SUSE-CU-2022:36-1: Security update of suse/sles/15.3/virt-launcher

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Jan 10 16:34:46 UTC 2022


SUSE Container Update Advisory: suse/sles/15.3/virt-launcher
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:36-1
Container Tags        : suse/sles/15.3/virt-launcher:0.45.0 , suse/sles/15.3/virt-launcher:0.45.0-8.7.1 , suse/sles/15.3/virt-launcher:0.45.0.8.17.1
Container Release     : 8.17.1
Severity              : important
Type                  : security
References            : 1027519 1029961 1073299 1093392 1104700 1112310 1113013 1113554
                        1120402 1130557 1134353 1140016 1150451 1160242 1169582 1172055
                        1173646 1177460 1177460 1177460 1177460 1177460 1177902 1178346
                        1178350 1178353 1180125 1180914 1183247 1183374 1183709 1183858
                        1183905 1184994 1185016 1185524 1185588 1186071 1186398 1186910
                        1187190 1187196 1187270 1187512 1187654 1187668 1187958 1188127
                        1188291 1188344 1188588 1188713 1188869 1189176 1189234 1189241
                        1189287 1189441 1189446 1189480 1189537 1189702 1189841 1189938
                        1190190 1190401 1190420 1190425 1190440 1190493 1190587 1190598
                        1190622 1190645 1190693 1190695 1190739 1190839 1190915 1190917
                        1190933 1190984 1191019 1191054 1191200 1191242 1191260 1191339
                        1191363 1191480 1191532 1191668 1191690 1191690 1191804 1191804
                        1191922 1192013 1192017 1192104 1192126 1192161 1192423 1192529
                        1192554 1192557 1192559 1192568 1192840 1192858 1193181 1193430
                        1193623 1193719 1193759 1193930 1193981 1194041 CVE-2020-14312
                        CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707
                        CVE-2021-28708 CVE-2021-28709 CVE-2021-3426 CVE-2021-3448 CVE-2021-3713
                        CVE-2021-3733 CVE-2021-3737 CVE-2021-3748 CVE-2021-4147 CVE-2021-43565
-----------------------------------------------------------------

The container suse/sles/15.3/virt-launcher was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released:    Tue Jul 17 09:01:19 2018
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1073299,1093392
This update for timezone provides the following fixes:

- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
  in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
  timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
  setting an incorrect timezone. (bsc#1093392)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released:    Thu Oct 25 14:48:34 2018
Summary:     Recommended update for timezone, timezone-java
Type:        recommended
Severity:    moderate
References:  1104700,1112310

  
This update for timezone, timezone-java fixes the following issues:

The timezone database was updated to 2018f:

- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates

Other bugfixes:

- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released:    Wed Oct 31 16:16:56 2018
Summary:     Recommended update for timezone, timezone-java
Type:        recommended
Severity:    moderate
References:  1113554
This update provides the latest time zone definitions (2018g), including the following change:

- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released:    Tue Jan 15 18:02:58 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1120402
This update for timezone fixes the following issues:

- Update 2018i:
  São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
  Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
  New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
  Metlakatla, Alaska observes PST this winter only
  Guess Morocco will continue to adjust clocks around Ramadan
  Add predictions for Iran from 2038 through 2090
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released:    Thu Mar 28 12:06:17 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1130557
This update for timezone fixes the following issues:

timezone was updated 2019a:

* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released:    Thu Jul 11 07:47:55 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1140016
This update for timezone fixes the following issues:

- Timezone update 2019b. (bsc#1140016):
  - Brazil no longer observes DST.
  - 'zic -b slim' outputs smaller TZif files.
  - Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
  - Add info about the Crimea situation.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released:    Thu Oct 24 07:08:44 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1150451
This update for timezone fixes the following issues:

- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released:    Mon May 18 09:40:36 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1169582
This update for timezone fixes the following issues:

- timezone update 2020a. (bsc#1169582)
  * Morocco springs forward on 2020-05-31, not 2020-05-24.
  * Canada's Yukon advanced to -07 year-round on 2020-03-08.
  * America/Nuuk renamed from America/Godthab.
  * zic now supports expiration dates for leap second lists.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released:    Thu Jun  4 13:24:37 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1172055
This update for timezone fixes the following issue:

- zdump --version reported 'unknown' (bsc#1172055)
 
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released:    Thu Oct 29 19:33:41 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2020b (bsc#1177460)
  * Revised predictions for Morocco's changes starting in 2023.
  * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
  * Macquarie Island has stayed in sync with Tasmania since 2011.
  * Casey, Antarctica is at +08 in winter and +11 in summer.
  * zic no longer supports -y, nor the TYPE field of Rules.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released:    Tue Nov  3 09:48:13 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:

- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released:    Wed Jan 20 13:38:51 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2020f (bsc#1177460)
  * 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
    fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)
  * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

- timezone update 2020f (bsc#1177460)
  * 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
    fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)
  * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released:    Thu Feb  4 08:46:27 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2021a (bsc#1177460)
  * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

- timezone update 2021a (bsc#1177460)
  * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released:    Thu Jul 29 14:21:52 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3203-1
Released:    Thu Sep 23 14:41:35 2021
Summary:     Recommended update for kmod
Type:        recommended
Severity:    moderate
References:  1189537,1190190
This update for kmod fixes the following issues:

- Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190).
- Enable support for ZSTD compressed modules    
- Display module information even for modules built into the running kernel (bsc#1189537)
- '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well.
- Remove test patches included in release 29

- Update to release 29
  * Fix `modinfo -F` not working for built-in modules and certain fields.
  * Fix a memory leak, overflow and double free on error path.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3241-1
Released:    Tue Sep 28 00:24:49 2021
Summary:     Recommended update for multipath-tools
Type:        recommended
Severity:    important
References:  1189176,1190622
This update for multipath-tools provides the following fixes:

- Update to version 0.8.5+82+suse.746b76e:
  * libmultipath: avoid buffer size warning with systemd 240+. (bsc#1189176)
- Add a versioned dependency of multipath-tools on libmpath0. (bsc#1190622)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3306-1
Released:    Wed Oct  6 18:11:57 2021
Summary:     Recommended update for numactl
Type:        recommended
Severity:    moderate
References:  
This update for numactl fixes the following issues:
    
- Fix System call numbers on s390x.
- Debug verify for --preferred option.
- Description for the usage of numactl.
- Varios memleacks on source files: sysfs.c, shm.c and numactl.c
- Description for numa_node_size64 and definition for numa_node_size in manpage.
- link with -latomic when needed.
- Clear race conditions on numa_police_memory().
- numademo: Use first two nodes instead of node 0 and 1
- Enhance _service settings
- Enable automake

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3310-1
Released:    Wed Oct  6 18:12:41 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1134353,1184994,1188291,1188588,1188713,1189446,1189480
This update for systemd fixes the following issues:

- Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353).
- Multipath: Rules weren't applied to dm devices (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994).
- Remove kernel unsupported single-queue block I/O.
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when updating active udev on sockets restart (bsc#1188291).

- Merge of v246.16, for a complete list of changes, visit:
   https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d

- Drop 1007-tmpfiles-follow-SUSE-policies.patch:
   Since most of the tmpfiles config files shipped by upstream are
   ignored (see previous commit 'Drop most of the tmpfiles that deal
   with generic paths'), this patch is no more relevant.

Additional fixes:
- core: make sure cgroup_oom_queue is flushed on manager exit.
- cgroup: do 'catchup' for unit cgroup inotify watch files.
- journalctl: never fail at flushing when the flushed flag is set (bsc#1188588).
- manager: reexecute on SIGRTMIN+25, user instances only.
- manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446).
- pid1: watchdog modernizations.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3410-1
Released:    Wed Oct 13 10:41:36 2021
Summary:     Recommended update for xkeyboard-config
Type:        recommended
Severity:    moderate
References:  1191242
This update for xkeyboard-config fixes the following issue:

- Wrong keyboard mapping causing input delays with ABNT2 keyboards. (bsc#1191242)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3411-1
Released:    Wed Oct 13 10:42:25 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1191019
This update for lvm2 fixes the following issues:

- Do not crash vgextend when extending VG with missing PV. (bsc#1191019)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3413-1
Released:    Wed Oct 13 10:50:45 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1189441,1189841,1190598
This update for suse-module-tools fixes the following issues:

- Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598)
- Fixed an issue where initrd was not always rebuilding after installing
  any kernel-*-extra package (bsc#1189441)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3480-1
Released:    Wed Oct 20 11:24:10 2021
Summary:     Recommended update for yast2-network
Type:        recommended
Severity:    moderate
References:  1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933
This update for yast2-network fixes the following issues:

- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).
- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).
- Consider aliases sections as case insensitive (bsc#1190739).
- Display user defined device name in the devices overview (bnc#1190645).
- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).
- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).
- Fix desktop file so the control center tooltip is translated (bsc#1187270).
- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).
- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3509-1
Released:    Tue Oct 26 09:47:40 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1191200,1191260,1191480,1191804,1191922
This update for suse-module-tools fixes the following issues:

Update to version 15.3.13:

- Fix bad exit status in openQA. (bsc#1191922)
- Ignore kernel keyring for kernel certificates. (bsc#1191480)
- Deal with existing certificates that should be de-enrolled. (bsc#1191804)
- Don't pass existing files to weak-modules2. (bsc#1191200)
- Skip certificate scriptlet on non-UEFI systems. (bsc#1191260)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3530-1
Released:    Wed Oct 27 09:24:29 2021
Summary:     Security update for dnsmasq
Type:        security
Severity:    moderate
References:  1173646,1180914,1183709,CVE-2020-14312,CVE-2021-3448
This update for dnsmasq fixes the following issues:

Update to version 2.86

- CVE-2021-3448: fixed outgoing port used when --server is used with an interface name. (bsc#1183709)
- CVE-2020-14312: Set --local-service by default (bsc#1173646).
- Open inotify socket only when used (bsc#1180914).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3532-1
Released:    Wed Oct 27 10:11:20 2021
Summary:     Recommended update for pmdk
Type:        recommended
Severity:    important
References:  1191339
This update for pmdk fixes the following issues:

- Fixed an issue when 'PMDK' causes data corruption on power failure. (bsc#1191339)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3538-1
Released:    Wed Oct 27 10:40:32 2021
Summary:     Recommended update for iproute2
Type:        recommended
Severity:    moderate
References:  1160242
This update for iproute2 fixes the following issues:

- Follow-up fixes backported from upstream. (bsc#1160242)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3589-1
Released:    Mon Nov  1 19:27:52 2021
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1191690
This update for apparmor fixes the following issues:

- Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3605-1
Released:    Wed Nov  3 14:59:32 2021
Summary:     Security update for qemu
Type:        security
Severity:    important
References:  1189234,1189702,1189938,1190425,CVE-2021-3713,CVE-2021-3748
This update for qemu fixes the following issues:

Security issues fixed:

- CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702)
- CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938)

Non-security issues fixed:

- Add transfer length item in block limits page of scsi vpd (bsc#1190425)
- Fix qemu crash while deleting xen-block (bsc#1189234)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3619-1
Released:    Fri Nov  5 12:29:52 2021
Summary:     Security update for libvirt
Type:        security
Severity:    moderate
References:  1177902,1183247,1186398,1190420,1190493,1190693,1190695,1190917
This update for libvirt fixes the following issues:

- lxc: controller: Fix container launch on cgroup v1. (bsc#1183247)
- supportconfig: Use systemctl command 'is-active' instead of 'is-enabled' when checking if libvirtd is active.
- qemu: Do not report error in the logs when processing monitor IO. (bsc#1190917)
- spec: Fix an issue when package update hangs (bsc#1177902, bsc#1190693)
- spec: Don't add '--timeout' argument to '/etc/sysconfig/libvirtd' when running in traditional mode without socket activation. (bsc#1190695)
- libxl: Improve reporting of 'die_id' in capabilities. (bsc#1190493)
- libxl: Fix driver reload. (bsc#1190420)
- qemu: Set label on virtual host network device when hotplugging. (bsc#1186398)
- supportconfig: When checking for installed hypervisor drivers,
  use the libvirtr-daemon-driver-<hypervisor> package instead of
  libvirt-daemon-<hypervisor>. The latter are not required packages
  for a functioning hypervisor driver.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3663-1
Released:    Mon Nov 15 19:14:32 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    moderate
References:  1191804
This update for suse-module-tools fixes the following issues:

- Update to version 15.3.14:
  * more fixes for updates under secure boot
  * cert-script: Deal with existing $cert.delete file (bsc#1191804).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3790-1
Released:    Wed Nov 24 06:10:31 2021
Summary:     Recommended update for open-iscsi
Type:        recommended
Severity:    moderate
References:  1187190,1187958,1188869,1191054,1192013,1192568
This update for open-iscsi fixes the following issues:

- Ensure executables are not moved from /sbin to /usr/sbin in SLE (bsc#1192013)(bsc#1191054)
- iscsi-init.service default dependencies can cause the boot to hang so they have been removed (bsc#1187190)
- IPv6 offload iSCSI lun needs to be exposed during installation (bsc#1187958)
- iscsid needs to use the new prctl(PR_SET_IO_FLUSHER) system call (bsc#1188869)
- The iscsi-init.service unit can run too early, when root is read-only, causing it to fail (bsc#1192568)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3792-1
Released:    Wed Nov 24 06:12:09 2021
Summary:     Recommended update for kmod
Type:        recommended
Severity:    moderate
References:  1192104
This update for kmod fixes the following issues:

- Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3808-1
Released:    Fri Nov 26 00:30:54 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1186071,1190440,1190984,1192161
This update for systemd fixes the following issues:

- Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798)
- Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984)
- Support detection for ARM64 Hyper-V guests (bsc#1186071)
- Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440)
- Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694)
- Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released:    Thu Dec  2 11:47:07 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

Update timezone to 2021e (bsc#1177460)

- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3891-1
Released:    Fri Dec  3 10:21:49 2021
Summary:     Recommended update for keyutils
Type:        recommended
Severity:    moderate
References:  1029961,1113013,1187654
This update for keyutils fixes the following issues:

- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)

keyutils was updated to 1.6.3 (jsc#SLE-20016):

* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow 'keyctl supports' to retrieve raw capability data.
* Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.
* Allow 'keyctl new_session' to name the keyring.
* Allow 'keyctl add/padd/etc.' to take hex-encoded data.
* Add 'keyctl watch*' to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes. 

Updated to 1.6:

* Apply various specfile cleanups from Fedora.
* request-key: Provide a command line option to suppress helper execution.
* request-key: Find least-wildcard match rather than first match.
* Remove the dependency on MIT Kerberos.
* Fix some error messages
* keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
* Fix doc and comment typos.
* Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
* Add pkg-config support for finding libkeyutils.
* upstream isn't offering PGP signatures for the source tarballs anymore

Updated to 1.5.11 (bsc#1113013)

* Add keyring restriction support.
* Add KDF support to the Diffie-Helman function.
* DNS: Add support for AFS config files and SRV records
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3961-1
Released:    Mon Dec  6 19:55:49 2021
Summary:     Recommended update for dnsmasq
Type:        recommended
Severity:    moderate
References:  1192529
This update for dnsmasq fixes the following issues:

- Fix a segfault when re-reading an empty resolv.conf (bsc#1192529)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3963-1
Released:    Mon Dec  6 19:57:39 2021
Summary:     Recommended update for system-users
Type:        recommended
Severity:    moderate
References:  1190401
This update for system-users fixes the following issues:

- system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3968-1
Released:    Tue Dec  7 15:31:00 2021
Summary:     Security update for xen
Type:        security
Severity:    moderate
References:  1027519,1191363,1192554,1192557,1192559,CVE-2021-28702,CVE-2021-28704,CVE-2021-28705,CVE-2021-28706,CVE-2021-28707,CVE-2021-28708,CVE-2021-28709
This update for xen fixes the following issues:

- CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363).
- CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557).
- CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559).
- CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554).

- Update to Xen 4.14.3 bug fix release (bsc#1027519).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3985-1
Released:    Fri Dec 10 06:08:24 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    moderate
References:  1187196
This update for suse-module-tools fixes the following issues:

-  Blacklist isst_if_mbox_msr driver because uses hardware information based on 
   CPU family and model, which is too unspecific. On large systems, this causes a lot of 
   failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4014-1
Released:    Mon Dec 13 13:57:39 2021
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1191532,1191690
This update for apparmor fixes the following issues:

Changes in apparmor:

- Add a profile for 'samba-bgqd'. (bsc#1191532)
- Fix 'Requires' of python3 module. (bsc#1191690)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4104-1
Released:    Thu Dec 16 11:14:12 2021
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737
This update for python3 fixes the following issues:

- CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374).
- CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241).
- CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287).

- We do not require python-rpm-macros package (bsc#1180125).
- Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858).
- Stop providing 'python' symbol, which means python2 currently (bsc#1185588).
- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4165-1
Released:    Wed Dec 22 22:52:11 2021
Summary:     Recommended update for kmod
Type:        recommended
Severity:    moderate
References:  1193430
This update for kmod fixes the following issues:

- Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4166-1
Released:    Wed Dec 22 22:52:39 2021
Summary:     Recommended update for ceph
Type:        recommended
Severity:    moderate
References:  1192840
This update for ceph fixes the following issues:

- Rebase on top of Ceph v15.2.15 tag
- Re-do some downstream patches
- Fix parsing of kwargs arguments. (bsc#1192840, jsc#SES-704)
    (fixes an issue caused by downstream commit 'pybing/mgr/mgr_module: allow keyword arguments')

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4175-1
Released:    Thu Dec 23 11:22:33 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1192423,1192858,1193759
This update for systemd fixes the following issues:

- Bump the max number of inodes for /dev to a million (bsc#1192858)
- sleep: don't skip resume device with low priority/available space (bsc#1192423)
- test: use kbd-mode-map we ship in one more test case
- test-keymap-util: always use kbd-model-map we ship
- Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2-1
Released:    Mon Jan  3 08:27:18 2022
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1183905,1193181
This update for lvm2 fixes the following issues:

- Fix lvconvert not taking `--stripes` option (bsc#1183905)
- Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:9-1
Released:    Mon Jan  3 11:15:25 2022
Summary:     Recommended update for ovmf
Type:        recommended
Severity:    important
References:  1192126
This update for ovmf fixes the following issue:

  - VM enters crash/reset loop inside OVMF on reboots (bsc#1192126)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:12-1
Released:    Mon Jan  3 15:36:03 2022
Summary:     Recommended update for cairo, jbigkit, libjpeg-turbo, libwebp, libxcb, openjpeg2, pixman, poppler, tiff
Type:        recommended
Severity:    moderate
References:  
This recommended update for cairo, jbigkit, libjpeg-turbo, libwebp, libxcb, openjpeg2, pixman, poppler, tiff provides the following fix:

- Ship some missing binaries to PackageHub.
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:21-1
Released:    Tue Jan  4 16:06:08 2022
Summary:     Security update for libvirt
Type:        security
Severity:    important
References:  1191668,1192017,1193623,1193719,1193981,1194041,CVE-2021-4147
This update for libvirt fixes the following issues:

- CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:40-1
Released:    Mon Jan 10 10:45:12 2022
Summary:     Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container
Type:        security
Severity:    important
References:  1190587,1190839,1193930,CVE-2021-43565
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues:

- CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. (bsc#1193930)


The following package changes have been done:

- augeas-lenses-1.10.1-3.3.1 updated
- augeas-1.10.1-3.3.1 updated
- kubevirt-container-disk-0.45.0-8.7.1 updated
- libapparmor1-2.13.6-3.8.1 updated
- libdevmapper1_03-1.02.163-8.39.1 updated
- libjpeg8-8.1.2-32.2.1 updated
- libkeyutils1-1.6.3-5.6.1 updated
- libkmod2-29-4.15.1 updated
- libnuma1-2.0.14.20.g4ee5e0c-10.1 updated
- libpixman-1-0-0.34.0-7.2.1 updated
- qemu-ipxe-1.0.0+-106.4 updated
- qemu-seabios-1.14.0_0_g155821a-106.4 updated
- qemu-sgabios-8-106.4 updated
- qemu-vgabios-1.14.0_0_g155821a-106.4 updated
- system-group-kvm-20170617-17.3.1 updated
- system-group-libvirt-20170617-17.3.1 updated
- system-user-daemon-20170617-17.3.1 updated
- system-user-nobody-20170617-17.3.1 updated
- system-user-tss-20170617-17.3.1 updated
- timezone-2021e-75.4.1 added
- suse-module-tools-15.3.15-3.17.1 updated
- libxcb1-1.13-3.7.1 updated
- liblvm2cmd2_03-2.03.05-8.39.1 updated
- libdevmapper-event1_03-1.02.163-8.39.1 updated
- libpython3_6m1_0-3.6.15-10.9.1 updated
- keyutils-1.6.3-5.6.1 updated
- libopeniscsiusr0_2_0-2.1.5-32.12.1 updated
- libmpath0-0.8.5+82+suse.746b76e-2.7.1 updated
- iproute2-5.3-5.5.1 updated
- xkeyboard-config-2.23.1-3.9.1 updated
- system-user-qemu-20170617-17.3.1 updated
- kmod-29-4.15.1 updated
- device-mapper-1.02.163-8.39.1 updated
- python3-base-3.6.15-10.9.1 updated
- libpmem1-1.9-3.3.1 updated
- dnsmasq-2.86-7.17.1 updated
- xen-libs-4.14.3_04-3.15.1 updated
- python3-3.6.15-10.9.1 updated
- systemd-246.16-7.28.1 updated
- udev-246.16-7.28.1 updated
- qemu-tools-5.2.0-106.4 updated
- systemd-container-246.16-7.28.1 updated
- open-iscsi-2.1.5-32.12.1 updated
- lvm2-2.03.05-8.39.1 updated
- apparmor-parser-2.13.6-3.8.1 updated
- libvirt-libs-7.1.0-6.11.1 updated
- apparmor-abstractions-2.13.6-3.8.1 updated
- libvirt-client-7.1.0-6.11.1 updated
- kubevirt-virt-launcher-0.45.0-8.7.1 updated
- qemu-5.2.0-106.4 updated
- librados2-15.2.15.83+gf72054fa653-3.34.1 updated
- qemu-x86-5.2.0-106.4 updated
- librbd1-15.2.15.83+gf72054fa653-3.34.1 updated
- qemu-ovmf-x86_64-202008-10.11.1 updated
- libvirt-daemon-7.1.0-6.11.1 updated
- libvirt-daemon-driver-storage-core-7.1.0-6.11.1 updated
- libvirt-daemon-driver-secret-7.1.0-6.11.1 updated
- libvirt-daemon-driver-qemu-7.1.0-6.11.1 updated
- libvirt-daemon-driver-nwfilter-7.1.0-6.11.1 updated
- libvirt-daemon-driver-nodedev-7.1.0-6.11.1 updated
- libvirt-daemon-driver-network-7.1.0-6.11.1 updated
- libvirt-daemon-driver-interface-7.1.0-6.11.1 updated
- libvirt-daemon-driver-storage-scsi-7.1.0-6.11.1 updated
- libvirt-daemon-driver-storage-rbd-7.1.0-6.11.1 updated
- libvirt-daemon-driver-storage-mpath-7.1.0-6.11.1 updated
- libvirt-daemon-driver-storage-logical-7.1.0-6.11.1 updated
- libvirt-daemon-driver-storage-iscsi-7.1.0-6.11.1 updated
- libvirt-daemon-driver-storage-iscsi-direct-7.1.0-6.11.1 updated
- libvirt-daemon-driver-storage-disk-7.1.0-6.11.1 updated
- libvirt-daemon-driver-storage-7.1.0-6.11.1 updated
- libvirt-daemon-qemu-7.1.0-6.11.1 updated
- libidn11-1.34-3.2.2 removed
- python-rpm-macros-20200207.5feb6c1-3.11.1 removed


More information about the sle-security-updates mailing list