SUSE-CU-2020:362-1: Security update of suse/sle15
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Thu Jul 9 11:54:19 MDT 2020
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:362-1
Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.231
Container Release : 4.22.231
Severity : important
Type : security
References : 1082318 1090047 1103678 1107116 1107121 1111499 1130873 1130873
1133297 1137001 1139959 1154803 1154803 1164543 1164543 1165476
1165476 1165573 1165573 1166610 1166610 1167122 1167122 1168990
1168990 1169947 1170801 1171224 1171883 1172135 1172698 1172704
1172925 CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 CVE-2019-13012
CVE-2020-8023
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2018:2780-1
Released: Mon Nov 26 17:46:10 2018
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1107116,1107121,1111499,CVE-2018-16428,CVE-2018-16429
This update for glib2 fixes the following issues:
Security issues fixed:
- CVE-2018-16428: Do not do a NULL pointer dereference (crash).
Avoid that, at the cost of introducing a new translatable error
message (bsc#1107121).
- CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116).
Non-security issue fixed:
- various GVariant parsing issues have been resolved (bsc#1111499)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:251-1
Released: Wed Feb 6 11:22:43 2019
Summary: Recommended update for glib2
Type: recommended
Severity: moderate
References: 1090047
This update for glib2 provides the following fix:
- Enable systemtap. (fate#326393, bsc#1090047)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1594-1
Released: Fri Jun 21 10:17:15 2019
Summary: Security update for glib2
Type: security
Severity: important
References: 1103678,1137001,CVE-2019-12450
This update for glib2 fixes the following issues:
Security issue fixed:
- CVE-2019-12450: Fixed an improper file permission when copy operation
takes place (bsc#1137001).
Other issue addressed:
- glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there
was a connection thus giving false positives to PackageKit (bsc#1103678)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1833-1
Released: Fri Jul 12 17:53:51 2019
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1139959,CVE-2019-13012
This update for glib2 fixes the following issues:
Security issue fixed:
- CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1611-1
Released: Fri Jun 12 09:38:03 2020
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: moderate
References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990
This update for libsolv, libzypp, zypper fixes the following issues:
libsolv was updated to 0.7.13 to fix:
- Fix solvable swapping messing up idarrays
- fix ruleinfo of complex dependencies returning the wrong origin
libzypp was updated to 17.23.4 to fix:
- Get retracted patch status from updateinfo data (jsc#SLE-8770)
libsolv injects the indicator provides into packages only.
- remove 'using namespace std;' (bsc#1166610, fixes #218)
- Online doc: add 'Hardware (modalias) dependencies' page
(fixes #216)
- Add HistoryLogReader actionFilter to parse only specific
HistoryActionIDs.
- RepoVariables: Add safe guard in case the caller does not own a
zypp instance.
- Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake.
- Fix package status computation regarding unneeded, orphaned, recommended
and suggested packages (broken in 17.23.0) (bsc#1165476)
- Log patch status changes to history (jsc#SLE-5116)
- Allow to disable all WebServer dependent tests when building. OBS
wants to be able to get rid of the nginx/FastCGI-devel build
requirement. Use 'rpmbuild --without mediabackend_tests' or
'cmake -DDISABLE_MEDIABACKEND_TESTS=1'.
- update translations
- boost: Fix deprecated auto_unit_test.hpp includes.
- Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck.
- Fix decision whether to download ZCHUNK files.
libzypp and libsolv must both be able to read the format.
- yum::Downloader: Prefer zchunk compressed metadata if libvsolv
supports it.
- Selectable: Fix highestAvailableVersionObj if only retracted
packages are available. Avoid using retracted items as candidate
(jsc#SLE-8770)
- RpmDb: Become rpmdb backend independent (jsc#SLE-7272)
- RpmDb: Close API offering a custom rpmdb path
It's actually not needed and for this to work also libsolv needs
to support it. You can sill use a librpmDb::db_const_iterator to
access a database at a custom location (ro).
- Remove legacy rpmV3database conversion code.
- Reformat manpages to workaround asciidoctor shortcomings
(bsc#1154803, bsc#1167122, bsc#1168990)
- Remove undocumented rug legacy stuff.
- Remove 'using namespace std;' (bsc#1166610)
- patch table: Add 'Since' column if history data are available
(jsc#SLE-5116)
zypper was updated to version 1.14.36:
- Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770)
- Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770)
- Relax 'Do not allow the abbreviation of cli arguments' in
legacy distibutions (bsc#1164543)
- Correctly detect ambigous switch abbreviations (bsc#1165573)
- zypper-aptitude: don't supplement zypper.
supplementing zypper means zypper-aptitude gets installed by
default and pulls in perl. Neither is desired on small systems.
- Do not allow the abbreviation of cli arguments (bsc#1164543)
- accoring to according in all translation files.
- Always show exception history if available.
- Use default package cache location for temporary repos (bsc#1130873)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1396-1
Released: Fri Jul 3 12:33:05 2020
Summary: Security update for zstd
Type: security
Severity: moderate
References: 1082318,1133297
This update for zstd fixes the following issues:
- Fix for build error caused by wrong static libraries. (bsc#1133297)
- Correction in spec file marking the license as documentation. (bsc#1082318)
- Add new package for SLE-15. (jsc#ECO-1886)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1856-1
Released: Mon Jul 6 17:05:51 2020
Summary: Security update for openldap2
Type: security
Severity: important
References: 1172698,1172704,CVE-2020-8023
This update for openldap2 fixes the following issues:
- CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698).
- Changed DB_CONFIG to root:ldap permissions (bsc#1172704).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1858-1
Released: Mon Jul 6 17:08:06 2020
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1171883
This update for permissions fixes the following issues:
- Removed conflicting entries which might expose pcp to security issues (bsc#1171883)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1869-1
Released: Tue Jul 7 15:08:12 2020
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: moderate
References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925
This update for libsolv, libzypp, zypper fixes the following issues:
libsolv was updated to 0.7.14:
- Enable zstd compression support
- Support blacklisted packages in solver_findproblemrule()
(bnc#1172135)
- Support rules with multiple negative literals in choice rule
generation
- Fix solvable swapping messing up idarrays
- fix ruleinfo of complex dependencies returning the wrong origin
libzypp was updated to 17.23.7:
- Enable zchunk metadata download if libsolv supports it.
- Older kernel-devel packages are not properly purged (bsc#1171224)
- doc: enhance service plugin example.
- Get retracted patch status from updateinfo data (jsc#SLE-8770)
libsolv injects the indicator provides into packages only.
- remove 'using namespace std;' (bsc#1166610, fixes #218)
- Online doc: add 'Hardware (modalias) dependencies' page
(fixes #216)
- Add HistoryLogReader actionFilter to parse only specific
HistoryActionIDs.
- RepoVariables: Add safe guard in case the caller does not own a
zypp instance.
- Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake.
- Fix package status computation regarding unneeded, orphaned, recommended
and suggested packages (broken in 17.23.0) (bsc#1165476)
- Log patch status changes to history (jsc#SLE-5116)
- Allow to disable all WebServer dependent tests when building. OBS
wants to be able to get rid of the nginx/FastCGI-devel build
requirement. Use 'rpmbuild --without mediabackend_tests' or
'cmake -DDISABLE_MEDIABACKEND_TESTS=1'.
- boost: Fix deprecated auto_unit_test.hpp includes.
- Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck.
- Fix decision whether to download ZCHUNK files.
libzypp and libsolv must both be able to read the format.
- yum::Downloader: Prefer zchunk compressed metadata if libvsolv
supports it.
- Selectable: Fix highestAvailableVersionObj if only retracted
packages are available. Avoid using retracted items as candidate
(jsc#SLE-8770)
- RpmDb: Become rpmdb backend independent (jsc#SLE-7272)
- RpmDb: Close API offering a custom rpmdb path
It's actually not needed and for this to work also libsolv needs
to support it. You can sill use a librpmDb::db_const_iterator to
access a database at a custom location (ro).
- Remove legacy rpmV3database conversion code.
- Fix core dump with corrupted history file (bsc#1170801)
zypper was updated to 1.14.37:
- Reformat manpages to workaround asciidoctor shortcomings
(bsc#1154803, bsc#1167122, bsc#1168990)
- Remove undocumented rug legacy stuff.
- Remove 'using namespace std;' (bsc#1166610)
- patch table: Add 'Since' column if history data are available
(jsc#SLE-5116)
- Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770)
- Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770)
- Relax 'Do not allow the abbreviation of cli arguments' in
legacy distibutions (bsc#1164543)
- Correctly detect ambigous switch abbreviations (bsc#1165573)
- zypper-aptitude: don't supplement zypper.
supplementing zypper means zypper-aptitude gets installed by
default and pulls in perl. Neither is desired on small systems.
- Do not allow the abbreviation of cli arguments (bsc#1164543)
- accoring to according in all translation files.
- Always show exception history if available.
- Use default package cache location for temporary repos (bsc#1130873)
- Print switch abbrev warning to stderr (bsc#1172925)
- Fix typo in man page (bsc#1169947)
More information about the sle-updates
mailing list