SUSE-CU-2021:93-1: Security update of suse/sle15
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Fri Apr 2 06:42:21 UTC 2021
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:93-1
Container Tags : suse/sle15:15.3 , suse/sle15:15.3.13.2.238
Container Release : 13.2.238
Severity : important
Type : security
References : 1078466 1146705 1172442 1175519 1178775 1180020 1180083 1180596
1181011 1181358 1181831 1183094 1183370 1183371 1183852 CVE-2020-11080
CVE-2021-24031 CVE-2021-24032 CVE-2021-3449
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:924-1
Released: Tue Mar 23 10:00:49 2021
Summary: Recommended update for filesystem
Type: recommended
Severity: moderate
References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094
This update for filesystem the following issues:
- Remove duplicate line due to merge error
- Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011)
- Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
- Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
- Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)
This update for systemd fixes the following issues:
- Fix for a possible memory leak. (bsc#1180020)
- Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
- Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
- Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
- Don't use shell redirections when calling a rpm macro. (bsc#1183094)
- 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:930-1
Released: Wed Mar 24 12:09:23 2021
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1172442,1181358,CVE-2020-11080
This update for nghttp2 fixes the following issues:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:948-1
Released: Wed Mar 24 14:31:34 2021
Summary: Security update for zstd
Type: security
Severity: moderate
References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032
This update for zstd fixes the following issues:
- CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371).
- CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:955-1
Released: Thu Mar 25 16:11:48 2021
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1183852,CVE-2021-3449
This update for openssl-1_1 fixes the security issue:
* CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted
renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation
ClientHello omits the signature_algorithms extension but includes a
signature_algorithms_cert extension, then a NULL pointer dereference will
result, leading to a crash and a denial of service attack. OpenSSL TLS
clients are not impacted by this issue. [bsc#1183852]
More information about the sle-updates
mailing list