SUSE-CU-2021:278-1: Security update of suse/sles12sp5

sle-security-updates at sle-security-updates at
Sat Aug 7 06:59:42 UTC 2021

SUSE Container Update Advisory: suse/sles12sp5
Container Advisory ID : SUSE-CU-2021:278-1
Container Tags        : suse/sles12sp5:6.5.210 , suse/sles12sp5:latest
Container Release     : 6.5.210
Severity              : important
Type                  : security
References            : 1027496 1047247 1050467 1093414 1097665 1123886 1131330 1150734
                        1155939 1157198 1160594 1160764 1161510 1161779 1163922 1171883
                        1181443 1182899 1184761 1185562 1185807 1186015 1186229 1187212
                        1187784 1187911 1188063 1188217 1188218 1188219 1188220 CVE-2016-10228
                        CVE-2019-20387 CVE-2019-3688 CVE-2019-3690 CVE-2020-8013 CVE-2021-22922
                        CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-3200 CVE-2021-33560
                        CVE-2021-33910 CVE-2021-3541 CVE-2021-35942 

The container suse/sles12sp5 was updated. The following patches have been included in this update:

Advisory ID: SUSE-SU-2021:2016-1
Released:    Fri Jun 18 09:39:25 2021
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1186015,CVE-2021-3541
This update for libxml2 fixes the following issues:

- CVE-2021-3541: Fixed exponential entity expansion attack that could bypass all existing protection mechanisms (bsc#1186015).

Advisory ID: SUSE-RU-2021:2086-1
Released:    Fri Jun 18 17:28:57 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1181443,1185562
This update for pam fixes the following issues:

- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains for 32 bit applications. (bsc#1185562)
Advisory ID: SUSE-SU-2021:2156-1
Released:    Thu Jun 24 15:39:39 2021
Summary:     Security update for libgcrypt
Type:        security
Severity:    important
References:  1187212,CVE-2021-33560
This update for libgcrypt fixes the following issues:

- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).

Advisory ID: SUSE-SU-2021:2180-1
Released:    Mon Jun 28 17:40:39 2021
Summary:     Security update for libsolv
Type:        security
Severity:    important
References:  1161510,1186229,CVE-2019-20387,CVE-2021-3200
This update for libsolv fixes the following issues:

Security issues fixed:

- CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510)
- CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229)

Other issues fixed:

- backport support for blacklisted packages to support ptf packages and retracted patches
- fix ruleinfo of complex dependencies returning the wrong origin
- fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason
- fix add_complex_recommends() selecting conflicted packages in rare cases
- fix potential segfault in resolve_jobrules
- fix solv_zchunk decoding error if large chunks are used

Advisory ID: SUSE-SU-2021:2280-1
Released:    Fri Jul  9 16:29:17 2021
Summary:     Security update for permissions
Type:        security
Severity:    moderate
References:  1047247,1050467,1093414,1097665,1123886,1150734,1155939,1157198,1160594,1160764,1161779,1163922,1171883,1182899,CVE-2019-3688,CVE-2019-3690,CVE-2020-8013
This update for permissions fixes the following issues:

- Fork package for 12-SP5 (bsc#1155939)
- make btmp root:utmp (bsc#1050467, bsc#1182899)
- pcp: remove no longer needed / conflicting entries (bsc#1171883). Fixes a potential security issue.
- do not follow symlinks that are the final path element (CVE-2020-8013, bsc#1163922)
- fix handling of relative directory symlinks in chkstat
- whitelist postgres sticky directories (bsc#1123886)
- fix regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594)
- fix capability handling when doing multiple permission changes at once (bsc#1161779,
- fix invalid free() when permfiles points to argv (bsc#1157198)
- the eror should be reported for permfiles[i], not argv[i], as these are not the same files. (bsc#1047247, bsc#1097665)
- fix /usr/sbin/pinger ownership to root:squid (bsc#1093414, CVE-2019-3688)
- fix privilege escalation through untrusted symlinks (bsc#1150734, CVE-2019-3690)

Advisory ID: SUSE-SU-2021:2405-1
Released:    Tue Jul 20 14:21:55 2021
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1184761,1185807,1188063,CVE-2021-33910
This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063)
- Fixed a regression with hostnamectl and timedatectl (bsc#1184761)
- Fixed permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)

Advisory ID: SUSE-SU-2021:2462-1
Released:    Fri Jul 23 11:23:22 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925
This update for curl fixes the following issues:

- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)

Advisory ID: SUSE-SU-2021:2480-1
Released:    Tue Jul 27 13:47:22 2021
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1027496,1131330,1187911,CVE-2016-10228,CVE-2021-35942
This update for glibc fixes the following issues:

Security issues fixed:

- CVE-2021-35942: wordexp: Fixed handle overflow in positional parameter number (bsc#1187911)
- CVE-2016-10228: Rewrite iconv option parsing (bsc#1027496)

Other fixes:

- Fixed race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330)

Advisory ID: SUSE-RU-2021:2578-1
Released:    Sun Aug  1 15:54:42 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1187784

This update for openldap2 rebuilds openldap2 against a symbol
versioned enabled openssl 1.0 library.

This is an enablemend for migrations to openssl 1.1.1 which will enable TLS 1.3 support.

More information about the sle-security-updates mailing list