SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2019:2-1
Container Tags        : suse/sle15:15.0 , suse/sle15:15.0.4.13.1
Container Release     : 4.13.1
Severity              : important
Type                  : security
References            : 1005023 1044232 1045723 1076696 1080919 1083926 1083927 1093753
                        1101591 1111498 1114933 1117063 1117951 1118913 1119496 1119971
                        1120323 1120489 1121446 CVE-2018-0737 CVE-2018-16864 CVE-2018-16865
                        CVE-2018-16866 CVE-2018-20217 CVE-2018-5729 CVE-2018-5730 CVE-2018-6954
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:82-1
Released:    Fri Jan 11 17:16:48 2019
Summary:     Recommended update for suse-build-key
Type:        recommended
Severity:    moderate
References:  1044232
This update for suse-build-key fixes the following issues:

- Include the SUSE PTF GPG key in the key directory to avoid it being
  stripped via %doc stripping in CAASP. (bsc#1044232)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:94-1
Released:    Tue Jan 15 14:49:04 2019
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1120489,CVE-2018-20217
This update for krb5 fixes the following issues:

Security issue fixed:

- CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:137-1
Released:    Mon Jan 21 15:52:45 2019
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1005023,1045723,1076696,1080919,1093753,1101591,1111498,1114933,1117063,1119971,1120323,CVE-2018-16864,CVE-2018-16865,CVE-2018-16866,CVE-2018-6954
This update for systemd provides the following fixes:

Security issues fixed:

- CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323)
- CVE-2018-16866: Fixed an information leak in journald (bsc#1120323)
- CVE-2018-6954: Fix mishandling of symlinks present in non-terminal path components (bsc#1080919)
- Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971)

Non-security issues fixed:

- pam_systemd: Fix 'Cannot create session: Already running in a session' (bsc#1111498)
- systemd-vconsole-setup: vconsole setup fails, fonts will not be copied to tty (bsc#1114933)
- systemd-tmpfiles-setup: symlinked /tmp to /var/tmp breaking multiple units (bsc#1045723)
- Fixed installation issue with /etc/machine-id during update (bsc#1117063)
- btrfs: qgroups are assigned to parent qgroups after reboot (bsc#1093753)
- logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591)
- udev: Downgrade message when settting inotify watch up fails. (bsc#1005023)
- udev: Ignore the exit code of systemd-detect-virt for memory hot-add.  In SLE-12-SP3,
  80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to
  detect non-zvm environment. The systemd-detect-virt returns exit failure code when it
  detected _none_ state.  The exit failure code causes that the hot-add memory block can
  not be set to online. (bsc#1076696)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:147-1
Released:    Wed Jan 23 17:57:31 2019
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    moderate
References:  1121446
This update for ca-certificates-mozilla fixes the following issues:

The package was updated to the 2.30 version of the Mozilla NSS Certificate store. (bsc#1121446)

Removed Root CAs:

  - AC Raiz Certicamara S.A.
  - Certplus Root CA G1
  - Certplus Root CA G2
  - OpenTrust Root CA G1
  - OpenTrust Root CA G2
  - OpenTrust Root CA G3
  - Visa eCommerce Root

Added Root CAs:

  - Certigna Root CA (email and server auth)
  - GTS Root R1 (server auth)
  - GTS Root R2 (server auth)
  - GTS Root R3 (server auth)
  - GTS Root R4 (server auth)
  - OISTE WISeKey Global Root GC CA (email and server auth)
  - UCA Extended Validation Root (server auth)
  - UCA Global G2 Root (email and server auth)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:175-1
Released:    Fri Jan 25 16:24:01 2019
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1083926,1083927,CVE-2018-5729,CVE-2018-5730
This update for krb5 fixes the following issues:

Security issues fixed:

- CVE-2018-5729, CVE-2018-5730: Fixed multiple flaws in LDAP DN checking (bsc#1083926, bsc#1083927)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:189-1
Released:    Mon Jan 28 14:14:46 2019
Summary:     Recommended update for rpm
Type:        recommended
Severity:    moderate
References:  
This update for rpm fixes the following issues:

- Add kmod(module) provides to kernel and KMPs (fate#326579).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:197-1
Released:    Tue Jan 29 13:35:53 2019
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1117951,1118913,CVE-2018-0737
This update for openssl-1_1 fixes the following issues:

Security issues fixed:

- The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951)
- Fix FIPS RSA generator (bsc#1118913)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:207-1
Released:    Tue Jan 29 20:20:24 2019
Summary:     Recommended update for container-suseconnect
Type:        recommended
Severity:    moderate
References:  1119496
This update for container-suseconnect fixes the following issues:

container-suseconnect was updated to 2.0.0 (bsc#1119496):

- Added command line interface
- Added `ADDITIONAL_MODULES` capability to enable further extension modules during image build and run
- Added documentation about how to build docker images on non SLE distributions
- Improve documentation to clarify how container-suseconnect works in a Dockerfile
- Improve error handling on non SLE hosts
- Fix bug which makes container-suseconnect work on SLE15 based distributions


The following package changes have been done:

- libsystemd0-234-24.20.1 updated
- container-suseconnect-2.0.0-4.3.1 updated
- suse-build-key-12.0-8.3.1 updated
- libopenssl1_1-1.1.0i-4.18.1 updated
- libudev1-234-24.20.1 updated
- krb5-1.15.2-6.6.2 updated
- rpm-4.14.1-10.11.1 updated
- openssl-1_1-1.1.0i-4.18.1 updated
- ca-certificates-mozilla-2.30-4.9.1 updated