SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:788-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.29 , ses/6/rook/ceph:latest Container Release : 1.5.29 Severity : important Type : security References : 1073313 1081947 1081947 1082293 1082318 1085196 1088358 1106214 1111388 1112438 1114845 1121197 1122417 1122666 1125689 1125886 1127701 1129071 1132663 1132900 1133773 1134616 1135534 1135708 1135984 1136245 1137296 1141113 1141883 1143055 1143194 1143273 1144047 1144169 1145383 1146182 1146184 1146866 1148494 1149203 1149429 1149495 1149496 1150003 1150250 1150895 1151479 1151909 1152008 1152326 353876 CVE-2017-17740 CVE-2019-11236 CVE-2019-11324 CVE-2019-13057 CVE-2019-13565 CVE-2019-14806 CVE-2019-1547 CVE-2019-1563 CVE-2019-15903 CVE-2019-5481 CVE-2019-5482 CVE-2019-6446 CVE-2019-9511 CVE-2019-9513 CVE-2019-9740 SLE-6094 SLE-8532 SLE-9132 ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2218-1 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Type: recommended Severity: moderate References: 1141883 This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2241-1 Released: Wed Aug 28 14:58:49 2019 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1144169 This update for ca-certificates-mozilla fixes the following issues: ca-certificates-mozillawas updated to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169) Removed CAs: - Certinomis - Root CA Includes new root CAs from the 2.32 version: - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2306-1 Released: Thu Sep 5 14:39:23 2019 Summary: Recommended update for parted Type: recommended Severity: moderate References: 1082318,1136245 This update for parted fixes the following issues: - Included several minor bug fixes - for more details please refer to this rpm's changelog (bsc#1136245) - Installs the license file in the correct directory (bsc#1082318) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2307-1 Released: Thu Sep 5 14:45:08 2019 Summary: Security update for util-linux and shadow Type: security Severity: moderate References: 1081947,1082293,1085196,1106214,1121197,1122417,1125886,1127701,1135534,1135708,1141113,353876 This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Prevent outdated pam files (bsc#1082293). - De-duplicate fstrim -A properly (bsc#1127701). - Do not trim read-only volumes (bsc#1106214). - Integrate pam_keyinit pam module to login (bsc#1081947). - Perform one-time reset of /etc/default/su (bsc#1121197). - Fix problems in reading of login.defs values (bsc#1121197) - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add RemainAfterExit=yes (bsc#1135534). - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - libmount: print a blacklist hint for 'unknown filesystem type' (jsc#SUSE-4085, fate#326832) - Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197). shadow: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Fix segfault in useradd during setting password inactivity period. (bsc#1141113) - Hardening for su wrappers (bsc#353876) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2332-1 Released: Mon Sep 9 10:17:16 2019 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1129071,1132663,1132900,CVE-2019-11236,CVE-2019-11324,CVE-2019-9740 This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11324: Fixed invalid CA certificat verification (bsc#1132900). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2361-1 Released: Thu Sep 12 07:54:54 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1081947,1144047 This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2365-1 Released: Thu Sep 12 11:23:31 2019 Summary: Security update for python-Werkzeug Type: security Severity: moderate References: 1145383,CVE-2019-14806 This update for python-Werkzeug fixes the following issues: Security issue fixed: - CVE-2019-14806: Fixed the development server in Docker, the debugger security pin is now unique per container (bsc#1145383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2367-1 Released: Thu Sep 12 12:59:37 2019 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1122666,1135984,1137296 This update for lvm2 fixes the following issues: - Fix unknown feature in status message (bsc#1135984) - Fix using device aliases with lvmetad (bsc#1137296) - Fix devices drop open error message (bsc#1122666) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2373-1 Released: Thu Sep 12 14:18:53 2019 Summary: Security update for curl Type: security Severity: important References: 1149495,1149496,CVE-2019-5481,CVE-2019-5482 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2395-1 Released: Wed Sep 18 08:31:38 2019 Summary: Security update for openldap2 Type: security Severity: moderate References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565 This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2403-1 Released: Wed Sep 18 16:14:29 2019 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1150003,1150250,CVE-2019-1547,CVE-2019-1563 This update for openssl-1_1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2416-1 Released: Fri Sep 20 12:51:10 2019 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1148494,SLE-6094 This update for suse-module-tools fixes the following issues: - Remove 'modhash' as it has moved to mokutil package. (jsc#SLE-6094, bsc#1148494) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2422-1 Released: Fri Sep 20 16:36:43 2019 Summary: Recommended update for python-urllib3 Type: recommended Severity: moderate References: 1150895 This update for python-urllib3 fixes the following issues: - Add missing dependency on python-six (bsc#1150895) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2423-1 Released: Fri Sep 20 16:41:45 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1146866,SLE-9132 This update for aaa_base fixes the following issues: Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132) Following settings have been tightened (and set to 0): - net.ipv4.conf.all.accept_redirects - net.ipv4.conf.default.accept_redirects - net.ipv4.conf.default.accept_source_route - net.ipv6.conf.all.accept_redirects - net.ipv6.conf.default.accept_redirects ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2429-1 Released: Mon Sep 23 09:28:40 2019 Summary: Security update for expat Type: security Severity: moderate References: 1149429,CVE-2019-15903 This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2448-1 Released: Tue Sep 24 13:32:01 2019 Summary: Recommended update for rook Type: recommended Severity: low References: 1151479 This is a Technical Preview update for rook. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2462-1 Released: Wed Sep 25 16:43:04 2019 Summary: Security update for python-numpy Type: security Severity: moderate References: 1149203,CVE-2019-6446,SLE-8532 This update for python-numpy fixes the following issues: Non-security issues fixed: - Updated to upstream version 1.16.1. (bsc#1149203) (jsc#SLE-8532) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2473-1 Released: Thu Sep 26 10:02:03 2019 Summary: Security update for nghttp2 Type: security Severity: moderate References: 1112438,1125689,1134616,1146182,1146184,CVE-2019-9511,CVE-2019-9513 This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#11461). Bug fixes and enhancements: - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Feature: Add W&S module (FATE#326776, bsc#1112438) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2483-1 Released: Fri Sep 27 14:16:23 2019 Summary: Optional update for python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate. Type: optional Severity: low References: 1088358 This update ships python3-google-api-python-client, python3-httplib2, python3-oauth2client, and python3-uritemplate for the SUSE Linux Enterprise Public Cloud 15 module. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2488-1 Released: Mon Sep 30 11:24:28 2019 Summary: Optional update for ceph Type: optional Severity: low References: 1152326 This update will just be released to the codestream to align the versions (bsc#1152326) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2019:2489-1 Released: Mon Sep 30 12:04:42 2019 Summary: SUSE Enterprise Storage 6 Technical Container Preview Type: optional Severity: low References: 1151909,1152008 This is a technical preview for SUSE Enterprise Storage 6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2418-1 Released: Thu Nov 14 11:53:03 2019 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1133773,1143055 This update for bash fixes the following issues: - Rework patch readline-7.0-screen (bsc#1143055): map all 'screen(-xxx)?.yyy(-zzz)?' to 'screen' as well as map 'konsole(-xxx)?' and 'gnome(-xxx)?' to 'xterm' - Add a backport from bash 5.0 to perform better with large numbers of sub processes. (bsc#1133773) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.15.1 updated - bash-4.4-9.10.1 updated - ca-certificates-mozilla-2.34-4.12.1 updated - ceph-base-14.2.2.354+g8878cf2360-3.3.1 updated - ceph-common-14.2.2.354+g8878cf2360-3.3.1 updated - ceph-fuse-14.2.2.354+g8878cf2360-3.3.1 updated - ceph-mds-14.2.2.354+g8878cf2360-3.3.1 updated - ceph-mgr-dashboard-14.2.2.354+g8878cf2360-3.3.1 updated - ceph-mgr-diskprediction-local-14.2.2.354+g8878cf2360-3.3.1 updated - ceph-mgr-rook-14.2.2.354+g8878cf2360-3.3.1 updated - ceph-mgr-14.2.2.354+g8878cf2360-3.3.1 updated - ceph-mon-14.2.2.354+g8878cf2360-3.3.1 updated - ceph-osd-14.2.2.354+g8878cf2360-3.3.1 updated - ceph-radosgw-14.2.2.354+g8878cf2360-3.3.1 updated - ceph-14.2.2.354+g8878cf2360-3.3.1 updated - device-mapper-1.02.149-12.3.1 updated - krb5-1.16.3-3.6.1 updated - libblkid1-2.33.1-4.5.1 updated - libcephfs2-14.2.2.354+g8878cf2360-3.3.1 updated - libcurl4-7.60.0-3.23.1 updated - libdevmapper-event1_03-1.02.149-12.3.1 updated - libdevmapper1_03-1.02.149-12.3.1 updated - libexpat1-2.2.5-3.6.1 updated - libfdisk1-2.33.1-4.5.1 updated - libldap-2_4-2-2.4.46-9.19.2 updated - liblvm2app2_2-2.02.180-12.3.1 updated - liblvm2cmd2_02-2.02.180-12.3.1 updated - libmount1-2.33.1-4.5.1 updated - libnghttp2-14-1.39.2-3.3.1 updated - libopenssl1_1-1.1.0i-14.3.1 updated - libparted0-3.2-11.3.1 updated - librados2-14.2.2.354+g8878cf2360-3.3.1 updated - librbd1-14.2.2.354+g8878cf2360-3.3.1 updated - libreadline7-7.0-9.10.1 updated - librgw2-14.2.2.354+g8878cf2360-3.3.1 updated - libsmartcols1-2.33.1-4.5.1 updated - libuuid1-2.33.1-4.5.1 updated - lvm2-2.02.180-12.3.1 updated - openssl-1_1-1.1.0i-14.3.1 updated - parted-3.2-11.3.1 updated - pinentry-1.1.0-4.3.1 updated - python3-Werkzeug-0.14.1-6.3.1 updated - python3-ceph-argparse-14.2.2.354+g8878cf2360-3.3.1 updated - python3-cephfs-14.2.2.354+g8878cf2360-3.3.1 updated - python3-fasteners-0.14.1-3.2.4 updated - python3-numpy-1.16.1-4.8.1 updated - python3-pyasn1-modules-0.2.1-3.2.4 updated - python3-rados-14.2.2.354+g8878cf2360-3.3.1 updated - python3-rbd-14.2.2.354+g8878cf2360-3.3.1 updated - python3-rgw-14.2.2.354+g8878cf2360-3.3.1 updated - python3-urllib3-1.24-9.7.1 updated - rbd-mirror-14.2.2.354+g8878cf2360-3.3.1 updated - rbd-nbd-14.2.2.354+g8878cf2360-3.3.1 updated - rook-k8s-yaml-1.1.1+git0.g9a2641a6-1.11.2 updated - rook-rookflex-1.1.1+git0.g9a2641a6-1.11.2 updated - rook-1.1.1+git0.g9a2641a6-1.11.2 updated - shadow-4.6-3.5.6 updated - suse-module-tools-15.1.17-3.6.1 updated - util-linux-2.33.1-4.5.1 updated - container:sles15-image-15.0.0-6.2.83 updated