SUSE Container Update Advisory: sles12/chartmuseum
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2019:308-1
Container Tags        : sles12/chartmuseum:0.2.8
Container Release     : 2.3.329
Severity              : moderate
Type                  : security
References            : 1005063 1030472 1030476 1033084 1033085 1033087 1033088 1033089
                        1033090 1106390 1107067 1110797 1111973 1112723 1112726 1119296
                        1123685 1125007 1128383 1128481 1133418 1135261 1135709 1136570
                        954600 CVE-2016-10254 CVE-2016-10255 CVE-2017-7607 CVE-2017-7608
                        CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062
                        CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-3860
                        CVE-2019-7150 CVE-2019-7665 
-----------------------------------------------------------------

The container sles12/chartmuseum was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1431-1
Released:    Wed Jun  5 16:50:13 2019
Summary:     Recommended update for xz
Type:        recommended
Severity:    moderate
References:  1135709
This update for xz does only update the license:

- Add SUSE-Public-Domain license as some parts of xz utils (liblzma,
  xz, xzdec, lzmadec, documentation, translated messages, tests,
  debug, extra directory) are in public domain license (bsc#1135709)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1474-1
Released:    Wed Jun 12 14:46:20 2019
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1110797
This update for permissions fixes the following issues:

- Updated permissons for amanda (bsc#1110797)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1481-1
Released:    Thu Jun 13 07:46:01 2019
Summary:     Recommended update for sg3_utils
Type:        recommended
Severity:    moderate
References:  1005063,1119296,1133418,954600
This update for sg3_utils provides the following fixes:
- Fix regression for page 0xa. (bsc#1119296)
- Add pre/post scripts for lunmask.service. (bsc#954600)
- Will now generate by-path links for fibrechannel. (bsc#1005063)
- Fixes a syntax error for rule 59-fc-wwpn-id.rules. (bsc#1133418)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1733-1
Released:    Wed Jul  3 13:54:39 2019
Summary:     Security update for elfutils
Type:        security
Severity:    low
References:  1030472,1030476,1033084,1033085,1033087,1033088,1033089,1033090,1106390,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2016-10254,CVE-2016-10255,CVE-2017-7607,CVE-2017-7608,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665
This update for elfutils fixes the following issues:

Security issues fixed: 	  

- CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1107067).  
- CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472).
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007).
- CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476).
- CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files 
  to be read (bsc#1123685).
- CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390).
- CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088).
- CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections 
  and the number of segments in a crafted ELF file (bsc#1033090).
- CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084).
- CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085).
- CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087).
- CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723).
- CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089).
- CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973).
- CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1761-1
Released:    Fri Jul  5 14:10:34 2019
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    moderate
References:  1128383,1135261
This update for e2fsprogs fixes the following issues:

- Revert 'mke2fs: prevent creation of unmountable ext4 with large flex_bg count'. (bsc#1135261)

- Place metadata blocks in the last flex_bg so they are contiguous. (bsc#1135261)

- Check and fix tails of all bitmaps. (bsc#1128383)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1606-1
Released:    Wed Aug 21 13:36:49 2019
Summary:     Security update for libssh2_org
Type:        security
Severity:    moderate
References:  1128481,1136570,CVE-2019-3860
This update for libssh2_org fixes the following issues:

- Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481)
  (Out-of-bounds reads with specially crafted SFTP packets)