SUSE: 2021:21-1 suse/sle15 Security Update
SUSE: 2021:21-1 suse/sle15 Security Update
The container suse/sle15 was updated. The following patches have been included in this update:
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:21-1
Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.822
Container Release : 8.2.822
Severity : moderate
Type : security
References : 1050625 1174016 1177238 1177275 1177427 1177583 1178910 1178966
1179083 1179222 1179415 1179909 CVE-2017-9271
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:109-1
Released: Wed Jan 13 10:13:24 2021
Summary: Security update for libzypp, zypper
Type: security
Severity: moderate
References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271
This update for libzypp, zypper fixes the following issues:
Update zypper to version 1.14.41
Update libzypp to 17.25.4
- CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583)
- RepoManager: Force refresh if repo url has changed (bsc#1174016)
- RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966)
- RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427).
- RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat
symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910)
- Fixed update of gpg keys with elongated expire date (bsc#179222)
- needreboot: remove udev from the list (bsc#1179083)
- Fix lsof monitoring (bsc#1179909)
yast-installation was updated to 4.2.48:
- Do not cleanup the libzypp cache when the system has low memory,
incomplete cache confuses libzypp later (bsc#1179415)
