SUSE-CU-2021:513-1: Security update of bci/openjdk-devel

sle-security-updates at sle-security-updates at
Sat Nov 20 07:28:30 UTC 2021

SUSE Container Update Advisory: bci/openjdk-devel
Container Advisory ID : SUSE-CU-2021:513-1
Container Tags        : bci/openjdk-devel:11
Container Release     : 4.61
Severity              : important
Type                  : security
References            : 1172973 1172974 1177127 1186503 1186602 1187224 1187425 1187466
                        1187738 1187760 1188156 1188435 1189031 1190052 1190059 1190199
                        1190465 1190552 1190712 1190793 1190815 1190850 1191901 1191903
                        1191904 1191906 1191909 1191910 1191911 1191912 1191913 1191914
                        1191987 CVE-2019-20838 CVE-2020-14155 CVE-2021-35550 CVE-2021-35556
                        CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567
                        CVE-2021-35578 CVE-2021-35586 CVE-2021-35603 CVE-2021-39537 

The container bci/openjdk-devel was updated. The following patches have been included in this update:

Advisory ID: SUSE-OU-2020:3026-1
Released:    Fri Oct 23 15:35:49 2020
Summary:     Optional update for the Public Cloud Module
Type:        optional
Severity:    moderate

This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398).
The following packages were included:

- python3-grpcio
- python3-protobuf
- python3-google-api-core
- python3-google-cloud-core
- python3-google-cloud-storage
- python3-google-resumable-media
- python3-googleapis-common-protos
- python3-grpcio-gcp
- python3-mock (updated to version 3.0.5)

Advisory ID: SUSE-RU-2021:294-1
Released:    Wed Feb  3 12:54:28 2021
Summary:     Recommended update for libprotobuf
Type:        recommended
Severity:    moderate

libprotobuf was updated to fix:

- ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)
Advisory ID: SUSE-RU-2021:656-1
Released:    Mon Mar  1 09:34:21 2021
Summary:     Recommended update for protobuf
Type:        recommended
Severity:    moderate
References:  1177127
This update for protobuf fixes the following issues:

- Add missing dependency of python subpackages on python-six. (bsc#1177127)

Advisory ID: SUSE-SU-2021:3490-1
Released:    Wed Oct 20 16:31:55 2021
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1190793,CVE-2021-39537
This update for ncurses fixes the following issues:

- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

Advisory ID: SUSE-RU-2021:3494-1
Released:    Wed Oct 20 16:48:46 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1190052
This update for pam fixes the following issues:

- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)

Advisory ID: SUSE-RU-2021:3501-1
Released:    Fri Oct 22 10:42:46 2021
Summary:     Recommended update for libzypp, zypper, libsolv, protobuf
Type:        recommended
Severity:    moderate
References:  1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815
This update for libzypp, zypper, libsolv and protobuf fixes the following issues:

- Choice rules: treat orphaned packages as newest (bsc#1190465)
- Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
- Do not check of signatures and keys two times(redundant) (bsc#1190059)
- Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
- Show key fpr from signature when signature check fails (bsc#1187224)
- Fix solver jobs for PTFs (bsc#1186503)
- Fix purge-kernels fails (bsc#1187738)
- Fix obs:// platform guessing for Leap (bsc#1187425)
- Make sure to keep states alives while transitioning. (bsc#1190199)
- Manpage: Improve description about patch updates(bsc#1187466)
- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
- Fix crashes in logging code when shutting down (bsc#1189031)
- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
- Add need reboot/restart hint to XML install summary (bsc#1188435)
- Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
- Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)

Advisory ID: SUSE-RU-2021:3510-1
Released:    Tue Oct 26 11:22:15 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1191987
This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in
  the 'securetty' file to be installed as 'macros.pam'.

Advisory ID: SUSE-SU-2021:3529-1
Released:    Wed Oct 27 09:23:32 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1172973,1172974,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

Advisory ID: SUSE-RU-2021:3545-1
Released:    Wed Oct 27 14:46:39 2021
Summary:     Recommended update for less
Type:        recommended
Severity:    low
References:  1190552
This update for less fixes the following issues:

- Add missing runtime dependency on package 'which', that is used by (bsc#1190552)

Advisory ID: SUSE-RU-2021:3564-1
Released:    Wed Oct 27 16:12:08 2021
Summary:     Recommended update for rpm-config-SUSE
Type:        recommended
Severity:    moderate
References:  1190850
This update for rpm-config-SUSE fixes the following issues:

- Support ZSTD compressed kernel modules. (bsc#1190850)

Advisory ID: SUSE-SU-2021:3671-1
Released:    Tue Nov 16 14:48:10 2021
Summary:     Security update for java-11-openjdk
Type:        security
Severity:    important
References:  1191901,1191903,1191904,1191906,1191909,1191910,1191911,1191912,1191913,1191914,CVE-2021-35550,CVE-2021-35556,CVE-2021-35559,CVE-2021-35561,CVE-2021-35564,CVE-2021-35565,CVE-2021-35567,CVE-2021-35578,CVE-2021-35586,CVE-2021-35603
This update for java-11-openjdk fixes the following issues:

Update to 11.0.13+8 (October 2021 CPU)

- CVE-2021-35550, bsc#1191901: Update the default enabled cipher suites preference
- CVE-2021-35565, bsc#1191909: spins on TLS session close
- CVE-2021-35556, bsc#1191910: Richer Text Editors
- CVE-2021-35559, bsc#1191911: Enhanced style for RTF kit
- CVE-2021-35561, bsc#1191912: Better hashing support
- CVE-2021-35564, bsc#1191913: Improve Keystore integrity
- CVE-2021-35567, bsc#1191903: More Constrained Delegation
- CVE-2021-35578, bsc#1191904: Improve TLS client handshaking
- CVE-2021-35586, bsc#1191914: Better BMP support
- CVE-2021-35603, bsc#1191906: Better session identification
- Improve Stream handling for SSL
- Improve requests of certificates
- Correct certificate requests
- Enhance DTLS client handshake

The following package changes have been done:

- java-11-openjdk-devel- updated
- java-11-openjdk-headless- updated
- java-11-openjdk- updated
- less-530-3.3.2 updated
- libncurses6-6.1-5.9.1 updated
- libpcre1-8.45-20.10.1 updated
- libprotobuf-lite20-3.9.2-4.9.1 added
- libsolv-tools-0.7.20-9.2 updated
- libzypp-17.28.5-15.2 updated
- ncurses-utils-6.1-5.9.1 updated
- pam-1.3.0-6.50.1 updated
- rpm-config-SUSE-1-5.3.1 updated
- terminfo-base-6.1-5.9.1 updated
- which-2.21-2.20 added
- zypper-1.14.49-16.1 updated
- container:openjdk11-image-15.3.0-5.41 updated
- libFLAC8-1.3.2-3.6.1 removed
- libdbus-1-3-1.12.2-8.11.2 removed
- libogg0-1.3.2-1.24 removed
- libpulse0-14.2-4.2 removed
- libsndfile1-1.0.28-5.12.1 removed
- libspeex1-1.2-1.27 removed
- libvorbis0-1.3.6-4.3.1 removed
- libvorbisenc2-1.3.6-4.3.1 removed

More information about the sle-security-updates mailing list