SUSE-CU-2021:20-1: Security update of suse/sle15
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Fri Jan 8 07:21:31 MST 2021
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:20-1
Container Tags : suse/sle15:15.3 , suse/sle15:15.3.13.2.50
Container Release : 13.2.50
Severity : important
Type : security
References : 1084671 1169006 1174942 1175514 1175623 1178346 1178554 1178823
1178825 1179398 1179399 1179491 1179593 1180138 CVE-2020-1971
CVE-2020-8284 CVE-2020-8285 CVE-2020-8286
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3721-1
Released: Wed Dec 9 13:36:46 2020
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1179491,CVE-2020-1971
This update for openssl-1_1 fixes the following issues:
- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3735-1
Released: Wed Dec 9 18:19:24 2020
Summary: Security update for curl
Type: security
Severity: moderate
References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286
This update for curl fixes the following issues:
- CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593).
- CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399).
- CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3809-1
Released: Tue Dec 15 13:46:05 2020
Summary: Recommended update for glib2
Type: recommended
Severity: moderate
References: 1178346
This update for glib2 fixes the following issues:
Update from version 2.62.5 to version 2.62.6:
- Support for slim format of timezone. (bsc#1178346)
- Fix DST incorrect end day when using slim format. (bsc#1178346)
- Fix SOCKS5 username/password authentication.
- Updated translations.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3853-1
Released: Wed Dec 16 12:27:27 2020
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825
This update for util-linux fixes the following issue:
- Do not trigger the automatic close of CDROM. (bsc#1084671)
- Try to automatically configure broken serial lines. (bsc#1175514)
- Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514)
- Build with `libudev` support to support non-root users. (bsc#1169006)
- Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
- Fix warning on mounts to `CIFS` with mount –a. (bsc#1174942)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3942-1
Released: Tue Dec 29 12:22:01 2020
Summary: Recommended update for libidn2
Type: recommended
Severity: moderate
References: 1180138
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3943-1
Released: Tue Dec 29 12:24:45 2020
Summary: Recommended update for libxml2
Type: recommended
Severity: moderate
References: 1178823
This update for libxml2 fixes the following issues:
Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823)
* key/unique/keyref schema attributes currently use quadratic loops
to check their various constraints (that keys are unique and that
keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.
More information about the sle-updates
mailing list