SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2019:648-1 Container Tags : suse/sles12sp4:26.24 , suse/sles12sp4:latest Container Release : 26.24 Severity : moderate Type : security References : 1030472 1030476 1033084 1033085 1033087 1033088 1033089 1033090 1106390 1107067 1111973 1112723 1112726 1117993 1123685 1125007 1132678 941234 CVE-2015-5180 CVE-2016-10254 CVE-2016-10255 CVE-2017-7607 CVE-2017-7608 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1716-1 Released: Thu Jun 27 13:15:38 2019 Summary: Security update for glibc Type: security Severity: moderate References: 1117993,1132678,941234,CVE-2015-5180 This update for glibc fixes the following issues: Security issue fixed: - CVE-2015-5180: Fixed a NULL pointer dereference with internal QTYPE (bsc#941234). Feature work: - IBM zSeries arch13 hardware support in glibc added (fate#327072, bsc#1132678) Other issue addressed: - Fixed a concurrency issue with ldconfig (bsc#1117993). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1733-1 Released: Wed Jul 3 13:54:39 2019 Summary: Security update for elfutils Type: security Severity: low References: 1030472,1030476,1033084,1033085,1033087,1033088,1033089,1033090,1106390,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2016-10254,CVE-2016-10255,CVE-2017-7607,CVE-2017-7608,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665 This update for elfutils fixes the following issues: Security issues fixed: - CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1107067). - CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472). - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007). - CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476). - CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files to be read (bsc#1123685). - CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390). - CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088). - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090). - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084). - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085). - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087). - CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723). - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089). - CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973). - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726). The following package changes have been done: - base-container-licenses-3.0-1.91 updated - container-suseconnect-2.0.0-1.17 updated - glibc-2.22-100.15.4 updated - libelf1-0.158-7.7.2 updated