SUSE-CU-2022:2229-1: Security update of ses/7.1/rook/ceph

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Sep 14 08:56:20 UTC 2022


SUSE Container Update Advisory: ses/7.1/rook/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2229-1
Container Tags        : ses/7.1/rook/ceph:1.8.10 , ses/7.1/rook/ceph:1.8.10.0 , ses/7.1/rook/ceph:1.8.10.0.4.5.173 , ses/7.1/rook/ceph:latest , ses/7.1/rook/ceph:sle15.3.pacific
Container Release     : 4.5.173
Severity              : important
Type                  : security
References            : 1041090 1047178 1164384 1181475 1183308 1192616 1193951 1194131
                        1194875 1195059 1195359 1195463 1195881 1195916 1196017 1196044
                        1196212 1196499 1196696 1196733 1196785 1196850 1197017 1197178
                        1198341 1198627 1198731 1198752 1198925 1199140 1199235 1199524
                        1199895 1200064 1200485 1200553 1200800 1200842 1200993 1201092
                        1201253 1201576 1201638 1202175 1202310 1202498 1202498 1202593
                        CVE-2017-6512 CVE-2019-20454 CVE-2020-21913 CVE-2020-29651 CVE-2021-3979
                        CVE-2022-1587 CVE-2022-1706 CVE-2022-2309 CVE-2022-29458 CVE-2022-35252
                        CVE-2022-37434 
-----------------------------------------------------------------

The container ses/7.1/rook/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2628-1
Released:    Tue Aug  2 12:21:23 2022
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    important
References:  1195463,1196850
This update for apparmor fixes the following issues:

- Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850)
- Add new rule to allow reading of openssl.cnf (bsc#1195463)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2649-1
Released:    Wed Aug  3 15:06:21 2022
Summary:     Security update for pcre2
Type:        security
Severity:    important
References:  1164384,1199235,CVE-2019-20454,CVE-2022-1587
This update for pcre2 fixes the following issues:

- CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384).
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released:    Tue Aug  9 12:54:16 2022
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1198627,CVE-2022-29458
This update for ncurses fixes the following issues:

- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2817-1
Released:    Tue Aug 16 12:03:46 2022
Summary:     Security update for ceph
Type:        security
Severity:    important
References:  1194131,1194875,1195359,1196044,1196733,1196785,1200064,1200553,CVE-2021-3979
This update for ceph fixes the following issues:

- Update to 16.2.9-536-g41a9f9a5573:
  + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR 
  + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979)

- Update to 16.2.9-158-gd93952c7eea:
  + cmake: check for python(\d)\.(\d+) when building boost
  + make-dist: patch boost source to support python 3.10

- Update to ceph-16.2.9-58-ge2e5cb80063:
  + (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths

- Update to 16.2.9.50-g7d9f12156fb:
  + (jsc#SES-2515) High-availability NFS export 
  + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname
  + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit

- Update to 16.2.7-969-g6195a460d89
  + (jsc#SES-2515) High-availability NFS export 

- Update to v16.2.7-654-gd5a90ff46f0
  + (bsc#1196733) remove build directory during %clean 

- Update to v16.2.7-652-gf5dc462fdb5 
  + (bsc#1194875) [SES7P] include/buffer: include memory

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2831-1
Released:    Wed Aug 17 14:41:07 2022
Summary:     Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins
Type:        security
Severity:    moderate
References:  1195916,1196696,CVE-2020-29651
This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues:

- Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972)

- Remove redundant python3 dependency from Requires
- Update regular expression to fix python shebang
- Style is enforced upstream and triggers unnecessary build version requirements
- Allow specifying fs_id in cloudwatch log group name
- Includes fix for stunnel path
- Added hardening to systemd service(s). 
- Raise minimal pytest version
- Fix typo in the ansi2html Requires
- Cleanup with spec-cleaner
- Make sure the tests are really executed
- Remove useless devel dependency
- Multiprocessing support in Python 3.8 was broken, but is now fixed
- Bumpy the URL to point to github rather than to docs


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2853-1
Released:    Fri Aug 19 15:59:42 2022
Summary:     Recommended update for sle-module-legacy-release
Type:        recommended
Severity:    low
References:  1202498
This update for python-iniconfig provides the following fix:

- Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released:    Mon Aug 22 15:36:30 2022
Summary:     Security update for systemd-presets-common-SUSE
Type:        security
Severity:    moderate
References:  1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:

- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).

The following non-security bugs were fixed:

- Modify branding-preset-states to fix systemd-presets-common-SUSE
  not enabling new user systemd service preset configuration just
  as it handles system service presets. By passing an (optional)
  second parameter 'user', the save/apply-changes commands now
  work with user services instead of system ones (bsc#1200485)

- Add the wireplumber user service preset to enable it by default
  in SLE15-SP4 where it replaced pipewire-media-session, but keep
  pipewire-media-session preset so we don't have to branch the
  systemd-presets-common-SUSE package for SP4 (bsc#1200485)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released:    Fri Aug 26 05:28:34 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1198341
This update for openldap2 fixes the following issues:

- Prevent memory reuse which may lead to instability (bsc#1198341)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2908-1
Released:    Fri Aug 26 11:36:03 2022
Summary:     Security update for python-lxml
Type:        security
Severity:    important
References:  1201253,CVE-2022-2309
This update for python-lxml fixes the following issues:

- CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released:    Fri Aug 26 15:17:43 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1195059
This update for systemd fixes the following issues:

- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:2926-1
Released:    Mon Aug 29 10:38:52 2022
Summary:     Feature update for LibreOffice
Type:        feature
Severity:    moderate
References:  1041090,1183308,1192616,1195881,1196017,1196212,1196499,1197017
This feature update for LibreOffice provides the following fixes:

abseil-cpp:

- Provide abseil-cpp version 20211102.0 as LibreOffice 7.3 dependency. (jsc#SLE-23447)
- Mention already fixed issues. (fate#326485, bsc#1041090)

libcuckoo:

- Provide libcuckoo version 0.3 as LibreOffice dependency. (jsc#SLE-23447)

libixion:

- Update libixion from version 0.16.1 to version 0.17.0. (jsc#SLE-23447)
- Build with mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
- Build with gcc11 and gcc11-c++. (jsc#SLE-23447)
- Remove unneeded vulkan dependency
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
 
libreoffice:

- Update LibreOffice from version 7.2.5.1 to version 7.3.3.1. (jsc#SLE-23447, jsc#SLE-24021)
  * Update bundled dependencies:
    * gpgme from version 1.13.1 to version 1.16.0
    * libgpg-error from version 1.37 to version 1.43
    * libassuan from version 2.5.3 to version 2.5.5
    * pdfium from version 4500 to version 4699
    * skia from version m90-45c57e116ee0ce214bdf78405a4762722e4507d9 to version m97-a7230803d64ae9d44f4e1282444801119a3ae967
    * boost from version 1_75 to version 1_77
    * icu4c from version 69_1 to version 70_1
    * On SUSE Linux Enterprise 15 SP3 and newer require curl-devel 7.68.0 or newer
  * New build dependencies:
    * abseil-cpp-devel
    * libassuan0
    * libcuckoo-devel
    * libopenjp2
    * requrire liborcus-0.17 instead of liborcus-0.16
    * requrire mdds-2.0 instead of mdds-1.5
  * Do not use serf-1 anymore but use curl instead.
  * Other fixes:
    * Extraneous/missing lines in table in Impress versus PowerPoint (bsc#1192616)
    * Text with tabs appears quite different in Impress than in PowerPoint (bsc#1196212)
    * Bullets appear larger and green instead of black. (bsc#1195881)
    * Enable gtk3_kde5 and make it possible to use gtk3 in kde with the kde filepicker (bsc#1197017)
    * Mention already fixed issues. (bsc#1183308, bsc#1196017, bsc#1196499)

liborcus:

- Update liborcus from version 0.16.1 to version 0.17.2. (jsc#SLE-23447)
- Require mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
- Require libixion-0.17 instead of libixion-0.16. (jsc#SLE-23447)
- Build with libtool and use autotools. (jsc#SLE-23447)
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)

mdds-2_0:

- Provide mdds-2_0 version 2.0.2 as LibreOffice dependency. (jsc#SLE-23447)

myspell-dictionaries:

- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.

ucpp:

- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.

xmlsec1:

- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released:    Mon Aug 29 11:21:47 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1202310
This update for timezone fixes the following issue:

- Reflect new Chile DST change (bsc#1202310)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2943-1
Released:    Tue Aug 30 15:42:16 2022
Summary:     Recommended update for python-iniconfig
Type:        recommended
Severity:    low
References:  1202498
This update for python-iniconfig provides the following fix:

- Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released:    Wed Aug 31 05:39:14 2022
Summary:     Recommended update for procps
Type:        recommended
Severity:    important
References:  1181475
This update for procps fixes the following issues:

- Fix 'free' command reporting misleading 'used' value (bsc#1181475)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released:    Wed Aug 31 09:16:21 2022
Summary:     Security update for zlib
Type:        security
Severity:    important
References:  1202175,CVE-2022-37434
This update for zlib fixes the following issues:

- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:2972-1
Released:    Thu Sep  1 11:08:16 2022
Summary:     Feature update for python-kubernetes
Type:        feature
Severity:    moderate
References:  
This feature update for python-kubernetes provides:

- Deliver python3-kubernetes to the Containers Module 15 SP4. (jsc#SLE-17904, MSC-443)
  * Deliver python3-google-auth to Basesystem Module 15 SP4 as dependency of python3-kubernetes.
  * Deliver python3-cachetools to Basesystem Module 15 SP4 as dependency of python3-google-auth.
- There are no visible changes for the final user.
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released:    Thu Sep  1 12:33:47 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1197178,1198731,1200842
This update for util-linux fixes the following issues:


- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released:    Fri Sep  2 10:44:54 2022
Summary:     Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type:        recommended
Severity:    moderate
References:  1198925

This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)

No codechanges were done in this update.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released:    Fri Sep  2 15:02:14 2022
Summary:     Security update for curl
Type:        security
Severity:    low
References:  1202593,CVE-2022-35252
This update for curl fixes the following issues:

- CVE-2022-35252: Fixed a potential injection of control characters
  into cookies, which could be exploited by sister sites to cause a
  denial of service (bsc#1202593).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3028-1
Released:    Mon Sep  5 16:31:24 2022
Summary:     Recommended update for python-pytz
Type:        recommended
Severity:    low
References:  
This update for python-pytz fixes the following issues:

- update to 2022.1:
  matches tzdata 2022a

- declare python 3.10 compatibility

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released:    Wed Sep  7 04:36:10 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1198752,1200800
This update for libtirpc fixes the following issues:

- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3142-1
Released:    Wed Sep  7 09:54:18 2022
Summary:     Security update for icu
Type:        security
Severity:    moderate
References:  1193951,CVE-2020-21913
This update for icu fixes the following issues:

- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
  after free (bsc#1193951).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3215-1
Released:    Thu Sep  8 15:58:27 2022
Summary:     Recommended update for rpm
Type:        recommended
Severity:    moderate
References:  
This update for rpm fixes the following issues:

- Support Ed25519 RPM signatures [jsc#SLE-24714]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3223-1
Released:    Fri Sep  9 04:33:35 2022
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1199895,1200993,1201092,1201576,1201638
This update for libzypp, zypper fixes the following issues:

libzypp:

- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test
  the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.

zypper:

- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
- Reject install/remove modifier without argument (bsc#1201576)
- zypper-download: Handle unresolvable arguments as errors
- Put signing key supplying repository name in quotes

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released:    Tue Sep 13 15:34:29 2022
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1199140

This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released:    Wed Sep 14 06:45:39 2022
Summary:     Security update for perl
Type:        security
Severity:    moderate
References:  1047178,CVE-2017-6512
This update for perl fixes the following issues:

- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).


The following package changes have been done:

- ceph-base-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-grafana-dashboards-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mds-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-cephadm-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-dashboard-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-modules-core-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-rook-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mon-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-osd-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-prometheus-alerts-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-radosgw-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- cephadm-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libapparmor1-2.13.6-150300.3.15.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcephfs2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libcephsqlite-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libicu-suse65_1-65.1-150200.4.5.1 updated
- libicu65_1-ledata-65.1-150200.4.5.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libpcre2-8-0-10.31-150000.3.12.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- librados2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- librbd1-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- librgw2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxmlsec1-1-1.2.28-150100.7.11.1 updated
- libxmlsec1-openssl1-1.2.28-150100.7.11.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.31.0-150200.42.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- procps-3.3.15-150000.7.25.1 updated
- python3-apipkg-1.4-150000.3.2.1 updated
- python3-cachetools-4.1.0-150200.3.4.1 updated
- python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-cephfs-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-google-auth-1.21.2-150300.3.6.1 updated
- python3-iniconfig-1.1.1-150000.1.7.1 added
- python3-kubernetes-8.0.1-150100.3.7.1 updated
- python3-lxml-4.7.1-150200.3.10.1 updated
- python3-pytz-2022.1-150300.3.6.1 updated
- python3-py-1.10.0-150000.5.9.2 updated
- python3-rados-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-rbd-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-rgw-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- rbd-mirror-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- rpm-ndb-4.14.3-150300.49.1 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- systemd-246.16-150300.7.51.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 updated
- udev-246.16-150300.7.51.1 updated
- util-linux-systemd-2.36.2-150300.4.23.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- zypper-1.14.55-150200.36.1 updated
- container:sles15-image-15.0.0-17.20.36 updated


More information about the sle-security-updates mailing list