SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:562-1 Container Tags : bci/golang:1.16 Container Release : 5.22 Severity : important Type : security References : 1182345 1186071 1187153 1187273 1188623 1190356 1190440 1190984 1191286 1191324 1191370 1191609 1191736 1192160 1192161 1192337 1192377 1192378 1192436 CVE-2021-41771 CVE-2021-41772 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3798-1 Released: Wed Nov 24 18:01:36 2021 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: This update for gcc7 fixes the following issues: - Fixed a build issue when built with recent kernel headers. - Backport the '-fpatchable-function-entry' feature from newer GCC. (jsc#SLE-20049) - do not handle exceptions in std::thread (jsc#CAR-1182) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3834-1 Released: Wed Dec 1 16:05:12 2021 Summary: Security update for go1.16 Type: security Severity: moderate References: 1182345,1192377,1192378,CVE-2021-41771,CVE-2021-41772 This update for go1.16 fixes the following issues: Security update go1.16.10 (released 2021-11-04) (bsc#1182345). - CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic (bsc#1192377). - CVE-2021-41772: Fixed panic on (*Reader).Open (bsc#1192378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) The following package changes have been done: - cpp7-7.5.0+r278197-4.30.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - gcc7-7.5.0+r278197-4.30.1 updated - go1.16-1.16.10-1.32.1 updated - libasan4-7.5.0+r278197-4.30.1 updated - libatomic1-11.2.1+git610-1.3.9 updated - libcilkrts5-7.5.0+r278197-4.30.1 updated - libcrack2-2.9.7-11.6.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgomp1-11.2.1+git610-1.3.9 updated - libitm1-11.2.1+git610-1.3.9 updated - liblsan0-11.2.1+git610-1.3.9 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-246.16-7.21.1 updated - libtsan0-11.2.1+git610-1.3.9 updated - libubsan0-7.5.0+r278197-4.30.1 updated - libudev1-246.16-7.21.1 updated - libzypp-17.28.8-20.1 updated - rpm-config-SUSE-1-5.6.1 updated - zypper-1.14.50-21.1 updated - container:sles15-image-15.0.0-17.8.39 updated