SUSE-CU-2020:177-1: Security update of suse/sle15

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri May 22 12:42:44 MDT 2020


SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:177-1
Container Tags        : suse/sle15:15.0 , suse/sle15:15.0.4.22.206
Container Release     : 4.22.206
Severity              : important
Type                  : security
References            : 1154661 1155271 1159314 1159928 1161517 1161521 1169512 1171173
                        1171422 1171872 CVE-2019-18218 CVE-2019-19956 CVE-2019-20388
                        CVE-2020-7595 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1267-1
Released:    Wed May 13 11:58:58 2020
Summary:     Recommended update for permissions
Type:        recommended
Severity:    important
References:  1171173
This update for permissions fixes the following issue:

- Remove setuid bit for newgidmap and newuidmap in paranoid profile. (bsc#1171173)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1290-1
Released:    Fri May 15 16:39:59 2020
Summary:     Recommended update for gnutls
Type:        recommended
Severity:    moderate
References:  1171422
This update for gnutls fixes the following issues:

- Add RSA 4096 key generation support in FIPS mode (bsc#1171422)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1294-1
Released:    Mon May 18 07:38:36 2020
Summary:     Security update for file
Type:        security
Severity:    moderate
References:  1154661,1169512,CVE-2019-18218
This update for file fixes the following issues:

Security issues fixed:

- CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661).

Non-security issue fixed:

- Fixed broken '--help' output (bsc#1169512).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1299-1
Released:    Mon May 18 07:43:21 2020
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1159928,1161517,1161521,CVE-2019-19956,CVE-2019-20388,CVE-2020-7595
This update for libxml2 fixes the following issues:

- CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521).
- CVE-2019-19956: Fixed a memory leak (bsc#1159928).
- CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1328-1
Released:    Mon May 18 17:16:04 2020
Summary:     Recommended update for grep
Type:        recommended
Severity:    moderate
References:  1155271
This update for grep fixes the following issues:

- Update testsuite expectations, no functional changes (bsc#1155271)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1349-1
Released:    Wed May 20 11:39:00 2020
Summary:     Recommended update for libsolv
Type:        recommended
Severity:    moderate
References:  1159314
This update for libsolv fixes the following issues:

libsolv was updated to version 0.7.11:

- fix solv_zchunk decoding error if large chunks are used (bsc#1159314)
- treat retracted pathes as irrelevant
- made add_update_target work with multiversion installs


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1362-1
Released:    Thu May 21 09:31:43 2020
Summary:     Recommended update for libgcrypt
Type:        recommended
Severity:    moderate
References:  1171872
This update for libgcrypt fixes the following issues:

- FIPS: RSA/DSA/ECC test_keys() print out debug messages only in debug mode (bsc#1171872)



More information about the sle-security-updates mailing list