SUSE Container Update Advisory: caasp/v4/cilium
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2019:118-1
Container Tags        : caasp/v4/cilium:1.5.3 , caasp/v4/cilium:1.5.3-rev2 , caasp/v4/cilium:1.5.3-rev2-build2.2.6 , caasp/v4/cilium:beta
Container Release     : 2.2.6
Severity              : important
Type                  : security
References            : 1107617 1117993 1123710 1127223 1127308 1131330 1137053 1138939
                        1139083 1139937 CVE-2009-5155 CVE-2018-20843 CVE-2019-12900 CVE-2019-12904
                        CVE-2019-9169 
-----------------------------------------------------------------

The container caasp/v4/cilium was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1835-1
Released:    Fri Jul 12 18:06:31 2019
Summary:     Security update for expat
Type:        security
Severity:    moderate
References:  1139937,CVE-2018-20843
This update for expat fixes the following issues:

Security issue fixed:

- CVE-2018-20843: Fixed a denial of service triggered by high resource consumption 
  in the XML parser when XML names contain a large amount of colons (bsc#1139937).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1846-1
Released:    Mon Jul 15 11:36:33 2019
Summary:     Security update for bzip2
Type:        security
Severity:    important
References:  1139083,CVE-2019-12900
This update for bzip2 fixes the following issues:

Security issue fixed:

- CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1853-1
Released:    Mon Jul 15 16:03:36 2019
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1107617,1137053
This update for systemd fixes the following issues:

- conf-parse: remove 4K line length limit (bsc#1137053)
- udevd: change the default value of udev.children-max (again) (bsc#1107617)
- meson: stop creating enablement symlinks in /etc during installation (sequel)
- Fixed build for openSUSE Leap 15+
- Make sure we don't ship any static enablement symlinks in /etc
  Those symlinks must only be created by the presets. There are no
  changes in practice since systemd/udev doesn't ship such symlinks in
  /etc but let's make sure no future changes will introduce new ones
  by mistake.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1877-1
Released:    Thu Jul 18 11:31:46 2019
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1117993,1123710,1127223,1127308,1131330,CVE-2009-5155,CVE-2019-9169
This update for glibc fixes the following issues:

Security issues fixed:

- CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308).
- CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223).

Non-security issues fixed:

- Does no longer compress debug sections in crt*.o files (bsc#1123710)
- Fixes a concurrency problem in ldconfig (bsc#1117993)
- Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1971-1
Released:    Thu Jul 25 14:58:52 2019
Summary:     Security update for libgcrypt
Type:        security
Severity:    moderate
References:  1138939,CVE-2019-12904
This update for libgcrypt fixes the following issues:

Security issue fixed:

- CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939).


The following package changes have been done:

- cilium-cni-1.5.3-3.9.10 updated
- cilium-proxy-20181115-1.1 added
- cilium-1.5.3-3.9.10 updated
- glibc-32bit-2.26-13.24.1 updated
- glibc-devel-32bit-2.26-13.24.1 updated
- glibc-devel-2.26-13.24.1 updated
- glibc-2.26-13.24.1 updated
- gtest-1.8.0-1.22 added
- iproute2-5.1-1.5 updated
- libabseil0-20181127-1.2 added
- libboringssl0-20181228-1.4 added
- libbz2-1-1.0.6-5.6.1 updated
- libcares2-1.14.0-1.17 added
- libcircllhist0_0_1-20180917-1.2 added
- libdd_opentracing0-0.4.0-1.2 added
- libevent-2_1-8-2.1.8-2.23 added
- libexpat1-2.2.5-3.3.1 updated
- libfmt5-5.3.0-1.4 added
- libgcrypt20-1.8.2-8.6.2 updated
- libhttp_parser2_7_1-2.7.1-2.19 added
- libjwt_verify_lib0-20181125-1.2 added
- libluajit-5_1-2-2.1.0~beta2-1.9 added
- libopentracing-cpp1-1.5.0-1.2 added
- libprofiler0-2.5-4.12 added
- libsystemd0-234-24.33.1 updated
- libtcmalloc4-2.5-4.12 added
- libudev1-234-24.33.1 updated
- libunwind-1.2.1-2.13 added
- libxxhash0-0.6.5-1.2 added
- libyaml-cpp0_6-0.6.1-2.15 added
- systemd-234-24.33.1 updated
- udev-234-24.33.1 updated
- container:sles15-image-15.0.0-6.2.49 updated