SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:94-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.237 , suse/sles12sp3:latest Container Release : 24.237 Severity : important Type : security References : 1116107 1159635 1174215 1175109 1178727 1178823 1178909 1178925 1178966 1179398 1179398 1179399 1179491 1180073 1181728 1182138 1182279 1182331 1182333 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 CVE-2019-19906 CVE-2020-1971 CVE-2020-25709 CVE-2020-25710 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8231 CVE-2020-8284 CVE-2020-8284 CVE-2020-8285 CVE-2021-23840 CVE-2021-23841 CVE-2021-27212 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3569-1 Released: Mon Nov 30 17:13:16 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1178727 This update for pam fixes the following issue: - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3573-1 Released: Mon Nov 30 18:13:05 2020 Summary: Recommended update for sg3_utils Type: recommended Severity: low References: 1116107 This update for sg3_utils fixes the following issues: - Fixed wrong device ID for devices using NAA extended format (bsc#1116107) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3763-1 Released: Fri Dec 11 14:17:32 2020 Summary: Security update for openssl Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3794-1 Released: Mon Dec 14 17:40:20 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1174215,1178925,1178966 This update for libzypp, zypper fixes the following issues: Changes in zypper: - Fix typo in `list-patches` help. (bsc#1178925) The options for selecting issues matching the specified string is `--issue[=STRING]`, not `--issues[=STRING]`. Changes in libzypp: - Fix in repository manager for removing non-directory entries related to the cache. (bsc#1178966) - Remove from the logs the credentials available from the authorization header. (bsc#1174215) The authorization header may include base64 encoded credentials which could be restored from the log file. The credentials are now stripped from the log. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3800-1 Released: Mon Dec 14 18:55:59 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,1179398,CVE-2020-8231,CVE-2020-8284 This update for curl fixes the following issues: - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). - CVE-2020-8231: Fixed an issue with trusting FTP PASV responses (bsc#1175109). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3876-1 Released: Fri Dec 18 16:45:25 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,CVE-2020-8284,CVE-2020-8285 This update for curl fixes the following issue: - CVE-2020-8285: Fixed an FTP wildcard stack overflow (bsc#1179399). - CVE-2020-8284: Adjust trusting FTP PASV responses (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3939-1 Released: Mon Dec 28 14:29:41 2020 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1159635,CVE-2019-19906 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:26-1 Released: Tue Jan 5 14:18:00 2021 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation. (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:128-1 Released: Thu Jan 14 11:01:24 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:588-1 Released: Thu Feb 25 06:10:02 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1182138 This update for file fixes the following issues: - Fixed an issue when file is used with a string started with '80'. (bsc#1182138) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:693-1 Released: Wed Mar 3 18:13:33 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:939-1 Released: Wed Mar 24 12:24:38 2021 Summary: Security update for openssl Type: security Severity: moderate References: 1182331,1182333,CVE-2021-23840,CVE-2021-23841 This update for openssl fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:970-1 Released: Mon Mar 29 14:53:14 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1181728 This update for apparmor fixes the following issues: - Add abstraction/base fix to apparmor-profile. (bsc#1181728) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1003-1 Released: Thu Apr 1 15:06:58 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) The following package changes have been done: - libsgutils2-2-1.43+46.4b09c76-16.26.1 updated - libopenssl1_0_0-1.0.2j-60.66.1 updated - libsasl2-3-2.1.26-8.13.1 updated - file-5.22-10.18.1 updated - libldap-2_4-2-2.4.41-18.83.1 updated - libcurl4-7.37.0-37.55.1 updated - pam-1.1.8-24.36.1 updated - libzypp-16.21.4-2.49.1 updated - zypper-1.13.58-21.35.2 updated - file-magic-5.22-10.18.1 updated - libapparmor1-2.8.2-51.24.1 updated - libcap2-2.26-14.3.1 updated - libmagic1-5.22-10.18.1 updated - libxml2-2-2.9.4-46.37.1 updated - openssl-1.0.2j-60.66.1 updated