SUSE-CU-2022:24-1: Security update of bci/golang
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Jan 6 07:31:24 UTC 2022
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:24-1
Container Tags : bci/golang:1.16
Container Release : 6.24
Severity : important
Type : security
References : 1029961 1113013 1161276 1162581 1174504 1174504 1182345 1187654
1190401 1191563 1191592 1192248 1192423 1192688 1192717 1192858
1193480 1193597 1193598 1193759 CVE-2021-43618 CVE-2021-44716
CVE-2021-44717
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3891-1
Released: Fri Dec 3 10:21:49 2021
Summary: Recommended update for keyutils
Type: recommended
Severity: moderate
References: 1029961,1113013,1187654
This update for keyutils fixes the following issues:
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
keyutils was updated to 1.6.3 (jsc#SLE-20016):
* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow 'keyctl supports' to retrieve raw capability data.
* Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.
* Allow 'keyctl new_session' to name the keyring.
* Allow 'keyctl add/padd/etc.' to take hex-encoded data.
* Add 'keyctl watch*' to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes.
Updated to 1.6:
* Apply various specfile cleanups from Fedora.
* request-key: Provide a command line option to suppress helper execution.
* request-key: Find least-wildcard match rather than first match.
* Remove the dependency on MIT Kerberos.
* Fix some error messages
* keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
* Fix doc and comment typos.
* Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
* Add pkg-config support for finding libkeyutils.
* upstream isn't offering PGP signatures for the source tarballs anymore
Updated to 1.5.11 (bsc#1113013)
* Add keyring restriction support.
* Add KDF support to the Diffie-Helman function.
* DNS: Add support for AFS config files and SRV records
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3899-1
Released: Fri Dec 3 11:27:41 2021
Summary: Security update for aaa_base
Type: security
Severity: moderate
References: 1162581,1174504,1191563,1192248
This update for aaa_base fixes the following issues:
- Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504).
- Add $HOME/.local/bin to PATH, if it exists (bsc#1192248).
- Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563).
- Support xz compressed kernel (bsc#1162581)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3946-1
Released: Mon Dec 6 14:57:42 2021
Summary: Security update for gmp
Type: security
Severity: moderate
References: 1192717,CVE-2021-43618
This update for gmp fixes the following issues:
- CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3963-1
Released: Mon Dec 6 19:57:39 2021
Summary: Recommended update for system-users
Type: recommended
Severity: moderate
References: 1190401
This update for system-users fixes the following issues:
- system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3980-1
Released: Thu Dec 9 16:42:19 2021
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1191592
glibc was updated to fix the following issue:
- Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4145-1
Released: Wed Dec 22 05:27:48 2021
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1161276
This update for openssl-1_1 fixes the following issues:
- Remove previously applied patch because it interferes with FIPS validation (bsc#1161276)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4169-1
Released: Thu Dec 23 09:52:43 2021
Summary: Security update for go1.16
Type: security
Severity: moderate
References: 1182345,1193597,1193598,CVE-2021-44716,CVE-2021-44717
This update for go1.16 fixes the following issues:
Updated to upstream version 1.16.12 to include security fixes to the compiler,
syscall, runtime, the net/http, net/http/httptest, and time packages (bsc#1182345)
- CVE-2021-44717: syscall: don't close fd 0 on ForkExec error (bsc#1193598).
- CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4175-1
Released: Thu Dec 23 11:22:33 2021
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1192423,1192858,1193759
This update for systemd fixes the following issues:
- Bump the max number of inodes for /dev to a million (bsc#1192858)
- sleep: don't skip resume device with low priority/available space (bsc#1192423)
- test: use kbd-mode-map we ship in one more test case
- test-keymap-util: always use kbd-model-map we ship
- Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4182-1
Released: Thu Dec 23 11:51:51 2021
Summary: Recommended update for zlib
Type: recommended
Severity: moderate
References: 1192688
This update for zlib fixes the following issues:
- Fix hardware compression incorrect result on z15 hardware (bsc#1192688)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4192-1
Released: Tue Dec 28 10:39:50 2021
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1174504
This update for permissions fixes the following issues:
- Update to version 20181225:
* drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4-1
Released: Mon Jan 3 08:28:54 2022
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1193480
This update for libgcrypt fixes the following issues:
- Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480)
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-3.52.1 updated
- glibc-devel-2.31-9.6.1 updated
- glibc-2.31-9.6.1 updated
- go1.16-1.16.12-1.37.2 updated
- libgcrypt20-hmac-1.8.2-8.42.1 updated
- libgcrypt20-1.8.2-8.42.1 updated
- libgmp10-6.1.2-4.9.1 updated
- libkeyutils1-1.6.3-5.6.1 updated
- libopenssl1_1-hmac-1.1.1d-11.33.2 updated
- libopenssl1_1-1.1.1d-11.33.2 updated
- libsystemd0-246.16-7.28.1 updated
- libudev1-246.16-7.28.1 updated
- libz1-1.2.11-3.24.1 updated
- permissions-20181225-23.9.1 updated
- system-group-hardware-20170617-17.3.1 updated
- container:sles15-image-15.0.0-17.8.54 updated
More information about the sle-security-updates
mailing list