SUSE-CU-2020:173-1: Security update of sles12/nginx-ingress-controller

sle-updates at lists.suse.com sle-updates at lists.suse.com
Fri May 15 13:29:07 MDT 2020


SUSE Container Update Advisory: sles12/nginx-ingress-controller
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:173-1
Container Tags        : sles12/nginx-ingress-controller:0.15.0
Container Release     : 2.5.356
Severity              : important
Type                  : security
References            : 1049825 1050241 1082318 1093414 1104902 1106383 1107617 1108606
                        1110929 1114592 1114674 1116995 1117951 1121626 1123886 1123919
                        1124211 1124847 1125113 1128828 1131830 1133495 1134550 1135254
                        1136298 1137053 1137832 1139459 1139870 1139942 1140039 1140120
                        1140631 1140914 1141093 1141493 1141897 1142614 1142649 1142654
                        1142661 1143194 1143273 1145521 1146415 1146608 1148517 1148987
                        1149145 1149429 1149496 1150003 1150250 1150595 1150734 1151377
                        1151506 1151577 1153386 1153557 1154036 1154037 1154043 1154043
                        1154609 1154862 1154871 1154948 1155199 1155338 1155339 1155574
                        1156194 1156402 1156482 1157198 1157578 1158586 1158763 1158809
                        1159162 1159814 1160163 1160571 1160594 1160613 1160614 1160682
                        1160682 1160764 1161779 1162108 1162518 1162879 1163922 1165471
                        1165915 1165919 1166510 1168195 1169766 1170771 983268 CVE-2016-5102
                        CVE-2017-12652 CVE-2017-7890 CVE-2018-10754 CVE-2018-14553 CVE-2018-17000
                        CVE-2018-18311 CVE-2019-11038 CVE-2019-12749 CVE-2019-13050 CVE-2019-13057
                        CVE-2019-13565 CVE-2019-13627 CVE-2019-14250 CVE-2019-14866 CVE-2019-14973
                        CVE-2019-1547 CVE-2019-1551 CVE-2019-1563 CVE-2019-15847 CVE-2019-15903
                        CVE-2019-17498 CVE-2019-17594 CVE-2019-17595 CVE-2019-18197 CVE-2019-18900
                        CVE-2019-20372 CVE-2019-20372 CVE-2019-2201 CVE-2019-3688 CVE-2019-3690
                        CVE-2019-5188 CVE-2019-5482 CVE-2019-6128 CVE-2019-7317 CVE-2019-7663
                        CVE-2019-9232 CVE-2019-9433 CVE-2019-9893 CVE-2020-12243 CVE-2020-1712
                        CVE-2020-8013 SLE-10396 SLE-7081 SLE-7257 
-----------------------------------------------------------------

The container sles12/nginx-ingress-controller was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2120-1
Released:    Wed Aug 14 11:17:39 2019
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1136298,SLE-7257
This update for pam fixes the following issues:

- Enable pam_userdb.so (SLE-7257,bsc#1136298)
- Upgraded pam_userdb to 1.3.1.  (bsc#1136298)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2264-1
Released:    Mon Sep  2 09:07:12 2019
Summary:     Security update for perl
Type:        security
Severity:    important
References:  1114674,CVE-2018-18311
This update for perl fixes the following issues:

Security issue fixed:

- CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2288-1
Released:    Wed Sep  4 14:22:47 2019
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1104902,1107617,1137053,1142661
This update for systemd fixes the following issues:

- Fixes an issue where the Kernel took very long to unmount a user's runtime directory (bsc#1104902)
- udevd: changed the default value of udev.children-max (again) (bsc#1107617)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2372-1
Released:    Thu Sep 12 14:01:27 2019
Summary:     Recommended update for krb5
Type:        recommended
Severity:    moderate
References:  1139942,1140914,SLE-7081
This update for krb5 fixes the following issues:

- Fix missing responder if there is no pre-auth; (bsc#1139942)
- Load mechglue config files from /etc/gss/mech.d; (bsc#1140914, jsc#SLE-7081)
- Fix impersonate_name to work with interposers; (bsc#1140914, jsc#SLE-7081)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2339-1
Released:    Thu Sep 12 14:17:53 2019
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1149496,CVE-2019-5482
This update for curl fixes the following issues:

Security issue fixed:

- CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2390-1
Released:    Tue Sep 17 15:46:02 2019
Summary:     Security update for openldap2
Type:        security
Severity:    moderate
References:  1143194,1143273,CVE-2019-13057,CVE-2019-13565
This update for openldap2 fixes the following issues:

Security issues fixed:

- CVE-2019-13565: Fixed ssf memory reuse that leads to incorrect authorization of another connection, granting excess connection rights (ssf) (bsc#1143194).
- CVE-2019-13057: Fixed rootDN of a backend that may proxyauth incorrectly to another backend, violating multi-tenant isolation (bsc#1143273).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2413-1
Released:    Fri Sep 20 10:44:26 2019
Summary:     Security update for openssl
Type:        security
Severity:    moderate
References:  1150003,1150250,CVE-2019-1547,CVE-2019-1563
This update for openssl fixes the following issues:

OpenSSL Security Advisory [10 September 2019]

- CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003).
- CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2440-1
Released:    Mon Sep 23 17:15:13 2019
Summary:     Security update for expat
Type:        security
Severity:    moderate
References:  1149429,CVE-2019-15903
This update for expat fixes the following issues:

Security issue fixed:

- CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. (bsc#1149429)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2480-1
Released:    Fri Sep 27 13:12:08 2019
Summary:     Security update for gpg2
Type:        security
Severity:    moderate
References:  1124847,1141093,CVE-2019-13050
This update for gpg2 fixes the following issues:

Security issue fixed:

- CVE-2019-13050: Fixed denial-of-service attacks via big keys. (bsc#1141093)

Non-security issue fixed:

- Allow coredumps in X11 desktop sessions (bsc#1124847).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2510-1
Released:    Tue Oct  1 17:37:12 2019
Summary:     Security update for libgcrypt
Type:        security
Severity:    moderate
References:  1148987,CVE-2019-13627
This update for libgcrypt fixes the following issues:

Security issues fixed:
	  
- CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2818-1
Released:    Tue Oct 29 17:22:01 2019
Summary:     Recommended update for zypper and libzypp
Type:        recommended
Severity:    important
References:  1049825,1116995,1140039,1145521,1146415,1153557
This update for zypper and libzypp fixes the following issues:

Package: zypper

- Fixed an issue where zypper exited on a SIGPIPE during package download (bsc#1145521)
- Rephrased the file conflicts check summary (bsc#1140039)
- Fixes an issue where the bash completion was wrongly expanded (bsc#1049825)

Package: libzypp

- Fixed an issue where YaST2 was not able to find base products via libzypp (bsc#1153557)
- Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus
  mode when resolving jobs (bsc#1146415)
- Fixes a file descriptor leak in the media backend (bsc#1116995)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2887-1
Released:    Mon Nov  4 17:31:49 2019
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1139870
This update for apparmor provides the following fix:

- Change pathname in logprof.conf and use check_qualifiers() in autodep to make sure
  apparmor does not generate profiles for programs marked as not having their own
  profiles. (bsc#1139870)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2898-1
Released:    Tue Nov  5 17:00:27 2019
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1140631,1150595,1154948
This update for systemd fixes the following issues:

- sd-bus: deal with cookie overruns (bsc#1150595)
- rules: Add by-id symlinks for persistent memory (bsc#1140631)
- Drop the old fds used for logging and reopen them in the
  sub process before doing any new logging.  (bsc#1154948)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2936-1
Released:    Fri Nov  8 13:19:55 2019
Summary:     Security update for libssh2_org
Type:        security
Severity:    moderate
References:  1154862,CVE-2019-17498
This update for libssh2_org fixes the following issue:

- CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2941-1
Released:    Tue Nov 12 10:03:32 2019
Summary:     Security update for libseccomp
Type:        security
Severity:    moderate
References:  1082318,1128828,1142614,CVE-2019-9893
This update for libseccomp fixes the following issues:

Update to new upstream release 2.4.1:

* Fix a BPF generation bug where the optimizer mistakenly
  identified duplicate BPF code blocks.

Updated to 2.4.0 (bsc#1128828 CVE-2019-9893):

* Update the syscall table for Linux v5.0-rc5
* Added support for the SCMP_ACT_KILL_PROCESS action
* Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute
* Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension
* Added support for the parisc and parisc64 architectures
* Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3)
* Return -EDOM on an endian mismatch when adding an architecture to a filter
* Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run()
* Fix PFC generation when a syscall is prioritized, but no rule exists
* Numerous fixes to the seccomp-bpf filter generation code
* Switch our internal hashing function to jhash/Lookup3 to MurmurHash3
* Numerous tests added to the included test suite, coverage now at ~92%
* Update our Travis CI configuration to use Ubuntu 16.04
* Numerous documentation fixes and updates

Update to release 2.3.3:

* Updated the syscall table for Linux v4.15-rc7

Update to release 2.3.2:

* Achieved full compliance with the CII Best Practices program
* Added Travis CI builds to the GitHub repository
* Added code coverage reporting with the '--enable-code-coverage' configure
  flag and added Coveralls to the GitHub repository
* Updated the syscall tables to match Linux v4.10-rc6+
* Support for building with Python v3.x
* Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is
  set to true
* Several small documentation fixes

- ignore make check error for ppc64/ppc64le, bypass bsc#1142614

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2972-1
Released:    Thu Nov 14 12:04:52 2019
Summary:     Security update for libjpeg-turbo
Type:        security
Severity:    important
References:  1156402,CVE-2019-2201
This update for libjpeg-turbo fixes the following issues:

- CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo,
  when attempting to compress or decompress gigapixel images. [bsc#1156402]


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3003-1
Released:    Tue Nov 19 10:12:33 2019
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1153386,SLE-10396
This update for procps provides the following fixes:

- Backport the MemAvailable patch into SLE12-SP4/SP5 procps. (jsc#SLE-10396)
- Add missing ShmemPmdMapped entry for pmap with newer kernels. (bsc#1153386)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3058-1
Released:    Mon Nov 25 17:32:43 2019
Summary:     Security update for tiff
Type:        security
Severity:    moderate
References:  1108606,1121626,1125113,1146608,983268,CVE-2016-5102,CVE-2018-17000,CVE-2019-14973,CVE-2019-6128,CVE-2019-7663
This update for tiff fixes the following issues:

Security issues fixed:

- CVE-2019-14973: Fixed an improper check which was depended on the compiler
  which could have led to integer overflow (bsc#1146608).
- CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268)
- CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606).
- CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626).
- CVE-2019-7663: Fixed an invalid address dereference in the
  TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3064-1
Released:    Mon Nov 25 18:44:36 2019
Summary:     Security update for cpio
Type:        security
Severity:    moderate
References:  1155199,CVE-2019-14866
This update for cpio fixes the following issues:
	  
- CVE-2019-14866: Fixed an improper validation of the values written 
  in the header of a TAR file through the to_oct() function which could 
  have led to unexpected TAR generation (bsc#1155199).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3085-1
Released:    Thu Nov 28 10:01:53 2019
Summary:     Security update for libxml2
Type:        security
Severity:    low
References:  1123919
This update for libxml2 doesn't fix any additional security issues, but correct the rpm changelog to reflect
all CVEs that have been fixed over the past.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3094-1
Released:    Thu Nov 28 16:47:52 2019
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1131830,1134550,1154036,1154037,CVE-2018-10754,CVE-2019-17594,CVE-2019-17595
This update for ncurses fixes the following issues:

Security issue fixed:

- CVE-2018-10754: Fixed a denial of service caused by a NULL Pointer Dereference in the _nc_parse_entry() (bsc#1131830).
- CVE-2019-17594: Fixed a heap-based buffer over-read in _nc_find_entry function in tinfo/comp_hash.c (bsc#1154036).
- CVE-2019-17595: Fixed a heap-based buffer over-read in fmt_entry function in tinfo/comp_hash.c (bsc#1154037).

Bug fixes:

- Fixed ppc64le build configuration (bsc#1134550).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3132-1
Released:    Tue Dec  3 10:52:14 2019
Summary:     Recommended update for update-alternatives
Type:        recommended
Severity:    moderate
References:  1154043
This update for update-alternatives fixes the following issues:

- Fix post install scripts: test if there is actual file before calling update-alternatives. (bsc#1154043)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3180-1
Released:    Thu Dec  5 11:42:40 2019
Summary:     Security update for permissions
Type:        security
Severity:    moderate
References:  1093414,1150734,1157198,CVE-2019-3688,CVE-2019-3690
This update for permissions fixes the following issues:

- CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid
  which could have allowed a squid user to gain persistence by changing the 
  binary (bsc#1093414).
- CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic 
  links (bsc#1150734).
- Fixed a regression which caused segmentation fault (bsc#1157198).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3342-1
Released:    Thu Dec 19 11:04:35 2019
Summary:     Recommended update for elfutils
Type:        recommended
Severity:    moderate
References:  1151577
This update for elfutils fixes the following issues:

- Add require of 'libebl1' for 'libelf1'. (bsc#1151577)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3364-1
Released:    Thu Dec 19 19:20:52 2019
Summary:     Recommended update for ncurses
Type:        recommended
Severity:    moderate
References:  1158586,1159162
This update for ncurses fixes the following issues:

- Work around a bug of old upstream gen-pkgconfig (bsc#1159162) 
- Remove doubled library path options (bsc#1159162)
- Also remove private requirements as (lib)tinfo are binary compatible
  with normal and wide version of (lib)ncurses (bsc#1158586, bsc#1159162)
- Fix last change, that is add missed library linker paths as well
  as missed include directories for none standard paths (bsc#1158586,
  bsc#1159162)
- Do not mix include directories of different ncurses ABI (bsc#1158586) 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:79-1
Released:    Mon Jan 13 10:37:34 2020
Summary:     Security update for libzypp
Type:        security
Severity:    moderate
References:  1158763,CVE-2019-18900
This update for libzypp fixes the following issues:

Security issue fixed:

- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:86-1
Released:    Mon Jan 13 14:12:22 2020
Summary:     Security update for e2fsprogs
Type:        security
Severity:    moderate
References:  1160571,CVE-2019-5188
This update for e2fsprogs fixes the following issues:

- CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:106-1
Released:    Wed Jan 15 12:50:55 2020
Summary:     Recommended update for libgcrypt
Type:        recommended
Severity:    important
References:  1155338,1155339
This update for libgcrypt fixes the following issues:

- Fix test dsa-rfc6979 in FIPS mode: Disabled tests in elliptic curves with 192 bits which are not recommended in FIPS mode
- Added CMAC AES and TDES FIPS self-tests: (bsc#1155339, bsc#1155338)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:373-1
Released:    Tue Feb 18 15:06:18 2020
Summary:     Security update for dbus-1
Type:        security
Severity:    important
References:  1137832,CVE-2019-12749
This update for dbus-1 fixes the following issues:
	  
Security issue fixed:     
    
- CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which 
  could have allowed local attackers to bypass authentication (bsc#1137832).   

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:404-1
Released:    Wed Feb 19 09:05:47 2020
Summary:     Recommended update for p11-kit
Type:        recommended
Severity:    moderate
References:  1154871
This update for p11-kit fixes the following issues:

- Support loading NSS attribute 'CKA_NSS_MOZILLA_CA_POLICY' so Firefox detects built-in certificates. (bsc#1154871)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:459-1
Released:    Tue Feb 25 11:02:12 2020
Summary:     Security update for libvpx
Type:        security
Severity:    moderate
References:  1160613,1160614,CVE-2019-9232,CVE-2019-9433
This update for libvpx fixes the following issues:

- CVE-2019-9232: Fixed an out of bound memory access (bsc#1160613).
- CVE-2019-9433: Fixdd a use-after-free in vp8_deblock() (bsc#1160614).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:474-1
Released:    Tue Feb 25 13:24:15 2020
Summary:     Security update for openssl
Type:        security
Severity:    moderate
References:  1117951,1158809,1160163,CVE-2019-1551
This update for openssl fixes the following issues:

Security issue fixed:

- CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809).

Non-security issue fixed:

- Fixed a crash in BN_copy (bsc#1160163).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:545-1
Released:    Fri Feb 28 15:50:46 2020
Summary:     Security update for permissions
Type:        security
Severity:    moderate
References:  1123886,1160594,1160764,1161779,1163922,CVE-2020-8013
This update for permissions fixes the following issues:

Security issues fixed:

- CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922).

Non-security issues fixed:

- Fixed a regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594).
- Fixed capability handling when doing multiple permission changes at once (bsc#1161779).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:561-1
Released:    Mon Mar  2 17:24:59 2020
Summary:     Recommended update for elfutils
Type:        recommended
Severity:    moderate
References:  1110929,1157578
This update for elfutils fixes the following issues:

- Fix 'eu-nm' issue in elfutils: Symbol iteration will be set to start at 0 instead of 1 to avoid missing symbols in the output. (bsc#1157578)
- Fix for '.ko' file corruption in debug info. (bsc#1110929)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:569-1
Released:    Tue Mar  3 11:43:43 2020
Summary:     Security update for libpng16
Type:        security
Severity:    moderate
References:  1124211,1141493,CVE-2017-12652,CVE-2019-7317
This update for libpng16 fixes the following issues:

Security issues fixed:

- CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when
  png_image_free() was called under png_safe_execute (bsc#1124211).
- CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:571-1
Released:    Tue Mar  3 13:23:35 2020
Summary:     Recommended update for cyrus-sasl
Type:        recommended
Severity:    moderate
References:  1162518
This update for cyrus-sasl fixes the following issues:

- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:623-1
Released:    Mon Mar  9 16:17:26 2020
Summary:     Security update for gd
Type:        security
Severity:    moderate
References:  1050241,1140120,1165471,CVE-2017-7890,CVE-2018-14553,CVE-2019-11038
This update for gd fixes the following issues:

- CVE-2017-7890: Fixed a buffer over-read into uninitialized memory (bsc#1050241).
- CVE-2018-14553: Fixed a null pointer dereference in gdImageClone() (bsc#1165471).
- CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:702-1
Released:    Tue Mar 17 14:44:37 2020
Summary:     Security update for nginx-ingress-controller
Type:        security
Severity:    moderate
References:  1160682,CVE-2019-20372
This update for nginx-ingress-controller fixes the following issues:

- CVE-2019-20372: Fixed an HTTP request smuggling with certain error_page
  configurations which could have allowed unothorized web page reads
  (bsc#1160682).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:703-1
Released:    Tue Mar 17 14:44:58 2020
Summary:     Security update for nginx
Type:        security
Severity:    moderate
References:  1160682,CVE-2019-20372
This update for nginx fixes the following issues:

- CVE-2019-20372: Fixed an HTTP request smuggling with certain error_page
  configurations which could have allowed unothorized web page reads
  (bsc#1160682).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:331-1
Released:    Wed Mar 18 12:52:46 2020
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1106383,1133495,1139459,1151377,1151506,1154043,1155574,1156482,1159814,1162108,CVE-2020-1712
This update for systemd fixes the following issues:

- CVE-2020-1712 (bsc#bsc#1162108)
  Fix a heap use-after-free vulnerability, when asynchronous
  Polkit queries were performed while handling Dbus messages. A local
  unprivileged attacker could have abused this flaw to crash systemd services or
  potentially execute code and elevate their privileges, by sending specially
  crafted Dbus messages.

- Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459)
- Fix warnings thrown during package installation. (bsc#1154043)
- Fix for system-udevd prevent crash within OES2018. (bsc#1151506)
- Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482)
- Wait for workers to finish when exiting. (bsc#1106383)
- Improve log message when inotify limit is reached. (bsc#1155574)
- Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377)
- Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:786-1
Released:    Wed Mar 25 06:47:18 2020
Summary:     Recommended update for p11-kit
Type:        recommended
Severity:    moderate
References:  1165915,1165919
This update for p11-kit fixes the following issues:

- tag this version with 'p11-kit-tools-supports-CKA_NSS_MOZILLA_CA_POLICY'
  provides so we can pull it in. (bsc#1165915 bsc#1165919)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:822-1
Released:    Tue Mar 31 13:06:24 2020
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1166510
This update for pam fixes the following issues:

- Moved pam_userdb to a separate package pam-extra  (bsc#1166510)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:915-1
Released:    Fri Apr  3 13:15:11 2020
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1168195

This update for openldap2 fixes the following issue:

- The openldap2-ppolicy-check-password plugin is now included (FATE#319461 bsc#1168195)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:920-1
Released:    Fri Apr  3 17:13:04 2020
Summary:     Security update for libxslt
Type:        security
Severity:    moderate
References:  1154609,CVE-2019-18197
This update for libxslt fixes the following issue:

- CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:394-1
Released:    Tue Apr 14 17:25:16 2020
Summary:     Security update for gcc9
Type:        security
Severity:    moderate
References:  1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847
This update for gcc9 fixes the following issues:

The GNU Compiler Collection is shipped in version 9.

A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html

The compilers have been added to the SUSE Linux Enterprise Toolchain Module.

To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9
CXX=g++-9 set.


For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and
other compiler libraries have been switched from their gcc8 variants to
their gcc9 variants.

Security issues fixed:

- CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
- CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)

Non-security issues fixed:

- Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
- Fixed miscompilation for vector shift on s390. (bsc#1141897)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1168-1
Released:    Mon May  4 14:06:46 2020
Summary:     Recommended update for libgcrypt
Type:        recommended
Severity:    moderate
References:  1162879
This update for libgcrypt fixes the following issues:

- FIPS: Relax the entropy requirements on selftest during boot (bsc#1162879)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:1193-1
Released:    Tue May  5 16:26:05 2020
Summary:     Security update for openldap2
Type:        security
Severity:    important
References:  1170771,CVE-2020-12243
This update for openldap2 fixes the following issues:

- CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1254-1
Released:    Tue May 12 11:17:06 2020
Summary:     Recommended update for geolite2legacy, geoipupdate
Type:        recommended
Severity:    moderate
References:  1156194,1169766
This update for geolite2legacy and geoipupdate fixes the following issues:

- Create the initial package of GeoIP 2 Legacy, as the GeoIP is discontinued. (bsc#1156194)
- Update README.SUSE in GeoIP with a description how to get the latest Geo IP data after the distribution changes. (jsc#SLE-11184, bsc#1156194, jsc#ECO-1405)
  


More information about the sle-updates mailing list