Linux Security
    Linux Security
    Linux Security

    SUSE: 2020:858-1 caasp/v4/nginx-ingress-controller Security Update

    Date 18 Dec 2020
    427
    Posted By LinuxSecurity Advisories
    The container caasp/v4/nginx-ingress-controller was updated. The following patches have been included in this update:
    SUSE Container Update Advisory: caasp/v4/nginx-ingress-controller
    -----------------------------------------------------------------
    Container Advisory ID : SUSE-CU-2020:858-1
    Container Tags        : caasp/v4/nginx-ingress-controller:0.15.0 , caasp/v4/nginx-ingress-controller:0.15.0-rev1 , caasp/v4/nginx-ingress-controller:0.15.0-rev1-build2.305 , caasp/v4/nginx-ingress-controller:beta1
    Container Release     : 2.305
    Severity              : important
    Type                  : security
    References            : 1005063 1010675 1010996 1010996 1030472 1030476 1033084 1033085
                            1033087 1033088 1033089 1033090 1040621 1042781 1049825 1050241
                            1069384 1071152 1071152 1071390 1071390 1080919 1082318 1082318
                            1083571 1084671 1085003 1087481 1091236 1092034 1092100 1093414
                            1096209 1096974 1096984 1097869 1098155 1100078 1100396 1100415
                            1100415 1100989 1102840 1103244 1104780 1104902 1105435 1105495
                            1106383 1106390 1107067 1107617 1108606 1109893 1110146 1110542
                            1110797 1110929 1111300 1111319 1111498 1111973 1112300 1112723
                            1112726 1112758 1112911 1113296 1113975 1114592 1114674 1114835
                            1115500 1116544 1116995 1117025 1117382 1117951 1117951 1118629
                            1118629 1119296 1120629 1120629 1120630 1120630 1120631 1120631
                            1120658 1121446 1121563 1121626 1121753 1122000 1122344 1123333
                            1123361 1123371 1123377 1123378 1123522 1123685 1123697 1123704
                            1123886 1123892 1123919 1124211 1124847 1125007 1125113 1125352
                            1125352 1125535 1126056 1126117 1126118 1126119 1126613 1127080
                            1127155 1127155 1127155 1127223 1127308 1127557 1127891 1128383
                            1128471 1128472 1128474 1128476 1128480 1128481 1128481 1128490
                            1128492 1128493 1128574 1128657 1128712 1128828 1130103 1130230
                            1130324 1131291 1131635 1131823 1131823 1131830 1131886 1131982
                            1132160 1132348 1132400 1132721 1133418 1133495 1133528 1134226
                            1134550 1135170 1135254 1135261 1135709 1136298 1136570 1137053
                            1137832 1137977 1137977 1139083 1139083 1139459 1139459 1139870
                            1139937 1139942 1140039 1140095 1140101 1140120 1140631 1140914
                            1141093 1141493 1141897 1142614 1142649 1142654 1142661 1143194
                            1143273 1144169 1145521 1146415 1146608 1148517 1148987 1149145
                            1149332 1149429 1149496 1149995 1150003 1150250 1150595 1150734
                            1151377 1151506 1151577 1152590 1153386 1153557 1154036 1154037
                            1154043 1154043 1154256 1154609 1154862 1154871 1154871 1154948
                            1155199 1155338 1155339 1155574 1156159 1156194 1156276 1156402
                            1156482 1157198 1157315 1157578 1158586 1158763 1158809 1159162
                            1159814 1159928 1160039 1160160 1160163 1160571 1160594 1160613
                            1160614 1160764 1161262 1161436 1161517 1161521 1161779 1162108
                            1162518 1162698 1162879 1163834 1163922 1164538 1165471 1165633
                            1165784 1165915 1165915 1165919 1165919 1166301 1166510 1167622
                            1167898 1168195 1169488 1169766 1169947 1170601 1170715 1170771
                            1171145 1171863 1171864 1171866 1171878 1172021 1172085 1172265
                            1172295 1172491 1172698 1172704 1172798 1172846 1173027 1173227
                            1173593 1173972 1174080 1174537 1174628 1174628 1174660 1174673
                            1174753 1174817 1175168 1175239 1176013 1176123 1176179 1176410
                            1176513 1176800 1177143 1177458 1177510 1177864 1177914 1178038
                            1178387 1178512 888534 941922 954600 955942 973042 983268 985657
                            CVE-2009-5155 CVE-2015-5186 CVE-2016-10254 CVE-2016-10255 CVE-2016-3189
                            CVE-2016-5102 CVE-2016-9318 CVE-2017-12652 CVE-2017-6891 CVE-2017-7607
                            CVE-2017-7608 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613
                            CVE-2017-7890 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106
                            CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 CVE-2018-1000654 CVE-2018-10360
                            CVE-2018-10754 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125
                            CVE-2018-1126 CVE-2018-1152 CVE-2018-11813 CVE-2018-14498 CVE-2018-14553
                            CVE-2018-16062 CVE-2018-16403 CVE-2018-16839 CVE-2018-16890 CVE-2018-17000
                            CVE-2018-18310 CVE-2018-18311 CVE-2018-18520 CVE-2018-18521 CVE-2018-20532
                            CVE-2018-20532 CVE-2018-20533 CVE-2018-20533 CVE-2018-20534 CVE-2018-20534
                            CVE-2018-20843 CVE-2018-6954 CVE-2019-11038 CVE-2019-11068 CVE-2019-12749
                            CVE-2019-12900 CVE-2019-12900 CVE-2019-13050 CVE-2019-13057 CVE-2019-13117
                            CVE-2019-13118 CVE-2019-13565 CVE-2019-13627 CVE-2019-14250 CVE-2019-14866
                            CVE-2019-14973 CVE-2019-1547 CVE-2019-1551 CVE-2019-1559 CVE-2019-1563
                            CVE-2019-15847 CVE-2019-15903 CVE-2019-17498 CVE-2019-17594 CVE-2019-17595
                            CVE-2019-18197 CVE-2019-18900 CVE-2019-19956 CVE-2019-20386 CVE-2019-20388
                            CVE-2019-2201 CVE-2019-3688 CVE-2019-3690 CVE-2019-3822 CVE-2019-3823
                            CVE-2019-3842 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858
                            CVE-2019-3859 CVE-2019-3859 CVE-2019-3860 CVE-2019-3860 CVE-2019-3861
                            CVE-2019-3862 CVE-2019-3863 CVE-2019-5188 CVE-2019-5436 CVE-2019-5482
                            CVE-2019-6128 CVE-2019-6454 CVE-2019-6454 CVE-2019-6977 CVE-2019-6978
                            CVE-2019-7150 CVE-2019-7317 CVE-2019-7663 CVE-2019-7665 CVE-2019-8905
                            CVE-2019-8906 CVE-2019-8907 CVE-2019-9169 CVE-2019-9232 CVE-2019-9433
                            CVE-2019-9893 CVE-2019-9924 CVE-2020-10029 CVE-2020-10543 CVE-2020-10878
                            CVE-2020-12243 CVE-2020-12723 CVE-2020-13790 CVE-2020-13844 CVE-2020-14344
                            CVE-2020-14344 CVE-2020-14363 CVE-2020-15999 CVE-2020-1712 CVE-2020-24977
                            CVE-2020-25219 CVE-2020-25692 CVE-2020-26154 CVE-2020-28196 CVE-2020-7595
                            CVE-2020-8013 CVE-2020-8023 CVE-2020-8177 SLE-10396 SLE-5933
                            SLE-7081 SLE-7257 
    -----------------------------------------------------------------
    
    The container caasp/v4/nginx-ingress-controller was updated. The following patches have been included in this update:
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2015:50-1
    Released:    Thu Jan 15 16:33:18 2015
    Summary:     Recommended update for ca-certificates-mozilla
    Type:        recommended
    Severity:    moderate
    References:  888534
    
    The system root SSL certificates were updated to match Mozilla NSS 2.2.
    
    Some removed/disabled 1024 bit certificates were temporarily reenabled/readded,
    as openssl and gnutls have a different handling of intermediates than
    mozilla nss and would otherwise not recognize SSL certificates from commonly used
    sites like Amazon.
    
    Updated to 2.2 (bnc#888534)
    - The following CAs were added:
      + COMODO_RSA_Certification_Authority
        codeSigning emailProtection serverAuth
      + GlobalSign_ECC_Root_CA_-_R4
        codeSigning emailProtection serverAuth
      + GlobalSign_ECC_Root_CA_-_R5
        codeSigning emailProtection serverAuth
      + USERTrust_ECC_Certification_Authority
        codeSigning emailProtection serverAuth
      + USERTrust_RSA_Certification_Authority
        codeSigning emailProtection serverAuth
      + VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal
    - The following CAs were changed:
      + Equifax_Secure_eBusiness_CA_1
        remote code signing and https trust, leave email trust
      + Verisign_Class_3_Public_Primary_Certification_Authority_-_G2
        only trust emailProtection
    - Updated to 2.1 (bnc#888534)
    - The following 1024-bit CA certificates were removed
      - Entrust.net Secure Server Certification Authority
      - ValiCert Class 1 Policy Validation Authority
      - ValiCert Class 2 Policy Validation Authority
      - ValiCert Class 3 Policy Validation Authority
      - TDC Internet Root CA
    - The following CA certificates were added:
      - Certification Authority of WoSign
      - CA 沃通根证书
      - DigiCert Assured ID Root G2
      - DigiCert Assured ID Root G3
      - DigiCert Global Root G2
      - DigiCert Global Root G3
      - DigiCert Trusted Root G4
      - QuoVadis Root CA 1 G3
      - QuoVadis Root CA 2 G3
      - QuoVadis Root CA 3 G3
    - The Trust Bits were changed for the following CA certificates
      - Class 3 Public Primary Certification Authority
      - Class 3 Public Primary Certification Authority
      - Class 2 Public Primary Certification Authority - G2
      - VeriSign Class 2 Public Primary Certification Authority - G3
      - AC Raíz Certicámara S.A.
      - NetLock Uzleti (Class B) Tanusitvanykiado
      - NetLock Expressz (Class C) Tanusitvanykiado
    
    Temporary reenable some root ca trusts, as openssl/gnutls
    have trouble using intermediates as root CA.
      - GTE CyberTrust Global Root
      - Thawte Server CA
      - Thawte Premium Server CA
      - ValiCert Class 1 VA
      - ValiCert Class 2 VA
      - RSA Root Certificate 1
      - Entrust.net Secure Server CA
      - America Online Root Certification Authority 1
      - America Online Root Certification Authority 2
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2016:587-1
    Released:    Fri Apr  8 17:06:56 2016
    Summary:     Recommended update for ca-certificates-mozilla
    Type:        recommended
    Severity:    moderate
    References:  973042
    
    The root SSL certificate store ca-certificates-mozilla was updated
    to version 2.7 of the Mozilla NSS equivalent. (bsc#973042)
    
    - Newly added CAs:
      * CA WoSign ECC Root
      * Certification Authority of WoSign
      * Certification Authority of WoSign G2
      * Certinomis - Root CA
      * Certum Trusted Network CA 2
      * CFCA EV ROOT
      * COMODO RSA Certification Authority
      * DigiCert Assured ID Root G2
      * DigiCert Assured ID Root G3
      * DigiCert Global Root G2
      * DigiCert Global Root G3
      * DigiCert Trusted Root G4
      * Entrust Root Certification Authority - EC1
      * Entrust Root Certification Authority - G2
      * GlobalSign
      * IdenTrust Commercial Root CA 1
      * IdenTrust Public Sector Root CA 1
      * OISTE WISeKey Global Root GB CA
      * QuoVadis Root CA 1 G3
      * QuoVadis Root CA 2 G3
      * QuoVadis Root CA 3 G3
      * Staat der Nederlanden EV Root CA
      * Staat der Nederlanden Root CA - G3
      * S-TRUST Universal Root CA
      * SZAFIR ROOT CA2
      * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
      * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
      * USERTrust ECC Certification Authority
      * USERTrust RSA Certification Authority
      * 沃通根证书
    
    - Removed CAs:
      * AOL CA
      * A Trust nQual 03
      * Buypass Class 3 CA 1
      * CA Disig
      * Digital Signature Trust Co Global CA 1
      * Digital Signature Trust Co Global CA 3
      * E Guven Kok Elektronik Sertifika Hizmet Saglayicisi
      * NetLock Expressz (Class C) Tanusitvanykiado
      * NetLock Kozjegyzoi (Class A) Tanusitvanykiado
      * NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
      * NetLock Uzleti (Class B) Tanusitvanykiado
      * SG TRUST SERVICES RACINE
      * Staat der Nederlanden Root CA
      * TC TrustCenter Class 2 CA II
      * TC TrustCenter Universal CA I
      * TDC Internet Root CA
      * UTN DATACorp SGC Root CA
      * Verisign Class 1 Public Primary Certification Authority - G2
      * Verisign Class 3 Public Primary Certification Authority
      * Verisign Class 3 Public Primary Certification Authority - G2
    
    - Removed server trust from:
      * AC Raíz Certicámara S.A.
      * ComSign Secured CA
      * NetLock Uzleti (Class B) Tanusitvanykiado
      * NetLock Business (Class B) Root
      * NetLock Expressz (Class C) Tanusitvanykiado
      * TC TrustCenter Class 3 CA II
      * TURKTRUST Certificate Services Provider Root 1
      * TURKTRUST Certificate Services Provider Root 2
      * Equifax Secure Global eBusiness CA-1
      * Verisign Class 4 Public Primary Certification Authority G3
    
    - Enable server trust for:
      * Actalis Authentication Root CA
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2018:265-1
    Released:    Tue Feb  6 14:58:28 2018
    Summary:     Recommended update for ca-certificates-mozilla
    Type:        recommended
    Severity:    moderate
    References:  1010996,1071152,1071390
    
      
    This update for ca-certificates-mozilla fixes the following issues:
    
    The system SSL root certificate store was updated to Mozilla certificate
    version 2.22 from January 2018.  (bsc#1071152 bsc#1071390 bsc#1010996)
    
    We removed the old 1024 bit legacy CAs that were temporary left in to allow
    in-chain root certificates as openssl is now able to handle it.
    
    Further changes coming from Mozilla:
    
    - New Root CAs added:
    
      * Amazon Root CA 1: (email protection, server auth)
      * Amazon Root CA 2: (email protection, server auth)
      * Amazon Root CA 3: (email protection, server auth)
      * Amazon Root CA 4: (email protection, server auth)
      * Certplus Root CA G1: (email protection, server auth)
      * Certplus Root CA G2: (email protection, server auth)
      * D-TRUST Root CA 3 2013: (email protection)
      * GDCA TrustAUTH R5 ROOT: (server auth)
      * Hellenic Academic and Research Institutions ECC RootCA 2015: (email protection, server auth)
      * Hellenic Academic and Research Institutions RootCA 2015: (email protection, server auth)
      * ISRG Root X1: (server auth)
      * LuxTrust Global Root 2: (server auth)
      * OpenTrust Root CA G1: (email protection, server auth)
      * OpenTrust Root CA G2: (email protection, server auth)
      * OpenTrust Root CA G3: (email protection, server auth)
      * SSL.com EV Root Certification Authority ECC: (server auth)
      * SSL.com EV Root Certification Authority RSA R2: (server auth)
      * SSL.com Root Certification Authority ECC: (email protection, server auth)
      * SSL.com Root Certification Authority RSA: (email protection, server auth)
      * Symantec Class 1 Public Primary Certification Authority - G4: (email protection)
      * Symantec Class 1 Public Primary Certification Authority - G6: (email protection)
      * Symantec Class 2 Public Primary Certification Authority - G4: (email protection)
      * Symantec Class 2 Public Primary Certification Authority - G6: (email protection)
      * TrustCor ECA-1: (email protection, server auth)
      * TrustCor RootCert CA-1: (email protection, server auth)
      * TrustCor RootCert CA-2: (email protection, server auth)
      * TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1: (server auth)
    
    - Removed root CAs:
    
      * AddTrust Public Services Root
      * AddTrust Public CA Root
      * AddTrust Qualified CA Root
      * ApplicationCA - Japanese Government
      * Buypass Class 2 CA 1
      * CA Disig Root R1
      * CA WoSign ECC Root
      * Certification Authority of WoSign G2
      * Certinomis - Autorité Racine
      * Certum Root CA
      * China Internet Network Information Center EV Certificates Root
      * CNNIC ROOT
      * Comodo Secure Services root
      * Comodo Trusted Services root
      * ComSign Secured CA
      * EBG Elektronik Sertifika Hizmet Sağlayıcısı
      * Equifax Secure CA
      * Equifax Secure eBusiness CA 1
      * Equifax Secure Global eBusiness CA
      * GeoTrust Global CA 2
      * IGC/A
      * Juur-SK
      * Microsec e-Szigno Root CA
      * PSCProcert
      * Root CA Generalitat Valenciana
      * RSA Security 2048 v3
      * Security Communication EV RootCA1
      * Sonera Class 1 Root CA
      * StartCom Certification Authority
      * StartCom Certification Authority G2
      * S-TRUST Authentication and Encryption Root CA 2005 PN
      * Swisscom Root CA 1
      * Swisscom Root EV CA 2
      * TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
      * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
      * TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
      * UTN USERFirst Hardware Root CA
      * UTN USERFirst Object Root CA
      * VeriSign Class 3 Secure Server CA - G2
      * Verisign Class 1 Public Primary Certification Authority
      * Verisign Class 2 Public Primary Certification Authority - G2
      * Verisign Class 3 Public Primary Certification Authority
      * WellsSecure Public Root Certificate Authority
      * Certification Authority of WoSign
      * WoSign China
    
    - Removed Code Signing rights from a lot of CAs (not listed here).
    
    - Removed Server Auth rights from:
    
      * AddTrust Low-Value Services Root
      * Camerfirma Chambers of Commerce Root
      * Camerfirma Global Chambersign Root
      * Swisscom Root CA 2
    
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2018:1643-1
    Released:    Thu Aug 16 17:41:07 2018
    Summary:     Recommended update for ca-certificates-mozilla
    Type:        recommended
    Severity:    moderate
    References:  1100415
    
    The systemwide Root CA certificates were updated to the 2.24 state of the Mozilla NSS Certificate store.
    
    Following CAs were removed:
    
    * S-TRUST_Universal_Root_CA
    * TC_TrustCenter_Class_3_CA_II
    * TURKTRUST_Elektronik_Sertifika_Hizmet_Saglayicisi_H5
      
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2018:1763-1
    Released:    Mon Aug 27 09:30:15 2018
    Summary:     Recommended update for ca-certificates-mozilla
    Type:        recommended
    Severity:    moderate
    References:  1104780
    This update for ca-certificates-mozilla fixes the following issues:
    
    The Root CA store was updated to 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780)
    
    - Removed server auth from following CAs:
    
      - Certplus Root CA G1
      - Certplus Root CA G2
      - OpenTrust Root CA G1
       - OpenTrust Root CA G2
       - OpenTrust Root CA G3
    
    - Removed CAs
    
        - ComSign CA
    
    - Added new CAs
    
        - GlobalSign
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:149-1
    Released:    Wed Jan 23 17:58:18 2019
    Summary:     Recommended update for ca-certificates-mozilla
    Type:        recommended
    Severity:    moderate
    References:  1121446
    This update for ca-certificates-mozilla fixes the following issues:
    
    The package was updated to the 2.30 version of the Mozilla NSS Certificate store. (bsc#1121446)
    
    Removed Root CAs:
    
    - AC Raiz Certicamara S.A.
    - Certplus Root CA G1
    - Certplus Root CA G2
    - OpenTrust Root CA G1
    - OpenTrust Root CA G2
    - OpenTrust Root CA G3
    - Visa eCommerce Root
    
    Added Root CAs:
    
    - Certigna Root CA (email and server auth)
    - GTS Root R1 (server auth)
    - GTS Root R2 (server auth)
    - GTS Root R3 (server auth)
    - GTS Root R4 (server auth)
    - OISTE WISeKey Global Root GC CA (email and server auth)
    - UCA Extended Validation Root (server auth)
    - UCA Global G2 Root (email and server auth)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:218-1
    Released:    Thu Jan 31 20:30:20 2019
    Summary:     Recommended update for kmod
    Type:        recommended
    Severity:    moderate
    References:  1118629
    This update for kmod fixes the following issues:
    
    - Fix module dependency file corruption on parallel invocation (bsc#1118629).
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:249-1
    Released:    Wed Feb  6 08:36:16 2019
    Summary:     Security update for curl
    Type:        security
    Severity:    important
    References:  1123371,1123377,1123378,CVE-2018-16890,CVE-2019-3822,CVE-2019-3823
    This update for curl fixes the following issues:
    
    Security issues fixed:
    
    - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378).
    - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377).
    - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:261-1
    Released:    Wed Feb  6 11:26:21 2019
    Summary:     Recommended update for pam-config
    Type:        recommended
    Severity:    moderate
    References:  1114835
    This update for pam-config fixes the following issues:
    
    - Adds support for more pam_cracklib options. (bsc#1114835)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:428-1
    Released:    Tue Feb 19 10:59:59 2019
    Summary:     Security update for systemd
    Type:        security
    Severity:    important
    References:  1111498,1117025,1117382,1120658,1122000,1122344,1123333,1123892,1125352,CVE-2019-6454
    This update for systemd fixes the following issues:
    
    Security vulnerability fixed:
    
    - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS
      message on the system bus by an unprivileged user (bsc#1125352)
    
    Other bug fixes and changes:
    
    - journal-remote: set a limit on the number of fields in a message
    - journal-remote: verify entry length from header
    - journald: set a limit on the number of fields (1k)
    - journald: do not store the iovec entry for process commandline on stack
    - core: include Found state in device dumps
    - device: fix serialization and deserialization of DeviceFound
    - fix path in btrfs rule (#6844)
    - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025)
    - Update systemd-system.conf.xml (bsc#1122000)
    - units: inform user that the default target is started after exiting from rescue or emergency mode
    - manager: don't skip sigchld handler for main and control pid for services (#3738)
    - core: Add helper functions unit_{main, control}_pid
    - manager: Fixing a debug printf formatting mistake (#3640)
    - manager: Only invoke a single sigchld per unit within a cleanup cycle (bsc#1117382)
    - core: update invoke_sigchld_event() to handle NULL ->sigchld_event()
    - sd-event: expose the event loop iteration counter via sd_event_get_iteration() (#3631)
    - unit: rework a bit how we keep the service fdstore from being destroyed during service restart (bsc#1122344)
    - core: when restarting services, don't close fds
    - cryptsetup: Add dependency on loopback setup to generated units
    - journal-gateway: use localStorage['cursor'] only when it has valid value
    - journal-gateway: explicitly declare local variables
    - analyze: actually select longest activated-time of services
    - sd-bus: fix implicit downcast of bitfield reported by LGTM
    - core: free lines after reading them (bsc#1123892)
    - pam_systemd: reword message about not creating a session (bsc#1111498)
    - pam_systemd: suppress LOG_DEBUG log messages if debugging is off (bsc#1111498)
    - main: improve RLIMIT_NOFILE handling (#5795) (bsc#1120658)
    - sd-bus: if we receive an invalid dbus message, ignore and proceeed
    - automount: don't pass non-blocking pipe to kernel.
    - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333)
    - units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345) (bsc#1123333)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:434-1
    Released:    Tue Feb 19 12:19:02 2019
    Summary:     Recommended update for libsemanage
    Type:        recommended
    Severity:    moderate
    References:  1115500
    This update for libsemanage provides the following fix:
    
    - Prevent an error message when reading module version if the directory does not exist.
      (bsc#1115500)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:450-1
    Released:    Wed Feb 20 16:42:38 2019
    Summary:     Security update for procps
    Type:        security
    Severity:    important
    References:  1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126
    
      
    This update for procps fixes the following security issues:
    
    - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
      with HOME unset in an attacker-controlled directory, the attacker could have
      achieved privilege escalation by exploiting one of several vulnerabilities in
      the config_file() function (bsc#1092100).
    - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
      Inbuilt protection in ps maped a guard page at the end of the overflowed
      buffer, ensuring that the impact of this flaw is limited to a crash (temporary
      denial of service) (bsc#1092100).
    - CVE-2018-1124: Prevent multiple integer overflows leading to a heap
      corruption in file2strvec function. This allowed a privilege escalation for a
      local attacker who can create entries in procfs by starting processes, which
      could result in crashes or arbitrary code execution in proc utilities run by
      other users (bsc#1092100).
    - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
      mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
    - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
      truncation/integer overflow issues (bsc#1092100).
    
    (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.)
    
    Also the following non-security issue was fixed:
    
    - Fix CPU summary showing old data. (bsc#1121753)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:514-1
    Released:    Thu Feb 28 15:39:05 2019
    Summary:     Recommended update for apparmor
    Type:        recommended
    Severity:    moderate
    References:  1112300
    This update for apparmor fixes the following issues:
    
    - Fix erroneously generated audit records: include status* files in dnsmasq. (bsc#1112300)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:655-1
    Released:    Wed Mar 20 10:30:49 2019
    Summary:     Security update for libssh2_org
    Type:        security
    Severity:    moderate
    References:  1091236,1128471,1128472,1128474,1128476,1128480,1128481,1128490,1128492,1128493,CVE-2019-3855,CVE-2019-3856,CVE-2019-3857,CVE-2019-3858,CVE-2019-3859,CVE-2019-3860,CVE-2019-3861,CVE-2019-3862,CVE-2019-3863
    This update for libssh2_org fixes the following issues:
    
    Security issues fixed: 	  
    
    - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490).
    - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492).
    - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481).
    - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes 
      with specially crafted keyboard responses (bsc#1128493).
    - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write 
      with specially crafted payload (bsc#1128472).
    - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require 
      and _libssh2_packet_requirev (bsc#1128480).
    - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially 
      crafted payload (bsc#1128471).
    - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted 
      SFTP packet (bsc#1128476).
    - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially 
      crafted message channel request SSH packet (bsc#1128474).
    
    Other issue addressed: 
    
    - Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236).
     
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:747-1
    Released:    Tue Mar 26 14:35:16 2019
    Summary:     Security update for gd
    Type:        security
    Severity:    moderate
    References:  1123361,1123522,CVE-2019-6977,CVE-2019-6978
    This update for gd fixes the following issues:
    
    Security issues fixed:
    
    - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361).
    - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:794-1
    Released:    Thu Mar 28 12:09:29 2019
    Summary:     Recommended update for krb5
    Type:        recommended
    Severity:    moderate
    References:  1087481
    This update for krb5 fixes the following issues:
    
    - Add support for the GSS_KRB5_CRED_NO_CI_FLAGS_X cred option to
      suppress sending the confidentiality and integrity flags in GSS
      initiator tokens unless they are requested by the caller. These
      flags control the negotiated SASL security layer for the Microsoft
      GSS-SPNEGO SASL mechanism. (bsc#1087481).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:803-1
    Released:    Fri Mar 29 13:14:21 2019
    Summary:     Security update for openssl
    Type:        security
    Severity:    moderate
    References:  1100078,1113975,1117951,1127080,CVE-2019-1559
    This update for openssl fixes the following issues:
    
    Security issues fixed: 
    
    - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951)
    - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances
      a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).
    
    Other issues addressed: 
    
    - Fixed IV handling in SHAEXT paths: aes/asm/aesni-sha*-x86_64.pl (bsc#1113975).
    - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:838-1
    Released:    Tue Apr  2 09:52:06 2019
    Summary:     Security update for bash
    Type:        security
    Severity:    important
    References:  1130324,CVE-2019-9924
    This update for bash fixes the following issues:
    	  
    Security issue fixed: 
    
    - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS 
      allowing the user to execute any command with the permissions of the shell (bsc#1130324).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:839-1
    Released:    Tue Apr  2 13:13:21 2019
    Summary:     Security update for file
    Type:        security
    Severity:    moderate
    References:  1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907
    This update for file fixes the following issues:
    
    The following security vulnerabilities were addressed:
    
    - Fixed an out-of-bounds read in the function do_core_note in readelf.c, which
      allowed remote attackers to cause a denial of service (application crash) via
      a crafted ELF file (bsc#1096974 CVE-2018-10360).
    - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c
      (bsc#1126118)
    - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
      (bsc#1126119)
    - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
      (bsc#1126117)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:979-1
    Released:    Thu Apr 18 08:23:19 2019
    Summary:     Recommended update for sg3_utils
    Type:        recommended
    Severity:    moderate
    References:  1069384
    This update for sg3_utils fixes the following issues:
    
    - rescan-scsi-bus.sh: use LUN wildcard in idlist (bsc#1069384)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:996-1
    Released:    Tue Apr 23 18:42:35 2019
    Summary:     Security update for curl
    Type:        security
    Severity:    important
    References:  1112758,1131886,CVE-2018-16839
    This update for curl fixes the following issues:
    
    Security issue fixed:
    
    - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code (bsc#1112758).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1060-1
    Released:    Sat Apr 27 09:45:38 2019
    Summary:     Security update for libssh2_org
    Type:        security
    Severity:    important
    References:  1130103,1133528,CVE-2019-3859
    This update for libssh2_org fixes the following issues:
    
     - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103]
    
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1111-1
    Released:    Tue Apr 30 12:59:27 2019
    Summary:     Security update for libjpeg-turbo
    Type:        security
    Severity:    moderate
    References:  1096209,1098155,1128712,CVE-2018-1152,CVE-2018-11813,CVE-2018-14498
    This update for libjpeg-turbo fixes the following issues:
    
    The following security vulnerabilities were addressed:
    
    - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function
      which could allow to an attacker to cause denial of service (bsc#1128712).
    - CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c,
      which allowed remote attackers to cause a denial-of-service via crafted JPG
      files due to a large loop (bsc#1096209)
    - CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused
      by a divide by zero when processing a crafted BMP image (bsc#1098155)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:1125-1
    Released:    Tue Apr 30 18:50:59 2019
    Summary:     Recommended update for glibc
    Type:        recommended
    Severity:    important
    References:  1100396,1103244
    This update for glibc fixes the following issues:
    
    - Add support for the new Japanese time era name that comes into
      effect on 2019-05-01. [bsc#1100396, bsc#1103244]
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:1131-1
    Released:    Thu May  2 15:39:59 2019
    Summary:     Recommended update for libidn
    Type:        recommended
    Severity:    moderate
    References:  1092034
    This update for libidn fixes the following issues:
    
    - Obsoletes now the libidn 32bit package (bsc#1092034)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1136-1
    Released:    Fri May  3 10:27:57 2019
    Summary:     Security update for openssl
    Type:        security
    Severity:    moderate
    References:  1131291
    This update for openssl fixes the following issues:
    
    - Reject invalid EC point coordinates (bsc#1131291)
    
      This helps openssl using services that do not do this verification on their own.
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1166-1
    Released:    Tue May  7 11:01:39 2019
    Summary:     Security update for audit
    Type:        security
    Severity:    moderate
    References:  1042781,1085003,1125535,941922,CVE-2015-5186
    
    This update for audit fixes the following issues:
    
    Audit on SUSE Linux Enterprise 12 SP3 was updated to 2.8.1 to bring
    new features and bugfixes.  (bsc#1125535 FATE#326346)
    
    * Many features were added to auparse_normalize
    * cli option added to auditd and audispd for setting config dir
    * In auditd, restore the umask after creating a log file
    * Option added to auditd for skipping email verification
    
    The full changelog can be found here: https://people.redhat.com/sgrubb/audit/ChangeLog
    
    
    - Change openldap dependency to client only (bsc#1085003)
    
    Minor security issue fixed:
    
    - CVE-2015-5186: Audit: log terminal emulator escape sequences handling (bsc#941922)
    
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1232-1
    Released:    Tue May 14 17:07:56 2019
    Summary:     Security update for libxslt
    Type:        security
    Severity:    moderate
    References:  1132160,CVE-2019-11068
    This update for libxslt fixes the following issues:
    
    - CVE-2019-11068: Fixed a protection mechanism bypass where callers of 
      xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an
      error (bsc#1132160).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:1259-1
    Released:    Wed May 15 14:06:20 2019
    Summary:     Recommended update for sysvinit
    Type:        recommended
    Severity:    moderate
    References:  1131982
    This update for sysvinit fixes the following issues:
    
    - Handle various optional fields of /proc//mountinfo on the entry/ies before the hyphen
      (bsc#1131982)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1265-1
    Released:    Thu May 16 09:52:22 2019
    Summary:     Security update for systemd
    Type:        security
    Severity:    important
    References:  1080919,1121563,1125352,1126056,1127557,1128657,1130230,1132348,1132400,1132721,955942,CVE-2018-6954,CVE-2019-3842,CVE-2019-6454,SLE-5933
    This update for systemd fixes the following issues:
    
    Security issues fixed:
    
    - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles 
      which allowed a local user to obtain ownership of arbitrary files (bsc#1080919).
    - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348).
    - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352).
    
    Non-security issues fixed:
    
    - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933)
    - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400)
    - sd-bus: bump message queue size again (bsc#1132721)
    - core: only watch processes when it's really necessary (bsc#955942 bsc#1128657)
    - rules: load drivers only on 'add' events (bsc#1126056)
    - sysctl: Don't pass null directive argument to '%s' (bsc#1121563)
    - Do not automatically online memory on s390x (bsc#1127557)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1363-1
    Released:    Tue May 28 10:50:53 2019
    Summary:     Security update for curl
    Type:        security
    Severity:    important
    References:  1135170,CVE-2019-5436
    This update for curl fixes the following issues:
    
    Security issue fixed:
    
    - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1379-1
    Released:    Wed May 29 15:07:04 2019
    Summary:     Security update for libtasn1
    Type:        security
    Severity:    moderate
    References:  1040621,1105435,CVE-2017-6891,CVE-2018-1000654
    This update for libtasn1 fixes the following issues:
    
    Security issues fixed:
    
    - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).
    - CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:1402-1
    Released:    Mon Jun  3 09:12:38 2019
    Summary:     Recommended update for kmod
    Type:        recommended
    Severity:    moderate
    References:  1097869,1118629
    This update for kmod fixes the following issues:
    
    - Fixes a potential buffer overflow in libkmod (bsc#1118629).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:1431-1
    Released:    Wed Jun  5 16:50:13 2019
    Summary:     Recommended update for xz
    Type:        recommended
    Severity:    moderate
    References:  1135709
    This update for xz does only update the license:
    
    - Add SUSE-Public-Domain license as some parts of xz utils (liblzma,
      xz, xzdec, lzmadec, documentation, translated messages, tests,
      debug, extra directory) are in public domain license (bsc#1135709)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:1474-1
    Released:    Wed Jun 12 14:46:20 2019
    Summary:     Recommended update for permissions
    Type:        recommended
    Severity:    moderate
    References:  1110797
    This update for permissions fixes the following issues:
    
    - Updated permissons for amanda (bsc#1110797)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:1481-1
    Released:    Thu Jun 13 07:46:01 2019
    Summary:     Recommended update for sg3_utils
    Type:        recommended
    Severity:    moderate
    References:  1005063,1119296,1133418,954600
    This update for sg3_utils provides the following fixes:
    - Fix regression for page 0xa. (bsc#1119296)
    - Add pre/post scripts for lunmask.service. (bsc#954600)
    - Will now generate by-path links for fibrechannel. (bsc#1005063)
    - Fixes a syntax error for rule 59-fc-wwpn-id.rules. (bsc#1133418)
      
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1733-1
    Released:    Wed Jul  3 13:54:39 2019
    Summary:     Security update for elfutils
    Type:        security
    Severity:    low
    References:  1030472,1030476,1033084,1033085,1033087,1033088,1033089,1033090,1106390,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2016-10254,CVE-2016-10255,CVE-2017-7607,CVE-2017-7608,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665
    This update for elfutils fixes the following issues:
    
    Security issues fixed: 	  
    
    - CVE-2018-16403: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1107067).  
    - CVE-2016-10254: Fixed a memory allocation failure in alloxate_elf (bsc#1030472).
    - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007).
    - CVE-2016-10255: Fixed a memory allocation failure in libelf_set_rawdata_wrlock (bsc#1030476).
    - CVE-2019-7150: Added a missing check in dwfl_segment_report_module which could have allowed truncated files 
      to be read (bsc#1123685).
    - CVE-2018-16062: Fixed a heap-buffer-overflow (bsc#1106390).
    - CVE-2017-7611: Fixed a heap-based buffer over-read that could have led to Denial of Service (bsc#1033088).
    - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections 
      and the number of segments in a crafted ELF file (bsc#1033090).
    - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084).
    - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085).
    - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087).
    - CVE-2018-18521: Fixed multiple divide-by-zero vulnerabilities in function arlib_add_symbols() (bsc#1112723).
    - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089).
    - CVE-2018-18310: Fixed an invalid address read in dwfl_segment_report_module.c (bsc#1111973).
    - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:1761-1
    Released:    Fri Jul  5 14:10:34 2019
    Summary:     Recommended update for e2fsprogs
    Type:        recommended
    Severity:    moderate
    References:  1128383,1135261
    This update for e2fsprogs fixes the following issues:
    
    - Revert 'mke2fs: prevent creation of unmountable ext4 with large flex_bg count'. (bsc#1135261)
    
    - Place metadata blocks in the last flex_bg so they are contiguous. (bsc#1135261)
    
    - Check and fix tails of all bitmaps. (bsc#1128383)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1834-1
    Released:    Fri Jul 12 17:55:14 2019
    Summary:     Security update for expat
    Type:        security
    Severity:    moderate
    References:  1139937,CVE-2018-20843
    This update for expat fixes the following issues:
    
    Security issue fixed:
    
    - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption 
      in the XML parser when XML names contain a large amount of colons (bsc#1139937).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:1844-1
    Released:    Mon Jul 15 07:13:09 2019
    Summary:     Recommended update for pam
    Type:        recommended
    Severity:    low
    References:  1116544
    This update for pam fixes the following issues:
    
    - restricted the number of file descriptors to close to a more sensible number based upon resource limits (bsc#1116544)
        
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1867-1
    Released:    Wed Jul 17 13:11:03 2019
    Summary:     Security update for libxslt
    Type:        security
    Severity:    moderate
    References:  1140095,1140101,CVE-2019-13117,CVE-2019-13118
    This update for libxslt fixes the following issues:
    
    Security issues fixed:
    
    - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101).
    - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1896-1
    Released:    Thu Jul 18 16:26:45 2019
    Summary:     Security update for libxml2
    Type:        security
    Severity:    moderate
    References:  1010675,1110146,1126613,CVE-2016-9318
    This update for libxml2 fixes the following issues:
    
    Issue fixed:
    
    - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access 
      the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have 
      incomplete xml catalog file (bsc#1010675, bsc#1126613 and bsc#1110146).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1955-1
    Released:    Tue Jul 23 11:42:41 2019
    Summary:     Security update for bzip2
    Type:        security
    Severity:    important
    References:  1139083,985657,CVE-2016-3189,CVE-2019-12900
    This update for bzip2 fixes the following issues:
    
    Security issue fixed:
    
    - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083).
    - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1958-1
    Released:    Tue Jul 23 13:18:12 2019
    Summary:     Security update for glibc
    Type:        security
    Severity:    moderate
    References:  1127223,1127308,1128574,CVE-2009-5155,CVE-2019-9169
    This update for glibc fixes the following issues:
    
    Security issues fixed:
    
    - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308).
    - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223).
    
    Non-security issues fixed:
    
    - Added cfi information for start routines in order to stop unwinding on S390 (bsc#1128574).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1972-1
    Released:    Thu Jul 25 15:00:03 2019
    Summary:     Security update for libsolv, libzypp, zypper
    Type:        security
    Severity:    moderate
    References:  1109893,1110542,1111319,1112911,1113296,1120629,1120630,1120631,1127155,1131823,1134226,1137977,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
    This update for libsolv, libzypp and zypper fixes the following issues:
    
    libsolv was updated to version 0.6.36 fixes the following issues:
    
    Security issues fixed:
    
    - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629).
    - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630).
    - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631).
    
    Non-security issues fixed:
    
    - Made cleandeps jobs on patterns work (bsc#1137977).
    - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155).
    - Keep consistent package name if there are multiple alternatives (bsc#1131823).
    
    libzypp received following fixes:
    
    - Fixes a bug where locking the kernel was not possible (bsc#1113296)
    
    zypper received following fixes:
    
    - Fixes a bug where the wrong exit code was set when refreshing
      repos if --root was used (bsc#1134226)
    - Improved the displaying of locks (bsc#1112911)
    - Fixes an issue where `https` repository urls caused an error prompt to
       appear twice (bsc#1110542)
    - zypper will now always warn when no repositories are defined (bsc#1109893)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:2013-1
    Released:    Mon Jul 29 15:42:41 2019
    Summary:     Security update for bzip2
    Type:        security
    Severity:    important
    References:  1139083,CVE-2019-12900
    This update for bzip2 fixes the following issues:
    
    - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities
      with files that used many selectors (bsc#1139083).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:2101-1
    Released:    Fri Aug  9 10:38:55 2019
    Summary:     Recommended update for suse-module-tools
    Type:        recommended
    Severity:    moderate
    References:  1100989,1105495,1111300,1123697,1123704,1127155,1127891,1131635
    This update for suse-module-tools to version 12.6 fixes the following issues:
    
    - weak-modules2: emit 'inconsistent' warning only if replacement fails (bsc#1127155)
    - modprobe.conf.common: add csiostor->cxgb4 dependency (bsc#1100989, bsc#1131635)
    - Fix driver-check.sh (bsc#1123697, bsc#1123704)
    - modsign-verify: support for parsing PKCS#7 signatures (bsc#1111300, bsc#1105495)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:2120-1
    Released:    Wed Aug 14 11:17:39 2019
    Summary:     Recommended update for pam
    Type:        recommended
    Severity:    moderate
    References:  1136298,SLE-7257
    This update for pam fixes the following issues:
    
    - Enable pam_userdb.so (SLE-7257,bsc#1136298)
    - Upgraded pam_userdb to 1.3.1.  (bsc#1136298)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:1606-1
    Released:    Wed Aug 21 13:36:49 2019
    Summary:     Security update for libssh2_org
    Type:        security
    Severity:    moderate
    References:  1128481,1136570,CVE-2019-3860
    This update for libssh2_org fixes the following issues:
    
    - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481)
      (Out-of-bounds reads with specially crafted SFTP packets)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:2240-1
    Released:    Wed Aug 28 14:57:51 2019
    Summary:     Recommended update for ca-certificates-mozilla
    Type:        recommended
    Severity:    moderate
    References:  1144169
    This update for ca-certificates-mozilla fixes the following issues:
    
    - Update to 2.34 state of the Mozilla NSS Certificate store. (bsc#1144169)
    
    - Removed Root CAs:
    
      - Certinomis - Root CA
    
    - Added root CAs from the 2.32 version:
      - emSign ECC Root CA - C3 (email and server auth)
      - emSign ECC Root CA - G3 (email and server auth)
      - emSign Root CA - C1 (email and server auth)
      - emSign Root CA - G1 (email and server auth)
      - Hongkong Post Root CA 3 (server auth)
    
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:2264-1
    Released:    Mon Sep  2 09:07:12 2019
    Summary:     Security update for perl
    Type:        security
    Severity:    important
    References:  1114674,CVE-2018-18311
    This update for perl fixes the following issues:
    
    Security issue fixed:
    
    - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:2288-1
    Released:    Wed Sep  4 14:22:47 2019
    Summary:     Recommended update for systemd
    Type:        recommended
    Severity:    moderate
    References:  1104902,1107617,1137053,1142661
    This update for systemd fixes the following issues:
    
    - Fixes an issue where the Kernel took very long to unmount a user's runtime directory (bsc#1104902)
    - udevd: changed the default value of udev.children-max (again) (bsc#1107617)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:2372-1
    Released:    Thu Sep 12 14:01:27 2019
    Summary:     Recommended update for krb5
    Type:        recommended
    Severity:    moderate
    References:  1139942,1140914,SLE-7081
    This update for krb5 fixes the following issues:
    
    - Fix missing responder if there is no pre-auth; (bsc#1139942)
    - Load mechglue config files from /etc/gss/mech.d; (bsc#1140914, jsc#SLE-7081)
    - Fix impersonate_name to work with interposers; (bsc#1140914, jsc#SLE-7081)
      
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:2339-1
    Released:    Thu Sep 12 14:17:53 2019
    Summary:     Security update for curl
    Type:        security
    Severity:    important
    References:  1149496,CVE-2019-5482
    This update for curl fixes the following issues:
    
    Security issue fixed:
    
    - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:2390-1
    Released:    Tue Sep 17 15:46:02 2019
    Summary:     Security update for openldap2
    Type:        security
    Severity:    moderate
    References:  1143194,1143273,CVE-2019-13057,CVE-2019-13565
    This update for openldap2 fixes the following issues:
    
    Security issues fixed:
    
    - CVE-2019-13565: Fixed ssf memory reuse that leads to incorrect authorization of another connection, granting excess connection rights (ssf) (bsc#1143194).
    - CVE-2019-13057: Fixed rootDN of a backend that may proxyauth incorrectly to another backend, violating multi-tenant isolation (bsc#1143273).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:2413-1
    Released:    Fri Sep 20 10:44:26 2019
    Summary:     Security update for openssl
    Type:        security
    Severity:    moderate
    References:  1150003,1150250,CVE-2019-1547,CVE-2019-1563
    This update for openssl fixes the following issues:
    
    OpenSSL Security Advisory [10 September 2019]
    
    - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003).
    - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:2440-1
    Released:    Mon Sep 23 17:15:13 2019
    Summary:     Security update for expat
    Type:        security
    Severity:    moderate
    References:  1149429,CVE-2019-15903
    This update for expat fixes the following issues:
    
    Security issue fixed:
    
    - CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. (bsc#1149429)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:2480-1
    Released:    Fri Sep 27 13:12:08 2019
    Summary:     Security update for gpg2
    Type:        security
    Severity:    moderate
    References:  1124847,1141093,CVE-2019-13050
    This update for gpg2 fixes the following issues:
    
    Security issue fixed:
    
    - CVE-2019-13050: Fixed denial-of-service attacks via big keys. (bsc#1141093)
    
    Non-security issue fixed:
    
    - Allow coredumps in X11 desktop sessions (bsc#1124847).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:2510-1
    Released:    Tue Oct  1 17:37:12 2019
    Summary:     Security update for libgcrypt
    Type:        security
    Severity:    moderate
    References:  1148987,CVE-2019-13627
    This update for libgcrypt fixes the following issues:
    
    Security issues fixed:
    	  
    - CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:2818-1
    Released:    Tue Oct 29 17:22:01 2019
    Summary:     Recommended update for zypper and libzypp
    Type:        recommended
    Severity:    important
    References:  1049825,1116995,1140039,1145521,1146415,1153557
    This update for zypper and libzypp fixes the following issues:
    
    Package: zypper
    
    - Fixed an issue where zypper exited on a SIGPIPE during package download (bsc#1145521)
    - Rephrased the file conflicts check summary (bsc#1140039)
    - Fixes an issue where the bash completion was wrongly expanded (bsc#1049825)
    
    Package: libzypp
    
    - Fixed an issue where YaST2 was not able to find base products via libzypp (bsc#1153557)
    - Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus
      mode when resolving jobs (bsc#1146415)
    - Fixes a file descriptor leak in the media backend (bsc#1116995)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:2887-1
    Released:    Mon Nov  4 17:31:49 2019
    Summary:     Recommended update for apparmor
    Type:        recommended
    Severity:    moderate
    References:  1139870
    This update for apparmor provides the following fix:
    
    - Change pathname in logprof.conf and use check_qualifiers() in autodep to make sure
      apparmor does not generate profiles for programs marked as not having their own
      profiles. (bsc#1139870)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:2898-1
    Released:    Tue Nov  5 17:00:27 2019
    Summary:     Recommended update for systemd
    Type:        recommended
    Severity:    important
    References:  1140631,1150595,1154948
    This update for systemd fixes the following issues:
    
    - sd-bus: deal with cookie overruns (bsc#1150595)
    - rules: Add by-id symlinks for persistent memory (bsc#1140631)
    - Drop the old fds used for logging and reopen them in the
      sub process before doing any new logging.  (bsc#1154948)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:2936-1
    Released:    Fri Nov  8 13:19:55 2019
    Summary:     Security update for libssh2_org
    Type:        security
    Severity:    moderate
    References:  1154862,CVE-2019-17498
    This update for libssh2_org fixes the following issue:
    
    - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:2941-1
    Released:    Tue Nov 12 10:03:32 2019
    Summary:     Security update for libseccomp
    Type:        security
    Severity:    moderate
    References:  1082318,1128828,1142614,CVE-2019-9893
    This update for libseccomp fixes the following issues:
    
    Update to new upstream release 2.4.1:
    
    * Fix a BPF generation bug where the optimizer mistakenly
      identified duplicate BPF code blocks.
    
    Updated to 2.4.0 (bsc#1128828 CVE-2019-9893):
    
    * Update the syscall table for Linux v5.0-rc5
    * Added support for the SCMP_ACT_KILL_PROCESS action
    * Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute
    * Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension
    * Added support for the parisc and parisc64 architectures
    * Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3)
    * Return -EDOM on an endian mismatch when adding an architecture to a filter
    * Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run()
    * Fix PFC generation when a syscall is prioritized, but no rule exists
    * Numerous fixes to the seccomp-bpf filter generation code
    * Switch our internal hashing function to jhash/Lookup3 to MurmurHash3
    * Numerous tests added to the included test suite, coverage now at ~92%
    * Update our Travis CI configuration to use Ubuntu 16.04
    * Numerous documentation fixes and updates
    
    Update to release 2.3.3:
    
    * Updated the syscall table for Linux v4.15-rc7
    
    Update to release 2.3.2:
    
    * Achieved full compliance with the CII Best Practices program
    * Added Travis CI builds to the GitHub repository
    * Added code coverage reporting with the '--enable-code-coverage' configure
      flag and added Coveralls to the GitHub repository
    * Updated the syscall tables to match Linux v4.10-rc6+
    * Support for building with Python v3.x
    * Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is
      set to true
    * Several small documentation fixes
    
    - ignore make check error for ppc64/ppc64le, bypass bsc#1142614
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:2972-1
    Released:    Thu Nov 14 12:04:52 2019
    Summary:     Security update for libjpeg-turbo
    Type:        security
    Severity:    important
    References:  1156402,CVE-2019-2201
    This update for libjpeg-turbo fixes the following issues:
    
    - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo,
      when attempting to compress or decompress gigapixel images. [bsc#1156402]
    
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:3003-1
    Released:    Tue Nov 19 10:12:33 2019
    Summary:     Recommended update for procps
    Type:        recommended
    Severity:    moderate
    References:  1153386,SLE-10396
    This update for procps provides the following fixes:
    
    - Backport the MemAvailable patch into SLE12-SP4/SP5 procps. (jsc#SLE-10396)
    - Add missing ShmemPmdMapped entry for pmap with newer kernels. (bsc#1153386)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:3058-1
    Released:    Mon Nov 25 17:32:43 2019
    Summary:     Security update for tiff
    Type:        security
    Severity:    moderate
    References:  1108606,1121626,1125113,1146608,983268,CVE-2016-5102,CVE-2018-17000,CVE-2019-14973,CVE-2019-6128,CVE-2019-7663
    This update for tiff fixes the following issues:
    
    Security issues fixed:
    
    - CVE-2019-14973: Fixed an improper check which was depended on the compiler
      which could have led to integer overflow (bsc#1146608).
    - CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268)
    - CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606).
    - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626).
    - CVE-2019-7663: Fixed an invalid address dereference in the
      TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:3064-1
    Released:    Mon Nov 25 18:44:36 2019
    Summary:     Security update for cpio
    Type:        security
    Severity:    moderate
    References:  1155199,CVE-2019-14866
    This update for cpio fixes the following issues:
    	  
    - CVE-2019-14866: Fixed an improper validation of the values written 
      in the header of a TAR file through the to_oct() function which could 
      have led to unexpected TAR generation (bsc#1155199).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:3085-1
    Released:    Thu Nov 28 10:01:53 2019
    Summary:     Security update for libxml2
    Type:        security
    Severity:    low
    References:  1123919
    This update for libxml2 doesn't fix any additional security issues, but correct the rpm changelog to reflect
    all CVEs that have been fixed over the past.
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:3094-1
    Released:    Thu Nov 28 16:47:52 2019
    Summary:     Security update for ncurses
    Type:        security
    Severity:    moderate
    References:  1131830,1134550,1154036,1154037,CVE-2018-10754,CVE-2019-17594,CVE-2019-17595
    This update for ncurses fixes the following issues:
    
    Security issue fixed:
    
    - CVE-2018-10754: Fixed a denial of service caused by a NULL Pointer Dereference in the _nc_parse_entry() (bsc#1131830).
    - CVE-2019-17594: Fixed a heap-based buffer over-read in _nc_find_entry function in tinfo/comp_hash.c (bsc#1154036).
    - CVE-2019-17595: Fixed a heap-based buffer over-read in fmt_entry function in tinfo/comp_hash.c (bsc#1154037).
    
    Bug fixes:
    
    - Fixed ppc64le build configuration (bsc#1134550).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:3132-1
    Released:    Tue Dec  3 10:52:14 2019
    Summary:     Recommended update for update-alternatives
    Type:        recommended
    Severity:    moderate
    References:  1154043
    This update for update-alternatives fixes the following issues:
    
    - Fix post install scripts: test if there is actual file before calling update-alternatives. (bsc#1154043)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2019:3180-1
    Released:    Thu Dec  5 11:42:40 2019
    Summary:     Security update for permissions
    Type:        security
    Severity:    moderate
    References:  1093414,1150734,1157198,CVE-2019-3688,CVE-2019-3690
    This update for permissions fixes the following issues:
    
    - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid
      which could have allowed a squid user to gain persistence by changing the 
      binary (bsc#1093414).
    - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic 
      links (bsc#1150734).
    - Fixed a regression which caused segmentation fault (bsc#1157198).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:3342-1
    Released:    Thu Dec 19 11:04:35 2019
    Summary:     Recommended update for elfutils
    Type:        recommended
    Severity:    moderate
    References:  1151577
    This update for elfutils fixes the following issues:
    
    - Add require of 'libebl1' for 'libelf1'. (bsc#1151577)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2019:3364-1
    Released:    Thu Dec 19 19:20:52 2019
    Summary:     Recommended update for ncurses
    Type:        recommended
    Severity:    moderate
    References:  1158586,1159162
    This update for ncurses fixes the following issues:
    
    - Work around a bug of old upstream gen-pkgconfig (bsc#1159162) 
    - Remove doubled library path options (bsc#1159162)
    - Also remove private requirements as (lib)tinfo are binary compatible
      with normal and wide version of (lib)ncurses (bsc#1158586, bsc#1159162)
    - Fix last change, that is add missed library linker paths as well
      as missed include directories for none standard paths (bsc#1158586,
      bsc#1159162)
    - Do not mix include directories of different ncurses ABI (bsc#1158586) 
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:86-1
    Released:    Mon Jan 13 14:12:22 2020
    Summary:     Security update for e2fsprogs
    Type:        security
    Severity:    moderate
    References:  1160571,CVE-2019-5188
    This update for e2fsprogs fixes the following issues:
    
    - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:106-1
    Released:    Wed Jan 15 12:50:55 2020
    Summary:     Recommended update for libgcrypt
    Type:        recommended
    Severity:    important
    References:  1155338,1155339
    This update for libgcrypt fixes the following issues:
    
    - Fix test dsa-rfc6979 in FIPS mode: Disabled tests in elliptic curves with 192 bits which are not recommended in FIPS mode
    - Added CMAC AES and TDES FIPS self-tests: (bsc#1155339, bsc#1155338)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:373-1
    Released:    Tue Feb 18 15:06:18 2020
    Summary:     Security update for dbus-1
    Type:        security
    Severity:    important
    References:  1137832,CVE-2019-12749
    This update for dbus-1 fixes the following issues:
    	  
    Security issue fixed:     
        
    - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which 
      could have allowed local attackers to bypass authentication (bsc#1137832).   
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:404-1
    Released:    Wed Feb 19 09:05:47 2020
    Summary:     Recommended update for p11-kit
    Type:        recommended
    Severity:    moderate
    References:  1154871
    This update for p11-kit fixes the following issues:
    
    - Support loading NSS attribute 'CKA_NSS_MOZILLA_CA_POLICY' so Firefox detects built-in certificates. (bsc#1154871)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:459-1
    Released:    Tue Feb 25 11:02:12 2020
    Summary:     Security update for libvpx
    Type:        security
    Severity:    moderate
    References:  1160613,1160614,CVE-2019-9232,CVE-2019-9433
    This update for libvpx fixes the following issues:
    
    - CVE-2019-9232: Fixed an out of bound memory access (bsc#1160613).
    - CVE-2019-9433: Fixdd a use-after-free in vp8_deblock() (bsc#1160614).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:474-1
    Released:    Tue Feb 25 13:24:15 2020
    Summary:     Security update for openssl
    Type:        security
    Severity:    moderate
    References:  1117951,1158809,1160163,CVE-2019-1551
    This update for openssl fixes the following issues:
    
    Security issue fixed:
    
    - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809).
    
    Non-security issue fixed:
    
    - Fixed a crash in BN_copy (bsc#1160163).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:545-1
    Released:    Fri Feb 28 15:50:46 2020
    Summary:     Security update for permissions
    Type:        security
    Severity:    moderate
    References:  1123886,1160594,1160764,1161779,1163922,CVE-2020-8013
    This update for permissions fixes the following issues:
    
    Security issues fixed:
    
    - CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922).
    
    Non-security issues fixed:
    
    - Fixed a regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594).
    - Fixed capability handling when doing multiple permission changes at once (bsc#1161779).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:561-1
    Released:    Mon Mar  2 17:24:59 2020
    Summary:     Recommended update for elfutils
    Type:        recommended
    Severity:    moderate
    References:  1110929,1157578
    This update for elfutils fixes the following issues:
    
    - Fix 'eu-nm' issue in elfutils: Symbol iteration will be set to start at 0 instead of 1 to avoid missing symbols in the output. (bsc#1157578)
    - Fix for '.ko' file corruption in debug info. (bsc#1110929)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:569-1
    Released:    Tue Mar  3 11:43:43 2020
    Summary:     Security update for libpng16
    Type:        security
    Severity:    moderate
    References:  1124211,1141493,CVE-2017-12652,CVE-2019-7317
    This update for libpng16 fixes the following issues:
    
    Security issues fixed:
    
    - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when
      png_image_free() was called under png_safe_execute (bsc#1124211).
    - CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:571-1
    Released:    Tue Mar  3 13:23:35 2020
    Summary:     Recommended update for cyrus-sasl
    Type:        recommended
    Severity:    moderate
    References:  1162518
    This update for cyrus-sasl fixes the following issues:
    
    - Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
    - Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:596-1
    Released:    Thu Mar  5 15:23:51 2020
    Summary:     Recommended update for ca-certificates-mozilla
    Type:        recommended
    Severity:    moderate
    References:  1010996,1071152,1071390,1082318,1100415,1154871,1160160
    This update for ca-certificates-mozilla fixes the following issues:
    
    The following non-security bugs were fixed:
    
    Updated to 2.40 state of the Mozilla NSS Certificate store (bsc#1160160):
    
    Removed certificates:
    
    - Certplus Class 2 Primary CA
    - Deutsche Telekom Root CA 2
    - CN=Swisscom Root CA 2
    - UTN-USERFirst-Client Authentication and Email
    
    Added certificates:
    
    - Entrust Root Certification Authority - G4
    
    - Export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871).
    - Updated to 2.24 state of the Mozilla NSS Certificate store (bsc#1100415).
    - Use %license instead of %doc (bsc#1082318).
    - Updated to 2.22 state of the Mozilla NSS Certificate store (bsc#1071152, bsc#1071390, bsc#1010996).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:623-1
    Released:    Mon Mar  9 16:17:26 2020
    Summary:     Security update for gd
    Type:        security
    Severity:    moderate
    References:  1050241,1140120,1165471,CVE-2017-7890,CVE-2018-14553,CVE-2019-11038
    This update for gd fixes the following issues:
    
    - CVE-2017-7890: Fixed a buffer over-read into uninitialized memory (bsc#1050241).
    - CVE-2018-14553: Fixed a null pointer dereference in gdImageClone() (bsc#1165471).
    - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:652-1
    Released:    Thu Mar 12 09:53:23 2020
    Summary:     Recommended update for ca-certificates-mozilla
    Type:        recommended
    Severity:    important
    References:  1165915,1165919,1166301
    This update for ca-certificates-mozilla fixes the following issues:
    
    This reverts a previous change to the generated pem structure, as it
    require a p11-kit tools update installed first, which can not always
    ensured correctly. (bsc#1166301 bsc#1165915 bsc#1165919)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:331-1
    Released:    Wed Mar 18 12:52:46 2020
    Summary:     Security update for systemd
    Type:        security
    Severity:    important
    References:  1106383,1133495,1139459,1151377,1151506,1154043,1155574,1156482,1159814,1162108,CVE-2020-1712
    This update for systemd fixes the following issues:
    
    - CVE-2020-1712 (bsc#bsc#1162108)
      Fix a heap use-after-free vulnerability, when asynchronous
      Polkit queries were performed while handling Dbus messages. A local
      unprivileged attacker could have abused this flaw to crash systemd services or
      potentially execute code and elevate their privileges, by sending specially
      crafted Dbus messages.
    
    - Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459)
    - Fix warnings thrown during package installation. (bsc#1154043)
    - Fix for system-udevd prevent crash within OES2018. (bsc#1151506)
    - Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482)
    - Wait for workers to finish when exiting. (bsc#1106383)
    - Improve log message when inotify limit is reached. (bsc#1155574)
    - Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377)
    - Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:786-1
    Released:    Wed Mar 25 06:47:18 2020
    Summary:     Recommended update for p11-kit
    Type:        recommended
    Severity:    moderate
    References:  1165915,1165919
    This update for p11-kit fixes the following issues:
    
    - tag this version with 'p11-kit-tools-supports-CKA_NSS_MOZILLA_CA_POLICY'
      provides so we can pull it in. (bsc#1165915 bsc#1165919)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:915-1
    Released:    Fri Apr  3 13:15:11 2020
    Summary:     Recommended update for openldap2
    Type:        recommended
    Severity:    moderate
    References:  1168195
    
    This update for openldap2 fixes the following issue:
    
    - The openldap2-ppolicy-check-password plugin is now included (FATE#319461 bsc#1168195)
      
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:920-1
    Released:    Fri Apr  3 17:13:04 2020
    Summary:     Security update for libxslt
    Type:        security
    Severity:    moderate
    References:  1154609,CVE-2019-18197
    This update for libxslt fixes the following issue:
    
    - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:394-1
    Released:    Tue Apr 14 17:25:16 2020
    Summary:     Security update for gcc9
    Type:        security
    Severity:    moderate
    References:  1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847
    This update for gcc9 fixes the following issues:
    
    The GNU Compiler Collection is shipped in version 9.
    
    A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html
    
    The compilers have been added to the SUSE Linux Enterprise Toolchain Module.
    
    To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9
    CXX=g++-9 set.
    
    
    For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and
    other compiler libraries have been switched from their gcc8 variants to
    their gcc9 variants.
    
    Security issues fixed:
    
    - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
    - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)
    
    Non-security issues fixed:
    
    - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
    - Fixed miscompilation for vector shift on s390. (bsc#1141897)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:1168-1
    Released:    Mon May  4 14:06:46 2020
    Summary:     Recommended update for libgcrypt
    Type:        recommended
    Severity:    moderate
    References:  1162879
    This update for libgcrypt fixes the following issues:
    
    - FIPS: Relax the entropy requirements on selftest during boot (bsc#1162879)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:1193-1
    Released:    Tue May  5 16:26:05 2020
    Summary:     Security update for openldap2
    Type:        security
    Severity:    important
    References:  1170771,CVE-2020-12243
    This update for openldap2 fixes the following issues:
    
    - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:1254-1
    Released:    Tue May 12 11:17:06 2020
    Summary:     Recommended update for geolite2legacy, geoipupdate
    Type:        recommended
    Severity:    moderate
    References:  1156194,1169766
    This update for geolite2legacy and geoipupdate fixes the following issues:
    
    - Create the initial package of GeoIP 2 Legacy, as the GeoIP is discontinued. (bsc#1156194)
    - Update README.SUSE in GeoIP with a description how to get the latest Geo IP data after the distribution changes. (jsc#SLE-11184, bsc#1156194, jsc#ECO-1405)
      
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:1325-1
    Released:    Mon May 18 11:50:19 2020
    Summary:     Recommended update for coreutils
    Type:        recommended
    Severity:    moderate
    References:  1156276
    This update for coreutils fixes the following issues:
    
    -Fix for an issue when using sort with '--human-numeric-sort-key' option the column containig the values can be faulty. (bsc#1156276)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:1329-1
    Released:    Mon May 18 17:17:54 2020
    Summary:     Recommended update for gcc9
    Type:        recommended
    Severity:    moderate
    References:  1149995,1152590,1167898
    This update for gcc9 fixes the following issues:
    
    This update ships the GCC 9.3 release.
    
    - Includes a fix for Internal compiler error when building HepMC (bsc#1167898)
    - Includes fix for binutils version parsing
    - Add libstdc++6-pp provides and conflicts to avoid file conflicts
      with same minor version of libstdc++6-pp from gcc10.
    - Add gcc9 autodetect -g at lto link (bsc#1149995)
    - Install go tool buildid for bootstrapping go
    
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:822-1
    Released:    Fri May 22 10:59:33 2020
    Summary:     Recommended update for pam
    Type:        recommended
    Severity:    moderate
    References:  1166510
    This update for pam fixes the following issues:
    
    - Moved pam_userdb to a separate package pam-extra  (bsc#1166510)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:1612-1
    Released:    Fri Jun 12 09:43:17 2020
    Summary:     Security update for adns
    Type:        security
    Severity:    important
    References:  1172265,CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9106,CVE-2017-9107,CVE-2017-9108,CVE-2017-9109
    This update for adns fixes the following issues:
    	  
    - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver
      which could have led to remote code execution (bsc#1172265).
    - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to denial of 
      service (bsc#1172265).
    - CVE-2017-9107: Fixed an issue when quering domain names which could have led to denial of service (bsc#1172265).
    - CVE-2017-9108: Fixed an issue which could have led to denial of service (bsc#1172265).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:1662-1
    Released:    Thu Jun 18 11:13:05 2020
    Summary:     Security update for perl
    Type:        security
    Severity:    important
    References:  1102840,1160039,1170601,1171863,1171864,1171866,CVE-2020-10543,CVE-2020-10878,CVE-2020-12723
    This update for perl fixes the following issues:
    
    - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have 
      allowed overwriting of allocated memory with attacker's data (bsc#1171863).
    - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of 
      instructions into the compiled form of Perl regular expression (bsc#1171864).
    - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a 
      compiled regular expression (bsc#1171866).
    - Fixed utf8 handling in perldoc by useing 'term' instead of 'man' (bsc#1170601).
    - Some packages make assumptions about the date and time they are built. 
      This update will solve the issues caused by calling the perl function timelocal
      expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:1689-1
    Released:    Fri Jun 19 11:03:49 2020
    Summary:     Recommended update for audit
    Type:        recommended
    Severity:    important
    References:  1156159,1172295
    This update for audit fixes the following issues:
    
    - Fix specfile to require libauparse0 and libaudit1 after splitting audit-libs. (bsc#1172295)
    - Fix hang on startup. (bsc#1156159)
      
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:1732-1
    Released:    Wed Jun 24 09:42:55 2020
    Summary:     Security update for curl
    Type:        security
    Severity:    important
    References:  1173027,CVE-2020-8177
    This update for curl fixes the following issues:
    
    - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:1842-1
    Released:    Fri Jul  3 22:40:42 2020
    Summary:     Security update for systemd
    Type:        security
    Severity:    moderate
    References:  1084671,1154256,1157315,1161262,1161436,1162698,1164538,1165633,1167622,1171145,CVE-2019-20386
    This update for systemd fixes the following issues:
    
    - CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command (bsc#1161436).
    - Renamed the persistent link for ATA devices (bsc#1164538)
    - shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315)
    - tmpfiles: removed unnecessary assert (bsc#1171145)
    - pid1: by default make user units inherit their umask from the user manager (bsc#1162698)
    - manager: fixed job mode when signalled to shutdown etc (bsc#1161262)
    - coredump: fixed bug that loses core dump files when core dumps are compressed and disk space is low. (bsc#1167622)
    - udev: inform systemd how many workers we can potentially spawn (#4036) (bsc#1165633)
    - libblkid: open device in nonblock mode. (bsc#1084671)
    - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:1859-1
    Released:    Mon Jul  6 17:08:28 2020
    Summary:     Security update for openldap2
    Type:        security
    Severity:    important
    References:  1170715,1172698,1172704,CVE-2020-8023
    This update for openldap2 fixes the following issues:
    
    - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698).	  
    - Changed DB_CONFIG to root:ldap permissions (bsc#1172704).	 
    - Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:2059-1
    Released:    Tue Jul 28 11:32:56 2020
    Summary:     Recommended update for grep
    Type:        recommended
    Severity:    moderate
    References:  1163834
    This update for grep fixes the following issues:
    
    Fix for an issue when command 'grep -i' produces bad performance by using multibyte with 'non-utf8' encoding. (bsc#1163834)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:2117-1
    Released:    Tue Aug  4 15:14:39 2020
    Summary:     Security update for libX11
    Type:        security
    Severity:    important
    References:  1174628,CVE-2020-14344
    This update for libX11 fixes the following issues:
    
    - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:2196-1
    Released:    Tue Aug 11 13:31:24 2020
    Summary:     Security update for libX11
    Type:        security
    Severity:    important
    References:  1174628,CVE-2020-14344
    This update for libX11 fixes the following issues:
    
    - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:2287-1
    Released:    Thu Aug 20 16:07:37 2020
    Summary:     Recommended update for grep
    Type:        recommended
    Severity:    moderate
    References:  1174080
    This update for grep fixes the following issues:
    
    - Fix for -P treating invalid UTF-8 input and causing incosistency. (bsc#1174080)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:2294-1
    Released:    Fri Aug 21 16:59:17 2020
    Summary:     Recommended update for openldap2
    Type:        recommended
    Severity:    important
    References:  1174537
    This update for openldap2 fixes the following issues:
    
    - Fixes an issue where slapd failed to start due to the missing pwdMaxRecordedFailure attribute (bsc#1174537)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:2410-1
    Released:    Tue Sep  1 13:15:48 2020
    Summary:     Recommended update for pam
    Type:        recommended
    Severity:    low
    References:  1173593
    
    This update of pam fixes the following issue:
    
    - On some SUSE Linux Enterprise 12 SP5 based media from build.suse.com
      a pam version with a higher release number than the last update of pam
      was delivered. This update releases pam with a  higher release number
      to align it with this media. (bsc#1173593)
      
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:2428-1
    Released:    Tue Sep  1 22:07:35 2020
    Summary:     Recommended update for ca-certificates-mozilla
    Type:        recommended
    Severity:    moderate
    References:  1174673
    This update for ca-certificates-mozilla fixes the following issues:
    
    Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
    
    Removed CAs:
    
    - AddTrust External CA Root
    - AddTrust Class 1 CA Root
    - LuxTrust Global Root 2
    - Staat der Nederlanden Root CA - G2
    - Symantec Class 1 Public Primary Certification Authority - G4
    - Symantec Class 2 Public Primary Certification Authority - G4
    - VeriSign Class 3 Public Primary Certification Authority - G3
    
    Added CAs:
    
    - certSIGN Root CA G2
    - e-Szigno Root CA 2017
    - Microsoft ECC Root Certificate Authority 2017
    - Microsoft RSA Root Certificate Authority 2017
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:2475-1
    Released:    Thu Sep  3 12:10:58 2020
    Summary:     Security update for libX11
    Type:        security
    Severity:    moderate
    References:  1175239,CVE-2020-14363
    This update for libX11 fixes the following issues:
    
    - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:2570-1
    Released:    Tue Sep  8 14:59:35 2020
    Summary:     Security update for libjpeg-turbo
    Type:        security
    Severity:    moderate
    References:  1172491,CVE-2020-13790
    This update for libjpeg-turbo fixes the following issues:
    
    - CVE-2020-13790: Fixed a heap-based buffer over-read via a malformed PPM input file (bsc#1172491).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:2587-1
    Released:    Wed Sep  9 22:03:04 2020
    Summary:     Recommended update for procps
    Type:        recommended
    Severity:    moderate
    References:  1174660
    This update for procps fixes the following issues:
    
    - Add fix for procps and its libraries to avoid issues with the 'free' tool. (bsc#1174660)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:2609-1
    Released:    Fri Sep 11 10:58:59 2020
    Summary:     Security update for libxml2
    Type:        security
    Severity:    moderate
    References:  1159928,1161517,1161521,1172021,1176179,CVE-2019-19956,CVE-2019-20388,CVE-2020-24977,CVE-2020-7595
    This update for libxml2 fixes the following issues:
    
    - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521).
    - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517).
    - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179).
    - Fixed invalid xmlns references due to CVE-2019-19956 (bsc#1172021).
      
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:2660-1
    Released:    Wed Sep 16 16:15:10 2020
    Summary:     Security update for libsolv
    Type:        security
    Severity:    moderate
    References:  1120629,1120630,1120631,1127155,1131823,1137977,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
    This update for libsolv fixes the following issues:
    
    This is a reissue of an existing libsolv update that also included libsolv-devel for LTSS products.
    
    libsolv was updated to version 0.6.36 fixes the following issues:
    
    Security issues fixed:
    
    - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629).
    - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630).
    - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631).
    
    Non-security issues fixed:
    
    - Made cleandeps jobs on patterns work (bsc#1137977).
    - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155).
    - Keep consistent package name if there are multiple alternatives (bsc#1131823).
    
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:79-1
    Released:    Wed Sep 16 16:17:11 2020
    Summary:     Security update for libzypp
    Type:        security
    Severity:    moderate
    References:  1158763,CVE-2019-18900
    This update for libzypp fixes the following issues:
    
    Security issue fixed:
    
    - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:2777-1
    Released:    Tue Sep 29 11:26:41 2020
    Summary:     Recommended update for systemd
    Type:        recommended
    Severity:    moderate
    References:  1169488,1173227
    This update for systemd fixes the following issues:
    
    - Fixes some file mode inconsistencies  for some ghost files (bsc#1173227)
    - Fixes an issue where the system could hang on reboot (bsc#1169488)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:2900-1
    Released:    Tue Oct 13 14:20:15 2020
    Summary:     Security update for libproxy
    Type:        security
    Severity:    important
    References:  1176410,1177143,CVE-2020-25219,CVE-2020-26154
    This update for libproxy fixes the following issues:
    
    - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410).
    - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143).	  
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:2959-1
    Released:    Tue Oct 20 12:33:48 2020
    Summary:     Recommended update for file
    Type:        recommended
    Severity:    moderate
    References:  1176123
    This update for file fixes the following issues:
    
    - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:2998-1
    Released:    Thu Oct 22 10:04:33 2020
    Summary:     Security update for freetype2
    Type:        security
    Severity:    important
    References:  1177914,CVE-2020-15999
    This update for freetype2 fixes the following issues:
    
    - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:3024-1
    Released:    Fri Oct 23 14:21:54 2020
    Summary:     Security update for glibc
    Type:        security
    Severity:    moderate
    References:  1149332,1165784,1171878,1172085,1176013,CVE-2020-10029
    This update for glibc fixes the following issues:
    	  
    - CVE-2020-10029: Fixed a stack corruption from range reduction of pseudo-zero (bsc#1165784)
    - Use posix_spawn on popen (bsc#1149332, bsc#1176013)
    - Correct locking and cancellation cleanup in syslog functions (bsc#1172085)
    - Fixed concurrent changes on nscd aware files (bsc#1171878)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3156-1
    Released:    Wed Nov  4 15:21:49 2020
    Summary:     Recommended update for ca-certificates-mozilla
    Type:        recommended
    Severity:    moderate
    References:  1177864
    This update for ca-certificates-mozilla fixes the following issues:
    
    The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864)
    
    - Removed CAs:
    
      - EE Certification Centre Root CA
      - Taiwan GRCA
    
    - Added CAs:
    
      - Trustwave Global Certification Authority
      - Trustwave Global ECC P256 Certification Authority
      - Trustwave Global ECC P384 Certification Authority
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:3263-1
    Released:    Tue Nov 10 09:48:14 2020
    Summary:     Security update for gcc10
    Type:        security
    Severity:    moderate
    References:  1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844
    This update for gcc10 fixes the following issues:
    This update provides the GCC10 compiler suite and runtime libraries.
    
    The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by
    the gcc10 variants.
    
    The new compiler variants are available with '-10' suffix, you can specify them
    via:
    
            CC=gcc-10
            CXX=g++-10
    
    or similar commands.
    
    For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
      
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:3314-1
    Released:    Thu Nov 12 16:10:36 2020
    Summary:     Security update for openldap2
    Type:        security
    Severity:    important
    References:  1178387,CVE-2020-25692
    This update for openldap2 fixes the following issues:
    
    - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3346-1
    Released:    Mon Nov 16 17:44:39 2020
    Summary:     Recommended update for zypper
    Type:        recommended
    Severity:    moderate
    References:  1169947,1178038
    This update for zypper fixes the following issues:
    
    - Fixed an issue, where zypper crashed when the system language is set to Spanish and the user
      tried to patch their system with 'zypper patch --category security' (bsc#1178038)
    - Fixed a typo in man page (bsc#1169947)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:3379-1
    Released:    Thu Nov 19 09:30:16 2020
    Summary:     Security update for krb5
    Type:        security
    Severity:    moderate
    References:  1178512,CVE-2020-28196
    This update for krb5 fixes the following security issue:
    
    - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3489-1
    Released:    Mon Nov 23 14:07:29 2020
    Summary:     Recommended update for systemd
    Type:        recommended
    Severity:    moderate
    References:  1083571,1139459,1176513,1176800,1177458,1177510
    This update for systemd fixes the following issues:
    
    - Create systemd-remote user only if journal-remote is included with the package (bsc#1177458)
    - Fixed a buffer overflow in systemd ask-password (bsc#1177510)
    - Fixed an issue in the boot process, when the system has an NFS moiunt on fstab that uses
      the 'bg' option while the NFS server is not reachable (bsc#1176513)
    - Fixed an issue with the try-restart command, where services won't restart (bsc#1139459)
    
    Exclusively for SUSE Linux Enterprise 12 SP5:
    
    - cryptsetup: support LUKS2 on-disk format (bsc#1083571, jsc#SLE-13842)
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.