SUSE-CU-2022:2085-1: Security update of ses/7.1/ceph/ceph
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Sep 7 12:24:46 UTC 2022
SUSE Container Update Advisory: ses/7.1/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2085-1
Container Tags : ses/7.1/ceph/ceph:16.2.9.536 , ses/7.1/ceph/ceph:16.2.9.536.3.2.223 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific
Container Release : 3.2.223
Severity : important
Type : security
References : 1041090 1181475 1183308 1192616 1193951 1195059 1195881 1195916
1196017 1196212 1196499 1196696 1197017 1197178 1198341 1198731
1198752 1198925 1199524 1200485 1200800 1200842 1201253 1202175
1202310 1202498 1202498 1202593 CVE-2020-21913 CVE-2020-29651
CVE-2022-1706 CVE-2022-2309 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/ceph/ceph was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2831-1
Released: Wed Aug 17 14:41:07 2022
Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins
Type: security
Severity: moderate
References: 1195916,1196696,CVE-2020-29651
This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues:
- Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972)
- Remove redundant python3 dependency from Requires
- Update regular expression to fix python shebang
- Style is enforced upstream and triggers unnecessary build version requirements
- Allow specifying fs_id in cloudwatch log group name
- Includes fix for stunnel path
- Added hardening to systemd service(s).
- Raise minimal pytest version
- Fix typo in the ansi2html Requires
- Cleanup with spec-cleaner
- Make sure the tests are really executed
- Remove useless devel dependency
- Multiprocessing support in Python 3.8 was broken, but is now fixed
- Bumpy the URL to point to github rather than to docs
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2853-1
Released: Fri Aug 19 15:59:42 2022
Summary: Recommended update for sle-module-legacy-release
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released: Mon Aug 22 15:36:30 2022
Summary: Security update for systemd-presets-common-SUSE
Type: security
Severity: moderate
References: 1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2908-1
Released: Fri Aug 26 11:36:03 2022
Summary: Security update for python-lxml
Type: security
Severity: important
References: 1201253,CVE-2022-2309
This update for python-lxml fixes the following issues:
- CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:2926-1
Released: Mon Aug 29 10:38:52 2022
Summary: Feature update for LibreOffice
Type: feature
Severity: moderate
References: 1041090,1183308,1192616,1195881,1196017,1196212,1196499,1197017
This feature update for LibreOffice provides the following fixes:
abseil-cpp:
- Provide abseil-cpp version 20211102.0 as LibreOffice 7.3 dependency. (jsc#SLE-23447)
- Mention already fixed issues. (fate#326485, bsc#1041090)
libcuckoo:
- Provide libcuckoo version 0.3 as LibreOffice dependency. (jsc#SLE-23447)
libixion:
- Update libixion from version 0.16.1 to version 0.17.0. (jsc#SLE-23447)
- Build with mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
- Build with gcc11 and gcc11-c++. (jsc#SLE-23447)
- Remove unneeded vulkan dependency
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
libreoffice:
- Update LibreOffice from version 7.2.5.1 to version 7.3.3.1. (jsc#SLE-23447, jsc#SLE-24021)
* Update bundled dependencies:
* gpgme from version 1.13.1 to version 1.16.0
* libgpg-error from version 1.37 to version 1.43
* libassuan from version 2.5.3 to version 2.5.5
* pdfium from version 4500 to version 4699
* skia from version m90-45c57e116ee0ce214bdf78405a4762722e4507d9 to version m97-a7230803d64ae9d44f4e1282444801119a3ae967
* boost from version 1_75 to version 1_77
* icu4c from version 69_1 to version 70_1
* On SUSE Linux Enterprise 15 SP3 and newer require curl-devel 7.68.0 or newer
* New build dependencies:
* abseil-cpp-devel
* libassuan0
* libcuckoo-devel
* libopenjp2
* requrire liborcus-0.17 instead of liborcus-0.16
* requrire mdds-2.0 instead of mdds-1.5
* Do not use serf-1 anymore but use curl instead.
* Other fixes:
* Extraneous/missing lines in table in Impress versus PowerPoint (bsc#1192616)
* Text with tabs appears quite different in Impress than in PowerPoint (bsc#1196212)
* Bullets appear larger and green instead of black. (bsc#1195881)
* Enable gtk3_kde5 and make it possible to use gtk3 in kde with the kde filepicker (bsc#1197017)
* Mention already fixed issues. (bsc#1183308, bsc#1196017, bsc#1196499)
liborcus:
- Update liborcus from version 0.16.1 to version 0.17.2. (jsc#SLE-23447)
- Require mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
- Require libixion-0.17 instead of libixion-0.16. (jsc#SLE-23447)
- Build with libtool and use autotools. (jsc#SLE-23447)
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
mdds-2_0:
- Provide mdds-2_0 version 2.0.2 as LibreOffice dependency. (jsc#SLE-23447)
myspell-dictionaries:
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
ucpp:
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
xmlsec1:
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2943-1
Released: Tue Aug 30 15:42:16 2022
Summary: Recommended update for python-iniconfig
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:2972-1
Released: Thu Sep 1 11:08:16 2022
Summary: Feature update for python-kubernetes
Type: feature
Severity: moderate
References:
This feature update for python-kubernetes provides:
- Deliver python3-kubernetes to the Containers Module 15 SP4. (jsc#SLE-17904, MSC-443)
* Deliver python3-google-auth to Basesystem Module 15 SP4 as dependency of python3-kubernetes.
* Deliver python3-cachetools to Basesystem Module 15 SP4 as dependency of python3-google-auth.
- There are no visible changes for the final user.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3028-1
Released: Mon Sep 5 16:31:24 2022
Summary: Recommended update for python-pytz
Type: recommended
Severity: low
References:
This update for python-pytz fixes the following issues:
- update to 2022.1:
matches tzdata 2022a
- declare python 3.10 compatibility
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3142-1
Released: Wed Sep 7 09:54:18 2022
Summary: Security update for icu
Type: security
Severity: moderate
References: 1193951,CVE-2020-21913
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
after free (bsc#1193951).
The following package changes have been done:
- libblkid1-2.36.2-150300.4.23.1 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libicu-suse65_1-65.1-150200.4.5.1 updated
- libicu65_1-ledata-65.1-150200.4.5.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxmlsec1-1-1.2.28-150100.7.11.1 updated
- libxmlsec1-openssl1-1.2.28-150100.7.11.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- procps-3.3.15-150000.7.25.1 updated
- python3-apipkg-1.4-150000.3.2.1 updated
- python3-cachetools-4.1.0-150200.3.4.1 updated
- python3-google-auth-1.21.2-150300.3.6.1 updated
- python3-iniconfig-1.1.1-150000.1.7.1 added
- python3-kubernetes-8.0.1-150100.3.7.1 updated
- python3-lxml-4.7.1-150200.3.10.1 updated
- python3-pytz-2022.1-150300.3.6.1 updated
- python3-py-1.10.0-150000.5.9.2 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- systemd-246.16-150300.7.51.1 updated
- timezone-2022a-150000.75.10.1 updated
- udev-246.16-150300.7.51.1 updated
- util-linux-systemd-2.36.2-150300.4.23.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- container:sles15-image-15.0.0-17.20.29 updated
More information about the sle-security-updates
mailing list