SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:261-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.86 Container Release : 17.8.86 Severity : moderate Type : security References : 1188348 1188507 1192954 1193632 1194976 CVE-2021-3995 CVE-2021-3996 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) The following package changes have been done: - libblkid1-2.36.2-150300.4.14.3 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libfdisk1-2.36.2-150300.4.14.3 updated - libmount1-2.36.2-150300.4.14.3 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libuuid1-2.36.2-150300.4.14.3 updated - login_defs-4.8.1-150300.4.3.8 updated - shadow-4.8.1-150300.4.3.8 updated - util-linux-2.36.2-150300.4.14.3 updated