SUSE-CU-2020:707-1: Security update of ses/7/cephcsi/csi-snapshotter
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Nov 26 00:18:24 MST 2020
SUSE Container Update Advisory: ses/7/cephcsi/csi-snapshotter
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:707-1
Container Tags : ses/7/cephcsi/csi-snapshotter:v2.1.1 , ses/7/cephcsi/csi-snapshotter:v2.1.1-rev1 , ses/7/cephcsi/csi-snapshotter:v2.1.1-rev1-build3.94
Container Release : 3.94
Severity : important
Type : security
References : 1174232 1174593 1177458 1177490 1177510 1177858 1178387 1178512
1178727 CVE-2020-25692 CVE-2020-28196
-----------------------------------------------------------------
The container ses/7/cephcsi/csi-snapshotter was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3290-1
Released: Wed Nov 11 12:25:32 2020
Summary: Recommended update for findutils
Type: recommended
Severity: moderate
References: 1174232
This update for findutils fixes the following issues:
- Do not unconditionally use leaf optimization for NFS. (bsc#1174232)
NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3313-1
Released: Thu Nov 12 16:07:37 2020
Summary: Security update for openldap2
Type: security
Severity: important
References: 1178387,CVE-2020-25692
This update for openldap2 fixes the following issues:
- CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3377-1
Released: Thu Nov 19 09:29:32 2020
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1178512,CVE-2020-28196
This update for krb5 fixes the following security issue:
- CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3381-1
Released: Thu Nov 19 10:53:38 2020
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1177458,1177490,1177510
This update for systemd fixes the following issues:
- build-sys: optionally disable support of journal over the network (bsc#1177458)
- ask-password: prevent buffer overflow when reading from keyring (bsc#1177510)
- mount: don't propagate errors from mount_setup_unit() further up
- Rely on the new build option --disable-remote for journal_remote
This allows to drop the workaround that consisted in cleaning journal-upload files and
{sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled.
- Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package
- Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458)
These files were incorrectly packaged in the main package when systemd-journal_remote was disabled.
- Make use of %{_unitdir} and %{_sysusersdir}
- Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3462-1
Released: Fri Nov 20 13:14:35 2020
Summary: Recommended update for pam and sudo
Type: recommended
Severity: moderate
References: 1174593,1177858,1178727
This update for pam and sudo fixes the following issue:
pam:
- pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
- Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
- Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)
sudo:
- Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)
More information about the sle-security-updates
mailing list