SUSE-CU-2020:509-1: Security update of suse/sles12sp5
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Oct 6 01:30:49 MDT 2020
SUSE Container Update Advisory: suse/sles12sp5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:509-1
Container Tags : suse/sles12sp5:6.5.71 , suse/sles12sp5:latest
Container Release : 6.5.71
Severity : moderate
Type : security
References : 1120629 1120630 1120631 1127155 1131823 1137977 1175811 1175830
1175831 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534
-----------------------------------------------------------------
The container suse/sles12sp5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2652-1
Released: Wed Sep 16 14:43:23 2020
Summary: Recommended update for zlib
Type: recommended
Severity: moderate
References: 1175811,1175830,1175831
This update for zlib fixes the following issues:
- Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831)
- Enable hardware compression on s390/s390x (jsc#SLE-13776)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2660-1
Released: Wed Sep 16 16:15:10 2020
Summary: Security update for libsolv
Type: security
Severity: moderate
References: 1120629,1120630,1120631,1127155,1131823,1137977,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
This update for libsolv fixes the following issues:
This is a reissue of an existing libsolv update that also included libsolv-devel for LTSS products.
libsolv was updated to version 0.6.36 fixes the following issues:
Security issues fixed:
- CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629).
- CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630).
- CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631).
Non-security issues fixed:
- Made cleandeps jobs on patterns work (bsc#1137977).
- Fixed an issue multiversion packages that obsolete their own name (bsc#1127155).
- Keep consistent package name if there are multiple alternatives (bsc#1131823).
More information about the sle-security-updates
mailing list