SUSE-CU-2020:509-1: Security update of suse/sles12sp5

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Oct 6 01:30:49 MDT 2020 

SUSE Container Update Advisory: suse/sles12sp5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:509-1
Container Tags        : suse/sles12sp5:6.5.71 , suse/sles12sp5:latest
Container Release     : 6.5.71
Severity              : moderate
Type                  : security
References            : 1120629 1120630 1120631 1127155 1131823 1137977 1175811 1175830
                        1175831 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 
-----------------------------------------------------------------

The container suse/sles12sp5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2652-1
Released:    Wed Sep 16 14:43:23 2020
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1175811,1175830,1175831
This update for zlib fixes the following issues:

- Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831)
- Enable hardware compression on s390/s390x (jsc#SLE-13776)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2660-1
Released:    Wed Sep 16 16:15:10 2020
Summary:     Security update for libsolv
Type:        security
Severity:    moderate
References:  1120629,1120630,1120631,1127155,1131823,1137977,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
This update for libsolv fixes the following issues:

This is a reissue of an existing libsolv update that also included libsolv-devel for LTSS products.

libsolv was updated to version 0.6.36 fixes the following issues:

Security issues fixed:

- CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629).
- CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630).
- CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631).

Non-security issues fixed:

- Made cleandeps jobs on patterns work (bsc#1137977).
- Fixed an issue multiversion packages that obsolete their own name (bsc#1127155).
- Keep consistent package name if there are multiple alternatives (bsc#1131823).

More information about the sle-updates mailing list