SUSE-CU-2021:400-1: Security update of suse/sle15

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Oct 13 07:49:18 UTC 2021 

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:400-1
Container Tags        : suse/sle15:15.1 , suse/sle15:15.1.6.2.514
Container Release     : 6.2.514
Severity              : moderate
Type                  : security
References            : 1134353 1171962 1184994 1186489 1187911 1188018 1188063 1188291
                        1188713 1189480 1190234 CVE-2021-33574 CVE-2021-33910 CVE-2021-35942
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3348-1
Released:    Tue Oct 12 13:08:06 2021
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910
This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063).

- logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018).
- Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353).
- Rules weren't applied to dm devices (multipath) (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234).
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291).
- Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3385-1
Released:    Tue Oct 12 15:54:31 2021
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1186489,1187911,CVE-2021-33574,CVE-2021-35942
This update for glibc fixes the following issues:

- CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911)
- CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489)

More information about the sle-security-updates mailing list