SUSE Container Update Advisory: sles12/haproxy
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2019:376-1
Container Tags        : sles12/haproxy:1.6.0
Container Release     : 2.3.329
Severity              : important
Type                  : security
References            : 1005063 1030472 1030476 1033084 1033085 1033087 1033088 1033089
                        1033090 1106390 1106809 1107067 1110797 1111973 1112723 1112726
                        1118206 1118378 1119296 1123555 1123685 1125007 1127340 1128383
                        1128481 1133418 1133847 1135261 1135709 1136570 1137443 954600
                        CVE-2016-10254 CVE-2016-10255 CVE-2017-7607 CVE-2017-7608 CVE-2017-7610
                        CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16403
                        CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-12735 CVE-2019-3860
                        CVE-2019-7150 CVE-2019-7665 
-----------------------------------------------------------------

The container sles12/haproxy was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1431-1
Released:    Wed Jun  5 16:50:13 2019
Summary:     Recommended update for xz
Type:        recommended
Severity:    moderate
References:  1135709
This update for xz does only update the license:

- Add SUSE-Public-Domain license as some parts of xz utils (liblzma,
  xz, xzdec, lzmadec, documentation, translated messages, tests,
  debug, extra directory) are in public domain license (bsc#1135709)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1456-1
Released:    Tue Jun 11 10:08:27 2019
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1137443,CVE-2019-12735
This update for vim fixes the following issue:

Security issue fixed: 

- CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1474-1
Released:    Wed Jun 12 14:46:20 2019
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1110797
This update for permissions fixes the following issues:

- Updated permissons for amanda (bsc#1110797)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1481-1
Released:    Thu Jun 13 07:46:01 2019
Summary:     Recommended update for sg3_utils
Type:        recommended
Severity:    moderate
References:  1005063,1119296,1133418,954600
This update for sg3_utils provides the following fixes:
- Fix regression for page 0xa. (bsc#1119296)
- Add pre/post scripts for lunmask.service. (bsc#954600)
- Will now generate by-path links for fibrechannel. (bsc#1005063)
- Fixes a syntax error for rule 59-fc-wwpn-id.rules. (bsc#1133418)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1630-1
Released:    Fri Jun 21 11:17:09 2019
Summary:     Recommended update for rsyslog
Type:        recommended
Severity:    moderate
References:  1133847
This update for rsyslog fixes the following issues:

- Fixes an issue where the 'readTimeout' option couldn't be used while using
  imfile with polling mode(bsc#1133847)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1733-1
Released:    Wed Jul  3 13:54:39 2019
Summary:     Security update for elfutils
Type:        security
Severity:    low
References:  1030472,1030476,1033084,1033085,1033087,1033088,1033089,1033090,1106390,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2016-10254,CVE-2016-10255,CVE-2017-7607,CVE-2017-7608,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665
This update for elfutils fixes the following issues:

Security issues fixed: 	  

- CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1107067).  
- CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472).
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007).
- CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476).
- CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files 
  to be read (bsc#1123685).
- CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390).
- CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088).
- CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections 
  and the number of segments in a crafted ELF file (bsc#1033090).
- CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084).
- CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085).
- CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087).
- CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723).
- CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089).
- CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973).
- CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1761-1
Released:    Fri Jul  5 14:10:34 2019
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    moderate
References:  1128383,1135261
This update for e2fsprogs fixes the following issues:

- Revert 'mke2fs: prevent creation of unmountable ext4 with large flex_bg count'. (bsc#1135261)

- Place metadata blocks in the last flex_bg so they are contiguous. (bsc#1135261)

- Check and fix tails of all bitmaps. (bsc#1128383)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1762-1
Released:    Fri Jul  5 15:04:14 2019
Summary:     Recommended update for wicked
Type:        recommended
Severity:    moderate
References:  1106809,1118206,1118378,1123555,1127340
This update for wicked fixes the following issues:

Wicked was updated to version 0.6.54:

- switch to use systemd notify and prevent event backlog at start
  by calling udevadm settle before starting wickedd (bsc#1118206)
- dhcp6: don't discard confirm reply without status (bsc#1127340)
- ethtool: set lro legacy flag and not txvlan (bsc#1123555)
- init memory before use in ioctl
- fsm: fix find pending worker loop segfault (bsc#1106809)
- dhcp: request hostname/fqdn option in the tester (bsc#1118378)
- build: link with relro by default for binary hardening

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1606-1
Released:    Wed Aug 21 13:36:49 2019
Summary:     Security update for libssh2_org
Type:        security
Severity:    moderate
References:  1128481,1136570,CVE-2019-3860
This update for libssh2_org fixes the following issues:

- Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481)
  (Out-of-bounds reads with specially crafted SFTP packets)