SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:677-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.4 , suse/sles12sp3:latest Container Release : 24.4 Severity : important Type : security References : 1040621 1042781 1080919 1085003 1092034 1097869 1100396 1103244 1105435 1118629 1121563 1125352 1125535 1126056 1127557 1128657 1130103 1130230 1131291 1131982 1132348 1132400 1132721 1133528 1135170 941922 955942 CVE-2015-5186 CVE-2017-6891 CVE-2018-1000654 CVE-2018-6954 CVE-2019-3842 CVE-2019-3859 CVE-2019-5436 CVE-2019-6454 SLE-5933 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1060-1 Released: Sat Apr 27 09:45:38 2019 Summary: Security update for libssh2_org Type: security Severity: important References: 1130103,1133528,CVE-2019-3859 This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1125-1 Released: Tue Apr 30 18:50:59 2019 Summary: Recommended update for glibc Type: recommended Severity: important References: 1100396,1103244 This update for glibc fixes the following issues: - Add support for the new Japanese time era name that comes into effect on 2019-05-01. [bsc#1100396, bsc#1103244] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1131-1 Released: Thu May 2 15:39:59 2019 Summary: Recommended update for libidn Type: recommended Severity: moderate References: 1092034 This update for libidn fixes the following issues: - Obsoletes now the libidn 32bit package (bsc#1092034) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1136-1 Released: Fri May 3 10:27:57 2019 Summary: Security update for openssl Type: security Severity: moderate References: 1131291 This update for openssl fixes the following issues: - Reject invalid EC point coordinates (bsc#1131291) This helps openssl using services that do not do this verification on their own. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1166-1 Released: Tue May 7 11:01:39 2019 Summary: Security update for audit Type: security Severity: moderate References: 1042781,1085003,1125535,941922,CVE-2015-5186 This update for audit fixes the following issues: Audit on SUSE Linux Enterprise 12 SP3 was updated to 2.8.1 to bring new features and bugfixes. (bsc#1125535 FATE#326346) * Many features were added to auparse_normalize * cli option added to auditd and audispd for setting config dir * In auditd, restore the umask after creating a log file * Option added to auditd for skipping email verification The full changelog can be found here: http://people.redhat.com/sgrubb/audit/ChangeLog - Change openldap dependency to client only (bsc#1085003) Minor security issue fixed: - CVE-2015-5186: Audit: log terminal emulator escape sequences handling (bsc#941922) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1259-1 Released: Wed May 15 14:06:20 2019 Summary: Recommended update for sysvinit Type: recommended Severity: moderate References: 1131982 This update for sysvinit fixes the following issues: - Handle various optional fields of /proc//mountinfo on the entry/ies before the hyphen (bsc#1131982) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1265-1 Released: Thu May 16 09:52:22 2019 Summary: Security update for systemd Type: security Severity: important References: 1080919,1121563,1125352,1126056,1127557,1128657,1130230,1132348,1132400,1132721,955942,CVE-2018-6954,CVE-2019-3842,CVE-2019-6454,SLE-5933 This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed: - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - core: only watch processes when it's really necessary (bsc#955942 bsc#1128657) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - Do not automatically online memory on s390x (bsc#1127557) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1363-1 Released: Tue May 28 10:50:53 2019 Summary: Security update for curl Type: security Severity: important References: 1135170,CVE-2019-5436 This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1379-1 Released: Wed May 29 15:07:04 2019 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1040621,1105435,CVE-2017-6891,CVE-2018-1000654 This update for libtasn1 fixes the following issues: Security issues fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). - CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1402-1 Released: Mon Jun 3 09:12:38 2019 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1097869,1118629 This update for kmod fixes the following issues: - Fixes a potential buffer overflow in libkmod (bsc#1118629). The following package changes have been done: - libopenssl1_0_0-1.0.2j-60.52.1 updated - libaudit1-2.8.1-8.3.1 updated - libidn11-1.28-5.6.1 updated - libudev1-228-150.66.4 updated - openssl-1.0.2j-60.52.1 updated - libtasn1-4.9-3.10.1 updated - glibc-2.22-62.19.1 updated - libkmod2-17-9.12.1 updated - libssh2-1-1.4.3-20.6.1 updated - libsystemd0-228-150.66.4 updated - libcurl4-7.37.0-37.40.1 updated - sysvinit-tools-2.88+-101.3.1 updated - systemd-228-150.66.4 updated - kmod-compat-17-9.12.1 updated - libtasn1-6-4.9-3.10.1 updated