SUSE Container Update Advisory: caasp/v4/etcd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2019:174-1
Container Tags        : caasp/v4/etcd:3.3.11 , caasp/v4/etcd:3.3.11-rev1 , caasp/v4/etcd:3.3.11-rev1-build3.2.3 , caasp/v4/etcd:beta
Container Release     : 3.2.3
Severity              : important
Type                  : security
References            : 1036463 1096191 1105435 1118087 1121563 1124122 1125352 1125604
                        1126056 1127557 1130230 1132348 1132400 1132721 1133506 1133509
                        1134524 1134856 1135170 CVE-2018-1000654 CVE-2018-16868 CVE-2019-3842
                        CVE-2019-3843 CVE-2019-3844 CVE-2019-5021 CVE-2019-5436 CVE-2019-6454
                        SLE-5933 
-----------------------------------------------------------------

The container caasp/v4/etcd was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1312-1
Released:    Wed May 22 12:19:12 2019
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1096191
This update for aaa_base fixes the following issue:

  * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers
    (bsc#1096191)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1351-1
Released:    Fri May 24 14:41:10 2019
Summary:     Security update for gnutls
Type:        security
Severity:    important
References:  1118087,1134856,CVE-2018-16868
This update for gnutls fixes the following issues:

Security issue fixed:

- CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087).

Non-security issue fixed:

- Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1357-1
Released:    Mon May 27 13:29:15 2019
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1135170,CVE-2019-5436
This update for curl fixes the following issues:

Security issue fixed:

- CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1364-1
Released:    Tue May 28 10:51:38 2019
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1036463,1121563,1124122,1125352,1125604,1126056,1127557,1130230,1132348,1132400,1132721,1133506,1133509,CVE-2019-3842,CVE-2019-3843,CVE-2019-3844,CVE-2019-6454,SLE-5933
This update for systemd fixes the following issues:

Security issues fixed:

- CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348).
- CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352).
- CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509).

Non-security issued fixed:

- logind: fix killing of scopes (bsc#1125604)
- namespace: make MountFlags=shared work again (bsc#1124122)
- rules: load drivers only on 'add' events (bsc#1126056)
- sysctl: Don't pass null directive argument to '%s' (bsc#1121563)
- systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933)
- udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400)
- sd-bus: bump message queue size again (bsc#1132721)
- Do not automatically online memory on s390x (bsc#1127557)
- Removed sg.conf (bsc#1036463)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1368-1
Released:    Tue May 28 13:15:38 2019
Summary:     Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root
Type:        security
Severity:    important
References:  1134524,CVE-2019-5021
This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues:

- CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1372-1
Released:    Tue May 28 16:53:28 2019
Summary:     Security update for libtasn1
Type:        security
Severity:    moderate
References:  1105435,CVE-2018-1000654
This update for libtasn1 fixes the following issues:

Security issue fixed:

- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).


The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-3.9.1 updated
- etcdctl-3.3.11-1.5 updated
- etcd-3.3.11-1.5 updated
- libcurl4-7.60.0-3.20.1 updated
- libgnutls30-3.6.7-6.11.1 updated
- libsystemd0-234-24.30.1 updated
- libtasn1-6-4.13-4.5.1 updated
- libtasn1-4.13-4.5.1 updated
- libudev1-234-24.30.1 updated
- system-user-root-20190513-3.3.1 updated
- systemd-234-24.30.1 updated
- udev-234-24.30.1 updated
- container:sles15-image-15.0.0-6.2.27 updated