SUSE-CU-2021:2-1: Security update of harbor/harbor-db

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Jan 4 23:50:36 MST 2021


SUSE Container Update Advisory: harbor/harbor-db
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:2-1
Container Tags        : harbor/harbor-db:2.1.2 , harbor/harbor-db:2.1.2-rev1 , harbor/harbor-db:2.1.2-rev1-build2.141
Container Release     : 2.141
Severity              : important
Type                  : security
References            : 1084671 1098449 1144793 1168771 1169006 1174232 1174593 1174942
                        1175514 1175623 1177458 1177490 1177510 1177533 1177658 1177858
                        1177864 1177998 1178346 1178376 1178387 1178512 1178554 1178666
                        1178667 1178668 1178727 1178823 1178825 1179398 1179399 1179431
                        1179491 1179515 1179593 1180138 CVE-2020-1971 CVE-2020-25692
                        CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 CVE-2020-28196 CVE-2020-8284
                        CVE-2020-8285 CVE-2020-8286 
-----------------------------------------------------------------

The container harbor/harbor-db was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3157-1
Released:    Wed Nov  4 15:37:05 2020
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    moderate
References:  1177864
This update for ca-certificates-mozilla fixes the following issues:

The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864)

- Removed CAs:

  - EE Certification Centre Root CA
  - Taiwan GRCA

- Added CAs:

  - Trustwave Global Certification Authority
  - Trustwave Global ECC P256 Certification Authority
  - Trustwave Global ECC P384 Certification Authority

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3290-1
Released:    Wed Nov 11 12:25:32 2020
Summary:     Recommended update for findutils
Type:        recommended
Severity:    moderate
References:  1174232
This update for findutils fixes the following issues:

- Do not unconditionally use leaf optimization for NFS. (bsc#1174232)
  NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3294-1
Released:    Wed Nov 11 12:28:46 2020
Summary:     Recommended update for SLES-release
Type:        recommended
Severity:    moderate
References:  1177998
This update for SLES-release fixes the following issue:

- Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3313-1
Released:    Thu Nov 12 16:07:37 2020
Summary:     Security update for openldap2
Type:        security
Severity:    important
References:  1178387,CVE-2020-25692
This update for openldap2 fixes the following issues:

- CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3377-1
Released:    Thu Nov 19 09:29:32 2020
Summary:     Security update for krb5
Type:        security
Severity:    moderate
References:  1178512,CVE-2020-28196
This update for krb5 fixes the following security issue:

- CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3381-1
Released:    Thu Nov 19 10:53:38 2020
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1177458,1177490,1177510
This update for systemd fixes the following issues:

- build-sys: optionally disable support of journal over the network (bsc#1177458)
- ask-password: prevent buffer overflow when reading from keyring (bsc#1177510)
- mount: don't propagate errors from mount_setup_unit() further up
- Rely on the new build option --disable-remote for journal_remote
  This allows to drop the workaround that consisted in cleaning journal-upload files and
  {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled.
- Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package 
- Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458)
  These files were incorrectly packaged in the main package when systemd-journal_remote was disabled.
- Make use of %{_unitdir} and %{_sysusersdir}
- Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3462-1
Released:    Fri Nov 20 13:14:35 2020
Summary:     Recommended update for pam and sudo
Type:        recommended
Severity:    moderate
References:  1174593,1177858,1178727
This update for pam and sudo fixes the following issue:

pam:

- pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
- Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
- Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)

sudo:

- Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3463-1
Released:    Fri Nov 20 13:49:58 2020
Summary:     Security update for postgresql12
Type:        security
Severity:    important
References:  1178666,1178667,1178668,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696
This update for postgresql12 fixes the following issues:

- Upgrade to version 12.5:
  * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
    and firing of deferred triggers within index expressions and
    materialized view queries.
  * CVE-2020-25694, bsc#1178667:
    a) Fix usage of complex connection-string parameters in pg_dump,
    pg_restore, clusterdb, reindexdb, and vacuumdb.
    b) When psql's \connect command re-uses connection parameters,
    ensure that all non-overridden parameters from a previous
    connection string are re-used.
  * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
    modifying specially-treated variables.
  * Fix recently-added timetz test case so it works when the USA
    is not observing daylight savings time.
  * https://www.postgresql.org/about/news/2111/
  * https://www.postgresql.org/docs/12/release-12-5.html

- Stop building the mini and lib packages as they are now coming
  from postgresql13.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3581-1
Released:    Tue Dec  1 14:40:22 2020
Summary:     Recommended update for libusb-1_0
Type:        recommended
Severity:    moderate
References:  1178376
This update for libusb-1_0 fixes the following issues:

- Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3620-1
Released:    Thu Dec  3 17:03:55 2020
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  
This update for pam fixes the following issues:

- Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720)
  - Check whether the password contains a substring of of the user's name of at least `<N>` characters length in 
  some form. This is enabled by the new parameter `usersubstr=<N>`

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3626-1
Released:    Fri Dec  4 13:51:46 2020
Summary:     Recommended update for audit
Type:        recommended
Severity:    moderate
References:  1179515
This update for audit fixes the following issues:

- Enable Aarch64 processor support. (bsc#1179515) 

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3703-1
Released:    Mon Dec  7 20:17:32 2020
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1179431
This update for aaa_base fixes the following issue:

- Avoid semicolon within (t)csh login script on S/390. (bsc#1179431)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3721-1
Released:    Wed Dec  9 13:36:46 2020
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1179491,CVE-2020-1971
This update for openssl-1_1 fixes the following issues:
	  
- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3735-1
Released:    Wed Dec  9 18:19:24 2020
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286
This update for curl fixes the following issues:

- CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). 
- CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399).
- CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398).	  

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3809-1
Released:    Tue Dec 15 13:46:05 2020
Summary:     Recommended update for glib2
Type:        recommended
Severity:    moderate
References:  1178346
This update for glib2 fixes the following issues:

Update from version 2.62.5 to version 2.62.6:

- Support for slim format of timezone. (bsc#1178346)
- Fix DST incorrect end day when using slim format. (bsc#1178346)
- Fix SOCKS5 username/password authentication.
- Updated translations.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3853-1
Released:    Wed Dec 16 12:27:27 2020
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1084671,1169006,1174942,1175514,1175623,1178554,1178825
This update for util-linux fixes the following issue:

- Do not trigger the automatic close of CDROM. (bsc#1084671)
- Try to automatically configure broken serial lines. (bsc#1175514)
- Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514)
- Build with `libudev` support to support non-root users. (bsc#1169006)
- Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
- Fix warning on mounts to `CIFS` with mount –a. (bsc#1174942)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3942-1
Released:    Tue Dec 29 12:22:01 2020
Summary:     Recommended update for libidn2
Type:        recommended
Severity:    moderate
References:  1180138
This update for libidn2 fixes the following issues:

- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
  adjusted the RPM license tags (bsc#1180138)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3943-1
Released:    Tue Dec 29 12:24:45 2020
Summary:     Recommended update for libxml2
Type:        recommended
Severity:    moderate
References:  1178823
This update for libxml2 fixes the following issues:

Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823)
* key/unique/keyref schema attributes currently use quadratic loops
  to check their various constraints (that keys are unique and that
  keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:6-1
Released:    Mon Jan  4 07:05:06 2021
Summary:     Recommended update for libdlm
Type:        recommended
Severity:    moderate
References:  1098449,1144793,1168771,1177533,1177658
This update for libdlm fixes the following issues:

- Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449)
- Add support for type 'uint64_t' to corosync ringid. (bsc#1168771)
- Include some fixes/enhancements for dlm_controld. (bsc#1144793)
- Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533)



More information about the sle-security-updates mailing list