SUSE-CU-2021:315-1: Security update of ses/7/ceph/ceph
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Sep 15 10:07:13 UTC 2021
SUSE Container Update Advisory: ses/7/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:315-1
Container Tags : ses/7/ceph/ceph:15.2.14.84 , ses/7/ceph/ceph:15.2.14.84.6.1 , ses/7/ceph/ceph:latest , ses/7/ceph/ceph:sle15.2.octopus
Container Release : 6.1
Severity : critical
Type : security
References : 1172505 1181291 1183561 1183818 1184517 1184614 1185246 1185748
1186348 1188571 1188979 1189173 1189206 1189465 1189465 1189520
1189521 1189521 1189534 1189554 1189683 CVE-2020-12049 CVE-2021-36222
CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-38185 CVE-2021-38185
-----------------------------------------------------------------
The container ses/7/ceph/ceph was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2689-1
Released: Mon Aug 16 10:54:52 2021
Summary: Security update for cpio
Type: security
Severity: important
References: 1189206,CVE-2021-38185
This update for cpio fixes the following issues:
It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2763-1
Released: Tue Aug 17 17:16:22 2021
Summary: Recommended update for cpio
Type: recommended
Severity: critical
References: 1189465
This update for cpio fixes the following issues:
- A regression in last update would cause builds to hang on various architectures(bsc#1189465)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2780-1
Released: Thu Aug 19 16:09:15 2021
Summary: Recommended update for cpio
Type: recommended
Severity: critical
References: 1189465,CVE-2021-38185
This update for cpio fixes the following issues:
- A regression in the previous update could lead to crashes (bsc#1189465)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2800-1
Released: Fri Aug 20 10:43:04 2021
Summary: Security update for krb5
Type: security
Severity: important
References: 1188571,CVE-2021-36222
This update for krb5 fixes the following issues:
- CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2810-1
Released: Mon Aug 23 12:14:30 2021
Summary: Security update for dbus-1
Type: security
Severity: moderate
References: 1172505,CVE-2020-12049
This update for dbus-1 fixes the following issues:
- CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:2816-1
Released: Mon Aug 23 14:16:58 2021
Summary: Optional update for python-kubernetes
Type: optional
Severity: low
References:
This patch provides the python3-kubernetes package to the following modules:
- Container Module for SUSE Linux Enterprise 15 SP2
- Container Module for SUSE Linux Enterprise 15 SP3
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2830-1
Released: Tue Aug 24 16:20:18 2021
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712
This update for openssl-1_1 fixes the following security issues:
- CVE-2021-3711: A bug in the implementation of the SM2 decryption code
could lead to buffer overflows. [bsc#1189520]
- CVE-2021-3712: a bug in the code for printing certificate details could
lead to a buffer overrun that a malicious actor could exploit to crash
the application, causing a denial-of-service attack. [bsc#1189521]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2863-1
Released: Mon Aug 30 08:18:50 2021
Summary: Recommended update for python-dbus-python
Type: recommended
Severity: moderate
References: 1183818
This update for python-dbus-python fixes the following issues:
- Update to latest version from tumbleweed. (jsc#ECO-3589, bsc#1183818)
- update to 1.2.16:
* All tests are run even if the 'tap.py' module is not available, althoug diagnostics for failing tests will be better if it is present.
- Support builds with more than one python3 flavor
- Clean duplicate python flavor variables for configure
- Version update to version 1.2.14:
* Ensure that the numeric types from dbus.types get the same str() under Python 3.8 that they did under previous versions.
* Disable -Winline.
* Add clearer license information using SPDX-License-Identifier.
* Include inherited methods and properties when documenting objects, which regressed when migrating from epydoc to sphinx.
* Add missing variant_level member to UnixFd type, for parity with the other dbus.types types
* Don't reply to method calls if they have the NO_REPLY_EXPECTED flag
* Silence '-Wcast-function-type' with gcc 8.
* Fix distcheck with python3.7 by deleting '__pycache__' during uninstall.
* Consistently save and restore the exception indicator when called from C code.
- Add missing dependency for pkg-config files
- Version update to version 1.2.8:
* Python 2.7 required or 3.4 respectively
* Upstream dropped epydoc completely
- Add dbus-1-python3 package
- Make BusConnection.list_activatable_names actually call struct entries than the signature allows with libdbus 1.4 imports dbus, is finalized, is re-initialized, and re-imports - When removing signal matches, clean up internal state, avoiding a memory leak in long-lived Python processes that connect to
- When setting the sender of a message, allow it to be org.freedesktop.DBus so you can implement a D-Bus daemon
- New package: dbus-1-python-devel
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2895-1
Released: Tue Aug 31 19:40:50 2021
Summary: Recommended update for unixODBC
Type: recommended
Severity: moderate
References:
This update for unixODBC fixes the following issues:
- ECO: Update unixODBC to 2.3.9 in SLE 15. (jsc#SLE-18004)
- Fix incorrect permission for documentation files.
- Update requires and baselibs for new libodbc2.
- Employ shared library packaging guideline: new subpacakge libodbc2.
- Update to 2.3.9:
* Remove '#define UNIXODBC_SOURCE' from unixodbc_conf.h
- Update to 2.3.8:
* Add configure support for editline
* SQLDriversW was ignoring user config
* SQLDataSources Fix termination character
* Fix for pooling seg fault
* Make calling SQLSetStmtAttrW call the W function in the driver is its there
* Try and fix race condition clearing system odbc.ini file
* Remove trailing space from isql/iusql SQL
* When setting connection attributes set before connect also check if the W entry poins can be used
* Try calling the W error functions first if available in the driver
* Add iconvperdriver configure option to allow calling unicode_setup in SQLAllocHandle
* iconv handles was being lost when reusing pooled connection
* Catch null copy in iniPropertyInsert
* Fix a few leaks
- Update to 2.3.7:
* Fix for pkg-config file update on no linux platforms
* Add W entry for GUI work
* Various fixes for SQLBrowseConnect/W, SQLGetConnectAttr/W,and SQLSetConnectAttr/W
* Fix buffer overflows in SQLConnect/W and refine behaviour of SQLGet/WritePrivateProfileString
* SQLBrowseConnect/W allow disconnecting a started browse session after error
* Add --with-stats-ftok-name configure option to allow the selection of a file name
used to generate the IPC id when collecting stats. Default is the system odbc.ini file
* Improve diag record handling with the behavior of Windows DM and export SQLCancelHandle
* bug fix when SQLGetPrivateProfileString() is called to get a list of sections or a list of keys
* Connection pooling: Fix liveness check for Unicode drivers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2938-1
Released: Fri Sep 3 09:19:36 2021
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1184614
This update for openldap2 fixes the following issue:
- openldap2-contrib is shipped to the Legacy Module. (bsc#1184614)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2966-1
Released: Tue Sep 7 09:49:14 2021
Summary: Security update for openssl-1_1
Type: security
Severity: low
References: 1189521,CVE-2021-3712
This update for openssl-1_1 fixes the following issues:
- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712.
Read buffer overruns processing ASN.1 strings (bsc#1189521).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3001-1
Released: Thu Sep 9 15:08:13 2021
Summary: Recommended update for netcfg
Type: recommended
Severity: moderate
References: 1189683
This update for netcfg fixes the following issues:
- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3021-1
Released: Mon Sep 13 10:32:31 2021
Summary: Recommended update for ceph
Type: recommended
Severity: moderate
References: 1181291,1183561,1184517,1185246,1186348,1188979,1189173
This update for ceph fixes the following issues:
- cls/rgw: look for plane entries in non-ascii plain namespace too (bsc#1184517)
- rgw: check object locks in multi-object delete (bsc#1185246)
- mgr/zabbix: adapt zabbix_sender default path (bsc#1186348)
- mgr/cephadm: pass --container-init to 'cephadm deploy' if specified (bsc#1188979)
- mgr/dashboard: Downstream branding: Adapt latest upstream changes to branded navigation component (bsc#1189173)
- qa/tasks/salt_manager: allow gatherlogs for files in subdir
- qa/tasks/ceph_salt: gather /var/log/ceph/cephadm.out
- mgr/zabbix: adapt zabbix_sender default path (bsc#1186348)
- Revert 'cephadm: default container_init to False' (bsc#1188979)
- mgr/cephadm: alias rgw-nfs -> nfs (bsc#1181291)
- mgr/cephadm: on ssh connection error, advice chmod 0600 (bsc#1183561)
- Update _constraints: only honor physical memory, not 'any memory' (e.g. swap).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3030-1
Released: Tue Sep 14 09:27:45 2021
Summary: Recommended update for patterns-base
Type: recommended
Severity: moderate
References: 1189534,1189554
This update of patterns-base fixes the following issue:
- The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3034-1
Released: Tue Sep 14 13:49:23 2021
Summary: Recommended update for python-pytz
Type: recommended
Severity: moderate
References: 1185748
This update for python-pytz fixes the following issues:
- Add %pyunittest shim for platforms where it is missing.
- Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748)
- update to 2021.1:
* update to IANA 2021a timezone release
- update to 2020.5:
* update to IANA 2020e timezone release
- update to 2020.4:
* update to IANA 2020d timezone release
- update to version 2020.1:
* Test against Python 3.8 and Python 3.9
* Bump version numbers to 2020.1/2020a
* use .rst extension name
* Make FixedOffset part of public API
- Update to 2019.3
* IANA 2019c
- Add versioned dependency on timezone database to ensure the correct data is installed
- Add a symlink to the system timezone database
- update to 2019.2
* IANA 2019b
* Defer generating case-insensitive lookups
More information about the sle-security-updates
mailing list