SUSE Image Update Advisory: 
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2020:101-1
Image Tags        : 
Image Release     : 
Severity          : moderate
Type              : recommended
References        : 1165580 1174745 1175173 1175740 1175741 1175811 1175830 1175831
-----------------------------------------------------------------

The container  was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2638-1
Released:    Tue Sep 15 15:41:32 2020
Summary:     Recommended update for cryptsetup
Type:        recommended
Severity:    moderate
References:  1165580
This update for cryptsetup fixes the following issues:

Update from version 2.0.5 to version 2.0.6. (jsc#SLE-5911, bsc#1165580)

- Fix support of larger metadata areas in *LUKS2* header.

  This release properly supports all specified metadata areas, as documented
  in *LUKS2* format description.
  Currently, only default metadata area size is used (in format or convert).
  Later cryptsetup versions will allow increasing this metadata area size.

- If *AEAD* (authenticated encryption) is used, cryptsetup now tries to check
  if the requested *AEAD* algorithm with specified key size is available in kernel crypto API.
  This change avoids formatting a device that cannot be later activated.

  For this function, the kernel must be compiled with the *CONFIG_CRYPTO_USER_API_AEAD* option enabled. 
  Note that kernel user crypto API options (*CONFIG_CRYPTO_USER_API* and *CONFIG_CRYPTO_USER_API_SKCIPHER*) 
  are already mandatory for LUKS2.

- Fix setting of integrity no-journal flag. Now you can store this flag to metadata using *\--persistent* option.

- Fix cryptsetup-reencrypt to not keep temporary reencryption headers if interrupted during initial password prompt.

- Adds early check to plain and LUKS2 formats to disallow device format if device size is not aligned to requested 
  sector size. Previously it was possible, and the device was rejected to activate by kernel later.

- Fix checking of hash algorithms availability for *PBKDF* early. Previously *LUKS2* format allowed non-existent hash 
  algorithm with invalid keyslot preventing the device from activation.

- Allow Adiantum cipher construction (a non-authenticated length-preserving fast encryption scheme), so it can be used
  both for data encryption and keyslot encryption in *LUKS1/2* devices.

  For benchmark, use:
    
      # cryptsetup benchmark -c xchacha12,aes-adiantum
      # cryptsetup benchmark -c xchacha20,aes-adiantum

  For LUKS format:
  
      # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 <device>

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2651-1
Released:    Wed Sep 16 14:42:55 2020
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1175811,1175830,1175831
This update for zlib fixes the following issues:

- Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831)
- Enable hardware compression on s390/s390x (jsc#SLE-13776)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2655-1
Released:    Wed Sep 16 14:44:27 2020
Summary:     Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin
Type:        recommended
Severity:    moderate
References:  1174745,1175173,1175740,1175741
This update for google-guest-agent, google-guest-configs, google-guest-oslogin contains the following fixes:

- Update to version 20200819.00. (bsc#1175740, bsc#1175741)
  * handle oslogin enable/disable cases (#70). (bsc#1175173)
  * add README (#69)
  * Fix metric for addIPForwardEntry (#68)
  * Correctly determine default route index (#67)
  * oslogin: dont add entry to pam.d/su (#66)
  * end group.conf with newline (#64)
  * Add source field in googet spec (#59)
  * Set route to metadata on interface with default route (#47)
  * fix typo in boto.cfg (#62)
- Properly handle enabling of systemd services when upgrading
  from the old google-compute-engine-init package (bsc#1174745)

- Update to version 20200626.00. (bsc#1175740, bsc#1175741)
  * Updates the udev rules for local SSD disks. (#9)
  * Fix tx affinity logic when number of CPUs is above 32 (#6)

- Switch udev requires to pkgconfig to allow the build service to use
  the -mini package for build optimization

- Update to version 20200819.00. (bsc#1175740, bsc#1175741)
  * deny non-2fa users (#37)
  * use asterisks instead (#39)
  * set passwords to ! (#38)
  * correct index 0 bug (#36)
  * Support security key generated OTP challenges. (#35)

- No post action for ssh