SUSE-CU-2021:82-1: Security update of ses/7/cephcsi/csi-resizer
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Mar 23 07:07:05 UTC 2021
SUSE Container Update Advisory: ses/7/cephcsi/csi-resizer
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:82-1
Container Tags : ses/7/cephcsi/csi-resizer:v1.0.0 , ses/7/cephcsi/csi-resizer:v1.0.0-rev1 , ses/7/cephcsi/csi-resizer:v1.0.0-rev1-build3.204
Container Release : 3.204
Severity : important
Type : security
References : 1176201 1179847 1181328 1181622 1182328 1182362 1182629 CVE-2021-27218
CVE-2021-27219
-----------------------------------------------------------------
The container ses/7/cephcsi/csi-resizer was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:778-1
Released: Fri Mar 12 17:42:25 2021
Summary: Security update for glib2
Type: security
Severity: important
References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219
This update for glib2 fixes the following issues:
- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if
the length is larger than guint. (bsc#1182328)
- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:786-1
Released: Mon Mar 15 11:19:23 2021
Summary: Recommended update for zlib
Type: recommended
Severity: moderate
References: 1176201
This update for zlib fixes the following issues:
- Fixed hw compression on z15 (bsc#1176201)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:874-1
Released: Thu Mar 18 09:41:54 2021
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: moderate
References: 1179847,1181328,1181622,1182629
This update for libsolv, libzypp, zypper fixes the following issues:
- support multiple collections in updateinfo parser
- Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328)
- Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629)
- Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847)
- Fix '%posttrans' script execution. (fixes #265)
- Repo: Allow multiple baseurls specified on one line (fixes #285)
- Regex: Fix memory leak and undefined behavior.
- Add rpm buildrequires for test suite (fixes #279)
- Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use.
- doc: give more details about creating versioned package locks. (bsc#1181622)
- man: Document synonymously used patch categories (bsc#1179847)
More information about the sle-security-updates
mailing list