SUSE Image Update Advisory: suse-sles-15-sp1-chost-byos-v20200803-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2020:73-1 Image Tags : suse-sles-15-sp1-chost-byos-v20200803-gen2:20200803 Image Release : Severity : important Type : security References : 1082318 1100077 1101023 1120862 1127544 1130873 1133297 1154803 1156913 1164260 1164543 1165476 1165573 1166513 1166610 1167122 1168990 1168994 1169947 1170801 1170801 1171224 1171224 1171437 1171652 1172135 1172135 1172307 1172807 1172925 1173106 1173159 1173159 1173160 1173161 1173359 1173812 1174011 1174463 1174570 CVE-2020-10713 CVE-2020-10730 CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 ----------------------------------------------------------------- The container suse-sles-15-sp1-chost-byos-v20200803-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1396-1 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Type: security Severity: moderate References: 1082318,1133297 This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1869-1 Released: Tue Jul 7 15:08:12 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.14: - Enable zstd compression support - Support blacklisted packages in solver_findproblemrule() (bnc#1172135) - Support rules with multiple negative literals in choice rule generation - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.7: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Fix core dump with corrupted history file (bsc#1170801) zypper was updated to 1.14.37: - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1913-1 Released: Tue Jul 14 17:40:42 2020 Summary: Security update for samba Type: security Severity: important References: 1171437,1172307,1173159,1173160,1173161,1173359,CVE-2020-10730,CVE-2020-10745,CVE-2020-10760,CVE-2020-14303 This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). - CVE-2020-14303: Fixed an endless loop when receiving at AD DC empty UDP packets (bsc#1173359). - CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159). - CVE-2020-10760: Fixed a use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV (bsc#1173161). - Added libnetapi-devel to baselibs conf, for wine usage (bsc#1172307). - Fixed an installing issue where samba - samba-ad-dc.service did not exist and unit was not found (bsc#1171437). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1924-1 Released: Wed Jul 15 12:31:23 2020 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1166513 This update for grub2 fixes the following issue: - Skip not needed zfcpdump kernel from the grub boot menu. (bsc#1166513) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1952-1 Released: Fri Jul 17 17:35:24 2020 Summary: Recommended update for zypper-migration-plugin Type: recommended Severity: moderate References: 1171652 This update for zypper-migration-plugin fixes the following issue: - Update from version 0.12.1580220831.7102be8 to version 0.12.1590748670.86b0749 * Make sure that all the release packages are installed. (bsc#1171652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1953-1 Released: Sat Jul 18 03:06:11 2020 Summary: Recommended update for parted Type: recommended Severity: important References: 1164260 This update for parted fixes the following issue: - fix support of NVDIMM (pmemXs) devices (bsc#1164260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1999-1 Released: Wed Jul 22 09:04:32 2020 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1172807 This update for dracut fixes the following issues: - PXE boot process times out (bsc#1172807) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2000-1 Released: Wed Jul 22 09:04:41 2020 Summary: Recommended update for efivar Type: recommended Severity: important References: 1100077,1101023,1120862,1127544 This update for efivar fixes the following issues: - fix logic that checks for UCS-2 string termination (bsc#1127544) - fix casting of IPv4 addresses - Don't require an EUI for NVMe (bsc#1100077) - Add support for ACPI Generic Container and Embedded Controller root nodes (bsc#1101023) - fix for compilation failures bsc#1120862 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2040-1 Released: Fri Jul 24 13:58:53 2020 Summary: Recommended update for libsolv, libzypp Type: recommended Severity: moderate References: 1170801,1171224,1172135,1173106,1174011 This update for libsolv, libzypp fixes the following issues: libsolv was updated to version 0.7.14: - Enable zstd compression support for sle15 - Support blacklisted packages in solver_findproblemrule() (bsc#1172135) - Support rules with multiple negative literals in choice rule generation libzypp was updated to version 17.24.0: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Fix core dump with corrupted history file (bsc#1170801) - Better handling of the purge-kernels algorithm. (bsc#1173106) - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2067-1 Released: Wed Jul 29 11:11:40 2020 Summary: Security update for ldb Type: security Severity: moderate References: 1173159,CVE-2020-10730 This update for ldb fixes the following issues: - CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2077-1 Released: Wed Jul 29 19:28:39 2020 Summary: Security update for grub2 Type: security Severity: important References: 1168994,1173812,1174463,1174570,CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 This update for grub2 fixes the following issues: - CVE-2020-10713 (bsc#1168994) - CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - CVE-2020-15706 (bsc#1174463) - CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) The following package changes have been done: - audit-2.8.1-5.5.2 updated - chrony-pool-suse-3.2-9.15.1 updated - chrony-3.2-9.15.1 updated - cifs-utils-6.9-5.3.1 added - containerd-ctr-1.2.13-5.22.2 updated - containerd-1.2.13-5.22.2 updated - cups-config-2.2.7-3.17.1 added - curl-7.60.0-3.29.1 updated - device-mapper-1.02.149-12.17.11 updated - diffutils-3.6-4.3.1 updated - docker-libnetwork-0.7.0.1+gitr2902_153d0769a118-4.21.2 updated - docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.38.2 updated - docker-19.03.11_ce-6.34.2 updated - dracut-044.2-18.67.1 updated - gamin-server-0.1.10-1.41 added - grub2-i386-pc-2.02-26.25.1 updated - grub2-x86_64-efi-2.02-26.25.1 updated - grub2-2.02-26.25.1 updated - kernel-default-4.12.14-197.45.1 updated - krb5-1.16.3-3.9.1 updated - libaudit1-2.8.1-5.5.1 updated - libauparse0-2.8.1-5.5.1 updated - libavahi-client3-0.7-1.21 added - libavahi-common3-0.7-1.21 added - libcups2-2.2.7-3.17.1 added - libcurl4-7.60.0-3.29.1 updated - libdcerpc-binding0-4.9.5+git.343.4bc358522a9-3.38.1 added - libdcerpc0-4.9.5+git.343.4bc358522a9-3.38.1 added - libdevmapper-event1_03-1.02.149-12.17.11 updated - libdevmapper1_03-1.02.149-12.17.11 updated - libefivar1-37-6.3.1 updated - libfam0-gamin-0.1.10-3.2.3 added - libfreebl3-3.53.1-3.45.1 updated - libfreetype6-2.10.1-4.5.1 updated - libgnutls30-3.6.7-6.29.1 updated - libjansson4-2.9-1.24 added - libldap-2_4-2-2.4.46-9.31.1 updated - libldap-data-2.4.46-9.31.1 updated - libldb1-1.4.6-3.5.2 added - liblmdb-0_9_17-0.9.17-4.6.2 added - libndr-krb5pac0-4.9.5+git.343.4bc358522a9-3.38.1 added - libndr-nbt0-4.9.5+git.343.4bc358522a9-3.38.1 added - libndr-standard0-4.9.5+git.343.4bc358522a9-3.38.1 added - libndr0-4.9.5+git.343.4bc358522a9-3.38.1 added - libnetapi0-4.9.5+git.343.4bc358522a9-3.38.1 added - libnscd1-2.0.2-3.21 added - libparted0-3.2-11.14.1 updated - libpci3-3.5.6-3.3.1 updated - libpython3_6m1_0-3.6.10-3.56.1 updated - libsamba-credentials0-4.9.5+git.343.4bc358522a9-3.38.1 added - libsamba-errors0-4.9.5+git.343.4bc358522a9-3.38.1 added - libsamba-hostconfig0-4.9.5+git.343.4bc358522a9-3.38.1 added - libsamba-passdb0-4.9.5+git.343.4bc358522a9-3.38.1 added - libsamba-util0-4.9.5+git.343.4bc358522a9-3.38.1 added - libsamdb0-4.9.5+git.343.4bc358522a9-3.38.1 added - libsigc-2_0-0-2.10.0-3.5.1 added - libsmbconf0-4.9.5+git.343.4bc358522a9-3.38.1 added - libsmbldap2-4.9.5+git.343.4bc358522a9-3.38.1 added - libsolv-tools-0.7.14-3.22.2 updated - libsystemd0-234-24.52.3 updated - libtalloc2-2.1.14-5.22 added - libtdb1-1.3.16-4.23 added - libtevent-util0-4.9.5+git.343.4bc358522a9-3.38.1 added - libtevent0-0.9.37-6.23 added - libudev1-234-24.52.3 updated - libwbclient0-4.9.5+git.343.4bc358522a9-3.38.1 added - libzstd1-1.4.4-1.3.1 added - libzypp-17.24.1-3.28.1 updated - parted-3.2-11.14.1 updated - pciutils-3.5.6-3.3.1 updated - perl-base-5.26.1-7.12.1 updated - perl-5.26.1-7.12.1 updated - permissions-20181116-9.35.1 updated - python3-base-3.6.10-3.56.1 updated - python3-talloc-2.1.14-5.22 added - python3-3.6.10-3.56.1 updated - samba-libs-python3-4.9.5+git.343.4bc358522a9-3.38.1 added - samba-libs-4.9.5+git.343.4bc358522a9-3.38.1 added - suse-module-tools-15.1.22-3.16.1 updated - system-user-lp-20170617-4.155 added - systemd-sysvinit-234-24.52.3 updated - systemd-234-24.52.3 updated - timezone-2020a-3.29.1 updated - udev-234-24.52.3 updated - vim-data-common-8.0.1568-5.6.1 updated - vim-8.0.1568-5.6.1 updated - zypper-migration-plugin-0.12.1590748670.86b0749-6.7.1 updated - zypper-1.14.37-3.19.1 updated