SUSE-CU-2022:3032-1: Security update of trento/trento-db

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Nov 18 09:10:52 UTC 2022 

SUSE Container Update Advisory: trento/trento-db
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:3032-1
Container Tags        : trento/trento-db:14.5 , trento/trento-db:14.5-rev1.0.0 , trento/trento-db:14.5-rev1.0.0-build2.2.168 , trento/trento-db:latest
Container Release     : 2.2.168
Severity              : important
Type                  : security
References            : 1087072 1164384 1193951 1195059 1195463 1196850 1198166 1199235
                        1199524 1200437 1200485 1201942 1202368 1203438 1204111 1204112
                        1204113 1204708 CVE-2019-20454 CVE-2020-21913 CVE-2022-1587 CVE-2022-1706
                        CVE-2022-2625 CVE-2022-40674 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012
                        CVE-2022-43680 
-----------------------------------------------------------------

The container trento/trento-db was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2628-1
Released:    Tue Aug  2 12:21:23 2022
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    important
References:  1195463,1196850
This update for apparmor fixes the following issues:

- Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850)
- Add new rule to allow reading of openssl.cnf (bsc#1195463)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2649-1
Released:    Wed Aug  3 15:06:21 2022
Summary:     Security update for pcre2
Type:        security
Severity:    important
References:  1164384,1199235,CVE-2019-20454,CVE-2022-1587
This update for pcre2 fixes the following issues:

- CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384).
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released:    Mon Aug 22 15:36:30 2022
Summary:     Security update for systemd-presets-common-SUSE
Type:        security
Severity:    moderate
References:  1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:

- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).

The following non-security bugs were fixed:

- Modify branding-preset-states to fix systemd-presets-common-SUSE
  not enabling new user systemd service preset configuration just
  as it handles system service presets. By passing an (optional)
  second parameter 'user', the save/apply-changes commands now
  work with user services instead of system ones (bsc#1200485)

- Add the wireplumber user service preset to enable it by default
  in SLE15-SP4 where it replaced pipewire-media-session, but keep
  pipewire-media-session preset so we don't have to branch the
  systemd-presets-common-SUSE package for SP4 (bsc#1200485)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released:    Fri Aug 26 15:17:43 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1195059
This update for systemd fixes the following issues:

- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2989-1
Released:    Thu Sep  1 14:24:28 2022
Summary:     Security update for postgresql14
Type:        security
Severity:    important
References:  1198166,1200437,1202368,CVE-2022-2625
This update for postgresql14 fixes the following issues:

- Upgrade to version 14.5:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).

- Upgrade to version 14.4 (bsc#1200437)
- Release notes: https://www.postgresql.org/docs/release/14.4/
- Release announcement: https://www.postgresql.org/about/news/p-2470/
- Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437)
- Pin to llvm13 until the next patchlevel update (bsc#1198166)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3142-1
Released:    Wed Sep  7 09:54:18 2022
Summary:     Security update for icu
Type:        security
Severity:    moderate
References:  1193951,CVE-2020-21913
This update for icu fixes the following issues:

- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
  after free (bsc#1193951).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3452-1
Released:    Wed Sep 28 12:13:43 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1201942
This update for glibc fixes the following issues:

- Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942)
- powerpc: Optimized memcmp for power10 (jsc#PED-987)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3597-1
Released:    Mon Oct 17 13:13:16 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1203438,CVE-2022-40674
This update for expat fixes the following issues:

- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3805-1
Released:    Thu Oct 27 17:19:46 2022
Summary:     Security update for dbus-1
Type:        security
Severity:    important
References:  1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012
This update for dbus-1 fixes the following issues:

  - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).
  - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).
  - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).

  Bugfixes:

  - Disable asserts (bsc#1087072).


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3912-1
Released:    Tue Nov  8 13:38:11 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1204708,CVE-2022-43680
This update for expat fixes the following issues:

  - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).


The following package changes have been done:

- glibc-locale-base-2.31-150300.41.1 updated
- libapparmor1-2.13.6-150300.3.15.1 updated
- libdbus-1-3-1.12.2-150100.8.14.1 updated
- libexpat1-2.2.5-150000.3.25.1 updated
- libicu65_1-ledata-65.1-150200.4.5.1 updated
- libpcre2-8-0-10.31-150000.3.12.1 updated
- libpq5-14.5-150200.5.17.1 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- glibc-locale-2.31-150300.41.1 updated
- libicu-suse65_1-65.1-150200.4.5.1 updated
- postgresql14-14.5-150200.5.17.1 updated
- dbus-1-1.12.2-150100.8.14.1 updated
- systemd-246.16-150300.7.51.1 updated
- udev-246.16-150300.7.51.1 updated
- postgresql14-server-14.5-150200.5.17.1 updated

More information about the sle-security-updates mailing list