SUSE Container Update Advisory: ses/7/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:140-1 Container Tags : ses/7/rook/ceph:1.5.10 , ses/7/rook/ceph:1.5.10.4 , ses/7/rook/ceph:1.5.10.4.1.1581 , ses/7/rook/ceph:latest , ses/7/rook/ceph:sle15.2.octopus Container Release : 1.1581 Severity : important Type : security References : 1165780 1177047 1178219 1178680 1180836 1181976 1182611 1182791 1182899 1183074 1183791 1183801 1183899 1183936 1184136 1184231 1184401 1184690 1185408 1185409 1185410 CVE-2021-20288 CVE-2021-20305 CVE-2021-3156 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 ----------------------------------------------------------------- The container ses/7/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1275-1 Released: Tue Apr 20 14:31:26 2021 Summary: Security update for sudo Type: security Severity: important References: 1183936,CVE-2021-3156 This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1475-1 Released: Tue May 4 08:59:27 2021 Summary: Security update for ceph Type: security Severity: important References: 1183074,1183899,1184231,CVE-2021-20288 This update for ceph fixes the following issues: - ceph was updated to 15.2.11-83-g8a15f484c2: * CVE-2021-20288: Fixed unauthorized global_id reuse (bsc#1183074). * disk gets replaced with no rocksdb/wal (bsc#1184231). * BlueStore handles huge(>4GB) writes from RocksDB to BlueFS poorly, potentially causing data corruption (bsc#1183899). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1521-1 Released: Wed May 5 17:52:55 2021 Summary: Recommended update for ceph-iscsi Type: recommended Severity: moderate References: 1182611 This update for ceph-iscsi fixes the following issues: -Fix for the gateway when it fails to start using SSL. (bsc#1182611) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1525-1 Released: Wed May 5 20:04:16 2021 Summary: Recommended update for rook Type: recommended Severity: moderate References: This update for rook fixes the following issues: - updated ceph-csi to v3.2.1 * Use latest Ceph API for setting dashboard and rgw credentials * Redact secret info from reconcile diffs in debug logs) * Continue to get available devices if failed to get a device info * Include RGW pods in list for rescheduling from failed node * Enforce pg_auto_scaler on rgw pools * Prevent voluntary mon drain while another mon is failing over * Avoid restarting all encrypted OSDs on cluster growth * Set secret type on external cluster script * Fix init container 'expand-encrypted-bluefs' for encrypted OSDs * Fail pool creation if the sub failure domain is the same as the failure domain * Set default backend for vault and remove temp key for encrypted OSDs