SUSE-CU-2021:140-1: Security update of ses/7/rook/ceph

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu May 6 06:04:11 UTC 2021


SUSE Container Update Advisory: ses/7/rook/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:140-1
Container Tags        : ses/7/rook/ceph:1.5.10 , ses/7/rook/ceph:1.5.10.4 , ses/7/rook/ceph:1.5.10.4.1.1581 , ses/7/rook/ceph:latest , ses/7/rook/ceph:sle15.2.octopus
Container Release     : 1.1581
Severity              : important
Type                  : security
References            : 1165780 1177047 1178219 1178680 1180836 1181976 1182611 1182791
                        1182899 1183074 1183791 1183801 1183899 1183936 1184136 1184231
                        1184401 1184690 1185408 1185409 1185410 CVE-2021-20288 CVE-2021-20305
                        CVE-2021-3156 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 
-----------------------------------------------------------------

The container ses/7/rook/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1141-1
Released:    Mon Apr 12 13:13:36 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    low
References:  1182791
This update for openldap2 fixes the following issues:

- Improved the proxy connection timeout options to prune connections properly (bsc#1182791)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1169-1
Released:    Tue Apr 13 15:01:42 2021
Summary:     Recommended update for procps
Type:        recommended
Severity:    low
References:  1181976
This update for procps fixes the following issues:

- Corrected a statement in the man page about processor pinning via taskset (bsc#1181976)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1275-1
Released:    Tue Apr 20 14:31:26 2021
Summary:     Security update for sudo
Type:        security
Severity:    important
References:  1183936,CVE-2021-3156
This update for sudo fixes the following issues:

- L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1286-1
Released:    Tue Apr 20 20:10:21 2021
Summary:     Recommended update for SLES-release
Type:        recommended
Severity:    moderate
References:  1180836
This recommended update for SLES-release provides the following fix:

- Revert the problematic changes previously released and make sure the version is high
  enough to obsolete the package on containers and images. (bsc#1180836)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1289-1
Released:    Wed Apr 21 14:02:46 2021
Summary:     Recommended update for gzip
Type:        recommended
Severity:    moderate
References:  1177047
This update for gzip fixes the following issues:

- Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1295-1
Released:    Wed Apr 21 14:08:19 2021
Summary:     Recommended update for systemd-presets-common-SUSE
Type:        recommended
Severity:    moderate
References:  1184136
This update for systemd-presets-common-SUSE fixes the following issues:

- Enabled hcn-init.service for HNV on POWER (bsc#1184136)

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1296-1
Released:    Wed Apr 21 14:09:28 2021
Summary:     Optional update for e2fsprogs
Type:        optional
Severity:    low
References:  1183791
This update for e2fsprogs fixes the following issues:

- Fixed an issue when building e2fsprogs (bsc#1183791)

This patch does not fix any user visible issues and is therefore optional to install.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1297-1
Released:    Wed Apr 21 14:10:10 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1178219
This update for systemd fixes the following issues:

- Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot
  be stopped properly and would leave mount points mounted.

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1299-1
Released:    Wed Apr 21 14:11:41 2021
Summary:     Optional update for gpgme
Type:        optional
Severity:    low
References:  1183801
This update for gpgme fixes the following issues:

- Fixed a bug in test cases (bsc#1183801)

This patch is optional to install and does not provide any user visible bug fixes.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1407-1
Released:    Wed Apr 28 15:49:02 2021
Summary:     Recommended update for libcap
Type:        recommended
Severity:    important
References:  1184690
This update for libcap fixes the following issues:

- Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1412-1
Released:    Wed Apr 28 17:09:28 2021
Summary:     Security update for libnettle
Type:        security
Severity:    important
References:  1184401,CVE-2021-20305
This update for libnettle fixes the following issues:

- CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1426-1
Released:    Thu Apr 29 06:23:13 2021
Summary:     Recommended update for libsolv
Type:        recommended
Severity:    moderate
References:  
This update for libsolv fixes the following issues:

- Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt.
- Fix a couple of memory leaks in error cases.
- Fix error handling in solv_xfopen_fd()
- Fixed 'regex' code on win32.
- Fixed memory leak in choice rule generation

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1449-1
Released:    Fri Apr 30 08:08:25 2021
Summary:     Recommended update for systemd-presets-branding-SLE
Type:        recommended
Severity:    moderate
References:  1165780
This update for systemd-presets-branding-SLE fixes the following issues:

- Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1466-1
Released:    Tue May  4 08:30:57 2021
Summary:     Security update for permissions
Type:        security
Severity:    important
References:  1182899
This update for permissions fixes the following issues:

- etc/permissions: remove unnecessary entries (bsc#1182899)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1475-1
Released:    Tue May  4 08:59:27 2021
Summary:     Security update for ceph
Type:        security
Severity:    important
References:  1183074,1183899,1184231,CVE-2021-20288
This update for ceph fixes the following issues:

- ceph was updated to 15.2.11-83-g8a15f484c2:
  * CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074).
  * disk gets replaced with no rocksdb/wal (bsc#1184231).
  * BlueStore handles huge(>4GB) writes from RocksDB 
    to BlueFS poorly, potentially causing data corruption (bsc#1183899).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1481-1
Released:    Tue May  4 14:18:32 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1178680
This update for lvm2 fixes the following issues:

- Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1521-1
Released:    Wed May  5 17:52:55 2021
Summary:     Recommended update for ceph-iscsi
Type:        recommended
Severity:    moderate
References:  1182611
This update for ceph-iscsi fixes the following issues:

-Fix for the gateway when it fails to start using SSL. (bsc#1182611)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1523-1
Released:    Wed May  5 18:24:20 2021
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518
This update for libxml2 fixes the following issues:

- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1525-1
Released:    Wed May  5 20:04:16 2021
Summary:     Recommended update for rook
Type:        recommended
Severity:    moderate
References:  
This update for rook fixes the following issues:

- updated ceph-csi to v3.2.1
  * Use latest Ceph API for setting dashboard and rgw credentials
  * Redact secret info from reconcile diffs in debug logs)
  * Continue to get available devices if failed to get a device info
  * Include RGW pods in list for rescheduling from failed node
  * Enforce pg_auto_scaler on rgw pools
  * Prevent voluntary mon drain while another mon is failing over
  * Avoid restarting all encrypted OSDs on cluster growth
  * Set secret type on external cluster script
  * Fix init container 'expand-encrypted-bluefs' for encrypted OSDs
  * Fail pool creation if the sub failure domain is the same as the failure domain
  * Set default backend for vault and remove temp key for encrypted OSDs



More information about the sle-security-updates mailing list