1142614,CVE-2019-9893
This update for libseccomp fixes the following issues:
Update to new upstream release 2.4.1:
* Fix a BPF generation bug where the optimizer mistakenly
identified duplicate BPF code blocks.
Updated to 2.4.0 (bsc#1128828 CVE-2019-9893):
* Update the syscall table for Linux v5.0-rc5
* Added support for the SCMP_ACT_KILL_PROCESS action
* Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute
* Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension
* Added support for the parisc and parisc64 architectures
* Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3)
* Return -EDOM on an endian mismatch when adding an architecture to a filter
* Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run()
* Fix PFC generation when a syscall is prioritized, but no rule exists
* Numerous fixes to the seccomp-bpf filter generation code
* Switch our internal hashing function to jhash/Lookup3 to MurmurHash3
* Numerous tests added to the included test suite, coverage now at ~92%
* Update our Travis CI configuration to use Ubuntu 16.04
* Numerous documentation fixes and updates
Update to release 2.3.3:
* Updated the syscall table for Linux v4.15-rc7
Update to release 2.3.2:
* Achieved full compliance with the CII Best Practices program
* Added Travis CI builds to the GitHub repository
* Added code coverage reporting with the '--enable-code-coverage' configure
flag and added Coveralls to the GitHub repository
* Updated the syscall tables to match Linux v4.10-rc6+
* Support for building with Python v3.x
* Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is
set to true
* Several small documentation fixes
- ignore make check error for ppc64/ppc64le, bypass bsc#1142614
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3003-1
Released: Tue Nov 19 10:12:33 2019
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1153386,SLE-10396
This update for procps provides the following fixes:
- Backport the MemAvailable patch into SLE12-SP4/SP5 procps. (jsc#SLE-10396)
- Add missing ShmemPmdMapped entry for pmap with newer kernels. (bsc#1153386)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3064-1
Released: Mon Nov 25 18:44:36 2019
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1155199,CVE-2019-14866
This update for cpio fixes the following issues:
- CVE-2019-14866: Fixed an improper validation of the values written
in the header of a TAR file through the to_oct() function which could
have led to unexpected TAR generation (bsc#1155199).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3085-1
Released: Thu Nov 28 10:01:53 2019
Summary: Security update for libxml2
Type: security
Severity: low
References: 1123919
This update for libxml2 doesn't fix any additional security issues, but correct the rpm changelog to reflect
all CVEs that have been fixed over the past.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3094-1
Released: Thu Nov 28 16:47:52 2019
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1131830,1134550,1154036,1154037,CVE-2018-10754,CVE-2019-17594,CVE-2019-17595
This update for ncurses fixes the following issues:
Security issue fixed:
- CVE-2018-10754: Fixed a denial of service caused by a NULL Pointer Dereference in the _nc_parse_entry() (bsc#1131830).
- CVE-2019-17594: Fixed a heap-based buffer over-read in _nc_find_entry function in tinfo/comp_hash.c (bsc#1154036).
- CVE-2019-17595: Fixed a heap-based buffer over-read in fmt_entry function in tinfo/comp_hash.c (bsc#1154037).
Bug fixes:
- Fixed ppc64le build configuration (bsc#1134550).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3132-1
Released: Tue Dec 3 10:52:14 2019
Summary: Recommended update for update-alternatives
Type: recommended
Severity: moderate
References: 1154043
This update for update-alternatives fixes the following issues:
- Fix post install scripts: test if there is actual file before calling update-alternatives. (bsc#1154043)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3180-1
Released: Thu Dec 5 11:42:40 2019
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1093414,1150734,1157198,CVE-2019-3688,CVE-2019-3690
This update for permissions fixes the following issues:
- CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid
which could have allowed a squid user to gain persistence by changing the
binary (bsc#1093414).
- CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic
links (bsc#1150734).
- Fixed a regression which caused segmentation fault (bsc#1157198).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3342-1
Released: Thu Dec 19 11:04:35 2019
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References: 1151577
This update for elfutils fixes the following issues:
- Add require of 'libebl1' for 'libelf1'. (bsc#1151577)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3364-1
Released: Thu Dec 19 19:20:52 2019
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References: 1158586,1159162
This update for ncurses fixes the following issues:
- Work around a bug of old upstream gen-pkgconfig (bsc#1159162)
- Remove doubled library path options (bsc#1159162)
- Also remove private requirements as (lib)tinfo are binary compatible
with normal and wide version of (lib)ncurses (bsc#1158586, bsc#1159162)
- Fix last change, that is add missed library linker paths as well
as missed include directories for none standard paths (bsc#1158586,
bsc#1159162)
- Do not mix include directories of different ncurses ABI (bsc#1158586)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:50-1
Released: Thu Jan 9 09:34:32 2020
Summary: Security update for mariadb
Type: security
Severity: moderate
References: 1154162,CVE-2019-2974
This update for mariadb fixes the following issues:
Security issue fixed:
- CVE-2019-2974: Fixed Server Optimizer (bsc#1154162).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:79-1
Released: Mon Jan 13 10:37:34 2020
Summary: Security update for libzypp
Type: security
Severity: moderate
References: 1158763,CVE-2019-18900
This update for libzypp fixes the following issues:
Security issue fixed:
- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:86-1
Released: Mon Jan 13 14:12:22 2020
Summary: Security update for e2fsprogs
Type: security
Severity: moderate
References: 1160571,CVE-2019-5188
This update for e2fsprogs fixes the following issues:
- CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:106-1
Released: Wed Jan 15 12:50:55 2020
Summary: Recommended update for libgcrypt
Type: recommended
Severity: important
References: 1155338,1155339
This update for libgcrypt fixes the following issues:
- Fix test dsa-rfc6979 in FIPS mode: Disabled tests in elliptic curves with 192 bits which are not recommended in FIPS mode
- Added CMAC AES and TDES FIPS self-tests: (bsc#1155339, bsc#1155338)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:394-1
Released: Tue Feb 18 14:08:00 2020
Summary: Security update for gcc9
Type: security
Severity: moderate
References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847
This update for gcc9 fixes the following issues:
The GNU Compiler Collection is shipped in version 9.
A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html
The compilers have been added to the SUSE Linux Enterprise Toolchain Module.
To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9
CXX=g++-9 set.
For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and
other compiler libraries have been switched from their gcc8 variants to
their gcc9 variants.
Security issues fixed:
- CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
- CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)
Non-security issues fixed:
- Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
- Fixed miscompilation for vector shift on s390. (bsc#1141897)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:373-1
Released: Tue Feb 18 15:06:18 2020
Summary: Security update for dbus-1
Type: security
Severity: important
References: 1137832,CVE-2019-12749
This update for dbus-1 fixes the following issues:
Security issue fixed:
- CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which
could have allowed local attackers to bypass authentication (bsc#1137832).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:404-1
Released: Wed Feb 19 09:05:47 2020
Summary: Recommended update for p11-kit
Type: recommended
Severity: moderate
References: 1154871
This update for p11-kit fixes the following issues:
- Support loading NSS attribute 'CKA_NSS_MOZILLA_CA_POLICY' so Firefox detects built-in certificates. (bsc#1154871)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:474-1
Released: Tue Feb 25 13:24:15 2020
Summary: Security update for openssl
Type: security
Severity: moderate
References: 1117951,1158809,1160163,CVE-2019-1551
This update for openssl fixes the following issues:
Security issue fixed:
- CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809).
Non-security issue fixed:
- Fixed a crash in BN_copy (bsc#1160163).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:527-1
Released: Fri Feb 28 11:51:29 2020
Summary: Security update for mariadb
Type: security
Severity: moderate
References: 1077717,1160895,1160912,1162388,CVE-2019-18901,CVE-2020-2574
This update for mariadb fixes the following issues:
MariaDB was updated to version 10.0.40-3 (bsc#1162388).
Security issues fixed:
- CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388).
- CVE-2019-18901: Fixed an unsafe path handling behavior in mysql-systemd-helper (bsc#1160895).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:545-1
Released: Fri Feb 28 15:50:46 2020
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1123886,1160594,1160764,1161779,1163922,CVE-2020-8013
This update for permissions fixes the following issues:
Security issues fixed:
- CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922).
Non-security issues fixed:
- Fixed a regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594).
- Fixed capability handling when doing multiple permission changes at once (bsc#1161779).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:561-1
Released: Mon Mar 2 17:24:59 2020
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References: 1110929,1157578
This update for elfutils fixes the following issues:
- Fix 'eu-nm' issue in elfutils: Symbol iteration will be set to start at 0 instead of 1 to avoid missing symbols in the output. (bsc#1157578)
- Fix for '.ko' file corruption in debug info. (bsc#1110929)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:571-1
Released: Tue Mar 3 13:23:35 2020
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1162518
This update for cyrus-sasl fixes the following issues:
- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:331-1
Released: Wed Mar 18 12:52:46 2020
Summary: Security update for systemd
Type: security
Severity: important
References: 1106383,1133495,1139459,1151377,1151506,1154043,1155574,1156482,1159814,1162108,CVE-2020-1712
This update for systemd fixes the following issues:
- CVE-2020-1712 (bsc#bsc#1162108)
Fix a heap use-after-free vulnerability, when asynchronous
Polkit queries were performed while handling Dbus messages. A local
unprivileged attacker could have abused this flaw to crash systemd services or
potentially execute code and elevate their privileges, by sending specially
crafted Dbus messages.
- Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459)
- Fix warnings thrown during package installation. (bsc#1154043)
- Fix for system-udevd prevent crash within OES2018. (bsc#1151506)
- Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482)
- Wait for workers to finish when exiting. (bsc#1106383)
- Improve log message when inotify limit is reached. (bsc#1155574)
- Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377)
- Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:715-1
Released: Wed Mar 18 16:28:12 2020
Summary: Security update for postgresql10
Type: security
Severity: low
References: 1163985,CVE-2020-1720
This update for postgresql10 fixes the following issues:
PostgreSQL was updated to version 10.12.
Security issue fixed:
- CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985).
-----------------------------------------------------------------
Advisory ID: 14445
Released: Mon Mar 23 14:31:56 2020
Summary: Recommended update for portus, portus-image
Type: recommended
Severity: moderate
References: 1165811
This update for portus, portus-image fixes the following issues:
Portus was updated to 2.4.3.
It fixes a bug where portus was suddenly deleting all images. (bsc#1165811)
More information about the sle-security-updates
mailing list