SUSE-CU-2021:482-1: Security update of suse/sle15

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Oct 29 06:55:34 UTC 2021


SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:482-1
Container Tags        : suse/sle15:15.4 , suse/sle15:15.4.21.5
Container Release     : 21.5
Severity              : important
Type                  : security
References            : 1177127 1178236 1183154 1185016 1185524 1186489 1186503 1186602
                        1186910 1187224 1187270 1187425 1187466 1187512 1187738 1187760
                        1187911 1188156 1188344 1188435 1188921 1189031 1189454 1189550
                        1190052 1190059 1190199 1190465 1190645 1190712 1190739 1190793
                        1190815 1190858 1190915 1190933 1191987 CVE-2021-33574 CVE-2021-35942
                        CVE-2021-37600 CVE-2021-39537 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2020:3026-1
Released:    Fri Oct 23 15:35:49 2020
Summary:     Optional update for the Public Cloud Module
Type:        optional
Severity:    moderate
References:  

This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398).
The following packages were included:

- python3-grpcio
- python3-protobuf
- python3-google-api-core
- python3-google-cloud-core
- python3-google-cloud-storage
- python3-google-resumable-media
- python3-googleapis-common-protos
- python3-grpcio-gcp
- python3-mock (updated to version 3.0.5)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:294-1
Released:    Wed Feb  3 12:54:28 2021
Summary:     Recommended update for libprotobuf
Type:        recommended
Severity:    moderate
References:  

libprotobuf was updated to fix:

- ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:656-1
Released:    Mon Mar  1 09:34:21 2021
Summary:     Recommended update for protobuf
Type:        recommended
Severity:    moderate
References:  1177127
This update for protobuf fixes the following issues:

- Add missing dependency of python subpackages on python-six. (bsc#1177127)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3013-1
Released:    Thu Sep  9 16:55:40 2021
Summary:     Recommended update for patterns-base, patterns-server-enterprise, sles15-image
Type:        recommended
Severity:    moderate
References:  1183154,1189550
This update for patterns-base, patterns-server-enterprise, sles15-image fixes the following issues:

- Add pattern to install necessary packages for FIPS (bsc#1183154)
- Add patterns-base-fips to work also in FIPS environments (bsc#1183154)
- Use the same icon in the fips pattern as the previous pattern had (bsc#1189550)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3274-1
Released:    Fri Oct  1 10:34:17 2021
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    important
References:  1190858
This update for ca-certificates-mozilla fixes the following issues:

- remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires
  September 30th 2021 and openssl certificate chain handling does not
  handle this correctly in openssl 1.0.2 and older.
  (bsc#1190858)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3291-1
Released:    Wed Oct  6 16:45:36 2021
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1186489,1187911,CVE-2021-33574,CVE-2021-35942
This update for glibc fixes the following issues:

- CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489).
- CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911).

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:3327-1
Released:    Mon Oct 11 11:44:50 2021
Summary:     Optional update for coreutils
Type:        optional
Severity:    low
References:  1189454
This optional update for coreutils fixes the following issue:

- Provide coreutils documentation, 'coreutils-doc', with 'L2' support level. (bsc#1189454)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3382-1
Released:    Tue Oct 12 14:30:17 2021
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    moderate
References:  
This update for ca-certificates-mozilla fixes the following issues:

- A new sub-package for minimal base containers (jsc#SLE-22162)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3474-1
Released:    Wed Oct 20 08:41:31 2021
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3480-1
Released:    Wed Oct 20 11:24:10 2021
Summary:     Recommended update for yast2-network
Type:        recommended
Severity:    moderate
References:  1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933
This update for yast2-network fixes the following issues:

- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).
- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).
- Consider aliases sections as case insensitive (bsc#1190739).
- Display user defined device name in the devices overview (bnc#1190645).
- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).
- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).
- Fix desktop file so the control center tooltip is translated (bsc#1187270).
- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).
- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3490-1
Released:    Wed Oct 20 16:31:55 2021
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1190793,CVE-2021-39537
This update for ncurses fixes the following issues:

- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3494-1
Released:    Wed Oct 20 16:48:46 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1190052
This update for pam fixes the following issues:

- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3501-1
Released:    Fri Oct 22 10:42:46 2021
Summary:     Recommended update for libzypp, zypper, libsolv, protobuf
Type:        recommended
Severity:    moderate
References:  1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815
This update for libzypp, zypper, libsolv and protobuf fixes the following issues:

- Choice rules: treat orphaned packages as newest (bsc#1190465)
- Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
- Do not check of signatures and keys two times(redundant) (bsc#1190059)
- Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
- Show key fpr from signature when signature check fails (bsc#1187224)
- Fix solver jobs for PTFs (bsc#1186503)
- Fix purge-kernels fails (bsc#1187738)
- Fix obs:// platform guessing for Leap (bsc#1187425)
- Make sure to keep states alives while transitioning. (bsc#1190199)
- Manpage: Improve description about patch updates(bsc#1187466)
- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
- Fix crashes in logging code when shutting down (bsc#1189031)
- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
- Add need reboot/restart hint to XML install summary (bsc#1188435)
- Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
- Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released:    Tue Oct 26 11:22:15 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1191987
This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in
  the 'securetty' file to be installed as 'macros.pam'.
  (bsc#1191987)


The following package changes have been done:

- bash-4.4-23.16 updated
- ca-certificates-mozilla-2.44-21.1 updated
- coreutils-8.32-3.2.1 updated
- glibc-2.31-9.3.2 updated
- krb5-1.19.2-1.1 updated
- libaugeas0-1.10.1-3.3.1 updated
- libblkid1-2.36.2-4.5.1 updated
- libbrotlicommon1-1.0.7-1.59 added
- libbrotlidec1-1.0.7-1.59 added
- libbz2-1-1.0.8-1.10 updated
- libcurl4-7.79.1-1.2 updated
- libdw1-0.185-2.10 updated
- libelf1-0.185-2.10 updated
- libfdisk1-2.36.2-4.5.1 updated
- libgcrypt20-hmac-1.9.4-1.25 added
- libgcrypt20-1.9.4-1.25 updated
- libglib-2_0-0-2.68.3-1.2 updated
- libgpg-error0-1.42-1.20 updated
- libgpgme11-1.16.0-1.7 updated
- libkeyutils1-1.6.3-1.26 updated
- liblz4-1-1.9.3-1.1 updated
- libmount1-2.36.2-4.5.1 updated
- libncurses6-6.1-5.9.1 updated
- libopenssl1_1-hmac-1.1.1l-1.15 added
- libopenssl1_1-1.1.1l-1.15 updated
- libp11-kit0-0.23.22-1.2 updated
- libprotobuf-lite20-3.9.2-4.9.1 added
- libreadline7-7.0-23.16 updated
- libsmartcols1-2.36.2-4.5.1 updated
- libsolv-tools-0.7.20-1.2 updated
- libsystemd0-249.4-1.1 updated
- libudev1-249.4-1.1 updated
- libuuid1-2.36.2-4.5.1 updated
- libxml2-2-2.9.12-1.1 updated
- libyaml-cpp0_6-0.6.3-1.1 updated
- libzstd1-1.4.9-1.4 updated
- libzypp-17.28.5-1.2 updated
- ncurses-utils-6.1-5.9.1 updated
- openssl-1_1-1.1.1l-1.15 updated
- p11-kit-tools-0.23.22-1.2 updated
- p11-kit-0.23.22-1.2 updated
- pam-1.3.0-6.50.1 updated
- patterns-base-fips-20200124-10.5.1 added
- rpm-config-SUSE-1-9.13 updated
- rpm-ndb-4.14.3-41.2 updated
- sles-release-15.4-19.1 updated
- system-group-hardware-20170617-20.18 updated
- terminfo-base-6.1-5.9.1 updated
- util-linux-2.36.2-4.5.1 updated
- zypper-1.14.49-1.1 updated


More information about the sle-security-updates mailing list