SUSE-CU-2021:87-1: Security update of suse/sle15
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Tue Mar 30 06:39:45 UTC 2021
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:87-1
Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.878
Container Release : 8.2.878
Severity : important
Type : security
References : 1078466 1146705 1172442 1175519 1176201 1178775 1179847 1180020
1180083 1180596 1181011 1181328 1181358 1181622 1181831 1182328
1182362 1182629 1183094 1183370 1183371 1183456 1183457 1183852
CVE-2020-11080 CVE-2021-20231 CVE-2021-20232 CVE-2021-24031 CVE-2021-24032
CVE-2021-27218 CVE-2021-27219 CVE-2021-3449
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:778-1
Released: Fri Mar 12 17:42:25 2021
Summary: Security update for glib2
Type: security
Severity: important
References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219
This update for glib2 fixes the following issues:
- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if
the length is larger than guint. (bsc#1182328)
- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:786-1
Released: Mon Mar 15 11:19:23 2021
Summary: Recommended update for zlib
Type: recommended
Severity: moderate
References: 1176201
This update for zlib fixes the following issues:
- Fixed hw compression on z15 (bsc#1176201)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:874-1
Released: Thu Mar 18 09:41:54 2021
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: moderate
References: 1179847,1181328,1181622,1182629
This update for libsolv, libzypp, zypper fixes the following issues:
- support multiple collections in updateinfo parser
- Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328)
- Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629)
- Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847)
- Fix '%posttrans' script execution. (fixes #265)
- Repo: Allow multiple baseurls specified on one line (fixes #285)
- Regex: Fix memory leak and undefined behavior.
- Add rpm buildrequires for test suite (fixes #279)
- Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use.
- doc: give more details about creating versioned package locks. (bsc#1181622)
- man: Document synonymously used patch categories (bsc#1179847)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:924-1
Released: Tue Mar 23 10:00:49 2021
Summary: Recommended update for filesystem
Type: recommended
Severity: moderate
References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094
This update for filesystem the following issues:
- Remove duplicate line due to merge error
- Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011)
- Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
- Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
- Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)
This update for systemd fixes the following issues:
- Fix for a possible memory leak. (bsc#1180020)
- Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
- Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
- Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
- Don't use shell redirections when calling a rpm macro. (bsc#1183094)
- 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:930-1
Released: Wed Mar 24 12:09:23 2021
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1172442,1181358,CVE-2020-11080
This update for nghttp2 fixes the following issues:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:935-1
Released: Wed Mar 24 12:19:10 2021
Summary: Security update for gnutls
Type: security
Severity: important
References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232
This update for gnutls fixes the following issues:
- CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456).
- CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:948-1
Released: Wed Mar 24 14:31:34 2021
Summary: Security update for zstd
Type: security
Severity: moderate
References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032
This update for zstd fixes the following issues:
- CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371).
- CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:955-1
Released: Thu Mar 25 16:11:48 2021
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1183852,CVE-2021-3449
This update for openssl-1_1 fixes the security issue:
* CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted
renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation
ClientHello omits the signature_algorithms extension but includes a
signature_algorithms_cert extension, then a NULL pointer dereference will
result, leading to a crash and a denial of service attack. OpenSSL TLS
clients are not impacted by this issue. [bsc#1183852]
More information about the sle-updates
mailing list