SUSE Container Update Advisory: suse/sles12sp4
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2019:650-1
Container Tags        : suse/sles12sp4:26.42 , suse/sles12sp4:latest
Container Release     : 26.42
Severity              : important
Type                  : security
References            : 1010675 1109893 1110146 1110542 1111319 1112911 1113296 1120629
                        1120630 1120631 1126613 1127155 1131823 1134226 1135170 1137977
                        1139083 1139083 985657 CVE-2016-3189 CVE-2016-9318 CVE-2018-20532
                        CVE-2018-20533 CVE-2018-20534 CVE-2019-12900 CVE-2019-12900 CVE-2019-5436
-----------------------------------------------------------------

The container suse/sles12sp4 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1896-1
Released:    Thu Jul 18 16:26:45 2019
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1010675,1110146,1126613,CVE-2016-9318
This update for libxml2 fixes the following issues:

Issue fixed:

- Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access 
  the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have 
  incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1955-1
Released:    Tue Jul 23 11:42:41 2019
Summary:     Security update for bzip2
Type:        security
Severity:    important
References:  1139083,985657,CVE-2016-3189,CVE-2019-12900
This update for bzip2 fixes the following issues:

Security issue fixed:

- CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083).
- CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:1972-1
Released:    Thu Jul 25 15:00:03 2019
Summary:     Security update for libsolv, libzypp, zypper
Type:        security
Severity:    moderate
References:  1109893,1110542,1111319,1112911,1113296,1120629,1120630,1120631,1127155,1131823,1134226,1137977,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
This update for libsolv, libzypp and zypper fixes the following issues:

libsolv was updated to version 0.6.36 fixes the following issues:

Security issues fixed:

- CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629).
- CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630).
- CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631).

Non-security issues fixed:

- Made cleandeps jobs on patterns work (bsc#1137977).
- Fixed an issue multiversion packages that obsolete their own name (bsc#1127155).
- Keep consistent package name if there are multiple alternatives (bsc#1131823).

libzypp received following fixes:

- Fixes a bug where locking the kernel was not possible (bsc#1113296)

zypper received following fixes:

- Fixes a bug where the wrong exit code was set when refreshing
  repos if --root was used (bsc#1134226)
- Improved the displaying of locks (bsc#1112911)
- Fixes an issue where `https` repository urls caused an error prompt to
   appear twice (bsc#1110542)
- zypper will now always warn when no repositories are defined (bsc#1109893)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2009-1
Released:    Mon Jul 29 14:44:44 2019
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1135170,CVE-2019-5436
This update for curl fixes the following issues:

Security issue fixed:

- CVE-2019-5436: Fixed a heap buffer overflow in tftp_receive_packet() (bsc#1135170).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2013-1
Released:    Mon Jul 29 15:42:41 2019
Summary:     Security update for bzip2
Type:        security
Severity:    important
References:  1139083,CVE-2019-12900
This update for bzip2 fixes the following issues:

- Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities
  with files that used many selectors (bsc#1139083).


The following package changes have been done:

- base-container-licenses-3.0-1.97 updated
- container-suseconnect-2.0.0-1.22 updated
- libbz2-1-1.0.6-30.8.1 updated
- libcurl4-7.60.0-4.6.1 updated
- libsolv-tools-0.6.36-2.16.2 updated
- libxml2-2-2.9.4-46.20.1 updated
- libzypp-16.20.0-2.39.4 updated
- zypper-1.13.51-21.26.4 updated
- bzip2-1.0.6-29.2 removed
- gzip-1.6-9.3.1 removed