SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:679-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.56 , suse/sles12sp3:latest Container Release : 24.56 Severity : important Type : security References : 1005063 1010675 1030472 1030476 1033084 1033085 1033087 1033088 1033089 1033090 1043886 1100989 1104902 1105495 1106390 1107067 1107617 1109893 1110146 1110542 1110797 1111300 1111319 1111973 1112723 1112726 1112911 1113296 1114674 1116544 1119296 1120629 1120630 1120631 1123685 1123697 1123704 1124847 1125007 1126613 1127155 1127155 1127223 1127308 1127891 1128383 1128481 1128574 1131635 1131823 1133418 1134226 1135261 1135709 1136298 1136570 1137053 1137977 1139083 1139083 1139937 1139942 1140914 1141093 1142661 1143194 1143273 1144169 1148987 1149429 1149496 1150003 1150250 954600 985657 CVE-2009-5155 CVE-2016-10254 CVE-2016-10255 CVE-2016-3189 CVE-2016-9318 CVE-2017-7607 CVE-2017-7608 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16403 CVE-2018-18310 CVE-2018-18311 CVE-2018-18520 CVE-2018-18521 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 CVE-2018-20843 CVE-2019-12900 CVE-2019-12900 CVE-2019-13050 CVE-2019-13057 CVE-2019-13565 CVE-2019-13627 CVE-2019-1547 CVE-2019-1563 CVE-2019-15903 CVE-2019-3860 CVE-2019-5482 CVE-2019-7150 CVE-2019-7665 CVE-2019-9169 SLE-7081 SLE-7257 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:336-1 Released: Wed Feb 21 14:26:52 2018 Summary: Security update for libdb-4_8 Type: security Severity: moderate References: 1043886 This update for libdb-4_8 fixes the following issues: - A DB_CONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-4_8. (bsc#1043886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1431-1 Released: Wed Jun 5 16:50:13 2019 Summary: Recommended update for xz Type: recommended Severity: moderate References: 1135709 This update for xz does only update the license: - Add SUSE-Public-Domain license as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain license (bsc#1135709) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1474-1 Released: Wed Jun 12 14:46:20 2019 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1110797 This update for permissions fixes the following issues: - Updated permissons for amanda (bsc#1110797) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1481-1 Released: Thu Jun 13 07:46:01 2019 Summary: Recommended update for sg3_utils Type: recommended Severity: moderate References: 1005063,1119296,1133418,954600 This update for sg3_utils provides the following fixes: - Fix regression for page 0xa. (bsc#1119296) - Add pre/post scripts for lunmask.service. (bsc#954600) - Will now generate by-path links for fibrechannel. (bsc#1005063) - Fixes a syntax error for rule 59-fc-wwpn-id.rules. (bsc#1133418) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1733-1 Released: Wed Jul 3 13:54:39 2019 Summary: Security update for elfutils Type: security Severity: low References: 1030472,1030476,1033084,1033085,1033087,1033088,1033089,1033090,1106390,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2016-10254,CVE-2016-10255,CVE-2017-7607,CVE-2017-7608,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665 This update for elfutils fixes the following issues: Security issues fixed: - CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1107067). - CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472). - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007). - CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476). - CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files to be read (bsc#1123685). - CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390). - CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088). - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090). - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084). - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085). - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087). - CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723). - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089). - CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973). - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1761-1 Released: Fri Jul 5 14:10:34 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1128383,1135261 This update for e2fsprogs fixes the following issues: - Revert 'mke2fs: prevent creation of unmountable ext4 with large flex_bg count'. (bsc#1135261) - Place metadata blocks in the last flex_bg so they are contiguous. (bsc#1135261) - Check and fix tails of all bitmaps. (bsc#1128383) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1834-1 Released: Fri Jul 12 17:55:14 2019 Summary: Security update for expat Type: security Severity: moderate References: 1139937,CVE-2018-20843 This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1844-1 Released: Mon Jul 15 07:13:09 2019 Summary: Recommended update for pam Type: recommended Severity: low References: 1116544 This update for pam fixes the following issues: - restricted the number of file descriptors to close to a more sensible number based upon resource limits (bsc#1116544) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1896-1 Released: Thu Jul 18 16:26:45 2019 Summary: Security update for libxml2 Type: security Severity: moderate References: 1010675,1110146,1126613,CVE-2016-9318 This update for libxml2 fixes the following issues: Issue fixed: - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1955-1 Released: Tue Jul 23 11:42:41 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,985657,CVE-2016-3189,CVE-2019-12900 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1958-1 Released: Tue Jul 23 13:18:12 2019 Summary: Security update for glibc Type: security Severity: moderate References: 1127223,1127308,1128574,CVE-2009-5155,CVE-2019-9169 This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Added cfi information for start routines in order to stop unwinding on S390 (bsc#1128574). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1972-1 Released: Thu Jul 25 15:00:03 2019 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: moderate References: 1109893,1110542,1111319,1112911,1113296,1120629,1120630,1120631,1127155,1131823,1134226,1137977,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 This update for libsolv, libzypp and zypper fixes the following issues: libsolv was updated to version 0.6.36 fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). libzypp received following fixes: - Fixes a bug where locking the kernel was not possible (bsc#1113296) zypper received following fixes: - Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226) - Improved the displaying of locks (bsc#1112911) - Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542) - zypper will now always warn when no repositories are defined (bsc#1109893) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2013-1 Released: Mon Jul 29 15:42:41 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2101-1 Released: Fri Aug 9 10:38:55 2019 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1100989,1105495,1111300,1123697,1123704,1127155,1127891,1131635 This update for suse-module-tools to version 12.6 fixes the following issues: - weak-modules2: emit 'inconsistent' warning only if replacement fails (bsc#1127155) - modprobe.conf.common: add csiostor->cxgb4 dependency (bsc#1100989, bsc#1131635) - Fix driver-check.sh (bsc#1123697, bsc#1123704) - modsign-verify: support for parsing PKCS#7 signatures (bsc#1111300, bsc#1105495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2120-1 Released: Wed Aug 14 11:17:39 2019 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1136298,SLE-7257 This update for pam fixes the following issues: - Enable pam_userdb.so (SLE-7257,bsc#1136298) - Upgraded pam_userdb to 1.3.1. (bsc#1136298) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1606-1 Released: Wed Aug 21 13:36:49 2019 Summary: Security update for libssh2_org Type: security Severity: moderate References: 1128481,1136570,CVE-2019-3860 This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2240-1 Released: Wed Aug 28 14:57:51 2019 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1144169 This update for ca-certificates-mozilla fixes the following issues: - Update to 2.34 state of the Mozilla NSS Certificate store. (bsc#1144169) - Removed Root CAs: - Certinomis - Root CA - Added root CAs from the 2.32 version: - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2264-1 Released: Mon Sep 2 09:07:12 2019 Summary: Security update for perl Type: security Severity: important References: 1114674,CVE-2018-18311 This update for perl fixes the following issues: Security issue fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2288-1 Released: Wed Sep 4 14:22:47 2019 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1104902,1107617,1137053,1142661 This update for systemd fixes the following issues: - Fixes an issue where the Kernel took very long to unmount a user's runtime directory (bsc#1104902) - udevd: changed the default value of udev.children-max (again) (bsc#1107617) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2372-1 Released: Thu Sep 12 14:01:27 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1139942,1140914,SLE-7081 This update for krb5 fixes the following issues: - Fix missing responder if there is no pre-auth; (bsc#1139942) - Load mechglue config files from /etc/gss/mech.d; (bsc#1140914, jsc#SLE-7081) - Fix impersonate_name to work with interposers; (bsc#1140914, jsc#SLE-7081) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2339-1 Released: Thu Sep 12 14:17:53 2019 Summary: Security update for curl Type: security Severity: important References: 1149496,CVE-2019-5482 This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2390-1 Released: Tue Sep 17 15:46:02 2019 Summary: Security update for openldap2 Type: security Severity: moderate References: 1143194,1143273,CVE-2019-13057,CVE-2019-13565 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2019-13565: Fixed ssf memory reuse that leads to incorrect authorization of another connection, granting excess connection rights (ssf) (bsc#1143194). - CVE-2019-13057: Fixed rootDN of a backend that may proxyauth incorrectly to another backend, violating multi-tenant isolation (bsc#1143273). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2413-1 Released: Fri Sep 20 10:44:26 2019 Summary: Security update for openssl Type: security Severity: moderate References: 1150003,1150250,CVE-2019-1547,CVE-2019-1563 This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2440-1 Released: Mon Sep 23 17:15:13 2019 Summary: Security update for expat Type: security Severity: moderate References: 1149429,CVE-2019-15903 This update for expat fixes the following issues: Security issue fixed: - CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. (bsc#1149429) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2480-1 Released: Fri Sep 27 13:12:08 2019 Summary: Security update for gpg2 Type: security Severity: moderate References: 1124847,1141093,CVE-2019-13050 This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed denial-of-service attacks via big keys. (bsc#1141093) Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2510-1 Released: Tue Oct 1 17:37:12 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1148987,CVE-2019-13627 This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987) The following package changes have been done: - libsgutils2-2-1.43+46.4b09c76-16.23.1 updated - libopenssl1_0_0-1.0.2j-60.55.1 updated - libexpat1-2.1.0-21.9.1 updated - libcom_err2-1.42.11-16.3.1 updated - libbz2-1-1.0.6-30.8.1 updated - libasm1-0.158-7.7.2 updated - libdb-4_8-4.8.30-29.6 added - libldap-2_4-2-2.4.41-18.63.1 updated - libsystemd0-228-150.71.1 updated - krb5-1.12.5-40.37.7 updated - xz-5.0.5-6.3.1 updated - elfutils-0.158-7.7.2 updated - pam-1.1.8-24.27.1 updated - systemd-228-150.71.1 updated - glibc-2.22-62.22.5 updated - perl-base-5.18.2-12.20.1 updated - liblzma5-5.0.5-6.3.1 updated - libelf1-0.158-7.7.2 updated - libssh2-1-1.4.3-20.9.1 updated - libgcrypt20-1.6.1-16.68.1 updated - expat-2.1.0-21.9.1 updated - libdw1-0.158-7.7.2 updated - libxml2-2-2.9.4-46.20.1 updated - libudev1-228-150.71.1 updated - openssl-1.0.2j-60.55.1 updated - libcurl4-7.37.0-37.43.1 updated - permissions-2015.09.28.1626-17.15.1 updated - gpg2-2.0.24-9.8.1 updated - libsolv-tools-0.6.36-2.16.2 updated - libzypp-16.20.0-2.39.4 updated - zypper-1.13.51-21.26.4 updated - suse-module-tools-12.6-27.3.2 updated - ca-certificates-mozilla-2.34-12.15.1 updated - bzip2-1.0.6-29.2 removed