SUSE-CU-2021:233-1: Security update of suse/sles/15.2/virt-launcher

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jun 1 06:36:28 UTC 2021


SUSE Container Update Advisory: suse/sles/15.2/virt-launcher
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:233-1
Container Tags        : suse/sles/15.2/virt-launcher:0.38.1 , suse/sles/15.2/virt-launcher:0.38.1.5.8.40
Container Release     : 5.8.40
Severity              : important
Type                  : security
References            : 1027519 1027519 1027519 1078466 1080040 1083473 1084671 1098449
                        1104902 1112500 1115408 1130103 1133098 1141597 1144793 1146705
                        1154935 1155094 1156260 1160876 1161276 1162896 1163764 1165502
                        1165780 1165780 1166602 1167471 1168771 1169006 1170200 1170498
                        1171549 1171883 1172385 1172442 1172695 1172926 1173079 1173256
                        1173422 1173582 1173612 1174091 1174232 1174257 1174257 1174436
                        1174466 1174529 1174564 1174571 1174593 1174644 1174701 1174942
                        1175120 1175161 1175169 1175458 1175514 1175519 1175623 1176076
                        1176116 1176201 1176256 1176257 1176258 1176259 1176262 1176262
                        1176390 1176451 1176489 1176499 1176513 1176549 1176638 1176673
                        1176679 1176682 1176684 1176782 1176800 1176828 1177047 1177077
                        1177078 1177151 1177158 1177204 1177211 1177319 1177344 1177360
                        1177409 1177409 1177412 1177412 1177413 1177413 1177414 1177414
                        1177450 1177458 1177490 1177490 1177510 1177533 1177643 1177656
                        1177658 1177676 1177699 1177789 1177843 1177857 1177858 1177933
                        1177950 1178009 1178049 1178073 1178083 1178174 1178219 1178346
                        1178354 1178376 1178386 1178387 1178400 1178512 1178531 1178554
                        1178565 1178591 1178591 1178680 1178692 1178727 1178775 1178775
                        1178823 1178825 1178837 1178860 1178860 1178905 1178909 1178932
                        1178934 1178963 1179016 1179148 1179193 1179193 1179363 1179398
                        1179399 1179431 1179440 1179452 1179466 1179467 1179468 1179491
                        1179496 1179498 1179501 1179502 1179503 1179506 1179514 1179515
                        1179516 1179526 1179569 1179593 1179630 1179686 1179691 1179691
                        1179694 1179717 1179719 1179721 1179738 1179756 1179802 1179824
                        1179908 1179908 1179997 1180020 1180038 1180073 1180083 1180107
                        1180138 1180155 1180225 1180377 1180523 1180596 1180603 1180603
                        1180686 1180690 1180713 1180836 1180885 1181011 1181108 1181126
                        1181254 1181313 1181319 1181358 1181443 1181505 1181540 1181571
                        1181639 1181651 1181831 1181933 1181963 1181989 1182117 1182137
                        1182279 1182324 1182328 1182331 1182333 1182362 1182379 1182408
                        1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419
                        1182420 1182425 1182506 1182576 1182577 1182766 1182791 1182824
                        1182899 1182959 1182968 1183012 1183064 1183072 1183074 1183094
                        1183194 1183370 1183371 1183374 1183421 1183456 1183457 1183578
                        1183579 1183749 1183791 1183796 1183797 1183852 1183899 1183933
                        1183934 1184064 1184122 1184136 1184231 1184358 1184401 1184435
                        1184507 1184614 1184687 1184690 1185066 1185163 1185170 1185190
                        1185408 1185408 1185409 1185409 1185410 1185410 1185438 1185562
                        1185698 1186114 955334 976199 CVE-2019-14584 CVE-2019-16935 CVE-2019-17498
                        CVE-2019-18348 CVE-2019-18397 CVE-2019-20907 CVE-2019-20916 CVE-2019-20916
                        CVE-2019-25013 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858
                        CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863
                        CVE-2019-5010 CVE-2020-11080 CVE-2020-11947 CVE-2020-12829 CVE-2020-13987
                        CVE-2020-13988 CVE-2020-14355 CVE-2020-14422 CVE-2020-15166 CVE-2020-15469
                        CVE-2020-17437 CVE-2020-17438 CVE-2020-1971 CVE-2020-25084 CVE-2020-25624
                        CVE-2020-25625 CVE-2020-25660 CVE-2020-25678 CVE-2020-25681 CVE-2020-25682
                        CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687
                        CVE-2020-25692 CVE-2020-25709 CVE-2020-25710 CVE-2020-25723 CVE-2020-26116
                        CVE-2020-27616 CVE-2020-27617 CVE-2020-27618 CVE-2020-27619 CVE-2020-27670
                        CVE-2020-27670 CVE-2020-27671 CVE-2020-27671 CVE-2020-27672 CVE-2020-27672
                        CVE-2020-27673 CVE-2020-27674 CVE-2020-27781 CVE-2020-27821 CVE-2020-27839
                        CVE-2020-28196 CVE-2020-28368 CVE-2020-28368 CVE-2020-28916 CVE-2020-29129
                        CVE-2020-29130 CVE-2020-29443 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483
                        CVE-2020-29484 CVE-2020-29562 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571
                        CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224
                        CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229
                        CVE-2020-36230 CVE-2020-8025 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286
                        CVE-2020-8492 CVE-2021-20181 CVE-2021-20203 CVE-2021-20221 CVE-2021-20231
                        CVE-2021-20232 CVE-2021-20257 CVE-2021-20288 CVE-2021-20305 CVE-2021-22876
                        CVE-2021-22890 CVE-2021-22898 CVE-2021-23336 CVE-2021-23840 CVE-2021-23841
                        CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219
                        CVE-2021-28210 CVE-2021-28211 CVE-2021-28687 CVE-2021-31535 CVE-2021-3177
                        CVE-2021-3308 CVE-2021-3326 CVE-2021-3416 CVE-2021-3426 CVE-2021-3449
                        CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518
                        CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 
-----------------------------------------------------------------

The container suse/sles/15.2/virt-launcher was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1989-1
Released:    Tue Jul 21 17:58:58 2020
Summary:     Recommended update to SLES-releases
Type:        recommended
Severity:    important
References:  1173582
This update of SLES-release provides the following fix:
- Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3049-1
Released:    Tue Oct 27 16:08:27 2020
Summary:     Security update for xen
Type:        security
Severity:    important
References:  1177409,1177412,1177413,1177414,CVE-2020-27670,CVE-2020-27671,CVE-2020-27672,CVE-2020-27673
This update for xen fixes the following issues:

- bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286)
- bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345)
- bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346)
- bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3070-1
Released:    Wed Oct 28 11:47:28 2020
Summary:     Security update for spice
Type:        security
Severity:    moderate
References:  1177158,CVE-2020-14355
This update for spice fixes the following issues:

- CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC image decoding (bsc#1177158).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3138-1
Released:    Tue Nov  3 12:14:03 2020
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1104902,1154935,1165502,1167471,1173422,1176513,1176800
This update for systemd fixes the following issues:

- seccomp: shm{get,at,dt} now have their own numbers everywhere (bsc#1173422)
- test-seccomp: log function names
- test-seccomp: add log messages when skipping tests
- basic/virt: Detect PowerVM hypervisor (bsc#1176800)
- fs-util: suppress world-writable warnings if we read /dev/null
- udevadm: rename option '--log-priority' into '--log-level'
- udev: rename kernel option 'log_priority' into 'log_level'
- fstab-generator: add 'nofail' when  NFS 'bg' option is used (bsc#1176513)
- Fix memory protection default (bsc#1167471) 
- cgroup: Support 0-value for memory protection directives and accepts MemorySwapMax=0 (bsc#1154935)
- Improve latency and reliability when users log in/out (bsc#1104902, bsc#1165502)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3264-1
Released:    Tue Nov 10 09:50:29 2020
Summary:     Security update for zeromq
Type:        security
Severity:    moderate
References:  1176116,1176256,1176257,1176258,1176259,CVE-2020-15166
This update for zeromq fixes the following issues:

- CVE-2020-15166: Fixed the possibility of unauthenticated clients causing a denial-of-service (bsc#1176116).
- Fixed a heap overflow when receiving malformed ZMTP v1 packets (bsc#1176256)
- Fixed a memory leak in client induced by malicious server(s) without CURVE/ZAP (bsc#1176257)
- Fixed memory leak when processing PUB messages with metadata (bsc#1176259)
- Fixed a stack overflow in PUB/XPUB subscription store (bsc#1176258)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3290-1
Released:    Wed Nov 11 12:25:32 2020
Summary:     Recommended update for findutils
Type:        recommended
Severity:    moderate
References:  1174232
This update for findutils fixes the following issues:

- Do not unconditionally use leaf optimization for NFS. (bsc#1174232)
  NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3307-1
Released:    Thu Nov 12 14:17:55 2020
Summary:     Recommended update for rdma-core
Type:        recommended
Severity:    moderate
References:  1177699
This update for rdma-core fixes the following issue:

- Move rxe_cfg to libibverbs-utils. (bsc#1177699)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3313-1
Released:    Thu Nov 12 16:07:37 2020
Summary:     Security update for openldap2
Type:        security
Severity:    important
References:  1178387,CVE-2020-25692
This update for openldap2 fixes the following issues:

- CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3377-1
Released:    Thu Nov 19 09:29:32 2020
Summary:     Security update for krb5
Type:        security
Severity:    moderate
References:  1178512,CVE-2020-28196
This update for krb5 fixes the following security issue:

- CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3381-1
Released:    Thu Nov 19 10:53:38 2020
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1177458,1177490,1177510
This update for systemd fixes the following issues:

- build-sys: optionally disable support of journal over the network (bsc#1177458)
- ask-password: prevent buffer overflow when reading from keyring (bsc#1177510)
- mount: don't propagate errors from mount_setup_unit() further up
- Rely on the new build option --disable-remote for journal_remote
  This allows to drop the workaround that consisted in cleaning journal-upload files and
  {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled.
- Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package 
- Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458)
  These files were incorrectly packaged in the main package when systemd-journal_remote was disabled.
- Make use of %{_unitdir} and %{_sysusersdir}
- Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3382-1
Released:    Thu Nov 19 11:03:01 2020
Summary:     Recommended update for dmidecode
Type:        recommended
Severity:    moderate
References:  1174257
This update for dmidecode fixes the following issues:

- Add partial support for SMBIOS 3.4.0. (bsc#1174257)
- Skip details of uninstalled memory modules. (bsc#1174257)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3412-1
Released:    Thu Nov 19 12:44:57 2020
Summary:     Security update for xen
Type:        security
Severity:    important
References:  1027519,1177950,1178591,CVE-2020-28368
This update for xen fixes the following issues:

Security issue fixed:

- CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591).

Non-security issues fixed:

- Updated to Xen 4.13.2 bug fix release (bsc#1027519).
- Fixed a panic during MSI cleanup on AMD hardware (bsc#1027519).
- Adjusted help for --max_iters, default is 5 (bsc#1177950).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3420-1
Released:    Thu Nov 19 13:40:55 2020
Summary:     Recommended update for multipath-tools
Type:        recommended
Severity:    moderate
References:  1162896,1178354
This update for multipath-tools fixes the following issues:

- Avoid reading files extensions other than '.conf' from config dir. (bsc#1162896)
- Fix wrong usage of '%service_del_preun -n' macro in spec file. (bsc#1178354)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3462-1
Released:    Fri Nov 20 13:14:35 2020
Summary:     Recommended update for pam and sudo
Type:        recommended
Severity:    moderate
References:  1174593,1177858,1178727
This update for pam and sudo fixes the following issue:

pam:

- pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
- Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
- Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)

sudo:

- Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3468-1
Released:    Fri Nov 20 15:11:00 2020
Summary:     Recommended update for brltty
Type:        recommended
Severity:    moderate
References:  1177656
This update for brltty fixes the following issues:

- Add coreutils and util-linux to post requires to fix package installation. (bsc#1177656)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3473-1
Released:    Fri Nov 20 19:08:33 2020
Summary:     Security update for ceph
Type:        security
Severity:    moderate
References:  1163764,1170200,1170498,1173079,1174466,1174529,1174644,1175120,1175161,1175169,1176451,1176499,1176638,1177078,1177151,1177319,1177344,1177450,1177643,1177676,1177843,1177933,1178073,1178531,CVE-2020-25660
This update for ceph fixes the following issues:

- CVE-2020-25660: Bring back CEPHX_V2 authorizer challenges (bsc#1177843).
- Added --container-init feature (bsc#1177319, bsc#1163764)
- Made journald as the logdriver again (bsc#1177933)
- Fixes a condition check for copy_tree, copy_files, and move_files in cephadm (bsc#1177676)
- Fixed a bug where device_health_metrics pool gets created even without any OSDs in the cluster (bsc#1173079)
- Log cephadm output /var/log/ceph/cephadm.log (bsc#1174644)
- Fixed a bug where the orchestrator didn't come up anymore after the deletion of OSDs (bsc#1176499)
- Fixed a bug where cephadm fails to deploy all OSDs and gets stuck (bsc#1177450)
- python-common will no longer skip unavailable disks (bsc#1177151)
- Added snap-schedule module (jsc#SES-704)
- Updated the SES7 downstream branding (bsc#1175120, bsc#1175161, bsc#1175169, bsc#1170498)

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2020:3481-1
Released:    Mon Nov 23 11:17:09 2020
Summary:     Optional update for vim
Type:        optional
Severity:    low
References:  1166602,1173256,1174564,1176549
This update for vim doesn't fix any user visible issues and it is optional to install.

- Introduce vim-small package with reduced requirements for small installations (bsc#1166602).
- Stop owning /etc/vimrc so the old, distro provided config actually gets removed. 
- Own some dirs in vim-data-common so installation of vim-small doesn't leave not owned directories. (bsc#1173256)
- Add vi as slave to update-alternatives so that every package has a matching 'vi' symlink. (bsc#1174564, bsc#1176549)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3551-1
Released:    Fri Nov 27 14:54:37 2020
Summary:     Security update for libssh2_org
Type:        security
Severity:    moderate
References:  1130103,1178083,CVE-2019-17498,CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863
This update for libssh2_org fixes the following issues:

- Version update to 1.9.0: [bsc#1178083, jsc#SLE-16922]
   Enhancements and bugfixes:
    * adds ECDSA keys and host key support when using OpenSSL
    * adds ED25519 key and host key support when using OpenSSL 1.1.1
    * adds OpenSSH style key file reading
    * adds AES CTR mode support when using WinCNG
    * adds PEM passphrase protected file support for Libgcrypt and WinCNG
    * adds SHA256 hostkey fingerprint
    * adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
    * adds explicit zeroing of sensitive data in memory
    * adds additional bounds checks to network buffer reads
    * adds the ability to use the server default permissions when creating sftp directories
    * adds support for building with OpenSSL no engine flag
    * adds support for building with LibreSSL
    * increased sftp packet size to 256k
    * fixed oversized packet handling in sftp
    * fixed building with OpenSSL 1.1
    * fixed a possible crash if sftp stat gets an unexpected response
    * fixed incorrect parsing of the KEX preference string value
    * fixed conditional RSA and AES-CTR support
    * fixed a small memory leak during the key exchange process
    * fixed a possible memory leak of the ssh banner string
    * fixed various small memory leaks in the backends
    * fixed possible out of bounds read when parsing public keys from the server
    * fixed possible out of bounds read when parsing invalid PEM files
    * no longer null terminates the scp remote exec command
    * now handle errors when diffie hellman key pair generation fails
    * improved building instructions
    * improved unit tests

- Version update to 1.8.2: [bsc#1130103]
   Bug fixes:
    * Fixed the misapplied userauth patch that broke 1.8.1
    * moved the MAX size declarations from the public header
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3581-1
Released:    Tue Dec  1 14:40:22 2020
Summary:     Recommended update for libusb-1_0
Type:        recommended
Severity:    moderate
References:  1178376
This update for libusb-1_0 fixes the following issues:

- Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3593-1
Released:    Wed Dec  2 10:33:49 2020
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1176262,1179193,CVE-2019-20916
This update for python3 fixes the following issues:

Update to 3.6.12 (bsc#1179193), including:

- Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3615-1
Released:    Thu Dec  3 10:02:02 2020
Summary:     Security update for xen
Type:        security
Severity:    important
References:  1177409,1177412,1177413,1177414,1178591,1178963,CVE-2020-27670,CVE-2020-27671,CVE-2020-27672,CVE-2020-27674,CVE-2020-28368
This update for xen fixes the following issues:

- bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) 

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3620-1
Released:    Thu Dec  3 17:03:55 2020
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  
This update for pam fixes the following issues:

- Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720)
  - Check whether the password contains a substring of of the user's name of at least `<N>` characters length in 
  some form. This is enabled by the new parameter `usersubstr=<N>`

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3626-1
Released:    Fri Dec  4 13:51:46 2020
Summary:     Recommended update for audit
Type:        recommended
Severity:    moderate
References:  1179515
This update for audit fixes the following issues:

- Enable Aarch64 processor support. (bsc#1179515) 

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3703-1
Released:    Mon Dec  7 20:17:32 2020
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1179431
This update for aaa_base fixes the following issue:

- Avoid semicolon within (t)csh login script on S/390. (bsc#1179431)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3721-1
Released:    Wed Dec  9 13:36:46 2020
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1179491,CVE-2020-1971
This update for openssl-1_1 fixes the following issues:
	  
- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3735-1
Released:    Wed Dec  9 18:19:24 2020
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286
This update for curl fixes the following issues:

- CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). 
- CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399).
- CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398).	  

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3741-1
Released:    Thu Dec 10 09:32:43 2020
Summary:     Recommended update for ceph
Type:        recommended
Severity:    moderate
References:  1179452,1179526
This update for ceph fixes the following issues:
  
- Fixed an issue when reading a large 'RGW' object takes too long and can cause data loss. (bsc#1179526)
- Fixed a build issue caused by missing nautilus module named 'six'. (bsc#1179452)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3773-1
Released:    Mon Dec 14 11:12:18 2020
Summary:     Recommended update for cdrtools and schily-libs
Type:        recommended
Severity:    moderate
References:  1178692
This update for cdrtools and schily-libs fixes the following issues:

cdrtools:
- Initialize memory that created the partition table instead of writing random bytes to it. (bsc#1178692)

schily-libs:
- Initialize memory that created the partition table instead of writing random bytes to it. (bsc#1178692)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3791-1
Released:    Mon Dec 14 17:39:19 2020
Summary:     Recommended update for gzip
Type:        recommended
Severity:    moderate
References:  
This update for gzip fixes the following issue:

- Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775)
  
  Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3809-1
Released:    Tue Dec 15 13:46:05 2020
Summary:     Recommended update for glib2
Type:        recommended
Severity:    moderate
References:  1178346
This update for glib2 fixes the following issues:

Update from version 2.62.5 to version 2.62.6:

- Support for slim format of timezone. (bsc#1178346)
- Fix DST incorrect end day when using slim format. (bsc#1178346)
- Fix SOCKS5 username/password authentication.
- Updated translations.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3853-1
Released:    Wed Dec 16 12:27:27 2020
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1084671,1169006,1174942,1175514,1175623,1178554,1178825
This update for util-linux fixes the following issue:

- Do not trigger the automatic close of CDROM. (bsc#1084671)
- Try to automatically configure broken serial lines. (bsc#1175514)
- Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514)
- Build with `libudev` support to support non-root users. (bsc#1169006)
- Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
- Fix warning on mounts to `CIFS` with mount –a. (bsc#1174942)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3884-1
Released:    Fri Dec 18 16:47:58 2020
Summary:     Security update for ovmf
Type:        security
Severity:    moderate
References:  1177789,CVE-2019-14584
This update for ovmf fixes the following issues:

- CVE-2019-14584: Fixed a null dereference in AuthenticodeVerify() (bsc#1177789).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3895-1
Released:    Mon Dec 21 12:56:25 2020
Summary:     Security update for ceph
Type:        security
Severity:    important
References:  1178860,1179016,1179802,1180107,1180155,CVE-2020-27781
This update for ceph fixes the following issues:

Security issue fixed:

- CVE-2020-27781: Fixed a privilege escalation via the ceph_volume_client Python interface (bsc#1180155, bsc#1179802).

Non-security issues fixed:

- Update to 15.2.8-80-g1f4b6229ca:
  + Rebase on tip of upstream 'octopus' branch, SHA1 bdf3eebcd22d7d0b3dd4d5501bee5bac354d5b55
    * upstream Octopus v15.2.8 release, see https://ceph.io/releases/v15-2-8-octopus-released/

- Update to 15.2.7-776-g343cd10fe5:
  + Rebase on tip of upstream 'octopus' branch, SHA1 1b8a634fdcd94dfb3ba650793fb1b6d09af65e05
    * (bsc#1178860) mgr/dashboard: Disable TLS 1.0 and 1.1
  + (bsc#1179016) rpm: require smartmontools on SUSE
  + (bsc#1180107) ceph-volume: pass --filter-for-batch from drive-group subcommand

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3915-1
Released:    Tue Dec 22 14:16:27 2020
Summary:     Security update for xen
Type:        security
Severity:    moderate
References:  1027519,1176782,1179496,1179498,1179501,1179502,1179506,1179514,1179516,CVE-2020-29480,CVE-2020-29481,CVE-2020-29483,CVE-2020-29484,CVE-2020-29566,CVE-2020-29570,CVE-2020-29571
This update for xen fixes the following issues:

- CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115).
- CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). 
- CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325).
- CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). 
- CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348).
- CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358).
- CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359).
- Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782).
- Multiple other bugs (bsc#1027519)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3930-1
Released:    Wed Dec 23 18:19:39 2020
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492
This update for python3 fixes the following issues:

- Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support
  calls eval() on content retrieved via HTTP.
- Change setuptools and pip version numbers according to new wheels
- Handful of changes to make python36 compatible with SLE15 and SLE12
  (jsc#ECO-2799, jsc#SLE-13738)
- add triplets for mips-r6 and riscv
- RISC-V needs CTYPES_PASS_BY_REF_HACK

Update to 3.6.12 (bsc#1179193)

* Ensure python3.dll is loaded from correct locations when Python is embedded
* The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface 
  incorrectly generated constant hash values of 32 and 128 respectively. This 
  resulted in always causing hash collisions. The fix uses hash() to generate 
  hash values for the tuple of (address, mask length, network address).
* Prevent http header injection by rejecting control characters in 
  http.client.putrequest(…).
* Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now 
  UnpicklingError instead of crashing.
* Avoid infinite loop when reading specially crafted TAR files using the tarfile 
  module

- This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091).

Update to 3.6.11:

- Disallow CR or LF in email.headerregistry. Address
  arguments to guard against header injection attacks.
- Disallow control characters in hostnames in http.client, addressing
  CVE-2019-18348. Such potentially malicious header injection URLs now
  cause a InvalidURL to be raised. (bsc#1155094)
- CVE-2020-8492: The AbstractBasicAuthHandler class
  of the urllib.request module uses an inefficient regular
  expression which can be exploited by an attacker to cause
  a denial of service. Fix the regex to prevent the
  catastrophic backtracking. Vulnerability reported by Ben
  Caller and Matt Schwager.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3942-1
Released:    Tue Dec 29 12:22:01 2020
Summary:     Recommended update for libidn2
Type:        recommended
Severity:    moderate
References:  1180138
This update for libidn2 fixes the following issues:

- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
  adjusted the RPM license tags (bsc#1180138)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3943-1
Released:    Tue Dec 29 12:24:45 2020
Summary:     Recommended update for libxml2
Type:        recommended
Severity:    moderate
References:  1178823
This update for libxml2 fixes the following issues:

Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823)
* key/unique/keyref schema attributes currently use quadratic loops
  to check their various constraints (that keys are unique and that
  keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3946-1
Released:    Tue Dec 29 17:39:54 2020
Summary:     Recommended update for python3
Type:        recommended
Severity:    important
References:  1180377
This update for python3 fixes the following issues:

- A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3,
  which caused regressions in several applications. (bsc#1180377)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:6-1
Released:    Mon Jan  4 07:05:06 2021
Summary:     Recommended update for libdlm
Type:        recommended
Severity:    moderate
References:  1098449,1144793,1168771,1177533,1177658
This update for libdlm fixes the following issues:

- Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449)
- Add support for type 'uint64_t' to corosync ringid. (bsc#1168771)
- Include some fixes/enhancements for dlm_controld. (bsc#1144793)
- Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:10-1
Released:    Mon Jan  4 10:01:52 2021
Summary:     Recommended update for dmidecode
Type:        recommended
Severity:    moderate
References:  1174257
This update for dmidecode fixes the following issue:

- Two missing commas in the data arrays cause 'OUT OF SPEC' messages during the index resolution. (bnc#1174257)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:127-1
Released:    Thu Jan 14 10:30:23 2021
Summary:     Security update for open-iscsi
Type:        security
Severity:    important
References:  1179440,1179908
This update for open-iscsi fixes the following issues:

- Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc#1179908,
  including:
  * uip: check for TCP urgent pointer past end of frame
  * uip: check for u8 overflow when processing TCP options
  * uip: check for header length underflow during checksum calculation
  * fwparam_ppc: Fix memory leak in fwparam_ppc.c
  * iscsiuio: Remove unused macro IFNAMSIZ defined in iscsid_ipc.c
  * fwparam_ppc: Fix illegal memory access in fwparam_ppc.c
  * sysfs: Verify parameter of sysfs_device_get()
  * fwparam_ppc: Fix NULL pointer dereference in find_devtree()
  * open-iscsi: Clean user_param list when process exit
  * iscsi_net_util: Fix NULL pointer dereference in find_vlan_dev()
  * open-iscsi: Fix NULL pointer dereference in mgmt_ipc_read_req()
  * open-iscsi: Fix invalid pointer deference in find_initiator()
  * iscsiuio: Fix invalid parameter when call fstat()
  * iscsi-iname: Verify open() return value before calling read()
  * iscsi_sysfs: Fix NULL pointer deference in iscsi_sysfs_read_iface

- Updatged to latest upstream, including:
  * iscsiadm: Optimize the the verification of mode paramters
  * iscsid: Poll timeout value to 1 minute for iscsid
  * iscsiadm: fix host stats mode coredump
  * iscsid: fix logging level when starting and shutting down daemon
  * Updated iscsiadm man page.
  * Fix memory leak in sysfs_get_str
  * libopeniscsiusr: Compare with max int instead of max long

- Systemd unit files should not depend on network.target (bsc#1179440).

- Updated to latest upstream, including async login ability:
 * Implement login 'no_wait' for iscsiadm NODE mode
 * iscsiadm buffer overflow regression when discovering many targets at once
 * iscsid: Check Invalid Session id for stop connection
 * Add ability to attempt target logins asynchronously

- %service_del_postun_without_restart is now available on SLE
  More accurately it's been introduced in SLE12-SP2+ and SLE15+

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:129-1
Released:    Thu Jan 14 12:26:15 2021
Summary:     Security update for openldap2
Type:        security
Severity:    moderate
References:  1178909,1179503,CVE-2020-25709,CVE-2020-25710
This update for openldap2 fixes the following issues:

Security issues fixed:

- CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
- CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909).

Non-security issue fixed:

- Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:152-1
Released:    Fri Jan 15 17:04:47 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1179691,1179738
This update for lvm2 fixes the following issues:

- Fix for lvm2 to use udev as external device by default. (bsc#1179691)
- Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:163-1
Released:    Tue Jan 19 12:11:10 2021
Summary:     Security update for dnsmasq
Type:        security
Severity:    important
References:  1176076,1177077,CVE-2020-25681,CVE-2020-25682,CVE-2020-25683,CVE-2020-25684,CVE-2020-25685,CVE-2020-25686,CVE-2020-25687
This update for dnsmasq fixes the following issues:

- bsc#1177077: Fixed DNSpooq vulnerabilities
- CVE-2020-25684, CVE-2020-25685, CVE-2020-25686:
  Fixed multiple Cache Poisoning attacks.
- CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687:
  Fixed multiple potential Heap-based overflows when DNSSEC is
  enabled.

- Retry query to other servers on receipt of SERVFAIL rcode
  (bsc#1176076)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:174-1
Released:    Wed Jan 20 07:55:23 2021
Summary:     Recommended update for gnutls
Type:        recommended
Severity:    moderate
References:  1172695
This update for gnutls fixes the following issue:

- Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:197-1
Released:    Fri Jan 22 15:17:42 2021
Summary:     Security update for permissions
Type:        security
Severity:    moderate
References:  1171883,CVE-2020-8025
This update for permissions fixes the following issues:

- Update to version 20181224:
  * pcp: remove no longer needed / conflicting entries
         (bsc#1171883, CVE-2020-8025)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:220-1
Released:    Tue Jan 26 14:00:51 2021
Summary:     Recommended update for keyutils
Type:        recommended
Severity:    moderate
References:  1180603
This update for keyutils fixes the following issues:

- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:233-1
Released:    Wed Jan 27 12:15:33 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1141597,1174436,1175458,1177490,1179363,1179824,1180225
This update for systemd fixes the following issues:

- Added a timestamp to the output of the busctl monitor command (bsc#1180225)
- Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824)
- Improved the caching of cgroups member mask (bsc#1175458)
- Fixed the dependency definition of sound.target (bsc#1179363)
- Fixed a bug that could lead to a potential error, when daemon-reload is called between
  StartTransientUnit and scope_start() (bsc#1174436)
- time-util: treat /etc/localtime missing as UTC (bsc#1141597)
- Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:265-1
Released:    Mon Feb  1 15:06:45 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1178775,1180885
This update for systemd fixes the following issues:

- Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998))
- Fix for an issue when container start causes interference in other containers. (bsc#1178775)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:278-1
Released:    Tue Feb  2 09:43:08 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1181319
This update for lvm2 fixes the following issues:

- Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:293-1
Released:    Wed Feb  3 12:52:34 2021
Summary:     Recommended update for gmp
Type:        recommended
Severity:    moderate
References:  1180603
This update for gmp fixes the following issues:

- correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:302-1
Released:    Thu Feb  4 13:18:35 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    important
References:  1179691
This update for lvm2 fixes the following issues:

- lvm2 will no longer use external_device_info_source='udev' as default because it introduced a
  regression (bsc#1179691).

  If this behavior is still wanted, please change this manually in the lvm.conf

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:339-1
Released:    Mon Feb  8 13:16:07 2021
Summary:     Optional update for pam
Type:        optional
Severity:    low
References:  
This update for pam fixes the following issues:

- Added rpm macros for this package, so that other packages can make use of it

This patch is optional to be installed - it doesn't fix any bugs.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:419-1
Released:    Wed Feb 10 12:03:33 2021
Summary:     Recommended update for open-iscsi
Type:        recommended
Severity:    moderate
References:  1181313
This update for open-iscsi fixes the following issues:

- Fixes a segfault when exiting from iscsiadm (bsc#1181313)
- Fix for several memory leaks in iscsiadm
- Fix for a crash when function iscsi_rec_update_param() is invoked

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:521-1
Released:    Fri Feb 19 11:00:33 2021
Summary:     Security update for qemu
Type:        security
Severity:    important
References:  1178049,1178565,1179717,1179719,1180523,1181639,1181933,1182137,CVE-2020-11947,CVE-2021-20181,CVE-2021-20203,CVE-2021-20221
This update for qemu fixes the following issues:

- Fixed potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137)
- Fixed out-of-bound access in iscsi (CVE-2020-11947 bsc#1180523)
- Fixed out-of-bound access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639)
- Fixed out-of-bound access in ARM interrupt handling (CVE-2021-20221 bsc#1181933)
- Fixed vfio-pci device on s390 enters error state (bsc#1179717 bsc#1179719)
- Fixed 'Failed to try-restart qemu-ga at .service' error while updating the
  qemu-guest-agent. (bsc#1178565)
- Apply fixes to qemu scsi passthrough with respect to timeout and
  error conditions, including using more correct status codes. Add
  more qemu tracing which helped track down these issues
  (bsc#1178049)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:529-1
Released:    Fri Feb 19 14:53:47 2021
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1176262,1179756,1180686,1181126,CVE-2019-20916,CVE-2021-3177
This update for python3 fixes the following issues:

- CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126).
- Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:653-1
Released:    Fri Feb 26 19:53:43 2021
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326
This update for glibc fixes the following issues:

- Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973)
- x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649)
- gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256)
- iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224)
- iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923)
- Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:723-1
Released:    Mon Mar  8 16:45:27 2021
Summary:     Security update for openldap2
Type:        security
Severity:    important
References:  1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212
This update for openldap2 fixes the following issues:

- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the
  X.509 DN parsing in decode.c ber_next_element, resulting in denial
  of service.
- bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN
  parsing in ad_keystring, resulting in denial of service.
- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash
  in the Certificate List Exact Assertion processing, resulting in
  denial of service.
- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the
  cancel_extop Cancel operation, resulting in denial of service.
- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the
  saslAuthzTo processing, resulting in denial of service.
- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash
  in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd
  crash in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the
  saslAuthzTo validation, resulting in denial of service.
- bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact
  Assertion processing, resulting in denial of service (schema_init.c
  serialNumberAndIssuerCheck).
- bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter
  control handling, resulting in denial of service (double free and
  out-of-bounds read).
- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur
    in the issuerAndThisUpdateCheck function via a crafted packet,
    resulting in a denial of service (daemon exit) via a short timestamp.
    This is related to schema_init.c and checkTime.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:754-1
Released:    Tue Mar  9 17:10:49 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841
This update for openssl-1_1 fixes the following issues:

- CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)
- CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)
- Fixed unresolved error codes in FIPS (bsc#1182959).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:761-1
Released:    Wed Mar 10 12:26:54 2021
Summary:     Recommended update for libX11
Type:        recommended
Severity:    moderate
References:  1181963
This update for libX11 fixes the following issues:

	  - Fixes a race condition in 'libX11' that causes various applications to crash randomly. (bsc#1181963)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:778-1
Released:    Fri Mar 12 17:42:25 2021
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1182328,1182362,CVE-2021-27218,CVE-2021-27219
This update for glib2 fixes the following issues:

- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if
  the length is larger than guint. (bsc#1182328)
- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:786-1
Released:    Mon Mar 15 11:19:23 2021
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1176201
This update for zlib fixes the following issues:

- Fixed hw compression on z15 (bsc#1176201)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:924-1
Released:    Tue Mar 23 10:00:49 2021
Summary:     Recommended update for filesystem
Type:        recommended
Severity:    moderate
References:  1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094
This update for filesystem the following issues:

- Remove duplicate line due to merge error
- Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) 
- Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
- Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
- Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)

This update for systemd fixes the following issues:

- Fix for a possible memory leak. (bsc#1180020)
- Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
- Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
- Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
- Don't use shell redirections when calling a rpm macro. (bsc#1183094)
- 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:926-1
Released:    Tue Mar 23 13:20:24 2021
Summary:     Recommended update for systemd-presets-common-SUSE
Type:        recommended
Severity:    moderate
References:  1083473,1112500,1115408,1165780,1183012
This update for systemd-presets-common-SUSE fixes the following issues:

- Add default user preset containing:
  - enable `pulseaudio.socket` (bsc#1083473)
  - enable `pipewire.socket` (bsc#1183012)
  - enable `pipewire-pulse.socket` (bsc#1183012)
  - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23)
- Changes to the default preset:
  - enable `btrfsmaintenance-refresh.path`.
  - disable `btrfsmaintenance-refresh.service`.
  - enable `dnf-makecache.timer`.
  - enable `ignition-firstboot-complete.service`.
  - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500)
  - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408)
  - remove enable `updatedb.timer` 
- Avoid needless refresh on boot. (bsc#1165780)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:930-1
Released:    Wed Mar 24 12:09:23 2021
Summary:     Security update for nghttp2
Type:        security
Severity:    important
References:  1172442,1181358,CVE-2020-11080
This update for nghttp2 fixes the following issues:

- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:935-1
Released:    Wed Mar 24 12:19:10 2021
Summary:     Security update for gnutls
Type:        security
Severity:    important
References:  1183456,1183457,CVE-2021-20231,CVE-2021-20232
This update for gnutls fixes the following issues:

- CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456).
- CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:947-1
Released:    Wed Mar 24 14:30:58 2021
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1182379,CVE-2021-23336
This update for python3 fixes the following issues:

- python36 was updated to 3.6.13
- CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:948-1
Released:    Wed Mar 24 14:31:34 2021
Summary:     Security update for zstd
Type:        security
Severity:    moderate
References:  1183370,1183371,CVE-2021-24031,CVE-2021-24032
This update for zstd fixes the following issues:

- CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371).
- CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:952-1
Released:    Thu Mar 25 14:36:56 2021
Summary:     Recommended update for libunwind
Type:        recommended
Severity:    moderate
References:  1160876,1171549
This update for libunwind fixes the following issues:

- Update to version 1.5.0. (jsc#ECO-3395)
- Enable s390x for building. (jsc#ECO-3395)
- Fix compilation with 'fno-common'. (bsc#1171549)
- Fix build with 'GCC-10'. (bsc#1160876)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:955-1
Released:    Thu Mar 25 16:11:48 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1183852,CVE-2021-3449
This update for openssl-1_1 fixes the security issue:

* CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted
  renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation
  ClientHello omits the signature_algorithms extension but includes a
  signature_algorithms_cert extension, then a NULL pointer dereference will
  result, leading to a crash and a denial of service attack. OpenSSL TLS
  clients are not impacted by this issue. [bsc#1183852]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:972-1
Released:    Mon Mar 29 19:31:03 2021
Summary:     Security update for ovmf
Type:        security
Severity:    moderate
References:  1183578,1183579,CVE-2021-28210,CVE-2021-28211
This update for ovmf fixes the following issues:

- CVE-2021-28211: ovmf: edk2: possible heap corruption with LzmaUefiDecompressGetInfo (bsc#1183578)
- CVE-2021-28210: ovmf: unlimited FV recursion, round 2 (bsc#1183579)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:991-1
Released:    Wed Mar 31 13:28:37 2021
Summary:     Recommended update for vim
Type:        recommended
Severity:    moderate
References:  1182324
This update for vim provides the following fixes:

- Install SUSE vimrc in /usr. (bsc#1182324)
- Source correct suse.vimrc file. (bsc#1182324)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1004-1
Released:    Thu Apr  1 15:07:09 2021
Summary:     Recommended update for libcap
Type:        recommended
Severity:    moderate
References:  1180073
This update for libcap fixes the following issues:

- Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460)
- Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1006-1
Released:    Thu Apr  1 17:44:57 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1183933,1183934,CVE-2021-22876,CVE-2021-22890
This update for curl fixes the following issues:

- CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934)
- CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1018-1
Released:    Tue Apr  6 14:29:13 2021
Summary:     Recommended update for gzip
Type:        recommended
Severity:    moderate
References:  1180713
This update for gzip fixes the following issues:

- Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1028-1
Released:    Tue Apr  6 17:54:37 2021
Summary:     Security update for xen
Type:        security
Severity:    important
References:  1027519,1177204,1179148,1180690,1181254,1181989,1182576,1183072,CVE-2021-28687,CVE-2021-3308
This update for xen fixes the following issues:

- CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 (bsc#1181254, XSA-360)
- CVE-2021-28687: HVM soft-reset crashes toolstack (bsc#1183072, XSA-368)
- L3: conring size for XEN HV's with huge memory to small. Inital Xen logs cut (bsc#1177204)
- L3: XEN domU crashed on resume when using the xl unpause command (bsc#1182576)
- L3: xen: no needsreboot flag set (bsc#1180690)
- kdump of HVM fails, soft-reset not handled by libxl (bsc#1179148)
- openQA job causes libvirtd to dump core when running kdump inside domain (bsc#1181989)
- Upstream bug fixes (bsc#1027519)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1108-1
Released:    Thu Apr  8 11:48:47 2021
Summary:     Security update for ceph
Type:        security
Severity:    moderate
References:  1172926,1176390,1176489,1176679,1176828,1177360,1177857,1178837,1178860,1178905,1178932,1179569,1179997,1182766,CVE-2020-25678,CVE-2020-27839
This update for ceph fixes the following issues:

- ceph was updated to to 15.2.9
- cephadm: fix 'inspect' and 'pull' (bsc#1182766)
- CVE-2020-27839: mgr/dashboard: Use secure cookies to store JWT Token (bsc#1179997)
- CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905)
- mgr/orchestrator: Sort 'ceph orch device ls' by host (bsc#1172926)
- mgr/dashboard: enable different URL for users of browser to Grafana (bsc#1176390, bsc#1176679)
- mgr/cephadm: lock multithreaded access to OSDRemovalQueue (bsc#1176489)
- cephadm: command_unit: call systemctl with verbose=True (bsc#1176828)
- cephadm: silence 'Failed to evict container' log msg (bsc#1177360)
- mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails (bsc#1177857)
- rgw: cls/user: set from_index for reset stats calls (bsc#1178837)
- mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860)
- cephadm: reference the last local image by digest (bsc#1178932, bsc#1179569)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1141-1
Released:    Mon Apr 12 13:13:36 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    low
References:  1182791
This update for openldap2 fixes the following issues:

- Improved the proxy connection timeout options to prune connections properly (bsc#1182791)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1206-1
Released:    Thu Apr 15 15:15:09 2021
Summary:     Recommended update for kubevirt
Type:        recommended
Severity:    moderate
References:  1183749
This update for kubevirt fixes the following issues:

- updated kubevirt to version 0.38.1
  
  This update for provides a lot of bug fixes and smaller changes. Please refer to this
  package's rpm changelog to get a full list of all changes.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1235-1
Released:    Fri Apr 16 08:12:09 2021
Summary:     Recommended update for numactl
Type:        recommended
Severity:    moderate
References:  1133098,1181571,1183796,955334,976199
This update for numactl fixes the following issues:

- Enabled LTO (bsc#1133098)
- Dropped the dependency from perl - it was no longer in use
- Included sys/sysmacros.h to fix an issue when building this package from source (bsc#1181571, bsc#1183796)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1243-1
Released:    Fri Apr 16 14:45:04 2021
Summary:     Security update for qemu
Type:        security
Severity:    important
References:  1172385,1173612,1176673,1176682,1176684,1178174,1178400,1178934,1179466,1179467,1179468,1179686,1181108,1182425,1182577,1182968,1184064,CVE-2020-12829,CVE-2020-15469,CVE-2020-25084,CVE-2020-25624,CVE-2020-25625,CVE-2020-25723,CVE-2020-27616,CVE-2020-27617,CVE-2020-27821,CVE-2020-28916,CVE-2020-29129,CVE-2020-29130,CVE-2020-29443,CVE-2021-20257,CVE-2021-3416
This update for qemu fixes the following issues:

- CVE-2020-12829: Fix OOB access in sm501 device emulation (bsc#1172385)
- CVE-2020-25723: Fix use-after-free in usb xhci packet handling (bsc#1178934)
- CVE-2020-25084: Fix use-after-free in usb ehci packet handling (bsc#1176673)
- CVE-2020-25625: Fix infinite loop (DoS) in usb hcd-ohci emulation (bsc#1176684)
- CVE-2020-25624: Fix OOB access in usb hcd-ohci emulation (bsc#1176682)
- CVE-2020-27617: Fix guest triggerable assert in shared network handling code (bsc#1178174)
- CVE-2020-28916: Fix infinite loop (DoS) in e1000e device emulation (bsc#1179468)
- CVE-2020-29443: Fix OOB access in atapi emulation (bsc#1181108)
- CVE-2020-27821: Fix heap overflow in MSIx emulation (bsc#1179686)
- CVE-2020-15469: Fix null pointer deref. (DoS) in mmio ops (bsc#1173612)
- CVE-2021-20257: Fix infinite loop (DoS) in e1000 device emulation (bsc#1182577)
- CVE-2021-3416:  Fix OOB access (stack overflow) in rtl8139 NIC emulation (bsc#1182968)
- CVE-2021-3416:  Fix OOB access (stack overflow) in other NIC emulations (bsc#1182968)
- CVE-2020-27616: Fix OOB access in ati-vga emulation (bsc#1178400)
- CVE-2020-29129: Fix OOB access in SLIRP ARP/NCSI packet processing (bsc#1179466, CVE-2020-29130, bsc#1179467)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Add split-provides through forsplits/13 to cover updates of SLE15-SP2 to SLE15-SP3, and openSUSE equivalents (bsc#1184064)
- Added a few more usability improvements for our git packaging workflow

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1286-1
Released:    Tue Apr 20 20:10:21 2021
Summary:     Recommended update for SLES-release
Type:        recommended
Severity:    moderate
References:  1180836
This recommended update for SLES-release provides the following fix:

- Revert the problematic changes previously released and make sure the version is high
  enough to obsolete the package on containers and images. (bsc#1180836)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1289-1
Released:    Wed Apr 21 14:02:46 2021
Summary:     Recommended update for gzip
Type:        recommended
Severity:    moderate
References:  1177047
This update for gzip fixes the following issues:

- Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1295-1
Released:    Wed Apr 21 14:08:19 2021
Summary:     Recommended update for systemd-presets-common-SUSE
Type:        recommended
Severity:    moderate
References:  1184136
This update for systemd-presets-common-SUSE fixes the following issues:

- Enabled hcn-init.service for HNV on POWER (bsc#1184136)

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1296-1
Released:    Wed Apr 21 14:09:28 2021
Summary:     Optional update for e2fsprogs
Type:        optional
Severity:    low
References:  1183791
This update for e2fsprogs fixes the following issues:

- Fixed an issue when building e2fsprogs (bsc#1183791)

This patch does not fix any user visible issues and is therefore optional to install.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1297-1
Released:    Wed Apr 21 14:10:10 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1178219
This update for systemd fixes the following issues:

- Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot
  be stopped properly and would leave mount points mounted.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1407-1
Released:    Wed Apr 28 15:49:02 2021
Summary:     Recommended update for libcap
Type:        recommended
Severity:    important
References:  1184690
This update for libcap fixes the following issues:

- Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1412-1
Released:    Wed Apr 28 17:09:28 2021
Summary:     Security update for libnettle
Type:        security
Severity:    important
References:  1184401,CVE-2021-20305
This update for libnettle fixes the following issues:

- CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1449-1
Released:    Fri Apr 30 08:08:25 2021
Summary:     Recommended update for systemd-presets-branding-SLE
Type:        recommended
Severity:    moderate
References:  1165780
This update for systemd-presets-branding-SLE fixes the following issues:

- Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1466-1
Released:    Tue May  4 08:30:57 2021
Summary:     Security update for permissions
Type:        security
Severity:    important
References:  1182899
This update for permissions fixes the following issues:

- etc/permissions: remove unnecessary entries (bsc#1182899)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1474-1
Released:    Tue May  4 08:59:01 2021
Summary:     Security update for ceph
Type:        security
Severity:    important
References:  1183074,1183899,1184231,CVE-2021-20288
This update for ceph fixes the following issues:

- ceph was updated to 15.2.11-83-g8a15f484c2:
  * CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074).
  * disk gets replaced with no rocksdb/wal (bsc#1184231).
  * BlueStore handles huge(>4GB) writes from RocksDB 
    to BlueFS poorly, potentially causing data corruption (bsc#1183899).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1479-1
Released:    Tue May  4 14:11:33 2021
Summary:     Recommended update for ebtables
Type:        recommended
Severity:    important
References:  1182824
This update for ebtables fixes the following issue:

- Lock properly when on `NFS` shares and the `--concurrent` flag is used in a non standard order. (bsc#1182824)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1481-1
Released:    Tue May  4 14:18:32 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1178680
This update for lvm2 fixes the following issues:

- Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1517-1
Released:    Wed May  5 17:43:54 2021
Summary:     Recommended update for open-iscsi
Type:        recommended
Severity:    moderate
References:  1179908,1183421,CVE-2020-13987,CVE-2020-13988,CVE-2020-17437,CVE-2020-17438
This update for open-iscsi fixes the following issues:

- Enabled asynchronous logins for iscsi.service (bsc#1183421)
- Fixed a login issue when target is delayed

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1523-1
Released:    Wed May  5 18:24:20 2021
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518
This update for libxml2 fixes the following issues:

- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1527-1
Released:    Thu May  6 08:58:53 2021
Summary:     Recommended update for bash
Type:        recommended
Severity:    important
References:  1183064
This update for bash fixes the following issues:

- Fixed a segmentation fault that used to occur when bash read a history file
  that was malformed in a very specific way. (bsc#1183064)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1528-1
Released:    Thu May  6 15:31:23 2021
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1161276
This update for openssl-1_1 fixes the following issues:

- Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1543-1
Released:    Fri May  7 15:16:32 2021
Summary:     Recommended update for patterns-microos
Type:        recommended
Severity:    moderate
References:  1184435
This update for patterns-microos provides the following fix:

- Require the libvirt-daemon-qemu package and include the needed dependencies in the
  product. (bsc#1184435)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1557-1
Released:    Tue May 11 09:50:00 2021
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1183374,CVE-2021-3426
This update for python3 fixes the following issues:

- CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1565-1
Released:    Tue May 11 14:20:04 2021
Summary:     Recommended update for krb5
Type:        recommended
Severity:    moderate
References:  1185163
This update for krb5 fixes the following issues:

- Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163);

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1582-1
Released:    Wed May 12 13:40:03 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1184687,1185190
This update for lvm2 fixes the following issues:

- Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190)
- Fixed and issue when LVM can't be disabled on boot. (bsc#1184687)
- Update patch for avoiding apply warning messages. (bsc#1012973)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1589-1
Released:    Wed May 12 13:45:15 2021
Summary:     Recommended update for numactl
Type:        recommended
Severity:    low
References:  
This update for numactl fixes the following issues:

- Added bug fixes to enable support for 32 bit systems (jsc#SLE-17217) 

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1592-1
Released:    Wed May 12 13:47:41 2021
Summary:     Optional update for sed
Type:        optional
Severity:    low
References:  1183797
This update for sed fixes the following issues:

- Fixed a building issue with glibc-2.31 (bsc#1183797).

This patch is optional to install.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1598-1
Released:    Thu May 13 13:14:33 2021
Summary:     Security update for dtc
Type:        security
Severity:    low
References:  1184122
This update for dtc fixes the following issues:

-  make all packaged binaries PIE-executables (bsc#1184122).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1612-1
Released:    Fri May 14 17:09:39 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1184614
This update for openldap2 fixes the following issue:

- Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1643-1
Released:    Wed May 19 13:51:48 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1181443,1184358,1185562
This update for pam fixes the following issues:

- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to
  an attempt to resolve it as a hostname (bsc#1184358)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1647-1
Released:    Wed May 19 13:59:12 2021
Summary:     Security update for lz4
Type:        security
Severity:    important
References:  1185438,CVE-2021-3520
This update for lz4 fixes the following issues:

- CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1654-1
Released:    Wed May 19 16:43:36 2021
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537
This update for libxml2 fixes the following issues:

- CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1655-1
Released:    Wed May 19 16:44:33 2021
Summary:     Security update for fribidi
Type:        security
Severity:    important
References:  1156260,CVE-2019-18397
This update for fribidi fixes the following issues:

Security issues fixed:

- CVE-2019-18397: Avoid buffer overflow. (bsc#1156260)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1669-1
Released:    Thu May 20 11:10:44 2021
Summary:     Recommended update for nfs-utils
Type:        recommended
Severity:    moderate
References:  1181540,1181651,1183194,1185170
This update for nfs-utils fixes the following issues:

- The '/var/run' is long deprecated - switch all relevant paths to '/run'. (bsc#1185170)
- Improve logging of authentication (bsc#1181540)
- Add man page of the 'nconnect mount'. (bsc#1181651)
- Fixed an issue when HANA crashed due to inaccessible/hanging NFS mount. (bsc#1183194)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1675-1
Released:    Thu May 20 15:00:23 2021
Summary:     Recommended update for snappy
Type:        recommended
Severity:    moderate
References:  1080040,1184507
This update for snappy fixes the following issues:

Update from version 1.1.3 to 1.1.8

- Small performance improvements.
- Removed `snappy::string` alias for `std::string`.
- Improved `CMake` configuration.
- Improved packages descriptions.
- Fix RPM groups.
- Aarch64 fixes
- PPC speedups
- PIE improvements
- Fix license install. (bsc#1080040)
- Fix a 1% performance regression when snappy is used in PIE executable.
- Improve compression performance by 5%.
- Improve decompression performance by 20%.
- Use better download URL.
- Fix a build issue for tensorflow2. (bsc#1184507)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1762-1
Released:    Wed May 26 12:30:01 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1186114,CVE-2021-22898
This update for curl fixes the following issues:

- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).
- Allow partial chain verification [jsc#SLE-17956]
  * Have intermediate certificates in the trust store be treated
    as trust-anchors, in the same way as self-signed root CA
    certificates are. This allows users to verify servers using
    the intermediate cert only, instead of needing the whole chain.
  * Set FLAG_TRUSTED_FIRST unconditionally.
  * Do not check partial chains with CRL check.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1765-1
Released:    Wed May 26 12:36:38 2021
Summary:     Security update for libX11
Type:        security
Severity:    moderate
References:  1182506,CVE-2021-31535
This update for libX11 fixes the following issues:

- CVE-2021-31535: Fixed missing request length checks in libX11 (bsc#1182506).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1773-1
Released:    Wed May 26 17:22:21 2021
Summary:     Recommended update for python3
Type:        recommended
Severity:    low
References:  
This update for python3 fixes the following issues:

- Make sure to close the import_failed.map file after the exception
  has been raised in order to avoid ResourceWarnings when the
  failing import is part of a try...except block.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1794-1
Released:    Thu May 27 19:25:29 2021
Summary:     Recommended update for radvd
Type:        recommended
Severity:    moderate
References:  1185066
This update for radvd fixes the following issues:

- replace '/var/run' with '/run' in '/usr/lib/tmpfiles.d/radvd.conf' (bsc#1185066) 



More information about the sle-security-updates mailing list