SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:79-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.13.2.213 Container Release : 13.2.213 Severity : important Type : security References : 1176201 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182959 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-23840 CVE-2021-23841 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) The following package changes have been done: - bash-4.4-17.51 updated - ca-certificates-2+git20210309.21162a6-1.2 updated - coreutils-8.32-1.1 updated - glibc-2.31-6.2 updated - gpg2-2.2.27-1.1 updated - kubic-locale-archive-2.31-10.36 updated - libaudit1-2.8.5-3.5 updated - libblkid1-2.36.2-1.5 updated - libcrypt1-4.4.15-2.13 updated - libfdisk1-2.36.2-1.5 updated - libglib-2_0-0-2.62.6-3.6.1 updated - libldap-2_4-2-2.4.46-9.48.1 updated - libldap-data-2.4.46-9.48.1 updated - libmount1-2.36.2-1.5 updated - libopenssl1_1-1.1.1d-11.17.1 updated - libproxy1-0.4.15-12.41 updated - libreadline7-7.0-17.51 updated - libsasl2-3-2.1.27-2.2 updated - libsmartcols1-2.36.2-1.5 updated - libsystemd0-246.11-1.1 updated - libtirpc-netconfig-1.2.6-1.93 updated - libtirpc3-1.2.6-1.93 updated - libudev1-246.11-1.1 updated - libuuid1-2.36.2-1.5 updated - libz1-1.2.11-3.21.1 updated - libzypp-17.25.8-1.2 updated - login_defs-4.8.1-2.5 updated - openssl-1_1-1.1.1d-11.17.1 updated - perl-base-5.26.1-15.53 updated - rpm-config-SUSE-1-3.22 updated - rpm-ndb-4.14.1-29.1 updated - shadow-4.8.1-2.5 updated - sles-release-15.3-38.1 updated - system-group-hardware-20170617-15.47 updated - util-linux-2.36.2-1.5 updated - zypper-1.14.43-1.2 updated - libgnutls30-3.6.7-14.7.1 removed - libhogweed4-3.4.1-4.12.1 removed - libnettle6-3.4.1-4.12.1 removed