Linux Security
    Linux Security
    Linux Security

    SUSE: 2021:2-1 harbor/harbor-db Security Update

    Date 04 Jan 2021
    68
    Posted By LinuxSecurity Advisories
    The container harbor/harbor-db was updated. The following patches have been included in this update:
    SUSE Container Update Advisory: harbor/harbor-db
    -----------------------------------------------------------------
    Container Advisory ID : SUSE-CU-2021:2-1
    Container Tags        : harbor/harbor-db:2.1.2 , harbor/harbor-db:2.1.2-rev1 , harbor/harbor-db:2.1.2-rev1-build2.141
    Container Release     : 2.141
    Severity              : important
    Type                  : security
    References            : 1084671 1098449 1144793 1168771 1169006 1174232 1174593 1174942
                            1175514 1175623 1177458 1177490 1177510 1177533 1177658 1177858
                            1177864 1177998 1178346 1178376 1178387 1178512 1178554 1178666
                            1178667 1178668 1178727 1178823 1178825 1179398 1179399 1179431
                            1179491 1179515 1179593 1180138 CVE-2020-1971 CVE-2020-25692
                            CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 CVE-2020-28196 CVE-2020-8284
                            CVE-2020-8285 CVE-2020-8286 
    -----------------------------------------------------------------
    
    The container harbor/harbor-db was updated. The following patches have been included in this update:
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3157-1
    Released:    Wed Nov  4 15:37:05 2020
    Summary:     Recommended update for ca-certificates-mozilla
    Type:        recommended
    Severity:    moderate
    References:  1177864
    This update for ca-certificates-mozilla fixes the following issues:
    
    The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864)
    
    - Removed CAs:
    
      - EE Certification Centre Root CA
      - Taiwan GRCA
    
    - Added CAs:
    
      - Trustwave Global Certification Authority
      - Trustwave Global ECC P256 Certification Authority
      - Trustwave Global ECC P384 Certification Authority
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3290-1
    Released:    Wed Nov 11 12:25:32 2020
    Summary:     Recommended update for findutils
    Type:        recommended
    Severity:    moderate
    References:  1174232
    This update for findutils fixes the following issues:
    
    - Do not unconditionally use leaf optimization for NFS. (bsc#1174232)
      NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made.
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3294-1
    Released:    Wed Nov 11 12:28:46 2020
    Summary:     Recommended update for SLES-release
    Type:        recommended
    Severity:    moderate
    References:  1177998
    This update for SLES-release fixes the following issue:
    
    - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:3313-1
    Released:    Thu Nov 12 16:07:37 2020
    Summary:     Security update for openldap2
    Type:        security
    Severity:    important
    References:  1178387,CVE-2020-25692
    This update for openldap2 fixes the following issues:
    
    - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:3377-1
    Released:    Thu Nov 19 09:29:32 2020
    Summary:     Security update for krb5
    Type:        security
    Severity:    moderate
    References:  1178512,CVE-2020-28196
    This update for krb5 fixes the following security issue:
    
    - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3381-1
    Released:    Thu Nov 19 10:53:38 2020
    Summary:     Recommended update for systemd
    Type:        recommended
    Severity:    moderate
    References:  1177458,1177490,1177510
    This update for systemd fixes the following issues:
    
    - build-sys: optionally disable support of journal over the network (bsc#1177458)
    - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510)
    - mount: don't propagate errors from mount_setup_unit() further up
    - Rely on the new build option --disable-remote for journal_remote
      This allows to drop the workaround that consisted in cleaning journal-upload files and
      {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled.
    - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package 
    - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458)
      These files were incorrectly packaged in the main package when systemd-journal_remote was disabled.
    - Make use of %{_unitdir} and %{_sysusersdir}
    - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3462-1
    Released:    Fri Nov 20 13:14:35 2020
    Summary:     Recommended update for pam and sudo
    Type:        recommended
    Severity:    moderate
    References:  1174593,1177858,1178727
    This update for pam and sudo fixes the following issue:
    
    pam:
    
    - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
    - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
    - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)
    
    sudo:
    
    - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:3463-1
    Released:    Fri Nov 20 13:49:58 2020
    Summary:     Security update for postgresql12
    Type:        security
    Severity:    important
    References:  1178666,1178667,1178668,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696
    This update for postgresql12 fixes the following issues:
    
    - Upgrade to version 12.5:
      * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
        and firing of deferred triggers within index expressions and
        materialized view queries.
      * CVE-2020-25694, bsc#1178667:
        a) Fix usage of complex connection-string parameters in pg_dump,
        pg_restore, clusterdb, reindexdb, and vacuumdb.
        b) When psql's \connect command re-uses connection parameters,
        ensure that all non-overridden parameters from a previous
        connection string are re-used.
      * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
        modifying specially-treated variables.
      * Fix recently-added timetz test case so it works when the USA
        is not observing daylight savings time.
      * https://www.postgresql.org/about/news/2111/
      * https://www.postgresql.org/docs/12/release-12-5.html
    
    - Stop building the mini and lib packages as they are now coming
      from postgresql13.
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3581-1
    Released:    Tue Dec  1 14:40:22 2020
    Summary:     Recommended update for libusb-1_0
    Type:        recommended
    Severity:    moderate
    References:  1178376
    This update for libusb-1_0 fixes the following issues:
    
    - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3620-1
    Released:    Thu Dec  3 17:03:55 2020
    Summary:     Recommended update for pam
    Type:        recommended
    Severity:    moderate
    References:  
    This update for pam fixes the following issues:
    
    - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720)
      - Check whether the password contains a substring of of the user's name of at least `` characters length in 
      some form. This is enabled by the new parameter `usersubstr=`
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3626-1
    Released:    Fri Dec  4 13:51:46 2020
    Summary:     Recommended update for audit
    Type:        recommended
    Severity:    moderate
    References:  1179515
    This update for audit fixes the following issues:
    
    - Enable Aarch64 processor support. (bsc#1179515) 
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3703-1
    Released:    Mon Dec  7 20:17:32 2020
    Summary:     Recommended update for aaa_base
    Type:        recommended
    Severity:    moderate
    References:  1179431
    This update for aaa_base fixes the following issue:
    
    - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:3721-1
    Released:    Wed Dec  9 13:36:46 2020
    Summary:     Security update for openssl-1_1
    Type:        security
    Severity:    important
    References:  1179491,CVE-2020-1971
    This update for openssl-1_1 fixes the following issues:
    	  
    - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:3735-1
    Released:    Wed Dec  9 18:19:24 2020
    Summary:     Security update for curl
    Type:        security
    Severity:    moderate
    References:  1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286
    This update for curl fixes the following issues:
    
    - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). 
    - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399).
    - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398).	  
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3809-1
    Released:    Tue Dec 15 13:46:05 2020
    Summary:     Recommended update for glib2
    Type:        recommended
    Severity:    moderate
    References:  1178346
    This update for glib2 fixes the following issues:
    
    Update from version 2.62.5 to version 2.62.6:
    
    - Support for slim format of timezone. (bsc#1178346)
    - Fix DST incorrect end day when using slim format. (bsc#1178346)
    - Fix SOCKS5 username/password authentication.
    - Updated translations.
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3853-1
    Released:    Wed Dec 16 12:27:27 2020
    Summary:     Recommended update for util-linux
    Type:        recommended
    Severity:    moderate
    References:  1084671,1169006,1174942,1175514,1175623,1178554,1178825
    This update for util-linux fixes the following issue:
    
    - Do not trigger the automatic close of CDROM. (bsc#1084671)
    - Try to automatically configure broken serial lines. (bsc#1175514)
    - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514)
    - Build with `libudev` support to support non-root users. (bsc#1169006)
    - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
    - Fix warning on mounts to `CIFS` with mount –a. (bsc#1174942)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3942-1
    Released:    Tue Dec 29 12:22:01 2020
    Summary:     Recommended update for libidn2
    Type:        recommended
    Severity:    moderate
    References:  1180138
    This update for libidn2 fixes the following issues:
    
    - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
      adjusted the RPM license tags (bsc#1180138)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3943-1
    Released:    Tue Dec 29 12:24:45 2020
    Summary:     Recommended update for libxml2
    Type:        recommended
    Severity:    moderate
    References:  1178823
    This update for libxml2 fixes the following issues:
    
    Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823)
    * key/unique/keyref schema attributes currently use quadratic loops
      to check their various constraints (that keys are unique and that
      keyrefs refer to existing keys).
    * This fix uses a hash table to avoid the quadratic behaviour.
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2021:6-1
    Released:    Mon Jan  4 07:05:06 2021
    Summary:     Recommended update for libdlm
    Type:        recommended
    Severity:    moderate
    References:  1098449,1144793,1168771,1177533,1177658
    This update for libdlm fixes the following issues:
    
    - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449)
    - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771)
    - Include some fixes/enhancements for dlm_controld. (bsc#1144793)
    - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533)
    

    Advisories

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.