SUSE Container Update Advisory: sles12/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:129-1 Container Tags : sles12/registry:2.6.2 , sles12/registry:2.6.2-build4.15.1 Container Release : 4.15.1 Severity : important Type : security References : 1106383 1110929 1114592 1117951 1123886 1133495 1135254 1139459 1141897 1142649 1142654 1148517 1149145 1151377 1151506 1154043 1154871 1155574 1156482 1157578 1158809 1159814 1160100 1160163 1160594 1160764 1161675 1161779 1162027 1162108 1162518 1163922 1165915 1165919 1166510 1168195 CVE-2019-14250 CVE-2019-1551 CVE-2019-15847 CVE-2020-1712 CVE-2020-8013 ----------------------------------------------------------------- The container sles12/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:276-1 Released: Thu Jan 30 18:01:53 2020 Summary: Recommended update for apache2 Type: recommended Severity: important References: 1160100,1161675 This update for apache2 fixes the following issues: - Fix crash in mod_ssl: work around leaks on (graceful) restart (bsc#1161675) - apache2-devel now provides httpd-devel [bsc#1160100] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:403-1 Released: Wed Feb 19 09:05:00 2020 Summary: Recommended update for apache2 Type: recommended Severity: moderate References: 1162027 This update for apache2 fixes the following issues: - For for SSL Certificate chain error when using mod_ssl and mod_md in a complex setup. (bsc#1162027) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:404-1 Released: Wed Feb 19 09:05:47 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1154871 This update for p11-kit fixes the following issues: - Support loading NSS attribute 'CKA_NSS_MOZILLA_CA_POLICY' so Firefox detects built-in certificates. (bsc#1154871) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:474-1 Released: Tue Feb 25 13:24:15 2020 Summary: Security update for openssl Type: security Severity: moderate References: 1117951,1158809,1160163,CVE-2019-1551 This update for openssl fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Non-security issue fixed: - Fixed a crash in BN_copy (bsc#1160163). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:545-1 Released: Fri Feb 28 15:50:46 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1123886,1160594,1160764,1161779,1163922,CVE-2020-8013 This update for permissions fixes the following issues: Security issues fixed: - CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922). Non-security issues fixed: - Fixed a regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594). - Fixed capability handling when doing multiple permission changes at once (bsc#1161779). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:561-1 Released: Mon Mar 2 17:24:59 2020 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1110929,1157578 This update for elfutils fixes the following issues: - Fix 'eu-nm' issue in elfutils: Symbol iteration will be set to start at 0 instead of 1 to avoid missing symbols in the output. (bsc#1157578) - Fix for '.ko' file corruption in debug info. (bsc#1110929) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:571-1 Released: Tue Mar 3 13:23:35 2020 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1162518 This update for cyrus-sasl fixes the following issues: - Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) - Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:331-1 Released: Wed Mar 18 12:52:46 2020 Summary: Security update for systemd Type: security Severity: important References: 1106383,1133495,1139459,1151377,1151506,1154043,1155574,1156482,1159814,1162108,CVE-2020-1712 This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459) - Fix warnings thrown during package installation. (bsc#1154043) - Fix for system-udevd prevent crash within OES2018. (bsc#1151506) - Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482) - Wait for workers to finish when exiting. (bsc#1106383) - Improve log message when inotify limit is reached. (bsc#1155574) - Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377) - Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:786-1 Released: Wed Mar 25 06:47:18 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1165915,1165919 This update for p11-kit fixes the following issues: - tag this version with 'p11-kit-tools-supports-CKA_NSS_MOZILLA_CA_POLICY' provides so we can pull it in. (bsc#1165915 bsc#1165919) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:915-1 Released: Fri Apr 3 13:15:11 2020 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1168195 This update for openldap2 fixes the following issue: - The openldap2-ppolicy-check-password plugin is now included (FATE#319461 bsc#1168195) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:394-1 Released: Tue Apr 14 17:25:16 2020 Summary: Security update for gcc9 Type: security Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847 This update for gcc9 fixes the following issues: The GNU Compiler Collection is shipped in version 9. A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html The compilers have been added to the SUSE Linux Enterprise Toolchain Module. To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9 CXX=g++-9 set. For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and other compiler libraries have been switched from their gcc8 variants to their gcc9 variants. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:822-1 Released: Fri May 22 10:59:33 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for pam fixes the following issues: - Moved pam_userdb to a separate package pam-extra (bsc#1166510)