SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2019:51-1
Container Tags        : suse/sle15:15.1 , suse/sle15:15.1.6.2.75
Container Release     : 6.2.75
Severity              : important
Type                  : security
References            : 1081947 1081947 1082293 1085196 1106214 1121197 1122417 1125886
                        1127701 1135534 1135708 1140647 1141113 1141883 1144047 1144169
                        1149495 1149496 353876 CVE-2019-5481 CVE-2019-5482 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2188-1
Released:    Wed Aug 21 10:10:29 2019
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1140647
This update for aaa_base fixes the following issues:

- Make systemd detection cgroup oblivious. (bsc#1140647) 

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2218-1
Released:    Mon Aug 26 11:29:57 2019
Summary:     Recommended update for pinentry
Type:        recommended
Severity:    moderate
References:  1141883
This update for pinentry fixes the following issues:

- Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2241-1
Released:    Wed Aug 28 14:58:49 2019
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    moderate
References:  1144169
This update for ca-certificates-mozilla fixes the following issues:

ca-certificates-mozillawas updated to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169)

Removed CAs:
  - Certinomis - Root CA

Includes new root CAs from the 2.32 version:

- emSign ECC Root CA - C3 (email and server auth)
- emSign ECC Root CA - G3 (email and server auth)
- emSign Root CA - C1 (email and server auth)
- emSign Root CA - G1 (email and server auth)
- Hongkong Post Root CA 3 (server auth)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2307-1
Released:    Thu Sep  5 14:45:08 2019
Summary:     Security update for util-linux and shadow
Type:        security
Severity:    moderate
References:  1081947,1082293,1085196,1106214,1121197,1122417,1125886,1127701,1135534,1135708,1141113,353876
This update for util-linux and shadow fixes the following issues:

util-linux:

- Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197)
- Prevent outdated pam files (bsc#1082293).
- De-duplicate fstrim -A properly (bsc#1127701).
- Do not trim read-only volumes (bsc#1106214).
- Integrate pam_keyinit pam module to login (bsc#1081947).
- Perform one-time reset of /etc/default/su (bsc#1121197).
- Fix problems in reading of login.defs values (bsc#1121197)
- libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417).
- raw.service: Add RemainAfterExit=yes (bsc#1135534).
- agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886)
- libmount: print a blacklist hint for 'unknown filesystem type' (jsc#SUSE-4085, fate#326832)
- Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197).

shadow:

- Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197)
- Fix segfault in useradd during setting password inactivity period. (bsc#1141113)
- Hardening for su wrappers (bsc#353876)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2361-1
Released:    Thu Sep 12 07:54:54 2019
Summary:     Recommended update for krb5
Type:        recommended
Severity:    moderate
References:  1081947,1144047
This update for krb5 contains the following fixes:

- Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:2373-1
Released:    Thu Sep 12 14:18:53 2019
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1149495,1149496,CVE-2019-5481,CVE-2019-5482
This update for curl fixes the following issues:

Security issues fixed:

- CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495).
- CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496).


The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-3.12.1 updated
- ca-certificates-mozilla-2.34-4.12.1 updated
- krb5-1.16.3-3.6.1 updated
- libblkid1-2.33.1-4.5.1 updated
- libcurl4-7.60.0-3.23.1 updated
- libfdisk1-2.33.1-4.5.1 updated
- libmount1-2.33.1-4.5.1 updated
- libsmartcols1-2.33.1-4.5.1 updated
- libuuid1-2.33.1-4.5.1 updated
- pinentry-1.1.0-4.3.1 updated
- shadow-4.6-3.5.6 updated
- util-linux-2.33.1-4.5.1 updated