SUSE-CU-2023:1467-1: Security update of ses/7.1/rook/ceph

sle-updates at lists.suse.com sle-updates at lists.suse.com
Sun May 7 07:03:22 UTC 2023


SUSE Container Update Advisory: ses/7.1/rook/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:1467-1
Container Tags        : ses/7.1/rook/ceph:1.10.1 , ses/7.1/rook/ceph:1.10.1.16 , ses/7.1/rook/ceph:1.10.1.16.4.5.392 , ses/7.1/rook/ceph:latest , ses/7.1/rook/ceph:sle15.3.pacific
Container Release     : 4.5.392
Severity              : important
Type                  : security
References            : 1065270 1199132 1200710 1201617 1203201 1203599 1203746 1204585
                        1206483 1206781 1207022 1207571 1207843 1207957 1207975 1207992
                        1208036 1208283 1208358 1208905 1209122 1209209 1209210 1209211
                        1209212 1209214 1209361 1209362 1209533 1209624 1209713 1209714
                        1209873 1209878 1210135 1210411 1210412 1210434 1210507 CVE-2021-3541
                        CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466
                        CVE-2023-0687 CVE-2023-23916 CVE-2023-23931 CVE-2023-24593 CVE-2023-25180
                        CVE-2023-25577 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536
                        CVE-2023-27538 CVE-2023-28484 CVE-2023-28486 CVE-2023-28487 CVE-2023-29383
                        CVE-2023-29469 CVE-2023-29491 
-----------------------------------------------------------------

The container ses/7.1/rook/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1586-1
Released:    Mon Mar 27 13:02:52 2023
Summary:     Recommended update for nfs-utils
Type:        recommended
Severity:    moderate
References:  1200710,1203746,1206781,1207022,1207843
This update for nfs-utils fixes the following issues:

- Rename all drop-in options.conf files as 10-options.conf
  This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843)
- Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781)
- Add '-S scope' option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1693-1
Released:    Thu Mar 30 10:16:39 2023
Summary:     Security update for python-Werkzeug
Type:        security
Severity:    important
References:  1208283,CVE-2023-25577
This update for python-Werkzeug fixes the following issues:

- CVE-2023-25577: Fixed high resource usage when parsing multipart form data with many fields (bsc#1208283).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1698-1
Released:    Thu Mar 30 12:16:57 2023
Summary:     Security update for sudo
Type:        security
Severity:    moderate
References:  1203201,1206483,1209361,1209362,CVE-2023-28486,CVE-2023-28487
This update for sudo fixes the following issue:

Security fixes:

- CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362).
- CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361).

Other fixes:

- Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483).
- Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1711-1
Released:    Fri Mar 31 13:33:04 2023
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538
This update for curl fixes the following issues:

- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).
- CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1718-1
Released:    Fri Mar 31 15:47:34 2023
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1207571,1207957,1207975,1208358,CVE-2023-0687
This update for glibc fixes the following issues:

Security issue fixed:

- CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)

Other issues fixed:

- Fix avx2 strncmp offset compare condition check (bsc#1208358)
- elf: Allow dlopen of filter object to work (bsc#1207571)
- powerpc: Fix unrecognized instruction errors with recent GCC
- x86: Cache computation for AMD architecture (bsc#1207957)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1753-1
Released:    Tue Apr  4 11:55:00 2023
Summary:     Recommended update for systemd-presets-common-SUSE
Type:        recommended
Severity:    moderate
References:  
This update for systemd-presets-common-SUSE fixes the following issue:

- Enable systemd-pstore.service by default (jsc#PED-2663)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1757-1
Released:    Tue Apr  4 13:18:19 2023
Summary:     Recommended update for smartmontools
Type:        recommended
Severity:    important
References:  1208905
This update for smartmontools fixes the following issues:

- Fix `smartctl` issue affecting NVMe on big endian systems (bsc#1208905)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1763-1
Released:    Tue Apr  4 14:35:52 2023
Summary:     Security update for python-cryptography
Type:        security
Severity:    moderate
References:  1208036,CVE-2023-23931
This update for python-cryptography fixes the following issues:

- CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1790-1
Released:    Thu Apr  6 15:36:15 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466
This update for openssl-1_1 fixes the following issues:

- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1805-1
Released:    Tue Apr 11 10:12:41 2023
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  
This update for timezone fixes the following issues:

- Version update from 2022g to 2023c:
  * Egypt now uses DST again, from April through October.
  * This year Morocco springs forward April 23, not April 30.
  * Palestine delays the start of DST this year.
  * Much of Greenland still uses DST from 2024 on.
  * America/Yellowknife now links to America/Edmonton.
  * tzselect can now use current time to help infer timezone.
  * The code now defaults to C99 or later.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1945-1
Released:    Fri Apr 21 14:13:27 2023
Summary:     Recommended update for elfutils
Type:        recommended
Severity:    moderate
References:  1203599
This update for elfutils fixes the following issues:

- go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1954-1
Released:    Mon Apr 24 11:10:40 2023
Summary:     Recommended update for xmlsec1
Type:        recommended
Severity:    low
References:  1201617
This update for xmlsec1 fixes the following issue:

- Ship missing xmlsec1 to synchronize its version across different products (bsc#1201617)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2048-1
Released:    Wed Apr 26 21:05:45 2023
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469
This update for libxml2 fixes the following issues:

- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).
- CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). 
  
  The following non-security bugs were fixed:

- Added W3C conformance tests to the testsuite (bsc#1204585).
- Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2070-1
Released:    Fri Apr 28 13:56:33 2023
Summary:     Security update for shadow
Type:        security
Severity:    moderate
References:  1210507,CVE-2023-29383
This update for shadow fixes the following issues:

- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2074-1
Released:    Fri Apr 28 17:02:25 2023
Summary:     Security update for zstd
Type:        security
Severity:    moderate
References:  1209533,CVE-2022-4899
This update for zstd fixes the following issues:

- CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2076-1
Released:    Fri Apr 28 17:35:05 2023
Summary:     Security update for glib2
Type:        security
Severity:    moderate
References:  1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180
This update for glib2 fixes the following issues:

- CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714).
- CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713).

The following non-security bug was fixed:

- Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2104-1
Released:    Thu May  4 21:05:30 2023
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1209122
This update for procps fixes the following issue:

- Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2111-1
Released:    Fri May  5 14:34:00 2023
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1210434,CVE-2023-29491
This update for ncurses fixes the following issues:

- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).


The following package changes have been done:

- glib2-tools-2.62.6-150200.3.15.1 updated
- glibc-locale-base-2.31-150300.46.1 updated
- glibc-2.31-150300.46.1 updated
- libcurl4-7.66.0-150200.4.52.1 updated
- libdw1-0.177-150300.11.6.1 updated
- libebl-plugins-0.177-150300.11.6.1 updated
- libelf1-0.177-150300.11.6.1 updated
- libgio-2_0-0-2.62.6-150200.3.15.1 updated
- libglib-2_0-0-2.62.6-150200.3.15.1 updated
- libgmodule-2_0-0-2.62.6-150200.3.15.1 updated
- libgobject-2_0-0-2.62.6-150200.3.15.1 updated
- libncurses6-6.1-150000.5.15.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.62.1 updated
- libopenssl1_1-1.1.1d-150200.11.62.1 updated
- libprocps7-3.3.15-150000.7.31.1 updated
- libxml2-2-2.9.7-150000.3.57.1 updated
- libxmlsec1-1-1.2.28-150100.7.13.4 updated
- libxmlsec1-openssl1-1.2.28-150100.7.13.4 updated
- libzstd1-1.4.4-150000.1.9.1 updated
- login_defs-4.8.1-150300.4.6.1 updated
- ncurses-utils-6.1-150000.5.15.1 updated
- nfs-client-2.1.1-150100.10.32.1 updated
- nfs-kernel-server-2.1.1-150100.10.32.1 updated
- openssl-1_1-1.1.1d-150200.11.62.1 updated
- procps-3.3.15-150000.7.31.1 updated
- python3-Werkzeug-1.0.1-150300.3.3.1 updated
- python3-cryptography-3.3.2-150200.19.1 updated
- shadow-4.8.1-150300.4.6.1 updated
- smartmontools-7.2-150300.8.8.1 updated
- sudo-1.9.5p2-150300.3.24.1 updated
- systemd-presets-common-SUSE-15-150100.8.20.1 updated
- terminfo-base-6.1-150000.5.15.1 updated
- timezone-2023c-150000.75.23.1 updated
- container:sles15-image-15.0.0-17.20.133 updated


More information about the sle-updates mailing list