SUSE-CU-2022:2085-1: Security update of ses/7.1/ceph/ceph

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Sep 7 12:24:45 UTC 2022


SUSE Container Update Advisory: ses/7.1/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2085-1
Container Tags        : ses/7.1/ceph/ceph:16.2.9.536 , ses/7.1/ceph/ceph:16.2.9.536.3.2.223 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific
Container Release     : 3.2.223
Severity              : important
Type                  : security
References            : 1041090 1181475 1183308 1192616 1193951 1195059 1195881 1195916
                        1196017 1196212 1196499 1196696 1197017 1197178 1198341 1198731
                        1198752 1198925 1199524 1200485 1200800 1200842 1201253 1202175
                        1202310 1202498 1202498 1202593 CVE-2020-21913 CVE-2020-29651
                        CVE-2022-1706 CVE-2022-2309 CVE-2022-35252 CVE-2022-37434 
-----------------------------------------------------------------

The container ses/7.1/ceph/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2831-1
Released:    Wed Aug 17 14:41:07 2022
Summary:     Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins
Type:        security
Severity:    moderate
References:  1195916,1196696,CVE-2020-29651
This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues:

- Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972)

- Remove redundant python3 dependency from Requires
- Update regular expression to fix python shebang
- Style is enforced upstream and triggers unnecessary build version requirements
- Allow specifying fs_id in cloudwatch log group name
- Includes fix for stunnel path
- Added hardening to systemd service(s). 
- Raise minimal pytest version
- Fix typo in the ansi2html Requires
- Cleanup with spec-cleaner
- Make sure the tests are really executed
- Remove useless devel dependency
- Multiprocessing support in Python 3.8 was broken, but is now fixed
- Bumpy the URL to point to github rather than to docs


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2853-1
Released:    Fri Aug 19 15:59:42 2022
Summary:     Recommended update for sle-module-legacy-release
Type:        recommended
Severity:    low
References:  1202498
This update for python-iniconfig provides the following fix:

- Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released:    Mon Aug 22 15:36:30 2022
Summary:     Security update for systemd-presets-common-SUSE
Type:        security
Severity:    moderate
References:  1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:

- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).

The following non-security bugs were fixed:

- Modify branding-preset-states to fix systemd-presets-common-SUSE
  not enabling new user systemd service preset configuration just
  as it handles system service presets. By passing an (optional)
  second parameter 'user', the save/apply-changes commands now
  work with user services instead of system ones (bsc#1200485)

- Add the wireplumber user service preset to enable it by default
  in SLE15-SP4 where it replaced pipewire-media-session, but keep
  pipewire-media-session preset so we don't have to branch the
  systemd-presets-common-SUSE package for SP4 (bsc#1200485)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released:    Fri Aug 26 05:28:34 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1198341
This update for openldap2 fixes the following issues:

- Prevent memory reuse which may lead to instability (bsc#1198341)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2908-1
Released:    Fri Aug 26 11:36:03 2022
Summary:     Security update for python-lxml
Type:        security
Severity:    important
References:  1201253,CVE-2022-2309
This update for python-lxml fixes the following issues:

- CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released:    Fri Aug 26 15:17:43 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1195059
This update for systemd fixes the following issues:

- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:2926-1
Released:    Mon Aug 29 10:38:52 2022
Summary:     Feature update for LibreOffice
Type:        feature
Severity:    moderate
References:  1041090,1183308,1192616,1195881,1196017,1196212,1196499,1197017
This feature update for LibreOffice provides the following fixes:

abseil-cpp:

- Provide abseil-cpp version 20211102.0 as LibreOffice 7.3 dependency. (jsc#SLE-23447)
- Mention already fixed issues. (fate#326485, bsc#1041090)

libcuckoo:

- Provide libcuckoo version 0.3 as LibreOffice dependency. (jsc#SLE-23447)

libixion:

- Update libixion from version 0.16.1 to version 0.17.0. (jsc#SLE-23447)
- Build with mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
- Build with gcc11 and gcc11-c++. (jsc#SLE-23447)
- Remove unneeded vulkan dependency
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
 
libreoffice:

- Update LibreOffice from version 7.2.5.1 to version 7.3.3.1. (jsc#SLE-23447, jsc#SLE-24021)
  * Update bundled dependencies:
    * gpgme from version 1.13.1 to version 1.16.0
    * libgpg-error from version 1.37 to version 1.43
    * libassuan from version 2.5.3 to version 2.5.5
    * pdfium from version 4500 to version 4699
    * skia from version m90-45c57e116ee0ce214bdf78405a4762722e4507d9 to version m97-a7230803d64ae9d44f4e1282444801119a3ae967
    * boost from version 1_75 to version 1_77
    * icu4c from version 69_1 to version 70_1
    * On SUSE Linux Enterprise 15 SP3 and newer require curl-devel 7.68.0 or newer
  * New build dependencies:
    * abseil-cpp-devel
    * libassuan0
    * libcuckoo-devel
    * libopenjp2
    * requrire liborcus-0.17 instead of liborcus-0.16
    * requrire mdds-2.0 instead of mdds-1.5
  * Do not use serf-1 anymore but use curl instead.
  * Other fixes:
    * Extraneous/missing lines in table in Impress versus PowerPoint (bsc#1192616)
    * Text with tabs appears quite different in Impress than in PowerPoint (bsc#1196212)
    * Bullets appear larger and green instead of black. (bsc#1195881)
    * Enable gtk3_kde5 and make it possible to use gtk3 in kde with the kde filepicker (bsc#1197017)
    * Mention already fixed issues. (bsc#1183308, bsc#1196017, bsc#1196499)

liborcus:

- Update liborcus from version 0.16.1 to version 0.17.2. (jsc#SLE-23447)
- Require mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
- Require libixion-0.17 instead of libixion-0.16. (jsc#SLE-23447)
- Build with libtool and use autotools. (jsc#SLE-23447)
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)

mdds-2_0:

- Provide mdds-2_0 version 2.0.2 as LibreOffice dependency. (jsc#SLE-23447)

myspell-dictionaries:

- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.

ucpp:

- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.

xmlsec1:

- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released:    Mon Aug 29 11:21:47 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1202310
This update for timezone fixes the following issue:

- Reflect new Chile DST change (bsc#1202310)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2943-1
Released:    Tue Aug 30 15:42:16 2022
Summary:     Recommended update for python-iniconfig
Type:        recommended
Severity:    low
References:  1202498
This update for python-iniconfig provides the following fix:

- Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released:    Wed Aug 31 05:39:14 2022
Summary:     Recommended update for procps
Type:        recommended
Severity:    important
References:  1181475
This update for procps fixes the following issues:

- Fix 'free' command reporting misleading 'used' value (bsc#1181475)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released:    Wed Aug 31 09:16:21 2022
Summary:     Security update for zlib
Type:        security
Severity:    important
References:  1202175,CVE-2022-37434
This update for zlib fixes the following issues:

- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:2972-1
Released:    Thu Sep  1 11:08:16 2022
Summary:     Feature update for python-kubernetes
Type:        feature
Severity:    moderate
References:  
This feature update for python-kubernetes provides:

- Deliver python3-kubernetes to the Containers Module 15 SP4. (jsc#SLE-17904, MSC-443)
  * Deliver python3-google-auth to Basesystem Module 15 SP4 as dependency of python3-kubernetes.
  * Deliver python3-cachetools to Basesystem Module 15 SP4 as dependency of python3-google-auth.
- There are no visible changes for the final user.
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released:    Thu Sep  1 12:33:47 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1197178,1198731,1200842
This update for util-linux fixes the following issues:


- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released:    Fri Sep  2 10:44:54 2022
Summary:     Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type:        recommended
Severity:    moderate
References:  1198925

This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)

No codechanges were done in this update.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released:    Fri Sep  2 15:02:14 2022
Summary:     Security update for curl
Type:        security
Severity:    low
References:  1202593,CVE-2022-35252
This update for curl fixes the following issues:

- CVE-2022-35252: Fixed a potential injection of control characters
  into cookies, which could be exploited by sister sites to cause a
  denial of service (bsc#1202593).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3028-1
Released:    Mon Sep  5 16:31:24 2022
Summary:     Recommended update for python-pytz
Type:        recommended
Severity:    low
References:  
This update for python-pytz fixes the following issues:

- update to 2022.1:
  matches tzdata 2022a

- declare python 3.10 compatibility

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released:    Wed Sep  7 04:36:10 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1198752,1200800
This update for libtirpc fixes the following issues:

- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3142-1
Released:    Wed Sep  7 09:54:18 2022
Summary:     Security update for icu
Type:        security
Severity:    moderate
References:  1193951,CVE-2020-21913
This update for icu fixes the following issues:

- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
  after free (bsc#1193951).


The following package changes have been done:

- libblkid1-2.36.2-150300.4.23.1 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libicu-suse65_1-65.1-150200.4.5.1 updated
- libicu65_1-ledata-65.1-150200.4.5.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxmlsec1-1-1.2.28-150100.7.11.1 updated
- libxmlsec1-openssl1-1.2.28-150100.7.11.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- procps-3.3.15-150000.7.25.1 updated
- python3-apipkg-1.4-150000.3.2.1 updated
- python3-cachetools-4.1.0-150200.3.4.1 updated
- python3-google-auth-1.21.2-150300.3.6.1 updated
- python3-iniconfig-1.1.1-150000.1.7.1 added
- python3-kubernetes-8.0.1-150100.3.7.1 updated
- python3-lxml-4.7.1-150200.3.10.1 updated
- python3-pytz-2022.1-150300.3.6.1 updated
- python3-py-1.10.0-150000.5.9.2 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- systemd-246.16-150300.7.51.1 updated
- timezone-2022a-150000.75.10.1 updated
- udev-246.16-150300.7.51.1 updated
- util-linux-systemd-2.36.2-150300.4.23.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- container:sles15-image-15.0.0-17.20.29 updated


More information about the sle-updates mailing list