SUSE-CU-2021:94-1: Security update of suse/sles12sp3
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Sat Apr 3 06:08:05 UTC 2021
SUSE Container Update Advisory: suse/sles12sp3
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:94-1
Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.237 , suse/sles12sp3:latest
Container Release : 24.237
Severity : important
Type : security
References : 1116107 1159635 1174215 1175109 1178727 1178823 1178909 1178925
1178966 1179398 1179398 1179399 1179491 1180073 1181728 1182138
1182279 1182331 1182333 1182408 1182411 1182412 1182413 1182415
1182416 1182417 1182418 1182419 1182420 CVE-2019-19906 CVE-2020-1971
CVE-2020-25709 CVE-2020-25710 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223
CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228
CVE-2020-36229 CVE-2020-36230 CVE-2020-8231 CVE-2020-8284 CVE-2020-8284
CVE-2020-8285 CVE-2021-23840 CVE-2021-23841 CVE-2021-27212
-----------------------------------------------------------------
The container suse/sles12sp3 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3569-1
Released: Mon Nov 30 17:13:16 2020
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1178727
This update for pam fixes the following issue:
- Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3573-1
Released: Mon Nov 30 18:13:05 2020
Summary: Recommended update for sg3_utils
Type: recommended
Severity: low
References: 1116107
This update for sg3_utils fixes the following issues:
- Fixed wrong device ID for devices using NAA extended format (bsc#1116107)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3763-1
Released: Fri Dec 11 14:17:32 2020
Summary: Security update for openssl
Type: security
Severity: important
References: 1179491,CVE-2020-1971
This update for openssl fixes the following issues:
- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3794-1
Released: Mon Dec 14 17:40:20 2020
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1174215,1178925,1178966
This update for libzypp, zypper fixes the following issues:
Changes in zypper:
- Fix typo in `list-patches` help. (bsc#1178925)
The options for selecting issues matching the specified string is `--issue[=STRING]`, not `--issues[=STRING]`.
Changes in libzypp:
- Fix in repository manager for removing non-directory entries related to the cache. (bsc#1178966)
- Remove from the logs the credentials available from the authorization header. (bsc#1174215)
The authorization header may include base64 encoded credentials which could be restored from the log file.
The credentials are now stripped from the log.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3800-1
Released: Mon Dec 14 18:55:59 2020
Summary: Security update for curl
Type: security
Severity: moderate
References: 1175109,1179398,CVE-2020-8231,CVE-2020-8284
This update for curl fixes the following issues:
- CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398).
- CVE-2020-8231: Fixed an issue with trusting FTP PASV responses (bsc#1175109).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3876-1
Released: Fri Dec 18 16:45:25 2020
Summary: Security update for curl
Type: security
Severity: moderate
References: 1179398,1179399,CVE-2020-8284,CVE-2020-8285
This update for curl fixes the following issue:
- CVE-2020-8285: Fixed an FTP wildcard stack overflow (bsc#1179399).
- CVE-2020-8284: Adjust trusting FTP PASV responses (bsc#1179398).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3939-1
Released: Mon Dec 28 14:29:41 2020
Summary: Security update for cyrus-sasl
Type: security
Severity: important
References: 1159635,CVE-2019-19906
This update for cyrus-sasl fixes the following issues:
- CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:26-1
Released: Tue Jan 5 14:18:00 2021
Summary: Recommended update for libxml2
Type: recommended
Severity: moderate
References: 1178823
This update for libxml2 fixes the following issues:
Avoid quadratic checking of identity-constraints, speeding up XML validation. (bsc#1178823)
* key/unique/keyref schema attributes currently use quadratic loops
to check their various constraints (that keys are unique and that
keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:128-1
Released: Thu Jan 14 11:01:24 2021
Summary: Security update for openldap2
Type: security
Severity: moderate
References: 1178909,CVE-2020-25709,CVE-2020-25710
This update for openldap2 fixes the following issues:
- CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
- CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:588-1
Released: Thu Feb 25 06:10:02 2021
Summary: Recommended update for file
Type: recommended
Severity: moderate
References: 1182138
This update for file fixes the following issues:
- Fixed an issue when file is used with a string started with '80'. (bsc#1182138)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:693-1
Released: Wed Mar 3 18:13:33 2021
Summary: Security update for openldap2
Type: security
Severity: important
References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212
This update for openldap2 fixes the following issues:
- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the
X.509 DN parsing in decode.c ber_next_element, resulting in denial
of service.
- bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN
parsing in ad_keystring, resulting in denial of service.
- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash
in the Certificate List Exact Assertion processing, resulting in
denial of service.
- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the
cancel_extop Cancel operation, resulting in denial of service.
- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the
saslAuthzTo processing, resulting in denial of service.
- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash
in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd
crash in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the
saslAuthzTo validation, resulting in denial of service.
- bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact
Assertion processing, resulting in denial of service (schema_init.c
serialNumberAndIssuerCheck).
- bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter
control handling, resulting in denial of service (double free and
out-of-bounds read).
- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur
in the issuerAndThisUpdateCheck function via a crafted packet,
resulting in a denial of service (daemon exit) via a short timestamp.
This is related to schema_init.c and checkTime.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:939-1
Released: Wed Mar 24 12:24:38 2021
Summary: Security update for openssl
Type: security
Severity: moderate
References: 1182331,1182333,CVE-2021-23840,CVE-2021-23841
This update for openssl fixes the following issues:
- CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)
- CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:970-1
Released: Mon Mar 29 14:53:14 2021
Summary: Recommended update for apparmor
Type: recommended
Severity: moderate
References: 1181728
This update for apparmor fixes the following issues:
- Add abstraction/base fix to apparmor-profile. (bsc#1181728)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1003-1
Released: Thu Apr 1 15:06:58 2021
Summary: Recommended update for libcap
Type: recommended
Severity: moderate
References: 1180073
This update for libcap fixes the following issues:
- Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460)
- Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073)
More information about the sle-security-updates
mailing list