SUSE-CU-2022:404-1: Security update of suse/postgres

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Sat Mar 26 17:13:42 UTC 2022


SUSE Container Update Advisory: suse/postgres
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:404-1
Container Tags        : suse/postgres:10 , suse/postgres:10-6.54 , suse/postgres:10.20
Container Release     : 6.54
Severity              : important
Type                  : security
References            : 1182959 1190447 1190740 1194265 1195149 1195654 1195680 1195792
                        1195856 1196036 1197004 CVE-2022-24407 
-----------------------------------------------------------------

The container suse/postgres was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:692-1
Released:    Thu Mar  3 15:46:47 2022
Summary:     Recommended update for filesystem
Type:        recommended
Severity:    moderate
References:  1190447
This update for filesystem fixes the following issues:

- Release ported filesystem to LTSS channels (bsc#1190447).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:743-1
Released:    Mon Mar  7 22:08:12 2022
Summary:     Security update for cyrus-sasl
Type:        security
Severity:    important
References:  1194265,1196036,CVE-2022-24407
This update for cyrus-sasl fixes the following issues:

- CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036).

The following non-security bugs were fixed:

- postfix: sasl authentication with password fails (bsc#1194265).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:787-1
Released:    Thu Mar 10 11:20:13 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  
This update for openldap2 fixes the following issue:

- restore CLDAP functionality in CLI tools (jsc#PM-3288)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:789-1
Released:    Thu Mar 10 11:22:05 2022
Summary:     Recommended update for update-alternatives
Type:        recommended
Severity:    moderate
References:  1195654
This update for update-alternatives fixes the following issues:

- Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:861-1
Released:    Tue Mar 15 23:30:48 2022
Summary:     Recommended update for openssl-1_1 
Type:        recommended
Severity:    moderate
References:  1182959,1195149,1195792,1195856
This update for openssl-1_1 fixes the following issues:

openssl-1_1:

- Fix PAC pointer authentication in ARM (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
    
glibc:

- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1
    
linux-glibc-devel:

- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1

libxcrypt:

- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1

zlib:

- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:874-1
Released:    Wed Mar 16 10:40:52 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1197004
This update for openldap2 fixes the following issue:

- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:889-1
Released:    Thu Mar 17 10:57:36 2022
Summary:     Recommended update for postgresql10
Type:        recommended
Severity:    moderate
References:  1190740,1195680
This update for postgresql10 fixes the following issues:

Upgrade to version 10.20 (bsc#1195680):

- Reindexing might be needed after applying this upgrade, so please read the 
  release notes carefully https://www.postgresql.org/docs/10/release-10-20.html
- Add constraints file with 12GB of memory for s390x as a workaround (bsc#1190740)
- Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm
  for building extensions 
- Fix some mistakes in the interdependencies between the implementation packages
  and their noarch counterpart


The following package changes have been done:

- libldap-data-2.4.46-9.64.1 updated
- filesystem-15.0-11.5.1 updated
- glibc-2.31-150300.20.7 updated
- libsasl2-3-2.1.27-150300.4.6.1 updated
- libcrypt1-4.4.15-150300.4.2.41 updated
- libzstd1-1.5.0-150400.1.48 updated
- libuuid1-2.37.2-150400.6.2 updated
- libudev1-249.11-150400.1.4 updated
- libsmartcols1-2.37.2-150400.6.2 updated
- libsepol1-3.1-150400.1.44 updated
- libopenssl1_1-1.1.1l-150400.3.22 updated
- libopenssl1_1-hmac-1.1.1l-150400.3.22 updated
- libgpg-error0-1.42-150400.1.97 updated
- libeconf0-0.4.4+git20220104.962774f-150400.1.16 updated
- libcom_err2-1.46.4-150400.1.56 updated
- libcap2-2.63-150400.1.3 updated
- libbz2-1-1.0.8-150400.1.91 updated
- libblkid1-2.37.2-150400.6.2 updated
- libaudit1-3.0.6-150400.1.25 updated
- libgcrypt20-1.9.4-150400.2.21 updated
- libgcrypt20-hmac-1.9.4-150400.2.21 updated
- libfdisk1-2.37.2-150400.6.2 updated
- libz1-1.2.11-3.26.10 updated
- libldap-2_4-2-2.4.46-9.64.1 updated
- libelf1-0.185-150400.3.12 updated
- libselinux1-3.1-150400.1.43 updated
- libsystemd0-249.11-150400.1.4 updated
- libreadline7-7.0-150400.24.7 updated
- libdw1-0.185-150400.3.12 updated
- libsemanage1-3.1-150400.1.41 updated
- libmount1-2.37.2-150400.6.2 updated
- bash-sh-4.4-150400.24.7 added
- bash-4.4-150400.24.7 updated
- login_defs-4.8.1-150400.8.31 updated
- cpio-2.13-150400.1.73 updated
- coreutils-8.32-150400.7.2 updated
- sles-release-15.4-150400.45.1 updated
- rpm-config-SUSE-1-150400.12.14 updated
- permissions-20201225-150400.1.2 updated
- shadow-4.8.1-150400.8.31 updated
- sysuser-shadow-3.1-150400.1.8 updated
- system-group-hardware-20170617-150400.22.7 updated
- util-linux-2.37.2-150400.6.2 updated
- glibc-locale-base-2.31-150300.20.7 updated
- kbd-legacy-2.4.0-150400.3.1 updated
- libdbus-1-3-1.12.2-150400.16.32 updated
- libdevmapper1_03-1.02.163-150400.15.19 updated
- libexpat1-2.4.4-150400.1.19 updated
- libseccomp2-2.5.3-150400.2.1 updated
- update-alternatives-1.19.0.4-4.3.1 updated
- glibc-locale-2.31-150300.20.7 updated
- kbd-2.4.0-150400.3.1 updated
- libcryptsetup12-2.4.3-150400.1.33 updated
- libcryptsetup12-hmac-2.4.3-150400.1.33 updated
- postgresql-14-150400.2.52 updated
- postgresql10-10.20-8.44.1 updated
- dbus-1-1.12.2-150400.16.32 updated
- systemd-249.11-150400.1.4 updated
- postgresql-server-14-150400.2.52 updated
- postgresql10-server-10.20-8.44.1 updated
- container:sles15-image-15.0.0-25.2.18 updated


More information about the sle-security-updates mailing list