SUSE Container Update Advisory: sles12/registry
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:25-1
Container Tags        : sles12/registry:2.6.2
Container Release     : 4.8.203
Severity              : important
Type                  : security
References            : 1049825 1082318 1093414 1104902 1107617 1114674 1116995 1123919
                        1124847 1128828 1131830 1134550 1136298 1137053 1137832 1139870
                        1139942 1140039 1140631 1140914 1141093 1142614 1142661 1143194
                        1143273 1145521 1145575 1145738 1145740 1145741 1145742 1146415
                        1148987 1149429 1149496 1150003 1150250 1150595 1150734 1151577
                        1153386 1153557 1154036 1154037 1154043 1154862 1154948 1155199
                        1155338 1155339 1157198 1158586 1158763 1159162 1160571 CVE-2018-10754
                        CVE-2018-18311 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10098
                        CVE-2019-12749 CVE-2019-13050 CVE-2019-13057 CVE-2019-13565 CVE-2019-13627
                        CVE-2019-14866 CVE-2019-1547 CVE-2019-1563 CVE-2019-15903 CVE-2019-17498
                        CVE-2019-17594 CVE-2019-17595 CVE-2019-18900 CVE-2019-3688 CVE-2019-3690
                        CVE-2019-5188 CVE-2019-5482 CVE-2019-9517 CVE-2019-9893 SLE-10396
                        SLE-7081 SLE-7257 
-----------------------------------------------------------------

The container sles12/registry was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2120-1
Released:    Wed Aug 14 11:17:39 2019
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1136298,SLE-7257
This update for pam fixes the following issues:

- Enable pam_userdb.so (SLE-7257,bsc#1136298)
- Upgraded pam_userdb to 1.3.1.  (bsc#1136298)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2264-1
Released:    Mon Sep  2 09:07:12 2019
Summary:     Security update for perl
Type:        security
Severity:    important
References:  1114674,CVE-2018-18311
This update for perl fixes the following issues:

Security issue fixed:

- CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2288-1
Released:    Wed Sep  4 14:22:47 2019
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1104902,1107617,1137053,1142661
This update for systemd fixes the following issues:

- Fixes an issue where the Kernel took very long to unmount a user's runtime directory (bsc#1104902)
- udevd: changed the default value of udev.children-max (again) (bsc#1107617)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2329-1
Released:    Fri Sep  6 16:08:08 2019
Summary:     Security update for apache2
Type:        security
Severity:    important
References:  1145575,1145738,1145740,1145741,1145742,CVE-2019-10081,CVE-2019-10082,CVE-2019-10092,CVE-2019-10098,CVE-2019-9517
This update for apache2 fixes the following issues:

Security issues fixed:

- CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1145575).
- CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes (bsc#1145742).
- CVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in h2 connection shutdown (bsc#1145741).
- CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy (bsc#1145740).
- CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open redirect (bsc#1145738).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2372-1
Released:    Thu Sep 12 14:01:27 2019
Summary:     Recommended update for krb5
Type:        recommended
Severity:    moderate
References:  1139942,1140914,SLE-7081
This update for krb5 fixes the following issues:

- Fix missing responder if there is no pre-auth; (bsc#1139942)
- Load mechglue config files from /etc/gss/mech.d; (bsc#1140914, jsc#SLE-7081)
- Fix impersonate_name to work with interposers; (bsc#1140914, jsc#SLE-7081)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2339-1
Released:    Thu Sep 12 14:17:53 2019
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1149496,CVE-2019-5482
This update for curl fixes the following issues:

Security issue fixed:

- CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2390-1
Released:    Tue Sep 17 15:46:02 2019
Summary:     Security update for openldap2
Type:        security
Severity:    moderate
References:  1143194,1143273,CVE-2019-13057,CVE-2019-13565
This update for openldap2 fixes the following issues:

Security issues fixed:

- CVE-2019-13565: Fixed ssf memory reuse that leads to incorrect authorization of another connection, granting excess connection rights (ssf) (bsc#1143194).
- CVE-2019-13057: Fixed rootDN of a backend that may proxyauth incorrectly to another backend, violating multi-tenant isolation (bsc#1143273).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2413-1
Released:    Fri Sep 20 10:44:26 2019
Summary:     Security update for openssl
Type:        security
Severity:    moderate
References:  1150003,1150250,CVE-2019-1547,CVE-2019-1563
This update for openssl fixes the following issues:

OpenSSL Security Advisory [10 September 2019]

- CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003).
- CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2440-1
Released:    Mon Sep 23 17:15:13 2019
Summary:     Security update for expat
Type:        security
Severity:    moderate
References:  1149429,CVE-2019-15903
This update for expat fixes the following issues:

Security issue fixed:

- CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. (bsc#1149429)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2480-1
Released:    Fri Sep 27 13:12:08 2019
Summary:     Security update for gpg2
Type:        security
Severity:    moderate
References:  1124847,1141093,CVE-2019-13050
This update for gpg2 fixes the following issues:

Security issue fixed:

- CVE-2019-13050: Fixed denial-of-service attacks via big keys. (bsc#1141093)

Non-security issue fixed:

- Allow coredumps in X11 desktop sessions (bsc#1124847).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2510-1
Released:    Tue Oct  1 17:37:12 2019
Summary:     Security update for libgcrypt
Type:        security
Severity:    moderate
References:  1148987,CVE-2019-13627
This update for libgcrypt fixes the following issues:

Security issues fixed:
	  
- CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2818-1
Released:    Tue Oct 29 17:22:01 2019
Summary:     Recommended update for zypper and libzypp
Type:        recommended
Severity:    important
References:  1049825,1116995,1140039,1145521,1146415,1153557
This update for zypper and libzypp fixes the following issues:

Package: zypper

- Fixed an issue where zypper exited on a SIGPIPE during package download (bsc#1145521)
- Rephrased the file conflicts check summary (bsc#1140039)
- Fixes an issue where the bash completion was wrongly expanded (bsc#1049825)

Package: libzypp

- Fixed an issue where YaST2 was not able to find base products via libzypp (bsc#1153557)
- Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus
  mode when resolving jobs (bsc#1146415)
- Fixes a file descriptor leak in the media backend (bsc#1116995)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2887-1
Released:    Mon Nov  4 17:31:49 2019
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1139870
This update for apparmor provides the following fix:

- Change pathname in logprof.conf and use check_qualifiers() in autodep to make sure
  apparmor does not generate profiles for programs marked as not having their own
  profiles. (bsc#1139870)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2898-1
Released:    Tue Nov  5 17:00:27 2019
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1140631,1150595,1154948
This update for systemd fixes the following issues:

- sd-bus: deal with cookie overruns (bsc#1150595)
- rules: Add by-id symlinks for persistent memory (bsc#1140631)
- Drop the old fds used for logging and reopen them in the
  sub process before doing any new logging.  (bsc#1154948)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2936-1
Released:    Fri Nov  8 13:19:55 2019
Summary:     Security update for libssh2_org
Type:        security
Severity:    moderate
References:  1154862,CVE-2019-17498
This update for libssh2_org fixes the following issue:

- CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2941-1
Released:    Tue Nov 12 10:03:32 2019
Summary:     Security update for libseccomp
Type:        security
Severity:    moderate
References:  1082318,1128828,1142614,CVE-2019-9893
This update for libseccomp fixes the following issues:

Update to new upstream release 2.4.1:

* Fix a BPF generation bug where the optimizer mistakenly
  identified duplicate BPF code blocks.

Updated to 2.4.0 (bsc#1128828 CVE-2019-9893):

* Update the syscall table for Linux v5.0-rc5
* Added support for the SCMP_ACT_KILL_PROCESS action
* Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute
* Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension
* Added support for the parisc and parisc64 architectures
* Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3)
* Return -EDOM on an endian mismatch when adding an architecture to a filter
* Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run()
* Fix PFC generation when a syscall is prioritized, but no rule exists
* Numerous fixes to the seccomp-bpf filter generation code
* Switch our internal hashing function to jhash/Lookup3 to MurmurHash3
* Numerous tests added to the included test suite, coverage now at ~92%
* Update our Travis CI configuration to use Ubuntu 16.04
* Numerous documentation fixes and updates

Update to release 2.3.3:

* Updated the syscall table for Linux v4.15-rc7

Update to release 2.3.2:

* Achieved full compliance with the CII Best Practices program
* Added Travis CI builds to the GitHub repository
* Added code coverage reporting with the '--enable-code-coverage' configure
  flag and added Coveralls to the GitHub repository
* Updated the syscall tables to match Linux v4.10-rc6+
* Support for building with Python v3.x
* Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is
  set to true
* Several small documentation fixes

- ignore make check error for ppc64/ppc64le, bypass bsc#1142614

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3003-1
Released:    Tue Nov 19 10:12:33 2019
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1153386,SLE-10396
This update for procps provides the following fixes:

- Backport the MemAvailable patch into SLE12-SP4/SP5 procps. (jsc#SLE-10396)
- Add missing ShmemPmdMapped entry for pmap with newer kernels. (bsc#1153386)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3064-1
Released:    Mon Nov 25 18:44:36 2019
Summary:     Security update for cpio
Type:        security
Severity:    moderate
References:  1155199,CVE-2019-14866
This update for cpio fixes the following issues:
	  
- CVE-2019-14866: Fixed an improper validation of the values written 
  in the header of a TAR file through the to_oct() function which could 
  have led to unexpected TAR generation (bsc#1155199).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3085-1
Released:    Thu Nov 28 10:01:53 2019
Summary:     Security update for libxml2
Type:        security
Severity:    low
References:  1123919
This update for libxml2 doesn't fix any additional security issues, but correct the rpm changelog to reflect
all CVEs that have been fixed over the past.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3094-1
Released:    Thu Nov 28 16:47:52 2019
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1131830,1134550,1154036,1154037,CVE-2018-10754,CVE-2019-17594,CVE-2019-17595
This update for ncurses fixes the following issues:

Security issue fixed:

- CVE-2018-10754: Fixed a denial of service caused by a NULL Pointer Dereference in the _nc_parse_entry() (bsc#1131830).
- CVE-2019-17594: Fixed a heap-based buffer over-read in _nc_find_entry function in tinfo/comp_hash.c (bsc#1154036).
- CVE-2019-17595: Fixed a heap-based buffer over-read in fmt_entry function in tinfo/comp_hash.c (bsc#1154037).

Bug fixes:

- Fixed ppc64le build configuration (bsc#1134550).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3132-1
Released:    Tue Dec  3 10:52:14 2019
Summary:     Recommended update for update-alternatives
Type:        recommended
Severity:    moderate
References:  1154043
This update for update-alternatives fixes the following issues:

- Fix post install scripts: test if there is actual file before calling update-alternatives. (bsc#1154043)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3180-1
Released:    Thu Dec  5 11:42:40 2019
Summary:     Security update for permissions
Type:        security
Severity:    moderate
References:  1093414,1150734,1157198,CVE-2019-3688,CVE-2019-3690
This update for permissions fixes the following issues:

- CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid
  which could have allowed a squid user to gain persistence by changing the 
  binary (bsc#1093414).
- CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic 
  links (bsc#1150734).
- Fixed a regression which caused segmentation fault (bsc#1157198).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3342-1
Released:    Thu Dec 19 11:04:35 2019
Summary:     Recommended update for elfutils
Type:        recommended
Severity:    moderate
References:  1151577
This update for elfutils fixes the following issues:

- Add require of 'libebl1' for 'libelf1'. (bsc#1151577)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3364-1
Released:    Thu Dec 19 19:20:52 2019
Summary:     Recommended update for ncurses
Type:        recommended
Severity:    moderate
References:  1158586,1159162
This update for ncurses fixes the following issues:

- Work around a bug of old upstream gen-pkgconfig (bsc#1159162) 
- Remove doubled library path options (bsc#1159162)
- Also remove private requirements as (lib)tinfo are binary compatible
  with normal and wide version of (lib)ncurses (bsc#1158586, bsc#1159162)
- Fix last change, that is add missed library linker paths as well
  as missed include directories for none standard paths (bsc#1158586,
  bsc#1159162)
- Do not mix include directories of different ncurses ABI (bsc#1158586) 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:86-1
Released:    Mon Jan 13 14:12:22 2020
Summary:     Security update for e2fsprogs
Type:        security
Severity:    moderate
References:  1160571,CVE-2019-5188
This update for e2fsprogs fixes the following issues:

- CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:106-1
Released:    Wed Jan 15 12:50:55 2020
Summary:     Recommended update for libgcrypt
Type:        recommended
Severity:    important
References:  1155338,1155339
This update for libgcrypt fixes the following issues:

- Fix test dsa-rfc6979 in FIPS mode: Disabled tests in elliptic curves with 192 bits which are not recommended in FIPS mode
- Added CMAC AES and TDES FIPS self-tests: (bsc#1155339, bsc#1155338)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:373-1
Released:    Tue Feb 18 15:06:18 2020
Summary:     Security update for dbus-1
Type:        security
Severity:    important
References:  1137832,CVE-2019-12749
This update for dbus-1 fixes the following issues:
	  
Security issue fixed:     
    
- CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which 
  could have allowed local attackers to bypass authentication (bsc#1137832).   

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:79-1
Released:    Wed Sep 16 16:17:11 2020
Summary:     Security update for libzypp
Type:        security
Severity:    moderate
References:  1158763,CVE-2019-18900
This update for libzypp fixes the following issues:

Security issue fixed:

- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).