SUSE-CU-2021:437-1: Security update of bci/golang

Thu Oct 21 09:07:38 UTC 2021

SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:437-1
Container Tags        : bci/golang:1.16
Container Release     : 4.7
Severity              : moderate
Type                  : security
References            : 1178236 1182345 1185016 1185524 1186910 1187270 1187512 1188344
                        1188921 1190052 1190645 1190739 1190793 1190915 1190933 1191468
                        CVE-2021-37600 CVE-2021-38297 CVE-2021-39537 
-----------------------------------------------------------------

The container bci/golang was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3474-1
Released:    Wed Oct 20 08:41:31 2021
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3480-1
Released:    Wed Oct 20 11:24:10 2021
Summary:     Recommended update for yast2-network
Type:        recommended
Severity:    moderate
References:  1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933
This update for yast2-network fixes the following issues:

- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).
- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).
- Consider aliases sections as case insensitive (bsc#1190739).
- Display user defined device name in the devices overview (bnc#1190645).
- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).
- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).
- Fix desktop file so the control center tooltip is translated (bsc#1187270).
- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).
- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3487-1
Released:    Wed Oct 20 16:18:28 2021
Summary:     Security update for go1.16
Type:        security
Severity:    moderate
References:  1182345,1191468,CVE-2021-38297
This update for go1.16 fixes the following issues:

Update to go1.16.9

- CVE-2021-38297: misc/wasm, cmd/link: do not let command line args overwrite global data (bsc#1191468)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3490-1
Released:    Wed Oct 20 16:31:55 2021
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1190793,CVE-2021-39537
This update for ncurses fixes the following issues:

- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3494-1
Released:    Wed Oct 20 16:48:46 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1190052
This update for pam fixes the following issues:

- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)