SUSE Container Update Advisory: caasp/v4/cilium
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2019:104-1
Container Tags        : caasp/v4/cilium:1.2.1 , caasp/v4/cilium:1.2.1-rev1 , caasp/v4/cilium:1.2.1-rev1-build1.3
Container Release     : 1.3
Severity              : important
Type                  : security
References            : 1117025 1121563 1122000 1123333 1123727 1123892 1124153 1125352
                        CVE-2019-6454 
-----------------------------------------------------------------

The container caasp/v4/cilium was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:426-1
Released:    Mon Feb 18 17:46:55 2019
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1117025,1121563,1122000,1123333,1123727,1123892,1124153,1125352,CVE-2019-6454
This update for systemd fixes the following issues:

- CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352)

- units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333)
- logind: fix bad error propagation
- login: log session state 'closing' (as well as New/Removed)
- logind: fix borked r check
- login: don't remove all devices from PID1 when only one was removed
- login: we only allow opening character devices
- login: correct comment in session_device_free()
- login: remember that fds received from PID1 need to be removed eventually
- login: fix FDNAME in call to sd_pid_notify_with_fds()
- logind: fd 0 is a valid fd
- logind: rework sd_eviocrevoke()
- logind: check file is device node before using .st_rdev
- logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153)
- core: add a new sd_notify() message for removing fds from the FD store again
- logind: make sure we don't trip up on half-initialized session devices (bsc#1123727)
- fd-util: accept that kcmp might fail with EPERM/EACCES
- core: Fix use after free case in load_from_path() (bsc#1121563)
- core: include Found state in device dumps
- device: fix serialization and deserialization of DeviceFound
- fix path in btrfs rule (#6844)
- assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025)
- Update systemd-system.conf.xml (bsc#1122000)
- units: inform user that the default target is started after exiting from rescue or emergency mode
- core: free lines after reading them (bsc#1123892)
- sd-bus: if we receive an invalid dbus message, ignore and proceeed
- automount: don't pass non-blocking pipe to kernel.
  

The following package changes have been done:

- systemd-presets-common-SUSE-15-2.2 updated
- cni-0.6.0-1.1 updated
- cni-plugins-0.6.0-2.1 updated
- systemd-presets-branding-SLE-15.1-1.2 updated
- systemd-234-24.25.1 updated
- udev-234-24.25.1 updated