SUSE Container Update Advisory: sles12/pv-recycler-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:529-1 Container Tags : sles12/pv-recycler-node:1.0.0 Container Release : 2.3.263 Severity : important Type : security References : 1010675 1109893 1110146 1110542 1111319 1112911 1113296 1120629 1120630 1120631 1126613 1127155 1127223 1127308 1128574 1131823 1134226 1137977 1139083 1139083 985657 CVE-2009-5155 CVE-2016-3189 CVE-2016-9318 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 CVE-2019-12900 CVE-2019-12900 CVE-2019-9169 ----------------------------------------------------------------- The container sles12/pv-recycler-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1896-1 Released: Thu Jul 18 16:26:45 2019 Summary: Security update for libxml2 Type: security Severity: moderate References: 1010675,1110146,1126613,CVE-2016-9318 This update for libxml2 fixes the following issues: Issue fixed: - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1955-1 Released: Tue Jul 23 11:42:41 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,985657,CVE-2016-3189,CVE-2019-12900 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1958-1 Released: Tue Jul 23 13:18:12 2019 Summary: Security update for glibc Type: security Severity: moderate References: 1127223,1127308,1128574,CVE-2009-5155,CVE-2019-9169 This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Added cfi information for start routines in order to stop unwinding on S390 (bsc#1128574). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1972-1 Released: Thu Jul 25 15:00:03 2019 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: moderate References: 1109893,1110542,1111319,1112911,1113296,1120629,1120630,1120631,1127155,1131823,1134226,1137977,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 This update for libsolv, libzypp and zypper fixes the following issues: libsolv was updated to version 0.6.36 fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). libzypp received following fixes: - Fixes a bug where locking the kernel was not possible (bsc#1113296) zypper received following fixes: - Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226) - Improved the displaying of locks (bsc#1112911) - Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542) - zypper will now always warn when no repositories are defined (bsc#1109893) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2013-1 Released: Mon Jul 29 15:42:41 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083).