SUSE-CU-2021:240-1: Security update of ses/7/ceph/ceph

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu Jun 3 06:13:53 UTC 2021


SUSE Container Update Advisory: ses/7/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:240-1
Container Tags        : ses/7/ceph/ceph:15.2.12.83 , ses/7/ceph/ceph:15.2.12.83.4.214 , ses/7/ceph/ceph:latest , ses/7/ceph/ceph:sle15.2.octopus
Container Release     : 4.214
Severity              : important
Type                  : security
References            : 1080040 1115550 1161276 1171998 1174162 1180851 1181443 1181540
                        1181651 1181874 1182053 1182936 1183064 1183194 1183374 1183628
                        1183797 1184358 1184399 1184435 1184507 1184614 1184687 1184997
                        1185163 1185170 1185190 1185239 1185277 1185363 1185363 1185408
                        1185409 1185410 1185417 1185438 1185562 1185619 1185698 1186020
                        1186021 1186114 CVE-2020-11078 CVE-2021-21240 CVE-2021-22898
                        CVE-2021-3426 CVE-2021-3509 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518
                        CVE-2021-3520 CVE-2021-3524 CVE-2021-3531 CVE-2021-3537 
-----------------------------------------------------------------

The container ses/7/ceph/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1527-1
Released:    Thu May  6 08:58:53 2021
Summary:     Recommended update for bash
Type:        recommended
Severity:    important
References:  1183064
This update for bash fixes the following issues:

- Fixed a segmentation fault that used to occur when bash read a history file
  that was malformed in a very specific way. (bsc#1183064)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1528-1
Released:    Thu May  6 15:31:23 2021
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1161276
This update for openssl-1_1 fixes the following issues:

- Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1543-1
Released:    Fri May  7 15:16:32 2021
Summary:     Recommended update for patterns-microos
Type:        recommended
Severity:    moderate
References:  1184435
This update for patterns-microos provides the following fix:

- Require the libvirt-daemon-qemu package and include the needed dependencies in the
  product. (bsc#1184435)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1544-1
Released:    Fri May  7 16:34:41 2021
Summary:     Recommended update for libzypp
Type:        recommended
Severity:    moderate
References:  1180851,1181874,1182936,1183628,1184997,1185239
This update for libzypp fixes the following issues:

Upgrade from version 17.25.8 to version 17.25.10

- Properly handle permission denied when providing optional files. (bsc#1185239)
- Fix service detection with `cgroupv2`. (bsc#1184997)
- Add missing includes for GCC 11. (bsc#1181874)
- Fix unsafe usage of static in media verifier.
- `Solver`: Avoid segfault if no system is loaded. (bsc#1183628)
- `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851)
- Do no cleanup in custom cache dirs. (bsc#1182936)
- `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1549-1
Released:    Mon May 10 13:48:00 2021
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1185417
This update for procps fixes the following issues:

- Support up to 2048 CPU as well. (bsc#1185417)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1552-1
Released:    Mon May 10 19:15:13 2021
Summary:     Recommended update for strongswan
Type:        recommended
Severity:    moderate
References:  1185363
This update for strongswan fixes the following issues:

- Added support for AES CCM aead algorithms to openssl plugin (bsc#1185363)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1557-1
Released:    Tue May 11 09:50:00 2021
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1183374,CVE-2021-3426
This update for python3 fixes the following issues:

- CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1565-1
Released:    Tue May 11 14:20:04 2021
Summary:     Recommended update for krb5
Type:        recommended
Severity:    moderate
References:  1185163
This update for krb5 fixes the following issues:

- Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163);

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1582-1
Released:    Wed May 12 13:40:03 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1184687,1185190
This update for lvm2 fixes the following issues:

- Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190)
- Fixed and issue when LVM can't be disabled on boot. (bsc#1184687)
- Update patch for avoiding apply warning messages. (bsc#1012973)

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1592-1
Released:    Wed May 12 13:47:41 2021
Summary:     Optional update for sed
Type:        optional
Severity:    low
References:  1183797
This update for sed fixes the following issues:

- Fixed a building issue with glibc-2.31 (bsc#1183797).

This patch is optional to install.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1600-1
Released:    Thu May 13 16:34:08 2021
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1185277
This update for dracut fixes the following issue:

Update to version 049.1+suse.188.gbf445638:

- Do not resolve symbolic links before `instmod`. (bsc#1185277)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1612-1
Released:    Fri May 14 17:09:39 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1184614
This update for openldap2 fixes the following issue:

- Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1640-1
Released:    Wed May 19 13:47:50 2021
Summary:     Recommended update for strongswan
Type:        recommended
Severity:    moderate
References:  1185363
This update for strongswan fixes the following issues:

- FIPS: Replace AEAD AES CCM patch with upstream variant (bsc#1185363)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1643-1
Released:    Wed May 19 13:51:48 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1181443,1184358,1185562
This update for pam fixes the following issues:

- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to
  an attempt to resolve it as a hostname (bsc#1184358)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1647-1
Released:    Wed May 19 13:59:12 2021
Summary:     Security update for lz4
Type:        security
Severity:    important
References:  1185438,CVE-2021-3520
This update for lz4 fixes the following issues:

- CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1654-1
Released:    Wed May 19 16:43:36 2021
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537
This update for libxml2 fixes the following issues:

- CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1669-1
Released:    Thu May 20 11:10:44 2021
Summary:     Recommended update for nfs-utils
Type:        recommended
Severity:    moderate
References:  1181540,1181651,1183194,1185170
This update for nfs-utils fixes the following issues:

- The '/var/run' is long deprecated - switch all relevant paths to '/run'. (bsc#1185170)
- Improve logging of authentication (bsc#1181540)
- Add man page of the 'nconnect mount'. (bsc#1181651)
- Fixed an issue when HANA crashed due to inaccessible/hanging NFS mount. (bsc#1183194)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1675-1
Released:    Thu May 20 15:00:23 2021
Summary:     Recommended update for snappy
Type:        recommended
Severity:    moderate
References:  1080040,1184507
This update for snappy fixes the following issues:

Update from version 1.1.3 to 1.1.8

- Small performance improvements.
- Removed `snappy::string` alias for `std::string`.
- Improved `CMake` configuration.
- Improved packages descriptions.
- Fix RPM groups.
- Aarch64 fixes
- PPC speedups
- PIE improvements
- Fix license install. (bsc#1080040)
- Fix a 1% performance regression when snappy is used in PIE executable.
- Improve compression performance by 5%.
- Improve decompression performance by 20%.
- Use better download URL.
- Fix a build issue for tensorflow2. (bsc#1184507)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1677-1
Released:    Thu May 20 15:29:32 2021
Summary:     Recommended update for purge-kernels-service
Type:        recommended
Severity:    low
References:  1184399
This update for purge-kernels-service fixes the following issues:

- Add 'ZYPP_LOCK_TIMEOUT=-1' to keep waiting for the lock to avoid possible conflict with other background services uding zypper. (bsc#1184399)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1762-1
Released:    Wed May 26 12:30:01 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1186114,CVE-2021-22898
This update for curl fixes the following issues:

- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).
- Allow partial chain verification [jsc#SLE-17956]
  * Have intermediate certificates in the trust store be treated
    as trust-anchors, in the same way as self-signed root CA
    certificates are. This allows users to verify servers using
    the intermediate cert only, instead of needing the whole chain.
  * Set FLAG_TRUSTED_FIRST unconditionally.
  * Do not check partial chains with CRL check.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1773-1
Released:    Wed May 26 17:22:21 2021
Summary:     Recommended update for python3
Type:        recommended
Severity:    low
References:  
This update for python3 fixes the following issues:

- Make sure to close the import_failed.map file after the exception
  has been raised in order to avoid ResourceWarnings when the
  failing import is part of a try...except block.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1777-1
Released:    Thu May 27 11:20:53 2021
Summary:     Security update for ceph
Type:        security
Severity:    important
References:  1185619,1186020,1186021,CVE-2021-3509,CVE-2021-3524,CVE-2021-3531
This update for ceph fixes the following issues:

- Update to 15.2.12-83-g528da226523:
- (CVE-2021-3509) fix cookie injection issue (bsc#1186021)
- (CVE-2021-3531) RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (bsc#1186020)
- (CVE-2021-3524) sanitize \r in s3 CORSConfiguration’s ExposeHeader (bsc#1185619)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1801-1
Released:    Mon May 31 07:36:01 2021
Summary:     Recommended update for openssh
Type:        recommended
Severity:    moderate
References:  1115550,1174162
This update for openssh fixes the following issues:

- Fixed a race condition leading to a sshd termination of multichannel sessions with non-root users (bsc#1115550, bsc#1174162).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1806-1
Released:    Mon May 31 16:23:04 2021
Summary:     Security update for python-httplib2
Type:        security
Severity:    moderate
References:  1171998,1182053,CVE-2020-11078,CVE-2021-21240
This update for python-httplib2 fixes the following issues:

- Update to version 0.19.0 (bsc#1182053).
- CVE-2021-21240: Fixed regular expression denial of service via malicious header (bsc#1182053).
- CVE-2020-11078: Fixed unescaped part of uri where an attacker could change request headers and body (bsc#1182053).



More information about the sle-updates mailing list