SUSE-CU-2021:562-1: Security update of bci/golang

sle-updates at sle-updates at
Sun Dec 5 07:57:01 UTC 2021

SUSE Container Update Advisory: bci/golang
Container Advisory ID : SUSE-CU-2021:562-1
Container Tags        : bci/golang:1.16
Container Release     : 5.22
Severity              : important
Type                  : security
References            : 1182345 1186071 1187153 1187273 1188623 1190356 1190440 1190984
                        1191286 1191324 1191370 1191609 1191736 1192160 1192161 1192337
                        1192377 1192378 1192436 CVE-2021-41771 CVE-2021-41772 

The container bci/golang was updated. The following patches have been included in this update:

Advisory ID: SUSE-RU-2021:3786-1
Released:    Wed Nov 24 05:59:13 2021
Summary:     Recommended update for rpm-config-SUSE
Type:        recommended
Severity:    important
References:  1192160
This update for rpm-config-SUSE fixes the following issues:

- Add support for the kernel xz-compressed firmware files (bsc#1192160)

Advisory ID: SUSE-RU-2021:3798-1
Released:    Wed Nov 24 18:01:36 2021
Summary:     Recommended update for gcc7
Type:        recommended
Severity:    moderate

This update for gcc7 fixes the following issues:

- Fixed a build issue when built with recent kernel headers.
- Backport the '-fpatchable-function-entry' feature from newer GCC. (jsc#SLE-20049)
- do not handle exceptions in std::thread (jsc#CAR-1182)

Advisory ID: SUSE-RU-2021:3799-1
Released:    Wed Nov 24 18:07:54 2021
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1187153,1187273,1188623
This update for gcc11 fixes the following issues:

The additional GNU compiler collection GCC 11 is provided:

To select these compilers install the packages:

- gcc11
- gcc-c++11
- and others with 11 prefix.

to select them for building:

- CC='gcc-11'
- CXX='g++-11'

The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.

Advisory ID: SUSE-RU-2021:3808-1
Released:    Fri Nov 26 00:30:54 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1186071,1190440,1190984,1192161
This update for systemd fixes the following issues:

- Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798)
- Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984)
- Support detection for ARM64 Hyper-V guests (bsc#1186071)
- Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440)
- Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694)
- Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)

Advisory ID: SUSE-SU-2021:3834-1
Released:    Wed Dec  1 16:05:12 2021
Summary:     Security update for go1.16
Type:        security
Severity:    moderate
References:  1182345,1192377,1192378,CVE-2021-41771,CVE-2021-41772
This update for go1.16 fixes the following issues:

Security update go1.16.10 (released 2021-11-04) (bsc#1182345).

- CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic (bsc#1192377).
- CVE-2021-41772: Fixed panic on (*Reader).Open (bsc#1192378).

Advisory ID: SUSE-RU-2021:3870-1
Released:    Thu Dec  2 07:11:50 2021
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1190356,1191286,1191324,1191370,1191609,1192337,1192436
This update for libzypp, zypper fixes the following issues:


- Check log writer before accessing it (bsc#1192337)
- Zypper should keep cached files if transaction is aborted (bsc#1190356)
- Require a minimum number of mirrors for multicurl (bsc#1191609)
- Fixed slowdowns when rlimit is too high by using procfs to detect niumber of 
  open file descriptors (bsc#1191324)
- Fixed zypper incomplete messages when using non English localization (bsc#1191370)
- RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286)
- Disable logger in the child process after fork (bsc#1192436)


- Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418)

Advisory ID: SUSE-RU-2021:3872-1
Released:    Thu Dec  2 07:25:55 2021
Summary:     Recommended update for cracklib
Type:        recommended
Severity:    moderate
References:  1191736
This update for cracklib fixes the following issues:

- Enable build time tests (bsc#1191736)

The following package changes have been done:

- cpp7-7.5.0+r278197-4.30.1 updated
- cracklib-dict-small-2.9.7-11.6.1 updated
- cracklib-2.9.7-11.6.1 updated
- gcc7-7.5.0+r278197-4.30.1 updated
- go1.16-1.16.10-1.32.1 updated
- libasan4-7.5.0+r278197-4.30.1 updated
- libatomic1-11.2.1+git610-1.3.9 updated
- libcilkrts5-7.5.0+r278197-4.30.1 updated
- libcrack2-2.9.7-11.6.1 updated
- libgcc_s1-11.2.1+git610-1.3.9 updated
- libgomp1-11.2.1+git610-1.3.9 updated
- libitm1-11.2.1+git610-1.3.9 updated
- liblsan0-11.2.1+git610-1.3.9 updated
- libstdc++6-11.2.1+git610-1.3.9 updated
- libsystemd0-246.16-7.21.1 updated
- libtsan0-11.2.1+git610-1.3.9 updated
- libubsan0-7.5.0+r278197-4.30.1 updated
- libudev1-246.16-7.21.1 updated
- libzypp-17.28.8-20.1 updated
- rpm-config-SUSE-1-5.6.1 updated
- zypper-1.14.50-21.1 updated
- container:sles15-image-15.0.0-17.8.39 updated

More information about the sle-updates mailing list