SUSE-CU-2021:51-1: Security update of caasp/v4.5/cilium-operator
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Tue Feb 9 07:34:00 UTC 2021
SUSE Container Update Advisory: caasp/v4.5/cilium-operator
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:51-1
Container Tags : caasp/v4.5/cilium-operator:1.7.6 , caasp/v4.5/cilium-operator:1.7.6-rev5 , caasp/v4.5/cilium-operator:1.7.6-rev5-build5.15.3
Container Release : 5.15.3
Severity : important
Type : security
References : 1050625 1084671 1141597 1169006 1171883 1172695 1173559 1174016
1174436 1174942 1175458 1175514 1175623 1177238 1177275 1177348
1177427 1177490 1177583 1178346 1178554 1178775 1178823 1178825
1178909 1178910 1178931 1178966 1179083 1179222 1179363 1179415
1179503 1179816 1179824 1179909 1180077 1180138 1180225 1180603
1180603 1180663 1180721 1180885 CVE-2017-9271 CVE-2020-12603
CVE-2020-12604 CVE-2020-12605 CVE-2020-25709 CVE-2020-25710 CVE-2020-35471
CVE-2020-8025 CVE-2020-8663
-----------------------------------------------------------------
The container caasp/v4.5/cilium-operator was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3809-1
Released: Tue Dec 15 13:46:05 2020
Summary: Recommended update for glib2
Type: recommended
Severity: moderate
References: 1178346
This update for glib2 fixes the following issues:
Update from version 2.62.5 to version 2.62.6:
- Support for slim format of timezone. (bsc#1178346)
- Fix DST incorrect end day when using slim format. (bsc#1178346)
- Fix SOCKS5 username/password authentication.
- Updated translations.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3853-1
Released: Wed Dec 16 12:27:27 2020
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825
This update for util-linux fixes the following issue:
- Do not trigger the automatic close of CDROM. (bsc#1084671)
- Try to automatically configure broken serial lines. (bsc#1175514)
- Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514)
- Build with `libudev` support to support non-root users. (bsc#1169006)
- Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
- Fix warning on mounts to `CIFS` with mount –a. (bsc#1174942)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3942-1
Released: Tue Dec 29 12:22:01 2020
Summary: Recommended update for libidn2
Type: recommended
Severity: moderate
References: 1180138
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3943-1
Released: Tue Dec 29 12:24:45 2020
Summary: Recommended update for libxml2
Type: recommended
Severity: moderate
References: 1178823
This update for libxml2 fixes the following issues:
Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823)
* key/unique/keyref schema attributes currently use quadratic loops
to check their various constraints (that keys are unique and that
keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:109-1
Released: Wed Jan 13 10:13:24 2021
Summary: Security update for libzypp, zypper
Type: security
Severity: moderate
References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271
This update for libzypp, zypper fixes the following issues:
Update zypper to version 1.14.41
Update libzypp to 17.25.4
- CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583)
- RepoManager: Force refresh if repo url has changed (bsc#1174016)
- RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966)
- RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427).
- RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat
symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910)
- Fixed update of gpg keys with elongated expire date (bsc#179222)
- needreboot: remove udev from the list (bsc#1179083)
- Fix lsof monitoring (bsc#1179909)
yast-installation was updated to 4.2.48:
- Do not cleanup the libzypp cache when the system has low memory,
incomplete cache confuses libzypp later (bsc#1179415)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:129-1
Released: Thu Jan 14 12:26:15 2021
Summary: Security update for openldap2
Type: security
Severity: moderate
References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710
This update for openldap2 fixes the following issues:
Security issues fixed:
- CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
- CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
Non-security issue fixed:
- Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:169-1
Released: Tue Jan 19 16:18:46 2021
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: moderate
References: 1179816,1180077,1180663,1180721
This update for libsolv, libzypp, zypper fixes the following issues:
libzypp was updated to 17.25.6:
- Rephrase solver problem descriptions (jsc#SLE-8482)
- Adapt to changed gpg2/libgpgme behavior (bsc#1180721)
- Multicurl backend breaks with with unknown filesize (fixes #277)
zypper was updated to 1.14.42:
- Fix source-download commnds help (bsc#1180663)
- man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816)
- Extend apt packagemap (fixes #366)
- --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077)
libsolv was updated to 0.7.16;
- do not ask the namespace callback for splitprovides when writing a testcase
- fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes
- improve choicerule generation so that package updates are prefered in more cases
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:174-1
Released: Wed Jan 20 07:55:23 2021
Summary: Recommended update for gnutls
Type: recommended
Severity: moderate
References: 1172695
This update for gnutls fixes the following issue:
- Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:197-1
Released: Fri Jan 22 15:17:42 2021
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1171883,CVE-2020-8025
This update for permissions fixes the following issues:
- Update to version 20181224:
* pcp: remove no longer needed / conflicting entries
(bsc#1171883, CVE-2020-8025)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:220-1
Released: Tue Jan 26 14:00:51 2021
Summary: Recommended update for keyutils
Type: recommended
Severity: moderate
References: 1180603
This update for keyutils fixes the following issues:
- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:233-1
Released: Wed Jan 27 12:15:33 2021
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225
This update for systemd fixes the following issues:
- Added a timestamp to the output of the busctl monitor command (bsc#1180225)
- Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824)
- Improved the caching of cgroups member mask (bsc#1175458)
- Fixed the dependency definition of sound.target (bsc#1179363)
- Fixed a bug that could lead to a potential error, when daemon-reload is called between
StartTransientUnit and scope_start() (bsc#1174436)
- time-util: treat /etc/localtime missing as UTC (bsc#1141597)
- Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:265-1
Released: Mon Feb 1 15:06:45 2021
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1178775,1180885
This update for systemd fixes the following issues:
- Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998))
- Fix for an issue when container start causes interference in other containers. (bsc#1178775)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:293-1
Released: Wed Feb 3 12:52:34 2021
Summary: Recommended update for gmp
Type: recommended
Severity: moderate
References: 1180603
This update for gmp fixes the following issues:
- correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:335-1
Released: Mon Feb 8 11:19:09 2021
Summary: Include cilium addon security fixes and a new skuba release with updated add-ons
Type: security
Severity: important
References: 1173559,1177348,1178931,CVE-2020-12603,CVE-2020-12604,CVE-2020-12605,CVE-2020-35471,CVE-2020-8663
== Cilium (Security fixes)
This fix involves an upgrade of cilium add-on. See https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_updates.html#_updating_kubernetes_components for the upgrade procedure.
== Skuba
In order to update skuba you need to update the management workstation. See detailed instructions at https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_updates.html#_update_management_workstation
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:339-1
Released: Mon Feb 8 13:16:07 2021
Summary: Optional update for pam
Type: optional
Severity: low
References:
This update for pam fixes the following issues:
- Added rpm macros for this package, so that other packages can make use of it
This patch is optional to be installed - it doesn't fix any bugs.
More information about the sle-updates
mailing list