SUSE Container Update Advisory: ses/7.1/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2085-1 Container Tags : ses/7.1/ceph/ceph:16.2.9.536 , ses/7.1/ceph/ceph:16.2.9.536.3.2.223 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific Container Release : 3.2.223 Severity : important Type : security References : 1041090 1181475 1183308 1192616 1193951 1195059 1195881 1195916 1196017 1196212 1196499 1196696 1197017 1197178 1198341 1198731 1198752 1198925 1199524 1200485 1200800 1200842 1201253 1202175 1202310 1202498 1202498 1202593 CVE-2020-21913 CVE-2020-29651 CVE-2022-1706 CVE-2022-2309 CVE-2022-35252 CVE-2022-37434 ----------------------------------------------------------------- The container ses/7.1/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2831-1 Released: Wed Aug 17 14:41:07 2022 Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins Type: security Severity: moderate References: 1195916,1196696,CVE-2020-29651 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2853-1 Released: Fri Aug 19 15:59:42 2022 Summary: Recommended update for sle-module-legacy-release Type: recommended Severity: low References: 1202498 This update for python-iniconfig provides the following fix: - Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2908-1 Released: Fri Aug 26 11:36:03 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1201253,CVE-2022-2309 This update for python-lxml fixes the following issues: - CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2921-1 Released: Fri Aug 26 15:17:43 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059 This update for systemd fixes the following issues: - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - tmpfiles: check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:2926-1 Released: Mon Aug 29 10:38:52 2022 Summary: Feature update for LibreOffice Type: feature Severity: moderate References: 1041090,1183308,1192616,1195881,1196017,1196212,1196499,1197017 This feature update for LibreOffice provides the following fixes: abseil-cpp: - Provide abseil-cpp version 20211102.0 as LibreOffice 7.3 dependency. (jsc#SLE-23447) - Mention already fixed issues. (fate#326485, bsc#1041090) libcuckoo: - Provide libcuckoo version 0.3 as LibreOffice dependency. (jsc#SLE-23447) libixion: - Update libixion from version 0.16.1 to version 0.17.0. (jsc#SLE-23447) - Build with mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447) - Build with gcc11 and gcc11-c++. (jsc#SLE-23447) - Remove unneeded vulkan dependency - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) libreoffice: - Update LibreOffice from version 7.2.5.1 to version 7.3.3.1. (jsc#SLE-23447, jsc#SLE-24021) * Update bundled dependencies: * gpgme from version 1.13.1 to version 1.16.0 * libgpg-error from version 1.37 to version 1.43 * libassuan from version 2.5.3 to version 2.5.5 * pdfium from version 4500 to version 4699 * skia from version m90-45c57e116ee0ce214bdf78405a4762722e4507d9 to version m97-a7230803d64ae9d44f4e1282444801119a3ae967 * boost from version 1_75 to version 1_77 * icu4c from version 69_1 to version 70_1 * On SUSE Linux Enterprise 15 SP3 and newer require curl-devel 7.68.0 or newer * New build dependencies: * abseil-cpp-devel * libassuan0 * libcuckoo-devel * libopenjp2 * requrire liborcus-0.17 instead of liborcus-0.16 * requrire mdds-2.0 instead of mdds-1.5 * Do not use serf-1 anymore but use curl instead. * Other fixes: * Extraneous/missing lines in table in Impress versus PowerPoint (bsc#1192616) * Text with tabs appears quite different in Impress than in PowerPoint (bsc#1196212) * Bullets appear larger and green instead of black. (bsc#1195881) * Enable gtk3_kde5 and make it possible to use gtk3 in kde with the kde filepicker (bsc#1197017) * Mention already fixed issues. (bsc#1183308, bsc#1196017, bsc#1196499) liborcus: - Update liborcus from version 0.16.1 to version 0.17.2. (jsc#SLE-23447) - Require mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447) - Require libixion-0.17 instead of libixion-0.16. (jsc#SLE-23447) - Build with libtool and use autotools. (jsc#SLE-23447) - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) mdds-2_0: - Provide mdds-2_0 version 2.0.2 as LibreOffice dependency. (jsc#SLE-23447) myspell-dictionaries: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) - There are no visible changes for the final user. ucpp: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) - There are no visible changes for the final user. xmlsec1: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) - There are no visible changes for the final user. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2943-1 Released: Tue Aug 30 15:42:16 2022 Summary: Recommended update for python-iniconfig Type: recommended Severity: low References: 1202498 This update for python-iniconfig provides the following fix: - Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:2972-1 Released: Thu Sep 1 11:08:16 2022 Summary: Feature update for python-kubernetes Type: feature Severity: moderate References: This feature update for python-kubernetes provides: - Deliver python3-kubernetes to the Containers Module 15 SP4. (jsc#SLE-17904, MSC-443) * Deliver python3-google-auth to Basesystem Module 15 SP4 as dependency of python3-kubernetes. * Deliver python3-cachetools to Basesystem Module 15 SP4 as dependency of python3-google-auth. - There are no visible changes for the final user. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2982-1 Released: Thu Sep 1 12:33:47 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731,1200842 This update for util-linux fixes the following issues: - su: Change owner and mode for pty (bsc#1200842) - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) - mesg: use only stat() to get the current terminal status (bsc#1200842) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate References: 1198925 This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3004-1 Released: Fri Sep 2 15:02:14 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3028-1 Released: Mon Sep 5 16:31:24 2022 Summary: Recommended update for python-pytz Type: recommended Severity: low References: This update for python-pytz fixes the following issues: - update to 2022.1: matches tzdata 2022a - declare python 3.10 compatibility ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3142-1 Released: Wed Sep 7 09:54:18 2022 Summary: Security update for icu Type: security Severity: moderate References: 1193951,CVE-2020-21913 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). The following package changes have been done: - libblkid1-2.36.2-150300.4.23.1 updated - libcurl4-7.66.0-150200.4.39.1 updated - libfdisk1-2.36.2-150300.4.23.1 updated - libicu-suse65_1-65.1-150200.4.5.1 updated - libicu65_1-ledata-65.1-150200.4.5.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libldap-data-2.4.46-150200.14.11.2 updated - libmount1-2.36.2-150300.4.23.1 updated - libprocps7-3.3.15-150000.7.25.1 updated - libsmartcols1-2.36.2-150300.4.23.1 updated - libsystemd0-246.16-150300.7.51.1 updated - libtirpc-netconfig-1.2.6-150300.3.11.1 updated - libtirpc3-1.2.6-150300.3.11.1 updated - libudev1-246.16-150300.7.51.1 updated - libusb-1_0-0-1.0.21-150000.3.5.1 updated - libuuid1-2.36.2-150300.4.23.1 updated - libxmlsec1-1-1.2.28-150100.7.11.1 updated - libxmlsec1-openssl1-1.2.28-150100.7.11.1 updated - libz1-1.2.11-150000.3.33.1 updated - procps-3.3.15-150000.7.25.1 updated - python3-apipkg-1.4-150000.3.2.1 updated - python3-cachetools-4.1.0-150200.3.4.1 updated - python3-google-auth-1.21.2-150300.3.6.1 updated - python3-iniconfig-1.1.1-150000.1.7.1 added - python3-kubernetes-8.0.1-150100.3.7.1 updated - python3-lxml-4.7.1-150200.3.10.1 updated - python3-pytz-2022.1-150300.3.6.1 updated - python3-py-1.10.0-150000.5.9.2 updated - systemd-presets-common-SUSE-15-150100.8.17.1 updated - systemd-246.16-150300.7.51.1 updated - timezone-2022a-150000.75.10.1 updated - udev-246.16-150300.7.51.1 updated - util-linux-systemd-2.36.2-150300.4.23.1 updated - util-linux-2.36.2-150300.4.23.1 updated - container:sles15-image-15.0.0-17.20.29 updated