SUSE-CU-2023:626-1: Security update of ses/7.1/cephcsi/cephcsi

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Mar 13 12:48:37 UTC 2023 

SUSE Container Update Advisory: ses/7.1/cephcsi/cephcsi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:626-1
Container Tags        : ses/7.1/cephcsi/cephcsi:3.8.0 , ses/7.1/cephcsi/cephcsi:3.8.0.0.3.2.635 , ses/7.1/cephcsi/cephcsi:latest , ses/7.1/cephcsi/cephcsi:sle15.3.pacific , ses/7.1/cephcsi/cephcsi:v3.8.0 , ses/7.1/cephcsi/cephcsi:v3.8.0.0
Container Release     : 3.2.635
Severity              : important
Type                  : security
References            : 1178168 1182066 1198331 1199282 1204585 1208574 CVE-2020-25659
                        CVE-2020-36242 CVE-2021-30560 
-----------------------------------------------------------------

The container ses/7.1/cephcsi/cephcsi was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:604-1
Released:    Thu Mar  2 15:51:55 2023
Summary:     Security update for python-cryptography, python-cryptography-vectors
Type:        security
Severity:    important
References:  1178168,1182066,1198331,1199282,CVE-2020-25659,CVE-2020-36242
This update for python-cryptography, python-cryptography-vectors fixes the following issues:

- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- CVE-2020-36242: Fixed a bug where certain sequences of update() calls could result in integer overflow (bsc#1182066).
- CVE-2020-25659: Fixed Bleichenbacher vulnerabilities (bsc#1178168).  

- update to 3.3.2 (bsc#1198331)
	 
	  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:676-1
Released:    Wed Mar  8 14:33:23 2023
Summary:     Recommended update for libxml2
Type:        recommended
Severity:    moderate
References:  1204585
This update for libxml2 fixes the following issues:

- Add W3C conformance tests to the testsuite (bsc#1204585):
  * Added file xmlts20080827.tar.gz 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:680-1
Released:    Wed Mar  8 17:14:06 2023
Summary:     Security update for libxslt
Type:        security
Severity:    important
References:  1208574,CVE-2021-30560
This update for libxslt fixes the following issues:

- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:711-1
Released:    Sun Mar 12 12:59:43 2023
Summary:     Recommended update for ceph-csi
Type:        recommended
Severity:    moderate
References:  
This update for ceph-csi fixes the following issues:

- Update to 3.8.0
  Features:
  - RBD
    - fscrypt support
       - Add fscrypt integration with the Ceph CSI KMS. Supports ext4 on RBD. Snapshots are supported as well.
       - Brief docs for fscrypt support
    - Provide new command line configuration to enable read affinity
  - CephFS
    - Shallow volumes for the ROX accessModes by default
      - Shallow volumes as default for cephfs ROX clones/restore for better performance.
    - Add fscrypt support for volumes, snapshots, and clones
      - There are dependencies with kernel and ceph
  
  Enhancements:
  - Update kubernetes dependencies to 1.26.1
  * Update go-ceph to 0.20.0
  * Update packages in release image
  * Add basic upgrade documentation for Helm Charts
  * Update rook installation to default latest version
  * Add extraArgs for sidecars
  * csidriver added to helper scripts
  * Lift the minimum supported version of ceph to v15.0.0
  * Update csi spec to v1.7.0
  * Add commonLabels value to helm charts
  
  Bug Fixes:
  * Make inode metrics optional in FilesystemNodeGetVolumeStats for CephFS
  * Discover if StagingTargetPath in NodeExpandVolume exists
  * Set disableInUseChecks on rbd volume
  * Skip expanding for BackingSnapshot volume
  * Fix CVEs in image
  * Ignore stderr for ceph osd blocklist when there is no error
  * Check volume details from original volumeID
  * Setup encryption if rbdVol exits during CreateVol
  * Return error if last sync time is not present
  * Return abnormal if the mount is corrupted
  * Fix namespace name update in metadata and rados object
  * Remove dummy image workaround
  * Get description from remote status
  - Fix mdl configuration
  - ParseAcceptLanguage takes a long time to parse complex tags
  E2E:
  - Run E2E tests with kubernetes v1.26 release
  - Many tests are added to make sure we stay with backward compatibility for existing features of v3.7
  - New tests are added for features introduced in this release
  - Lots of cleanup and deprecated API removals were done on the test framework
  CI:
  - Update golang to 1.19.5
  - Many Mergify enhancements for better CI resource utilization
  - Add GitHub action to trigger E2E
Breaking Changes:
  - Removal of option to run cephcsi as both controller and node server.


The following package changes have been done:

- ceph-csi-3.8.0+git0.e13e72a-150300.3.9.1 updated
- libxml2-2-2.9.7-150000.3.54.1 updated
- libxslt1-1.1.32-150000.3.14.1 updated
- python3-cryptography-3.3.2-150200.16.1 updated
- container:ceph-image-1.0.0-3.2.416 updated

More information about the sle-security-updates mailing list