SUSE-CU-2021:140-1: Security update of ses/7/rook/ceph
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu May 6 06:04:11 UTC 2021
SUSE Container Update Advisory: ses/7/rook/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:140-1
Container Tags : ses/7/rook/ceph:1.5.10 , ses/7/rook/ceph:1.5.10.4 , ses/7/rook/ceph:1.5.10.4.1.1581 , ses/7/rook/ceph:latest , ses/7/rook/ceph:sle15.2.octopus
Container Release : 1.1581
Severity : important
Type : security
References : 1165780 1177047 1178219 1178680 1180836 1181976 1182611 1182791
1182899 1183074 1183791 1183801 1183899 1183936 1184136 1184231
1184401 1184690 1185408 1185409 1185410 CVE-2021-20288 CVE-2021-20305
CVE-2021-3156 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518
-----------------------------------------------------------------
The container ses/7/rook/ceph was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1141-1
Released: Mon Apr 12 13:13:36 2021
Summary: Recommended update for openldap2
Type: recommended
Severity: low
References: 1182791
This update for openldap2 fixes the following issues:
- Improved the proxy connection timeout options to prune connections properly (bsc#1182791)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1169-1
Released: Tue Apr 13 15:01:42 2021
Summary: Recommended update for procps
Type: recommended
Severity: low
References: 1181976
This update for procps fixes the following issues:
- Corrected a statement in the man page about processor pinning via taskset (bsc#1181976)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1275-1
Released: Tue Apr 20 14:31:26 2021
Summary: Security update for sudo
Type: security
Severity: important
References: 1183936,CVE-2021-3156
This update for sudo fixes the following issues:
- L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1286-1
Released: Tue Apr 20 20:10:21 2021
Summary: Recommended update for SLES-release
Type: recommended
Severity: moderate
References: 1180836
This recommended update for SLES-release provides the following fix:
- Revert the problematic changes previously released and make sure the version is high
enough to obsolete the package on containers and images. (bsc#1180836)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1289-1
Released: Wed Apr 21 14:02:46 2021
Summary: Recommended update for gzip
Type: recommended
Severity: moderate
References: 1177047
This update for gzip fixes the following issues:
- Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1295-1
Released: Wed Apr 21 14:08:19 2021
Summary: Recommended update for systemd-presets-common-SUSE
Type: recommended
Severity: moderate
References: 1184136
This update for systemd-presets-common-SUSE fixes the following issues:
- Enabled hcn-init.service for HNV on POWER (bsc#1184136)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1296-1
Released: Wed Apr 21 14:09:28 2021
Summary: Optional update for e2fsprogs
Type: optional
Severity: low
References: 1183791
This update for e2fsprogs fixes the following issues:
- Fixed an issue when building e2fsprogs (bsc#1183791)
This patch does not fix any user visible issues and is therefore optional to install.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1297-1
Released: Wed Apr 21 14:10:10 2021
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1178219
This update for systemd fixes the following issues:
- Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot
be stopped properly and would leave mount points mounted.
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1299-1
Released: Wed Apr 21 14:11:41 2021
Summary: Optional update for gpgme
Type: optional
Severity: low
References: 1183801
This update for gpgme fixes the following issues:
- Fixed a bug in test cases (bsc#1183801)
This patch is optional to install and does not provide any user visible bug fixes.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1407-1
Released: Wed Apr 28 15:49:02 2021
Summary: Recommended update for libcap
Type: recommended
Severity: important
References: 1184690
This update for libcap fixes the following issues:
- Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1412-1
Released: Wed Apr 28 17:09:28 2021
Summary: Security update for libnettle
Type: security
Severity: important
References: 1184401,CVE-2021-20305
This update for libnettle fixes the following issues:
- CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1426-1
Released: Thu Apr 29 06:23:13 2021
Summary: Recommended update for libsolv
Type: recommended
Severity: moderate
References:
This update for libsolv fixes the following issues:
- Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt.
- Fix a couple of memory leaks in error cases.
- Fix error handling in solv_xfopen_fd()
- Fixed 'regex' code on win32.
- Fixed memory leak in choice rule generation
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1449-1
Released: Fri Apr 30 08:08:25 2021
Summary: Recommended update for systemd-presets-branding-SLE
Type: recommended
Severity: moderate
References: 1165780
This update for systemd-presets-branding-SLE fixes the following issues:
- Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1466-1
Released: Tue May 4 08:30:57 2021
Summary: Security update for permissions
Type: security
Severity: important
References: 1182899
This update for permissions fixes the following issues:
- etc/permissions: remove unnecessary entries (bsc#1182899)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1475-1
Released: Tue May 4 08:59:27 2021
Summary: Security update for ceph
Type: security
Severity: important
References: 1183074,1183899,1184231,CVE-2021-20288
This update for ceph fixes the following issues:
- ceph was updated to 15.2.11-83-g8a15f484c2:
* CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074).
* disk gets replaced with no rocksdb/wal (bsc#1184231).
* BlueStore handles huge(>4GB) writes from RocksDB
to BlueFS poorly, potentially causing data corruption (bsc#1183899).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1481-1
Released: Tue May 4 14:18:32 2021
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1178680
This update for lvm2 fixes the following issues:
- Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1521-1
Released: Wed May 5 17:52:55 2021
Summary: Recommended update for ceph-iscsi
Type: recommended
Severity: moderate
References: 1182611
This update for ceph-iscsi fixes the following issues:
-Fix for the gateway when it fails to start using SSL. (bsc#1182611)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1523-1
Released: Wed May 5 18:24:20 2021
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518
This update for libxml2 fixes the following issues:
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1525-1
Released: Wed May 5 20:04:16 2021
Summary: Recommended update for rook
Type: recommended
Severity: moderate
References:
This update for rook fixes the following issues:
- updated ceph-csi to v3.2.1
* Use latest Ceph API for setting dashboard and rgw credentials
* Redact secret info from reconcile diffs in debug logs)
* Continue to get available devices if failed to get a device info
* Include RGW pods in list for rescheduling from failed node
* Enforce pg_auto_scaler on rgw pools
* Prevent voluntary mon drain while another mon is failing over
* Avoid restarting all encrypted OSDs on cluster growth
* Set secret type on external cluster script
* Fix init container 'expand-encrypted-bluefs' for encrypted OSDs
* Fail pool creation if the sub failure domain is the same as the failure domain
* Set default backend for vault and remove temp key for encrypted OSDs
More information about the sle-security-updates
mailing list