SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:93-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.13.2.238 Container Release : 13.2.238 Severity : important Type : security References : 1078466 1146705 1172442 1175519 1178775 1180020 1180083 1180596 1181011 1181358 1181831 1183094 1183370 1183371 1183852 CVE-2020-11080 CVE-2021-24031 CVE-2021-24032 CVE-2021-3449 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] The following package changes have been done: - bash-4.4-17.57 updated - filesystem-15.0-11.3.2 updated - glibc-2.31-6.5 updated - libaudit1-2.8.5-3.11 updated - libblkid1-2.36.2-1.12 updated - libcrypt1-4.4.15-2.19 updated - libfdisk1-2.36.2-1.12 updated - libmount1-2.36.2-1.12 updated - libnghttp2-14-1.40.0-3.5.1 updated - libopenssl1_1-1.1.1d-11.20.1 updated - libreadline7-7.0-17.57 updated - libsmartcols1-2.36.2-1.12 updated - libtirpc-netconfig-1.2.6-1.99 updated - libtirpc3-1.2.6-1.99 updated - libuuid1-2.36.2-1.12 updated - libzstd1-1.4.4-1.6.1 updated - login_defs-4.8.1-2.11 updated - openssl-1_1-1.1.1d-11.20.1 updated - perl-base-5.26.1-15.59 updated - rpm-config-SUSE-1-3.28 updated - shadow-4.8.1-2.11 updated - sles-release-15.3-39.2 updated - system-group-hardware-20170617-15.53 updated - util-linux-2.36.2-1.12 updated