SUSE Container Update Advisory: ses/7/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:239-1 Container Tags : ses/7/cephcsi/cephcsi:3.2.1 , ses/7/cephcsi/cephcsi:3.2.1.0.3.400 , ses/7/cephcsi/cephcsi:latest , ses/7/cephcsi/cephcsi:sle15.2.octopus , ses/7/cephcsi/cephcsi:v3.2.1 , ses/7/cephcsi/cephcsi:v3.2.1.0 Container Release : 3.400 Severity : important Type : security References : 1080040 1115550 1161276 1165780 1171998 1174162 1178680 1180851 1181443 1181540 1181651 1181874 1182053 1182611 1182899 1182936 1183064 1183074 1183194 1183374 1183628 1183797 1183899 1184231 1184358 1184401 1184435 1184507 1184614 1184687 1184690 1184997 1185163 1185170 1185190 1185239 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185619 1185698 1186020 1186021 1186114 CVE-2020-11078 CVE-2021-20288 CVE-2021-20305 CVE-2021-21240 CVE-2021-22898 CVE-2021-3426 CVE-2021-3509 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3524 CVE-2021-3531 CVE-2021-3537 ----------------------------------------------------------------- The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1475-1 Released: Tue May 4 08:59:27 2021 Summary: Security update for ceph Type: security Severity: important References: 1183074,1183899,1184231,CVE-2021-20288 This update for ceph fixes the following issues: - ceph was updated to 15.2.11-83-g8a15f484c2: * CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074). * disk gets replaced with no rocksdb/wal (bsc#1184231). * BlueStore handles huge(>4GB) writes from RocksDB to BlueFS poorly, potentially causing data corruption (bsc#1183899). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1521-1 Released: Wed May 5 17:52:55 2021 Summary: Recommended update for ceph-iscsi Type: recommended Severity: moderate References: 1182611 This update for ceph-iscsi fixes the following issues: -Fix for the gateway when it fails to start using SSL. (bsc#1182611) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:33 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1557-1 Released: Tue May 11 09:50:00 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1183374,CVE-2021-3426 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1582-1 Released: Wed May 12 13:40:03 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184687,1185190 This update for lvm2 fixes the following issues: - Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190) - Fixed and issue when LVM can't be disabled on boot. (bsc#1184687) - Update patch for avoiding apply warning messages. (bsc#1012973) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1669-1 Released: Thu May 20 11:10:44 2021 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1181540,1181651,1183194,1185170 This update for nfs-utils fixes the following issues: - The '/var/run' is long deprecated - switch all relevant paths to '/run'. (bsc#1185170) - Improve logging of authentication (bsc#1181540) - Add man page of the 'nconnect mount'. (bsc#1181651) - Fixed an issue when HANA crashed due to inaccessible/hanging NFS mount. (bsc#1183194) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1675-1 Released: Thu May 20 15:00:23 2021 Summary: Recommended update for snappy Type: recommended Severity: moderate References: 1080040,1184507 This update for snappy fixes the following issues: Update from version 1.1.3 to 1.1.8 - Small performance improvements. - Removed `snappy::string` alias for `std::string`. - Improved `CMake` configuration. - Improved packages descriptions. - Fix RPM groups. - Aarch64 fixes - PPC speedups - PIE improvements - Fix license install. (bsc#1080040) - Fix a 1% performance regression when snappy is used in PIE executable. - Improve compression performance by 5%. - Improve decompression performance by 20%. - Use better download URL. - Fix a build issue for tensorflow2. (bsc#1184507) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1773-1 Released: Wed May 26 17:22:21 2021 Summary: Recommended update for python3 Type: recommended Severity: low References: This update for python3 fixes the following issues: - Make sure to close the import_failed.map file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1777-1 Released: Thu May 27 11:20:53 2021 Summary: Security update for ceph Type: security Severity: important References: 1185619,1186020,1186021,CVE-2021-3509,CVE-2021-3524,CVE-2021-3531 This update for ceph fixes the following issues: - Update to 15.2.12-83-g528da226523: - (CVE-2021-3509) fix cookie injection issue (bsc#1186021) - (CVE-2021-3531) RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (bsc#1186020) - (CVE-2021-3524) sanitize \r in s3 CORSConfiguration’s ExposeHeader (bsc#1185619) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1801-1 Released: Mon May 31 07:36:01 2021 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1115550,1174162 This update for openssh fixes the following issues: - Fixed a race condition leading to a sshd termination of multichannel sessions with non-root users (bsc#1115550, bsc#1174162). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1806-1 Released: Mon May 31 16:23:04 2021 Summary: Security update for python-httplib2 Type: security Severity: moderate References: 1171998,1182053,CVE-2020-11078,CVE-2021-21240 This update for python-httplib2 fixes the following issues: - Update to version 0.19.0 (bsc#1182053). - CVE-2021-21240: Fixed regular expression denial of service via malicious header (bsc#1182053). - CVE-2020-11078: Fixed unescaped part of uri where an attacker could change request headers and body (bsc#1182053). The following package changes have been done: - bash-4.4-9.14.1 updated - ceph-base-15.2.12.83+g528da226523-3.19.1 updated - ceph-common-15.2.12.83+g528da226523-3.19.1 updated - ceph-grafana-dashboards-15.2.12.83+g528da226523-3.19.1 updated - ceph-iscsi-3.4+1614165221.g78e33bb-3.3.6 updated - ceph-mds-15.2.12.83+g528da226523-3.19.1 updated - ceph-mgr-cephadm-15.2.12.83+g528da226523-3.19.1 updated - ceph-mgr-dashboard-15.2.12.83+g528da226523-3.19.1 updated - ceph-mgr-modules-core-15.2.12.83+g528da226523-3.19.1 updated - ceph-mgr-rook-15.2.12.83+g528da226523-3.19.1 updated - ceph-mgr-15.2.12.83+g528da226523-3.19.1 updated - ceph-mon-15.2.12.83+g528da226523-3.19.1 updated - ceph-osd-15.2.12.83+g528da226523-3.19.1 updated - ceph-prometheus-alerts-15.2.12.83+g528da226523-3.19.1 updated - ceph-radosgw-15.2.12.83+g528da226523-3.19.1 updated - cephadm-15.2.12.83+g528da226523-3.19.1 updated - ceph-15.2.12.83+g528da226523-3.19.1 updated - device-mapper-1.02.163-8.30.1 updated - krb5-1.16.3-3.18.1 updated - libapparmor1-2.13.4-3.5.1 updated - libbz2-1-1.0.6-5.11.1 updated - libcap2-2.26-4.6.1 updated - libcephfs2-15.2.12.83+g528da226523-3.19.1 updated - libcurl4-7.66.0-4.17.1 updated - libdevmapper-event1_03-1.02.163-8.30.1 updated - libdevmapper1_03-1.02.163-8.30.1 updated - libhogweed4-3.4.1-4.15.1 updated - libldap-2_4-2-2.4.46-9.53.1 updated - libldap-data-2.4.46-9.53.1 updated - liblttng-ust0-2.10.1-4.2.1 updated - liblvm2cmd2_03-2.03.05-8.30.1 updated - liblz4-1-1.8.0-3.8.1 updated - libnettle6-3.4.1-4.15.1 updated - libopenssl1_1-1.1.1d-11.23.1 updated - libprocps7-3.3.15-7.19.1 updated - libpython3_6m1_0-3.6.13-3.84.1 updated - librados2-15.2.12.83+g528da226523-3.19.1 updated - librbd1-15.2.12.83+g528da226523-3.19.1 updated - libreadline7-7.0-9.14.1 updated - librgw2-15.2.12.83+g528da226523-3.19.1 updated - libsnappy1-1.1.8-3.3.1 updated - libsolv-tools-0.7.19-3.23.1 updated - libxml2-2-2.9.7-3.34.1 updated - libzypp-17.25.10-3.36.1 updated - lvm2-2.03.05-8.30.1 updated - nfs-client-2.1.1-10.15.1 updated - nfs-kernel-server-2.1.1-10.15.1 updated - openssh-8.1p1-5.15.1 updated - openssl-1_1-1.1.1d-11.23.1 updated - pam-1.3.0-6.38.1 updated - permissions-20181225-23.6.1 updated - procps-3.3.15-7.19.1 updated - python3-base-3.6.13-3.84.1 updated - python3-ceph-argparse-15.2.12.83+g528da226523-3.19.1 updated - python3-ceph-common-15.2.12.83+g528da226523-3.19.1 updated - python3-cephfs-15.2.12.83+g528da226523-3.19.1 updated - python3-curses-3.6.13-3.84.1 updated - python3-httplib2-0.19.0-3.3.1 updated - python3-rados-15.2.12.83+g528da226523-3.19.1 updated - python3-rbd-15.2.12.83+g528da226523-3.19.1 updated - python3-rgw-15.2.12.83+g528da226523-3.19.1 updated - python3-3.6.13-3.84.1 updated - rbd-mirror-15.2.12.83+g528da226523-3.19.1 updated - sed-4.4-4.3.1 updated - systemd-presets-branding-SLE-15.1-20.8.1 updated - container:ceph-image-1.0.0-4.214 updated