SUSE-CU-2022:109-1: Security update of trento/trento-runner

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu Feb 3 07:49:11 UTC 2022


SUSE Container Update Advisory: trento/trento-runner
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:109-1
Container Tags        : trento/trento-runner:0.8.1 , trento/trento-runner:0.8.1-rev1.1.0 , trento/trento-runner:0.8.1-rev1.1.0-build150300.3.2.2 , trento/trento-runner:latest
Container Release     : 150300.3.2.2
Severity              : important
Type                  : security
References            : 1180125 1190566 1190824 1192249 1193179 1193711 1194251 1194362
                        1194474 1194476 1194477 1194478 1194479 1194480 CVE-2021-45960
                        CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825
                        CVE-2022-22826 CVE-2022-22827 
-----------------------------------------------------------------

The container trento/trento-runner was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:4162-1
Released:    Wed Dec 22 16:28:38 2021
Summary:     Feature update for trento-premium
Type:        optional
Severity:    moderate
References:  

This update ships 'trento-premium' monitoring solution for SLES 4 SAP.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:48-1
Released:    Tue Jan 11 09:17:57 2022
Summary:     Recommended update for python3
Type:        recommended
Severity:    moderate
References:  1190566,1192249,1193179
This update for python3 fixes the following issues:

- Don't use OpenSSL 1.1 on platforms which don't have it.

- Remove shebangs from python-base libraries in '_libdir'. (bsc#1193179, bsc#1192249).
- Build against 'openssl 1.1' as it is incompatible with 'openssl 3.0+'  (bsc#1190566)
- Fix for permission error when changing the mtime of the source file in presence of 'SOURCE_DATE_EPOCH'.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:96-1
Released:    Tue Jan 18 05:14:44 2022
Summary:     Recommended update for rpm
Type:        recommended
Severity:    important
References:  1180125,1190824,1193711
This update for rpm fixes the following issues:

- Fix header check so that old rpms no longer get rejected (bsc#1190824)
- Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:178-1
Released:    Tue Jan 25 14:16:23 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827
This update for expat fixes the following issues:
  
- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).
- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).
- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).
- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).
- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).
- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).
- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).
- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).  

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:314-1
Released:    Wed Feb  2 15:01:42 2022
Summary:     Recommended update for trento-premium
Type:        recommended
Severity:    moderate
References:  
This update for trento-premium fixes the following issues:

Release 0.8.1 fixes these issues:


- web pod crashing when receiving unexpected data
- Recover and handle panics in projectors
- Fix parse azure cloud data

Release 0.8.0 fixes these issues:

- Cloud provider name is missing from the host's Cloud Detail section 
- Allow --help as non-root for install-agent.sh 
- 'Select All' and 'Deselect All' are missing in Filters 'Health status...' 
- Cross reference the related variables between the helm charts 
- Add mTLS agent/server configuration to the installers and the helm chart 
- Run npx prettier formatting on e2e test files 
- Add new e2e tests for the checks catalog view 
- Add provider field in the cloud details section 
- Check results pruning command and cron job 
- Store runner check results in the database 
- Projected events are skipped if events are coming almost in parallel 
- Filters not visualized when they are set in the URI 
- Individual checks are not properly highlighted when selected in the cluster settings modal 
- DB address appears as `<nil>` in the demo environment 
- Health overview should give information about all the hosts 
- Premium badge in the checks catalog out of place 
- Obsolete database info in Hosts detail view after un\_registration 
- Duplicate database after unregistration and registration process 
- page 'Pacemaker Clusters' not reloaded automatically after tag removed 
- Fix tag removal when filtering 
- Fix health container numbers and pagination numbers 
- Set table filters properly when the page is reloaded in a new tab 
- Fix checkbox not shown as selected inside tables 
- Replace premium check position to description column 
- Fix error in prune checks chart declaration 
- Create the premium detecion service mocks properly 
- Telemetry context: `apiHost` is a confusing name 
- Add tests to the cmd line and env variables usage 


The following package changes have been done:

- libexpat1-2.2.5-3.9.1 updated
- trento-premium-0.8.1+git.dev69.1643724601.92fd00b-150300.3.5.1 updated
- python3-base-3.6.15-10.15.1 updated
- libpython3_6m1_0-3.6.15-10.15.1 updated
- python3-3.6.15-10.15.1 updated
- python3-rpm-4.14.3-43.1 updated
- ansible-core-2.11.6-150300.1.2 updated
- python3-PrettyTable-0.7.2-3.23 removed
- python3-ara-1.5.7-1.1 removed
- python3-cliff-3.1.0-7.4.6 removed
- python3-cmd2-0.8.9-7.4.3 removed
- python3-pbr-4.3.0-6.22 removed
- python3-pyperclip-1.6.0-1.17 removed
- python3-stevedore-1.32.0-7.4.4 removed
- python3-wcwidth-0.1.8-3.5.11 removed


More information about the sle-updates mailing list