SUSE-CU-2021:397-1: Security update of suse/sle15
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Oct 13 07:26:04 UTC 2021
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:397-1
Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.459
Container Release : 4.22.459
Severity : moderate
Type : security
References : 1134353 1171962 1184994 1186489 1187911 1188018 1188063 1188291
1188713 1189480 1190234 CVE-2021-33574 CVE-2021-33910 CVE-2021-35942
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3348-1
Released: Tue Oct 12 13:08:06 2021
Summary: Security update for systemd
Type: security
Severity: moderate
References: 1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910
This update for systemd fixes the following issues:
- CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063).
- logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018).
- Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353).
- Rules weren't applied to dm devices (multipath) (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234).
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291).
- Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3385-1
Released: Tue Oct 12 15:54:31 2021
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942
This update for glibc fixes the following issues:
- CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911)
- CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489)
More information about the sle-security-updates
mailing list