SUSE-CU-2022:833-1: Security update of ses/7/ceph/ceph

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Apr 29 10:33:52 UTC 2022


SUSE Container Update Advisory: ses/7/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:833-1
Container Tags        : ses/7/ceph/ceph:15.2.16.99 , ses/7/ceph/ceph:15.2.16.99.6.228 , ses/7/ceph/ceph:latest , ses/7/ceph/ceph:sle15.2.octopus
Container Release     : 6.228
Severity              : important
Type                  : security
References            : 1172427 1177460 1179557 1183533 1184501 1187748 1188911 1191157
                        1192838 1193489 1194642 1194848 1194883 1195231 1195251 1195628
                        1195999 1196046 1196061 1196107 1196317 1196368 1196514 1196733
                        1196787 1196925 1196938 1196939 1197004 1197134 1197188 1197297
                        1197788 1198062 1198237 CVE-2021-28153 CVE-2022-1271 
-----------------------------------------------------------------

The container ses/7/ceph/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released:    Mon Apr  4 12:53:05 2022
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1194883
This update for aaa_base fixes the following issues:

- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
  multi byte characters as well as support the vi mode of readline library

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1109-1
Released:    Mon Apr  4 17:50:01 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    important
References:  1172427,1194642
This update for util-linux fixes the following issues:

- Improve throughput and reduce clock sequence increments for high load situation with time based 
  version 1 uuids. (bsc#1194642)
- Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642)
- Warn if uuidd lock state is not usable. (bsc#1194642)
- Fix 'su -s' bash completion. (bsc#1172427)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released:    Tue Apr  5 18:34:06 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2022a (bsc#1177460):
  * Palestine will spring forward on 2022-03-27, not on 03-26
  * `zdump -v` now outputs better failure indications
  * Bug fixes for code that reads corrupted TZif data

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1126-1
Released:    Thu Apr  7 14:05:02 2022
Summary:     Recommended update for nfs-utils
Type:        recommended
Severity:    moderate
References:  1197297,1197788
This update for nfs-utils fixes the following issues:

- Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297)
  * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels.
- Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1145-1
Released:    Mon Apr 11 14:59:54 2022
Summary:     Recommended update for tcmu-runner
Type:        recommended
Severity:    moderate
References:  1196787
This update for tcmu-runner fixes the following issues:

- fix g_object_unref: assertion 'G_IS_OBJECT (object)' failed. (bsc#1196787)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1157-1
Released:    Tue Apr 12 13:26:19 2022
Summary:     Security update for libsolv, libzypp, zypper
Type:        security
Severity:    important
References:  1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:

Security relevant fix:

- Harden package signature checks (bsc#1184501).

libsolv update to 0.7.22:

- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
  new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
  new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
  new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime

libzypp update to 17.30.0:

- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
  Pay attention that header and payload are secured by a valid
  signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
  A previously released ISO image may need a bit more time to
  release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)

zypper update to 1.14.52:

- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released:    Tue Apr 12 14:44:43 2022
Summary:     Security update for xz
Type:        security
Severity:    important
References:  1198062,CVE-2022-1271
This update for xz fixes the following issues:

- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1203-1
Released:    Thu Apr 14 11:43:28 2022
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1195231
This update for lvm2 fixes the following issues:

- udev: create symlinks and watch even in suspended state (bsc#1195231)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released:    Fri Apr 22 10:04:46 2022
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    moderate
References:  1196939
This update for e2fsprogs fixes the following issues:

- Add support for 'libreadline7' for Leap. (bsc#1196939)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1374-1
Released:    Mon Apr 25 15:02:13 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1191157,1197004
This update for openldap2 fixes the following issues:

- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
  resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released:    Tue Apr 26 12:54:57 2022
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1195628,1196107
This update for gcc11 fixes the following issues:

- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
  packages provided by older GCC work.  Add a requires from that
  package to the corresponding libstc++6 package to keep those
  at the same version.  [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
  to Recommends.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1424-1
Released:    Wed Apr 27 09:49:39 2022
Summary:     Recommended update for ceph-salt
Type:        recommended
Severity:    moderate
References:  1179557,1187748,1188911,1192838,1196046,1196733,1196938,1197188
This update for ceph-salt fixes the following issues:

- Update to 15.2.18+1648116143.g2de2e6c:
  + Add OS and Ceph version info to ceph-salt status output (#480)
  + ceph-salt-formula: Add hosts with admin label (#480)
  + Add the orchestrator _admin host label during ceph-salt update
    (#477, bsc#1197188)
  + Config the ssh key after package install/upgrade (#474, bsc#1196938)

- Update to 15.2.17+1646036007.g71de5d9:
  + Use ipaddress module to determine loopback interfaces (#472)

This update for ceph, ceph-iscsi fixes the following issues:

- Update to v15.2.16-99-g96ce9b152f5 
  + (bsc#1196733) ceph.spec.in: remove build directory during %clean

- Update to v15.2.16-97-ge5eb7a74fdf
  + (pr#464) ses7: mgr/cephadm: try to get FQDN for configuration files 
  + (pr#466) cephadm: infer the default container image during pull
  + (pr#444) [SES7] Notify user that there is a SES7.1 upgrade available

- Update to v15.2.16-93-gafbeee1955c
  + (bsc#1196046) mgr/cephadm: try to get FQDN for configuration files

- Update to v15.2.16
  + rebase on top of Ceph v15.2.16 tag v15.2.16
  + https://ceph.io/en/news/blog/2022/v15-2-16-octopus-released/
  + (bsc#1192838) cephadm: Fix iscsi client caps (allow mgr service status calls)
  + (bsc#1187748) When an RBD is mapped, it is attempted to be deployed as an OSD.
  + (bsc#1188911) OSD marked down causes wrong backfill_toofull

- Update to v15.2.16-99-g96ce9b152f5 
  + (bsc#1196733) ceph.spec.in: remove build directory during %clean

- Update to v15.2.16-97-ge5eb7a74fdf
  + (pr#464) ses7: mgr/cephadm: try to get FQDN for configuration files 
  + (pr#466) cephadm: infer the default container image during pull
  + (pr#444) [SES7] Notify user that there is a SES7.1 upgrade available

- Update to v15.2.16-93-gafbeee1955c
  + (bsc#1196046) mgr/cephadm: try to get FQDN for configuration files

- Update to 3.5+1647618797.gb7bc626.
  + ceph_iscsi_config: disable emulate_legacy_capacity (bsc#1179557)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1438-1
Released:    Wed Apr 27 15:27:19 2022
Summary:     Recommended update for systemd-presets-common-SUSE
Type:        recommended
Severity:    low
References:  1195251
This update for systemd-presets-common-SUSE fixes the following issue:

- enable vgauthd service for VMWare by default (bsc#1195251)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1439-1
Released:    Wed Apr 27 16:08:04 2022
Summary:     Recommended update for binutils
Type:        recommended
Severity:    moderate
References:  1198237
This update for binutils fixes the following issues:

- The official name IBM z16 for IBM zSeries arch14 is recognized.  (bsc#1198237)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1452-1
Released:    Thu Apr 28 10:48:06 2022
Summary:     Recommended update for perl
Type:        recommended
Severity:    moderate
References:  1193489
This update for perl fixes the following issues:

- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1455-1
Released:    Thu Apr 28 11:31:51 2022
Summary:     Security update for glib2
Type:        security
Severity:    low
References:  1183533,CVE-2021-28153
This update for glib2 fixes the following issues:

- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).


The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- binutils-2.37-150100.7.29.1 updated
- ceph-base-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- ceph-common-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- ceph-grafana-dashboards-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- ceph-iscsi-3.5+1647618797.gb7bc626-150200.3.9.1 updated
- ceph-mds-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- ceph-mgr-cephadm-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- ceph-mgr-dashboard-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- ceph-mgr-modules-core-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- ceph-mgr-rook-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- ceph-mgr-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- ceph-mon-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- ceph-osd-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- ceph-prometheus-alerts-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- ceph-radosgw-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- cephadm-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- ceph-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- device-mapper-1.02.163-8.42.1 updated
- e2fsprogs-1.43.8-150000.4.29.1 updated
- glib2-tools-2.62.6-150200.3.9.1 updated
- libblkid1-2.33.2-150100.4.21.1 updated
- libcephfs2-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- libcom_err2-1.43.8-150000.4.29.1 updated
- libctf-nobfd0-2.37-150100.7.29.1 updated
- libctf0-2.37-150100.7.29.1 updated
- libdevmapper-event1_03-1.02.163-8.42.1 updated
- libdevmapper1_03-1.02.163-8.42.1 updated
- libext2fs2-1.43.8-150000.4.29.1 updated
- libfdisk1-2.33.2-150100.4.21.1 updated
- libgcc_s1-11.2.1+git610-150000.1.6.6 updated
- libgio-2_0-0-2.62.6-150200.3.9.1 updated
- libglib-2_0-0-2.62.6-150200.3.9.1 updated
- libgmodule-2_0-0-2.62.6-150200.3.9.1 updated
- libgobject-2_0-0-2.62.6-150200.3.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.5.1 updated
- libldap-data-2.4.46-150200.14.5.1 updated
- liblvm2cmd2_03-2.03.05-8.42.1 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.33.2-150100.4.21.1 updated
- librados2-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- librbd1-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- librgw2-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- libsmartcols1-2.33.2-150100.4.21.1 updated
- libsolv-tools-0.7.22-150200.12.1 updated
- libstdc++6-11.2.1+git610-150000.1.6.6 updated
- libtcmu2-1.5.2-150200.2.7.1 updated
- libuuid1-2.33.2-150100.4.21.1 updated
- libzypp-17.30.0-150200.36.1 updated
- lvm2-2.03.05-8.42.1 updated
- nfs-client-2.1.1-150100.10.24.1 updated
- nfs-kernel-server-2.1.1-150100.10.24.1 updated
- perl-base-5.26.1-150000.7.15.1 updated
- python3-ceph-argparse-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- python3-ceph-common-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- python3-cephfs-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- python3-rados-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- python3-rbd-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- python3-rgw-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- rbd-mirror-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated
- systemd-presets-common-SUSE-15-150100.8.12.1 updated
- tcmu-runner-handler-rbd-1.5.2-150200.2.7.1 updated
- tcmu-runner-1.5.2-150200.2.7.1 updated
- timezone-2022a-150000.75.7.1 updated
- util-linux-2.33.2-150100.4.21.1 updated
- xz-5.2.3-150000.4.7.1 updated
- zypper-1.14.52-150200.30.2 updated
- container:sles15-image-15.0.0-9.5.129 updated


More information about the sle-security-updates mailing list