SUSE-CU-2021:50-1: Security update of caasp/v4.5/cilium
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Feb 9 07:33:26 UTC 2021
SUSE Container Update Advisory: caasp/v4.5/cilium
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:50-1
Container Tags : caasp/v4.5/cilium:1.7.6 , caasp/v4.5/cilium:1.7.6-rev5 , caasp/v4.5/cilium:1.7.6-rev5-build5.15.3
Container Release : 5.15.3
Severity : important
Type : security
References : 1050625 1084671 1098449 1141597 1144793 1167939 1168771 1169006
1171883 1172695 1173559 1174016 1174436 1174942 1175458 1175514
1175623 1176964 1177238 1177275 1177348 1177427 1177490 1177533
1177583 1177658 1178346 1178554 1178775 1178823 1178825 1178909
1178910 1178931 1178966 1179083 1179155 1179222 1179363 1179415
1179503 1179691 1179691 1179738 1179816 1179824 1179909 1180077
1180138 1180225 1180603 1180603 1180663 1180721 1180885 1181319
CVE-2017-9271 CVE-2020-12603 CVE-2020-12604 CVE-2020-12605 CVE-2020-25709
CVE-2020-25710 CVE-2020-35471 CVE-2020-8025 CVE-2020-8663
-----------------------------------------------------------------
The container caasp/v4.5/cilium was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3791-1
Released: Mon Dec 14 17:39:19 2020
Summary: Recommended update for gzip
Type: recommended
Severity: moderate
References:
This update for gzip fixes the following issue:
- Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775)
Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3809-1
Released: Tue Dec 15 13:46:05 2020
Summary: Recommended update for glib2
Type: recommended
Severity: moderate
References: 1178346
This update for glib2 fixes the following issues:
Update from version 2.62.5 to version 2.62.6:
- Support for slim format of timezone. (bsc#1178346)
- Fix DST incorrect end day when using slim format. (bsc#1178346)
- Fix SOCKS5 username/password authentication.
- Updated translations.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3840-1
Released: Wed Dec 16 10:32:03 2020
Summary: Recommended update for llvm7
Type: recommended
Severity: moderate
References: 1176964,1179155
This update for llvm7 fixes the following issues:
- Fix dsymutil crash on ELF file. (bsc#1176964)
- Add Conflicts: clang-tools to clang7 and llvm7 packages to properly handle newer llvm versions. (bsc#1179155)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3853-1
Released: Wed Dec 16 12:27:27 2020
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825
This update for util-linux fixes the following issue:
- Do not trigger the automatic close of CDROM. (bsc#1084671)
- Try to automatically configure broken serial lines. (bsc#1175514)
- Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514)
- Build with `libudev` support to support non-root users. (bsc#1169006)
- Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
- Fix warning on mounts to `CIFS` with mount âa. (bsc#1174942)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3942-1
Released: Tue Dec 29 12:22:01 2020
Summary: Recommended update for libidn2
Type: recommended
Severity: moderate
References: 1180138
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3943-1
Released: Tue Dec 29 12:24:45 2020
Summary: Recommended update for libxml2
Type: recommended
Severity: moderate
References: 1178823
This update for libxml2 fixes the following issues:
Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823)
* key/unique/keyref schema attributes currently use quadratic loops
to check their various constraints (that keys are unique and that
keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:6-1
Released: Mon Jan 4 07:05:06 2021
Summary: Recommended update for libdlm
Type: recommended
Severity: moderate
References: 1098449,1144793,1168771,1177533,1177658
This update for libdlm fixes the following issues:
- Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449)
- Add support for type 'uint64_t' to corosync ringid. (bsc#1168771)
- Include some fixes/enhancements for dlm_controld. (bsc#1144793)
- Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:79-1
Released: Tue Jan 12 10:49:34 2021
Summary: Recommended update for gcc7
Type: recommended
Severity: moderate
References: 1167939
This update for gcc7 fixes the following issues:
- Amend the gcc7 aarch64 atomics for glibc namespace violation with getauxval. [bsc#1167939]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:109-1
Released: Wed Jan 13 10:13:24 2021
Summary: Security update for libzypp, zypper
Type: security
Severity: moderate
References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271
This update for libzypp, zypper fixes the following issues:
Update zypper to version 1.14.41
Update libzypp to 17.25.4
- CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583)
- RepoManager: Force refresh if repo url has changed (bsc#1174016)
- RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966)
- RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427).
- RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat
symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910)
- Fixed update of gpg keys with elongated expire date (bsc#179222)
- needreboot: remove udev from the list (bsc#1179083)
- Fix lsof monitoring (bsc#1179909)
yast-installation was updated to 4.2.48:
- Do not cleanup the libzypp cache when the system has low memory,
incomplete cache confuses libzypp later (bsc#1179415)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:129-1
Released: Thu Jan 14 12:26:15 2021
Summary: Security update for openldap2
Type: security
Severity: moderate
References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710
This update for openldap2 fixes the following issues:
Security issues fixed:
- CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
- CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
Non-security issue fixed:
- Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:152-1
Released: Fri Jan 15 17:04:47 2021
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1179691,1179738
This update for lvm2 fixes the following issues:
- Fix for lvm2 to use udev as external device by default. (bsc#1179691)
- Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:169-1
Released: Tue Jan 19 16:18:46 2021
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: moderate
References: 1179816,1180077,1180663,1180721
This update for libsolv, libzypp, zypper fixes the following issues:
libzypp was updated to 17.25.6:
- Rephrase solver problem descriptions (jsc#SLE-8482)
- Adapt to changed gpg2/libgpgme behavior (bsc#1180721)
- Multicurl backend breaks with with unknown filesize (fixes #277)
zypper was updated to 1.14.42:
- Fix source-download commnds help (bsc#1180663)
- man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816)
- Extend apt packagemap (fixes #366)
- --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077)
libsolv was updated to 0.7.16;
- do not ask the namespace callback for splitprovides when writing a testcase
- fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes
- improve choicerule generation so that package updates are prefered in more cases
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:174-1
Released: Wed Jan 20 07:55:23 2021
Summary: Recommended update for gnutls
Type: recommended
Severity: moderate
References: 1172695
This update for gnutls fixes the following issue:
- Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:197-1
Released: Fri Jan 22 15:17:42 2021
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1171883,CVE-2020-8025
This update for permissions fixes the following issues:
- Update to version 20181224:
* pcp: remove no longer needed / conflicting entries
(bsc#1171883, CVE-2020-8025)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:220-1
Released: Tue Jan 26 14:00:51 2021
Summary: Recommended update for keyutils
Type: recommended
Severity: moderate
References: 1180603
This update for keyutils fixes the following issues:
- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:233-1
Released: Wed Jan 27 12:15:33 2021
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225
This update for systemd fixes the following issues:
- Added a timestamp to the output of the busctl monitor command (bsc#1180225)
- Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824)
- Improved the caching of cgroups member mask (bsc#1175458)
- Fixed the dependency definition of sound.target (bsc#1179363)
- Fixed a bug that could lead to a potential error, when daemon-reload is called between
StartTransientUnit and scope_start() (bsc#1174436)
- time-util: treat /etc/localtime missing as UTC (bsc#1141597)
- Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:265-1
Released: Mon Feb 1 15:06:45 2021
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1178775,1180885
This update for systemd fixes the following issues:
- Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998))
- Fix for an issue when container start causes interference in other containers. (bsc#1178775)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:278-1
Released: Tue Feb 2 09:43:08 2021
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1181319
This update for lvm2 fixes the following issues:
- Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:293-1
Released: Wed Feb 3 12:52:34 2021
Summary: Recommended update for gmp
Type: recommended
Severity: moderate
References: 1180603
This update for gmp fixes the following issues:
- correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:294-1
Released: Wed Feb 3 12:54:28 2021
Summary: Recommended update for libprotobuf
Type: recommended
Severity: moderate
References:
libprotobuf was updated to fix:
- ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:302-1
Released: Thu Feb 4 13:18:35 2021
Summary: Recommended update for lvm2
Type: recommended
Severity: important
References: 1179691
This update for lvm2 fixes the following issues:
- lvm2 will no longer use external_device_info_source='udev' as default because it introduced a
regression (bsc#1179691).
If this behavior is still wanted, please change this manually in the lvm.conf
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:335-1
Released: Mon Feb 8 11:19:09 2021
Summary: Include cilium addon security fixes and a new skuba release with updated add-ons
Type: security
Severity: important
References: 1173559,1177348,1178931,CVE-2020-12603,CVE-2020-12604,CVE-2020-12605,CVE-2020-35471,CVE-2020-8663
== Cilium (Security fixes)
This fix involves an upgrade of cilium add-on. See https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_updates.html#_updating_kubernetes_components for the upgrade procedure.
== Skuba
In order to update skuba you need to update the management workstation. See detailed instructions at https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_updates.html#_update_management_workstation
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:339-1
Released: Mon Feb 8 13:16:07 2021
Summary: Optional update for pam
Type: optional
Severity: low
References:
This update for pam fixes the following issues:
- Added rpm macros for this package, so that other packages can make use of it
This patch is optional to be installed - it doesn't fix any bugs.
More information about the sle-security-updates
mailing list