SUSE Container Update Advisory: ses/6/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:973-1 Container Tags : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.632 , ses/6/cephcsi/cephcsi:latest Container Release : 1.5.632 Severity : important Type : security References : 1121227 1121230 1122004 1122021 1172427 1177047 1177460 1180713 1184501 1193489 1194172 1194642 1194848 1194883 1195251 1195628 1195899 1195999 1196061 1196093 1196107 1196275 1196317 1196368 1196406 1196514 1196925 1196939 1197024 1197134 1197297 1197459 1197788 1197903 1198062 1198062 1198237 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2022-1097 CVE-2022-1271 CVE-2022-1271 ----------------------------------------------------------------- The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1131-1 Released: Fri Apr 8 09:43:53 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1149-1 Released: Mon Apr 11 16:29:14 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1197903,CVE-2022-1097 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1250-1 Released: Sun Apr 17 15:39:47 2022 Summary: Security update for gzip Type: security Severity: important References: 1177047,1180713,1198062,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following non-security bugs were fixed: - Fixed an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198237 This update for binutils fixes the following issues: - The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1491-1 Released: Tue May 3 07:09:44 2022 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1194172 This update for psmisc fixes the following issues: - Add a fallback if the system call name_to_handle_at() is not supported by the used file system. - Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from pthreads(7) (bsc#1194172) - Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process (bsc#1194172) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - binutils-2.37-150100.7.29.1 updated - e2fsprogs-1.43.8-150000.4.29.1 updated - filesystem-15.0-11.8.1 updated - gzip-1.10-150000.4.12.1 updated - libblkid1-2.33.2-150100.4.21.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libctf-nobfd0-2.37-150100.7.29.1 updated - libctf0-2.37-150100.7.29.1 updated - libext2fs2-1.43.8-150000.4.29.1 updated - libfdisk1-2.33.2-150100.4.21.1 updated - libfreebl3-3.68.3-150000.3.67.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.21.1 updated - libquadmath0-11.2.1+git610-150000.1.6.6 updated - libsmartcols1-2.33.2-150100.4.21.1 updated - libsoftokn3-3.68.3-150000.3.67.1 updated - libsolv-tools-0.7.22-150100.4.6.1 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libsystemd0-234-24.108.1 updated - libudev1-234-24.108.1 updated - libuuid1-2.33.2-150100.4.21.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.30.0-150100.3.78.1 updated - mozilla-nss-certs-3.68.3-150000.3.67.1 updated - mozilla-nss-3.68.3-150000.3.67.1 updated - nfs-client-2.1.1-150100.10.24.1 updated - nfs-kernel-server-2.1.1-150100.10.24.1 updated - pam-1.3.0-150000.6.55.3 updated - perl-base-5.26.1-150000.7.15.1 updated - psmisc-23.0-150000.6.22.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - systemd-234-24.108.1 updated - timezone-2022a-150000.75.7.1 updated - udev-234-24.108.1 updated - util-linux-2.33.2-150100.4.21.1 updated - xz-5.2.3-150000.4.7.1 updated - zypper-1.14.52-150100.3.55.2 updated - container:sles15-image-15.0.0-6.2.613 updated