SUSE-CU-2022:240-1: Security update of trento/trento-web

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Mar 1 07:52:21 UTC 2022 

SUSE Container Update Advisory: trento/trento-web
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:240-1
Container Tags        : trento/trento-web:0.9.0 , trento/trento-web:0.9.0-rev1.0.1 , trento/trento-web:0.9.0-rev1.0.1-build3.2.2 , trento/trento-web:latest
Container Release     : 3.2.2
Severity              : important
Type                  : security
References            : 1120610 1130496 1181131 1184124 CVE-2018-20482 CVE-2019-9923
                        CVE-2021-20193 
-----------------------------------------------------------------

The container trento/trento-web was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:926-1
Released:    Wed Apr 10 16:33:12 2019
Summary:     Security update for tar
Type:        security
Severity:    moderate
References:  1120610,1130496,CVE-2018-20482,CVE-2019-9923
This update for tar fixes the following issues:

Security issues fixed:

- CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496).
- CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:974-1
Released:    Mon Mar 29 19:31:27 2021
Summary:     Security update for tar
Type:        security
Severity:    low
References:  1181131,CVE-2021-20193
This update for tar fixes the following issues:

CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2193-1
Released:    Mon Jun 28 18:38:43 2021
Summary:     Recommended update for tar
Type:        recommended
Severity:    moderate
References:  1184124
This update for tar fixes the following issues:

- Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:471-1
Released:    Thu Feb 17 09:58:37 2022
Summary:     Recommended update for trento-premium
Type:        recommended
Severity:    important
References:  
This update for trento-premium fixes the following issues:
  
- Releasing new sub-package 'trento-premium-installer'. (jsc#MSC-302)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:579-1
Released:    Mon Feb 28 11:12:24 2022
Summary:     Recommended update for trento-premium
Type:        recommended
Severity:    moderate
References:  
This update for trento-premium fixes the following issues:

Release 0.9.0

### Added

- Pin specific container image versions in the helm chart values 
- review values for SUSE infrastructure 
- Add health summary api endpoint 
- Homepage UI component 
- Embed cpu and memory usage dashboards in host detail 
- Sap system health computation 
- Attach system replication status badge on secondary node 
- Add remediation command to the corosync token timeouts checks 
- Add node exporter state in the frontend 
- Add prometheus grafana to helm chart 
- Prometheus HTTP service discovery API 
- Adds feedback collector 
- Add connection retry when starting Web and Runner 

### Fixed

- Web serve command not stopped correctly during database initializaion tries 
- Links in compressed sidebar don't work 
- CD process doesn't clean up old node module tgz files 
- Aligns Overview 
- Use context correctly during db initialization 
- Compute attached database health 
- Fix dump scenario script clean-up command 
- Push catalog info after the checks 
- Show all sbd devices 
- Do not make assumptions about the shape of the payload of checks catalog 
- Remove mention of Blue Horizon from landing page 
- Links in compressed sidebar are working again 

### Closed Issues

- Checks catalog empty 
- Settings button missing in Pacemaker Clusters details view 

### Other Changes

- Enable Grafana persistence 
- Fix health summary api 
- Fix grafana secret  
- Fix grafana embedding 
- Implement cluster heatlh computation projection 
- refresh zypper repo before installing node exporter 
- Add Grafana initialization 
- Run prometheus installation as root 
- Do not add bitnami charts repo from the installer if it's not needed 
- Fix dependabot auto-merge workflow 
- Change trento path in the Dockerfile 
- Allows Grafana dashboards to be embedded 
- Add hana cluster details e2e test 
- E2e test cluster overview 
- Switch to the SLE BCI images 


The following package changes have been done:

- tar-1.30-3.9.1 added
- trento-premium-0.9.0+git.dev74.1645798943.a1180f8-150300.3.10.1 updated

More information about the sle-updates mailing list