SUSE-CU-2020:67-1: Security update of suse/sle15

sle-updates at lists.suse.com sle-updates at lists.suse.com
Sun Mar 1 11:31:32 MST 2020 

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:67-1
Container Tags        : suse/sle15:15.1 , suse/sle15:15.1.6.2.170
Container Release     : 6.2.170
Severity              : moderate
Type                  : security
References            : 1148244 1148788 1160594 1160764 1161779 1163922 1164562 CVE-2019-3687
                        CVE-2020-8013 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2681-1
Released:    Tue Oct 15 22:01:40 2019
Summary:     Recommended update for libdb-4_8
Type:        recommended
Severity:    moderate
References:  1148244
Description:

This update for libdb-4_8 fixes the following issues:

- Add off-page deadlock patch as found and documented by Red Hat.
  (bsc#1148244)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:525-1
Released:    Fri Feb 28 11:49:36 2020
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1164562
Description:

This update for pam fixes the following issues:

- Add libdb as build-time dependency to enable pam_userdb module.
  Enable pam_userdb.so (jsc#sle-7258, bsc#1164562)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:547-1
Released:    Fri Feb 28 16:26:21 2020
Summary:     Security update for permissions
Type:        security
Severity:    moderate
References:  1148788,1160594,1160764,1161779,1163922,CVE-2019-3687,CVE-2020-8013
Description:

This update for permissions fixes the following issues:

Security issues fixed:

- CVE-2019-3687: Fixed a privilege escalation which could allow a local user to read network traffic if wireshark is installed (bsc#1148788)
- CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922).

Non-security issues fixed:

- Fixed a regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594).
- Fixed capability handling when doing multiple permission changes at once (bsc#1161779).

More information about the sle-updates mailing list