SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:673-1 Container Tags : suse/sles12sp3:12.27 , suse/sles12sp3:2.0.2 , suse/sles12sp3:latest Container Release : 12.27 Severity : important Type : security References : 1005023 1076696 1101591 1114981 1115518 1119971 1120323 1120489 1121446 1121450 CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 CVE-2018-20217 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:111-1 Released: Thu Jan 17 14:18:31 2019 Summary: Security update for krb5 Type: security Severity: important References: 1120489,CVE-2018-20217 This update for krb5 fixes the following issues: Security issue fixed: - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:135-1 Released: Mon Jan 21 13:53:58 2019 Summary: Security update for systemd Type: security Severity: moderate References: 1005023,1076696,1101591,1114981,1115518,1119971,1120323,CVE-2018-16864,CVE-2018-16865,CVE-2018-16866 This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - core: Queue loading transient units after setting their properties. (bsc#1115518) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - terminal-util: introduce vt_release() and vt_restore() helpers. - terminal: Unify code for resetting kbd utf8 mode a bit. - terminal Reset should honour default_utf8 kernel setting. - logind: Make session_restore_vt() static. - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - log: Never log into foreign fd #2 in PID 1 or its pre-execve() children. (bsc#1114981) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:143-1 Released: Tue Jan 22 14:21:55 2019 Summary: Recommended update for ncurses Type: recommended Severity: important References: 1121450 This update for ncurses fixes the following issues: - ncurses applications freezing (bsc#1121450) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:149-1 Released: Wed Jan 23 17:58:18 2019 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1121446 This update for ca-certificates-mozilla fixes the following issues: The package was updated to the 2.30 version of the Mozilla NSS Certificate store. (bsc#1121446) Removed Root CAs: - AC Raiz Certicamara S.A. - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - Visa eCommerce Root Added Root CAs: - Certigna Root CA (email and server auth) - GTS Root R1 (server auth) - GTS Root R2 (server auth) - GTS Root R3 (server auth) - GTS Root R4 (server auth) - OISTE WISeKey Global Root GC CA (email and server auth) - UCA Extended Validation Root (server auth) - UCA Global G2 Root (email and server auth) The following package changes have been done: - libncurses6-5.9-64.1 updated - libudev1-228-150.58.1 updated - terminfo-base-5.9-64.1 updated - libncurses5-5.9-64.1 updated - libsystemd0-228-150.58.1 updated - krb5-1.12.5-40.31.1 updated - systemd-228-150.58.1 updated - ca-certificates-mozilla-2.30-12.12.1 updated