SUSE-CU-2022:493-1: Security update of ses/7/ceph/ceph
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Sun Apr 3 08:58:57 UTC 2022
SUSE Container Update Advisory: ses/7/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:493-1
Container Tags : ses/7/ceph/ceph:15.2.15.83 , ses/7/ceph/ceph:15.2.15.83.6.184 , ses/7/ceph/ceph:latest , ses/7/ceph/ceph:sle15.2.octopus
Container Release : 6.184
Severity : important
Type : security
References : 1082318 1082318 1099272 1115529 1118088 1121227 1121230 1122004
1122021 1128846 1162964 1169614 1171479 1172113 1173277 1174075
1174504 1174911 1179465 1179534 1180125 1180689 1181703 1181826
1182959 1183905 1184177 1187512 1187906 1189152 1190447 1190926
1190975 1191630 1192489 1193007 1193181 1193480 1193488 1193625
1193711 1193752 1193759 1193805 1193841 1194172 1194229 1194251
1194362 1194474 1194476 1194477 1194478 1194479 1194480 1194522
1194597 1194640 1194661 1194768 1194770 1194898 1195054 1195149
1195217 1195258 1195326 1195468 1195560 1195654 1195792 1195856
1195899 1196025 1196025 1196026 1196036 1196093 1196167 1196168
1196169 1196171 1196275 1196406 1196784 1196944 1196945 1196946
1196947 1197004 1197024 1197459 954813 CVE-2015-8985 CVE-2018-19787
CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292
CVE-2020-12762 CVE-2020-14367 CVE-2020-27783 CVE-2021-22570 CVE-2021-28957
CVE-2021-3999 CVE-2021-41617 CVE-2021-4209 CVE-2021-43818 CVE-2021-45960
CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825
CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 CVE-2022-23852
CVE-2022-23990 CVE-2022-24349 CVE-2022-24407 CVE-2022-24917 CVE-2022-24918
CVE-2022-24919 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313
CVE-2022-25314 CVE-2022-25315
-----------------------------------------------------------------
The container ses/7/ceph/ceph was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4192-1
Released: Tue Dec 28 10:39:50 2021
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1174504
This update for permissions fixes the following issues:
- Update to version 20181225:
* drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2-1
Released: Mon Jan 3 08:27:18 2022
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1183905,1193181
This update for lvm2 fixes the following issues:
- Fix lvconvert not taking `--stripes` option (bsc#1183905)
- Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4-1
Released: Mon Jan 3 08:28:54 2022
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1193480
This update for libgcrypt fixes the following issues:
- Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:70-1
Released: Thu Jan 13 15:25:27 2022
Summary: Recommended update for python-configshell-fb
Type: recommended
Severity: moderate
References:
This update for python-configshell-fb fixes the following issues:
- Upgrade to latest upstream version v1.1.29 (jsc#SLE-17360):
* setup.py: specify a version range for pyparsing
* setup.py: lets stick to pyparsing v2.4.7
* Don't warn if prefs file doesn't exist
- Update to version v1.1.28 from v1.1.27 (jsc#SLE-17360):
* version 1.1.28
* Ensure that all output reaches the client when daemonized
* Remove Epydoc markup from command messages
* Remove epydoc imports and epydoc calls
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:93-1
Released: Tue Jan 18 05:11:58 2022
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: important
References: 1192489
This update for openssl-1_1 fixes the following issues:
- Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:94-1
Released: Tue Jan 18 05:13:24 2022
Summary: Recommended update for rpm
Type: recommended
Severity: important
References: 1180125,1193711
This update for rpm fixes the following issues:
- Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:124-1
Released: Wed Jan 19 05:03:04 2022
Summary: Recommended update for shared-mime-info
Type: recommended
Severity: moderate
References: 1191630
This update for shared-mime-info fixes the following issues:
- Fix nautilus not launching applications because all applications are not detected as
executable program but as shared library (bsc#1191630)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:141-1
Released: Thu Jan 20 13:47:16 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1169614
This update for permissions fixes the following issues:
- Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:178-1
Released: Tue Jan 25 14:16:23 2022
Summary: Security update for expat
Type: security
Severity: important
References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827
This update for expat fixes the following issues:
- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).
- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).
- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).
- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).
- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).
- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).
- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).
- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:184-1
Released: Tue Jan 25 18:20:56 2022
Summary: Security update for json-c
Type: security
Severity: important
References: 1171479,CVE-2020-12762
This update for json-c fixes the following issues:
- CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:228-1
Released: Mon Jan 31 06:07:52 2022
Summary: Recommended update for boost
Type: recommended
Severity: moderate
References: 1194522
This update for boost fixes the following issues:
- Fix compilation errors (bsc#1194522)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:348-1
Released: Tue Feb 8 13:02:20 2022
Summary: Recommended update for libzypp
Type: recommended
Severity: important
References: 1193007,1193488,1194597,1194898,954813
This update for libzypp fixes the following issues:
- RepoManager: remember execution errors in exception history (bsc#1193007)
- Fix exception handling when reading or writing credentials (bsc#1194898)
- Fix install path for parser (bsc#1194597)
- Fix Legacy include (bsc#1194597)
- Public header files on older distros must use c++11 (bsc#1194597)
- Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488)
- Fix wrong encoding of URI compontents of ISO images (bsc#954813)
- When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible
- Introduce zypp-curl as a sublibrary for CURL related code
- zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set
- Save all signatures associated with a public key in its PublicKeyData
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:476-1
Released: Thu Feb 17 10:31:35 2022
Summary: Recommended update for nfs-utils
Type: recommended
Severity: moderate
References: 1194661
This update for nfs-utils fixes the following issues:
- If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:498-1
Released: Fri Feb 18 10:46:56 2022
Summary: Security update for expat
Type: security
Severity: important
References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990
This update for expat fixes the following issues:
- CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054).
- CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:511-1
Released: Fri Feb 18 12:41:53 2022
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1082318,1189152
This update for coreutils fixes the following issues:
- Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152).
- Properly sort docs and license files (bsc#1082318).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:523-1
Released: Fri Feb 18 12:49:09 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1193759,1193841
This update for systemd fixes the following issues:
- systemctl: exit with 1 if no unit files found (bsc#1193841).
- add rules for virtual devices (bsc#1193759).
- enforce 'none' for loop devices (bsc#1193759).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:572-1
Released: Thu Feb 24 11:58:05 2022
Summary: Recommended update for psmisc
Type: recommended
Severity: moderate
References: 1194172
This update for psmisc fixes the following issues:
- Determine the namespace of a process only once to speed up the parsing of 'fdinfo'. (bsc#1194172)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:674-1
Released: Wed Mar 2 13:24:38 2022
Summary: Recommended update for yast2-network
Type: recommended
Severity: moderate
References: 1187512
This update for yast2-network fixes the following issues:
- Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:692-1
Released: Thu Mar 3 15:46:47 2022
Summary: Recommended update for filesystem
Type: recommended
Severity: moderate
References: 1190447
This update for filesystem fixes the following issues:
- Release ported filesystem to LTSS channels (bsc#1190447).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:701-1
Released: Thu Mar 3 17:45:33 2022
Summary: Recommended update for sudo
Type: recommended
Severity: moderate
References: 1181703
This update for sudo fixes the following issues:
- Add support in the LDAP filter for negated users (jsc#SLE-20068)
- Restrict use of sudo -U other -l to people who have permission
to run commands as that user (bsc#1181703, jsc#SLE-22569)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:702-1
Released: Thu Mar 3 18:22:59 2022
Summary: Security update for cyrus-sasl
Type: security
Severity: important
References: 1196036,CVE-2022-24407
This update for cyrus-sasl fixes the following issues:
- CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:713-1
Released: Fri Mar 4 09:34:17 2022
Summary: Security update for expat
Type: security
Severity: important
References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:717-1
Released: Fri Mar 4 09:45:20 2022
Summary: Security update for gnutls
Type: security
Severity: moderate
References: 1196167,CVE-2021-4209
This update for gnutls fixes the following issues:
- CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:787-1
Released: Thu Mar 10 11:20:13 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References:
This update for openldap2 fixes the following issue:
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:788-1
Released: Thu Mar 10 11:21:04 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1195326
This update for libzypp, zypper fixes the following issues:
- Fix handling of redirected command in-/output (bsc#1195326)
This fixes delays at the end of zypper operations, where
zypper unintentionally waits for appdata plugin scripts to
complete.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:789-1
Released: Thu Mar 10 11:22:05 2022
Summary: Recommended update for update-alternatives
Type: recommended
Severity: moderate
References: 1195654
This update for update-alternatives fixes the following issues:
- Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:803-1
Released: Thu Mar 10 17:35:53 2022
Summary: Security update for python-lxml
Type: security
Severity: important
References: 1118088,1179534,1184177,1193752,CVE-2018-19787,CVE-2020-27783,CVE-2021-28957,CVE-2021-43818
This update for python-lxml fixes the following issues:
- CVE-2018-19787: Fixed XSS vulnerability via unescaped URL (bsc#1118088).
- CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped (bsc#1184177).
- CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs (bnc#1193752).
- CVE-2020-27783: Fixed mutation XSS with improper parser use (bnc#1179534).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:805-1
Released: Thu Mar 10 18:05:31 2022
Summary: Security update for openssh
Type: security
Severity: important
References: 1190975,CVE-2021-41617
This update for openssh fixes the following issues:
- CVE-2021-41617: Fixed a potential privilege escalation for non-default
configuration settings (bsc#1190975).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:808-1
Released: Fri Mar 11 06:07:58 2022
Summary: Recommended update for procps
Type: recommended
Severity: moderate
References: 1195468
This update for procps fixes the following issues:
- Stop registering signal handler for SIGURG, to avoid `ps` failure if
someone sends such signal. Without the signal handler, SIGURG will
just be ignored. (bsc#1195468)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:832-1
Released: Mon Mar 14 17:27:03 2022
Summary: Security update for glibc
Type: security
Severity: important
References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219
glibc was updated to fix the following issues:
Security issues fixed:
- CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)
- CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770)
- CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640)
- CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625)
Also the following bug was fixed:
- Fix pthread_rwlock_try*lock stalls (bsc#1195560)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:844-1
Released: Tue Mar 15 11:33:57 2022
Summary: Security update for expat
Type: security
Severity: important
References: 1196025,1196784,CVE-2022-25236
This update for expat fixes the following issues:
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:845-1
Released: Tue Mar 15 11:40:52 2022
Summary: Security update for chrony
Type: security
Severity: moderate
References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367
This update for chrony fixes the following issues:
Chrony was updated to 4.1, bringing features and bugfixes.
Update to 4.1
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Ensure the correct pool packages are installed for openSUSE
and SLE (bsc#1180689).
- Fix pool package dependencies, so that SLE prefers chrony-pool-suse
over chrony-pool-empty. (bsc#1194229)
- Enable syscallfilter unconditionally [bsc#1181826].
Update to 4.0
- Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and 'reload sources' command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get 'maxsources'
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add 'add pool' command
- Add 'reset sources' command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Don’t set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that don’t support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option 'version 3')
- Drop support for line editing with GNU Readline
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
Update to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv at .service
(bsc#1128846).
- Read runtime servers from /var/run/netconfig/chrony.servers to
fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
should be no executables in /usr/share.
Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:861-1
Released: Tue Mar 15 23:30:48 2022
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1182959,1195149,1195792,1195856
This update for openssl-1_1 fixes the following issues:
openssl-1_1:
- Fix PAC pointer authentication in ARM (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
glibc:
- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1
linux-glibc-devel:
- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1
libxcrypt:
- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1
zlib:
- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:867-1
Released: Wed Mar 16 07:14:44 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1193805
This update for libtirpc fixes the following issues:
- Fix memory leak in client protocol version 2 code (bsc#1193805)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:874-1
Released: Wed Mar 16 10:40:52 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1197004
This update for openldap2 fixes the following issue:
- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:884-1
Released: Thu Mar 17 09:47:43 2022
Summary: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339
Type: recommended
Severity: moderate
References: 1082318
This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues:
- Add patch to fix build with new webcolors.
- update to version 3.2.0 (jsc#SLE-18756):
* Added a format_nongpl setuptools extra, which installs only format
dependencies that are non-GPL (#619).
- specfile:
* require python-importlib-metadata
- update to version 3.1.1:
* Temporarily revert the switch to js-regex until #611 and #612 are
resolved.
- changes from version 3.1.0:
- Regular expressions throughout schemas now respect the ECMA 262
dialect, as recommended by the specification (#609).
- Activate more of the test suite
- Remove tests and benchmarking from the runtime package
- Update to v3.0.2
- Fixed a bug where 0 and False were considered equal by
const and enum
- from v3.0.1
- Fixed a bug where extending validators did not preserve their
notion of which validator property contains $id information.
- Update to 3.0.1:
- Support for Draft 6 and Draft 7
- Draft 7 is now the default
- New TypeChecker object for more complex type definitions (and overrides)
- Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification
- Use %license instead of %doc (bsc#1082318)
- Remove hashbang from runtime module
- Replace PyPI URL with https://github.com/dgerber/rfc3987
- Activate doctests
- Add missing runtime dependency on timezone
- Replace dead link with GitHub URL
- Activate test suite
- Trim bias from descriptions.
- Initial commit, needed by flex
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:936-1
Released: Tue Mar 22 18:10:17 2022
Summary: Recommended update for filesystem and systemd-rpm-macros
Type: recommended
Severity: moderate
References: 1196275,1196406
This update for filesystem and systemd-rpm-macros fixes the following issues:
filesystem:
- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
systemd-rpm-macros:
- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:960-1
Released: Tue Mar 29 09:57:48 2022
Summary: Security update for zabbix
Type: security
Severity: moderate
References: 1196944,1196945,1196946,1196947,CVE-2022-24349,CVE-2022-24917,CVE-2022-24918,CVE-2022-24919
This update for zabbix fixes the following issues:
- CVE-2022-24349: Fixed a reflected XSS in the action configuration window (bsc#1196944).
- CVE-2022-24917: Fixed a reflected XSS in the service configuration window (bsc#1196945).
- CVE-2022-24918: Fixed a reflected XSS in the item configuration window (bsc#1196946).
- CVE-2022-24919: Fixed a reflected XSS in the graph configuration window (bsc#1196947).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1021-1
Released: Tue Mar 29 13:24:21 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1195899
This update for systemd fixes the following issues:
- allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1032-1
Released: Tue Mar 29 18:41:26 2022
Summary: Recommended update for openssh
Type: recommended
Severity: moderate
References: 1179465
This update for openssh fixes the following issue:
- Make ssh connections update their dbus environment (bsc#1179465).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1040-1
Released: Wed Mar 30 09:40:58 2022
Summary: Security update for protobuf
Type: security
Severity: moderate
References: 1195258,CVE-2021-22570
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released: Wed Mar 30 18:27:06 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1197459,CVE-2018-25032
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1073-1
Released: Fri Apr 1 11:45:01 2022
Summary: Security update for yaml-cpp
Type: security
Severity: moderate
References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
The following package changes have been done:
- boost-license1_66_0-1.66.0-12.3.1 updated
- coreutils-8.29-4.3.1 updated
- device-mapper-1.02.163-8.39.1 updated
- filesystem-15.0-11.8.1 updated
- glibc-locale-base-2.26-13.65.1 updated
- glibc-2.26-13.65.1 updated
- libaugeas0-1.10.1-3.9.1 updated
- libboost_system1_66_0-1.66.0-12.3.1 updated
- libboost_thread1_66_0-1.66.0-12.3.1 updated
- libdevmapper-event1_03-1.02.163-8.39.1 updated
- libdevmapper1_03-1.02.163-8.39.1 updated
- libexpat1-2.2.5-3.19.1 updated
- libgcrypt20-hmac-1.8.2-8.42.1 updated
- libgcrypt20-1.8.2-8.42.1 updated
- libgnutls30-hmac-3.6.7-14.16.1 updated
- libgnutls30-3.6.7-14.16.1 updated
- libjson-c3-0.13-3.3.1 updated
- libldap-2_4-2-2.4.46-9.64.1 updated
- libldap-data-2.4.46-9.64.1 updated
- liblvm2cmd2_03-2.03.05-8.39.1 updated
- libopenssl1_1-hmac-1.1.1d-11.43.1 updated
- libopenssl1_1-1.1.1d-11.43.1 updated
- libprocps7-3.3.15-7.22.1 updated
- libprotobuf-lite20-3.9.2-4.12.1 updated
- libsasl2-3-2.1.26-5.10.1 updated
- libsystemd0-234-24.108.1 updated
- libtirpc-netconfig-1.0.2-3.11.1 updated
- libtirpc3-1.0.2-3.11.1 updated
- libudev1-234-24.108.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.30.1 updated
- libzypp-17.29.4-31.1 updated
- lvm2-2.03.05-8.39.1 updated
- nfs-client-2.1.1-10.21.1 updated
- nfs-kernel-server-2.1.1-10.21.1 updated
- openssh-fips-8.1p1-5.25.1 updated
- openssh-8.1p1-5.25.1 updated
- openssl-1_1-1.1.1d-11.43.1 updated
- pam-1.3.0-150000.6.55.3 updated
- permissions-20181225-23.12.1 updated
- procps-3.3.15-7.22.1 updated
- psmisc-23.0-6.19.1 updated
- python3-configshell-fb-1.1.29-3.3.1 updated
- python3-lxml-4.7.1-3.7.1 updated
- python3-six-1.14.0-12.1 updated
- rpm-4.14.1-22.7.1 updated
- shared-mime-info-1.12-3.3.1 updated
- sudo-1.8.27-4.24.1 updated
- systemd-234-24.108.1 updated
- udev-234-24.108.1 updated
- update-alternatives-1.19.0.4-4.3.1 updated
- zabbix-agent-4.0.31-150200.1.6.1 updated
- zypper-1.14.51-27.1 updated
- container:sles15-image-15.0.0-9.5.113 updated
More information about the sle-security-updates
mailing list