SUSE Container Update Advisory: ses/7/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:140-1 Container Tags : ses/7/rook/ceph:1.5.10 , ses/7/rook/ceph:1.5.10.4 , ses/7/rook/ceph:1.5.10.4.1.1581 , ses/7/rook/ceph:latest , ses/7/rook/ceph:sle15.2.octopus Container Release : 1.1581 Severity : important Type : security References : 1165780 1177047 1178219 1178680 1180836 1181976 1182611 1182791 1182899 1183074 1183791 1183801 1183899 1183936 1184136 1184231 1184401 1184690 1185408 1185409 1185410 CVE-2021-20288 CVE-2021-20305 CVE-2021-3156 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 ----------------------------------------------------------------- The container ses/7/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1275-1 Released: Tue Apr 20 14:31:26 2021 Summary: Security update for sudo Type: security Severity: important References: 1183936,CVE-2021-3156 This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1475-1 Released: Tue May 4 08:59:27 2021 Summary: Security update for ceph Type: security Severity: important References: 1183074,1183899,1184231,CVE-2021-20288 This update for ceph fixes the following issues: - ceph was updated to 15.2.11-83-g8a15f484c2: * CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074). * disk gets replaced with no rocksdb/wal (bsc#1184231). * BlueStore handles huge(>4GB) writes from RocksDB to BlueFS poorly, potentially causing data corruption (bsc#1183899). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1521-1 Released: Wed May 5 17:52:55 2021 Summary: Recommended update for ceph-iscsi Type: recommended Severity: moderate References: 1182611 This update for ceph-iscsi fixes the following issues: -Fix for the gateway when it fails to start using SSL. (bsc#1182611) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1525-1 Released: Wed May 5 20:04:16 2021 Summary: Recommended update for rook Type: recommended Severity: moderate References: This update for rook fixes the following issues: - updated ceph-csi to v3.2.1 * Use latest Ceph API for setting dashboard and rgw credentials * Redact secret info from reconcile diffs in debug logs) * Continue to get available devices if failed to get a device info * Include RGW pods in list for rescheduling from failed node * Enforce pg_auto_scaler on rgw pools * Prevent voluntary mon drain while another mon is failing over * Avoid restarting all encrypted OSDs on cluster growth * Set secret type on external cluster script * Fix init container 'expand-encrypted-bluefs' for encrypted OSDs * Fail pool creation if the sub failure domain is the same as the failure domain * Set default backend for vault and remove temp key for encrypted OSDs The following package changes have been done: - ceph-base-15.2.11.83+g8a15f484c2-3.16.1 updated - ceph-common-15.2.11.83+g8a15f484c2-3.16.1 updated - ceph-grafana-dashboards-15.2.11.83+g8a15f484c2-3.16.1 updated - ceph-iscsi-3.4+1614165221.g78e33bb-3.3.6 updated - ceph-mds-15.2.11.83+g8a15f484c2-3.16.1 updated - ceph-mgr-cephadm-15.2.11.83+g8a15f484c2-3.16.1 updated - ceph-mgr-dashboard-15.2.11.83+g8a15f484c2-3.16.1 updated - ceph-mgr-modules-core-15.2.11.83+g8a15f484c2-3.16.1 updated - ceph-mgr-rook-15.2.11.83+g8a15f484c2-3.16.1 updated - ceph-mgr-15.2.11.83+g8a15f484c2-3.16.1 updated - ceph-mon-15.2.11.83+g8a15f484c2-3.16.1 updated - ceph-osd-15.2.11.83+g8a15f484c2-3.16.1 updated - ceph-prometheus-alerts-15.2.11.83+g8a15f484c2-3.16.1 updated - ceph-radosgw-15.2.11.83+g8a15f484c2-3.16.1 updated - cephadm-15.2.11.83+g8a15f484c2-3.16.1 updated - ceph-15.2.11.83+g8a15f484c2-3.16.1 updated - device-mapper-1.02.163-8.27.1 updated - e2fsprogs-1.43.8-4.26.1 updated - gzip-1.10-3.11.1 updated - libcap2-2.26-4.6.1 updated - libcephfs2-15.2.11.83+g8a15f484c2-3.16.1 updated - libcom_err2-1.43.8-4.26.1 updated - libdevmapper-event1_03-1.02.163-8.27.1 updated - libdevmapper1_03-1.02.163-8.27.1 updated - libext2fs2-1.43.8-4.26.1 updated - libgpgme11-1.13.1-4.3.1 updated - libhogweed4-3.4.1-4.15.1 updated - libldap-2_4-2-2.4.46-9.51.1 updated - libldap-data-2.4.46-9.51.1 updated - liblvm2cmd2_03-2.03.05-8.27.1 updated - libnettle6-3.4.1-4.15.1 updated - libprocps7-3.3.15-7.16.1 updated - librados2-15.2.11.83+g8a15f484c2-3.16.1 updated - librbd1-15.2.11.83+g8a15f484c2-3.16.1 updated - librgw2-15.2.11.83+g8a15f484c2-3.16.1 updated - libsolv-tools-0.7.19-3.20.1 updated - libsystemd0-234-24.82.1 updated - libudev1-234-24.82.1 updated - libxml2-2-2.9.7-3.31.1 updated - libzypp-17.25.8-3.33.1 updated - lvm2-2.03.05-8.27.1 updated - permissions-20181225-23.6.1 updated - procps-3.3.15-7.16.1 updated - python3-ceph-argparse-15.2.11.83+g8a15f484c2-3.16.1 updated - python3-ceph-common-15.2.11.83+g8a15f484c2-3.16.1 updated - python3-cephfs-15.2.11.83+g8a15f484c2-3.16.1 updated - python3-rados-15.2.11.83+g8a15f484c2-3.16.1 updated - python3-rbd-15.2.11.83+g8a15f484c2-3.16.1 updated - python3-rgw-15.2.11.83+g8a15f484c2-3.16.1 updated - rbd-mirror-15.2.11.83+g8a15f484c2-3.16.1 updated - rook-k8s-yaml-1.5.10+git4.g309ad2f64-3.18.1 updated - rook-rookflex-1.5.10+git4.g309ad2f64-3.18.1 updated - rook-1.5.10+git4.g309ad2f64-3.18.1 updated - sles-release-15.2-52.3.1 updated - sudo-1.8.22-4.18.1 updated - systemd-presets-branding-SLE-15.1-20.8.1 updated - systemd-presets-common-SUSE-15-8.6.1 updated - systemd-234-24.82.1 updated - udev-234-24.82.1 updated - container:ceph-image-1.0.0-4.183 updated