SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2019:7-1
Container Tags        : suse/sle15:15.0 , suse/sle15:15.0.4.13.1
Container Release     : 4.13.1
Severity              : important
Type                  : security
References            : 1065270 1096974 1096984 1111019 1117025 1120650 1121563 1122000
                        1123333 1123727 1123886 1123892 1124153 1125352 1126117 1126118
                        1126119 CVE-2018-10360 CVE-2019-6454 CVE-2019-8905 CVE-2019-8906
                        CVE-2019-8907 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:369-1
Released:    Wed Feb 13 14:01:42 2019
Summary:     Recommended update for itstool
Type:        recommended
Severity:    moderate
References:  1065270,1111019
This update for itstool and python-libxml2-python fixes the following issues:

Package: itstool
  - Updated version to support Python3. (bnc#1111019)

Package: python-libxml2-python
  - Fix segfault when parsing invalid data. (bsc#1065270)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:426-1
Released:    Mon Feb 18 17:46:55 2019
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1117025,1121563,1122000,1123333,1123727,1123892,1124153,1125352,CVE-2019-6454
This update for systemd fixes the following issues:

- CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352)

- units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333)
- logind: fix bad error propagation
- login: log session state 'closing' (as well as New/Removed)
- logind: fix borked r check
- login: don't remove all devices from PID1 when only one was removed
- login: we only allow opening character devices
- login: correct comment in session_device_free()
- login: remember that fds received from PID1 need to be removed eventually
- login: fix FDNAME in call to sd_pid_notify_with_fds()
- logind: fd 0 is a valid fd
- logind: rework sd_eviocrevoke()
- logind: check file is device node before using .st_rdev
- logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153)
- core: add a new sd_notify() message for removing fds from the FD store again
- logind: make sure we don't trip up on half-initialized session devices (bsc#1123727)
- fd-util: accept that kcmp might fail with EPERM/EACCES
- core: Fix use after free case in load_from_path() (bsc#1121563)
- core: include Found state in device dumps
- device: fix serialization and deserialization of DeviceFound
- fix path in btrfs rule (#6844)
- assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025)
- Update systemd-system.conf.xml (bsc#1122000)
- units: inform user that the default target is started after exiting from rescue or emergency mode
- core: free lines after reading them (bsc#1123892)
- sd-bus: if we receive an invalid dbus message, ignore and proceeed
- automount: don't pass non-blocking pipe to kernel.
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:506-1
Released:    Wed Feb 27 11:20:02 2019
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1120650,1123886
This update for permissions fixes the following issues:

- New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed
  stale entries for VirtualBox(bsc#1120650)
- Ensure consistency of entries, otherwise switching between settings
  becomes problematic
- Whitelist for postgresql. Currently the checker doesn't complain
  because the directories aren't packaged, but that might change
  and/or our checkers might improve (bsc#1123886)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:571-1
Released:    Thu Mar  7 18:13:46 2019
Summary:     Security update for file
Type:        security
Severity:    moderate
References:  1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907
This update for file fixes the following issues:

The following security vulnerabilities were addressed:

- CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in
  readelf.c, which allowed remote attackers to cause a denial of service
  (application crash) via a crafted ELF file (bsc#1096974)
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c
  (bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
  (bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
  (bsc#1126117)


The following package changes have been done:

- libsystemd0-234-24.25.1 updated
- permissions-20180125-3.6.1 updated
- file-magic-5.32-7.5.1 updated
- libmagic1-5.32-7.5.1 updated
- libxml2-2-2.9.7-3.6.1 updated
- libudev1-234-24.25.1 updated