SUSE-CU-2021:311-1: Security update of ses/7/cephcsi/cephcsi

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Sep 15 09:56:49 UTC 2021 

SUSE Container Update Advisory: ses/7/cephcsi/cephcsi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:311-1
Container Tags        : ses/7/cephcsi/cephcsi:3.3.1 , ses/7/cephcsi/cephcsi:3.3.1.0.3.539 , ses/7/cephcsi/cephcsi:latest , ses/7/cephcsi/cephcsi:sle15.2.octopus , ses/7/cephcsi/cephcsi:v3.3.1 , ses/7/cephcsi/cephcsi:v3.3.1.0
Container Release     : 3.539
Severity              : moderate
Type                  : security
References            : 1177695 1184994 1187091 1188063 1188127 1188217 1188218 1188219
                        1188220 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925
                        CVE-2021-33910 
-----------------------------------------------------------------

The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2404-1
Released:    Tue Jul 20 14:21:30 2021
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1184994,1188063,CVE-2021-33910
This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063)
- Skip udev rules if 'elevator=' is used (bsc#1184994)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2439-1
Released:    Wed Jul 21 13:46:48 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925
This update for curl fixes the following issues:

- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2456-1
Released:    Thu Jul 22 15:28:39 2021
Summary:     Recommended update for pam-config
Type:        recommended
Severity:    moderate
References:  1187091
This update for pam-config fixes the following issues:

- Add 'revoke' to the option list for 'pam_keyinit'.
- Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released:    Thu Jul 29 14:21:52 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2593-1
Released:    Mon Aug  2 15:40:22 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    moderate
References:  1177695
This update for suse-module-tools provides the following fix:

- modprobe.d: Remove dma=none setting for parport_pc. (bsc#1177695)

More information about the sle-updates mailing list