SUSE: 2021:240-1 ses/7/ceph/ceph Security Update
Summary
Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1552-1 Released: Mon May 10 19:15:13 2021 Summary: Recommended update for strongswan Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:1557-1 Released: Tue May 11 09:50:00 2021 Summary: Security update for python3 Type: security Severity: moderate Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1582-1 Released: Wed May 12 13:40:03 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low Advisory ID: SUSE-RU-2021:1600-1 Released: Thu May 13 16:34:08 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1640-1 Released: Wed May 19 13:47:50 2021 Summary: Recommended update for strongswan Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important Advisory ID: SUSE-RU-2021:1669-1 Released: Thu May 20 11:10:44 2021 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1675-1 Released: Thu May 20 15:00:23 2021 Summary: Recommended update for snappy Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1677-1 Released: Thu May 20 15:29:32 2021 Summary: Recommended update for purge-kernels-service Type: recommended Severity: low Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-RU-2021:1773-1 Released: Wed May 26 17:22:21 2021 Summary: Recommended update for python3 Type: recommended Severity: low Advisory ID: SUSE-SU-2021:1777-1 Released: Thu May 27 11:20:53 2021 Summary: Security update for ceph Type: security Severity: important Advisory ID: SUSE-RU-2021:1801-1 Released: Mon May 31 07:36:01 2021 Summary: Recommended update for openssh Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:1806-1 Released: Mon May 31 16:23:04 2021 Summary: Security update for python-httplib2 Type: security Severity: moderate
References
References : 1080040 1115550 1161276 1171998 1174162 1180851 1181443 1181540
1181651 1181874 1182053 1182936 1183064 1183194 1183374 1183628
1183797 1184358 1184399 1184435 1184507 1184614 1184687 1184997
1185163 1185170 1185190 1185239 1185277 1185363 1185363 1185408
1185409 1185410 1185417 1185438 1185562 1185619 1185698 1186020
1186021 1186114 CVE-2020-11078 CVE-2021-21240 CVE-2021-22898
CVE-2021-3426 CVE-2021-3509 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518
CVE-2021-3520 CVE-2021-3524 CVE-2021-3531 CVE-2021-3537
1183064
This update for bash fixes the following issues:
- Fixed a segmentation fault that used to occur when bash read a history file
that was malformed in a very specific way. (bsc#1183064)
1161276
This update for openssl-1_1 fixes the following issues:
- Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276)
1184435
This update for patterns-microos provides the following fix:
- Require the libvirt-daemon-qemu package and include the needed dependencies in the
product. (bsc#1184435)
1180851,1181874,1182936,1183628,1184997,1185239
This update for libzypp fixes the following issues:
Upgrade from version 17.25.8 to version 17.25.10
- Properly handle permission denied when providing optional files. (bsc#1185239)
- Fix service detection with `cgroupv2`. (bsc#1184997)
- Add missing includes for GCC 11. (bsc#1181874)
- Fix unsafe usage of static in media verifier.
- `Solver`: Avoid segfault if no system is loaded. (bsc#1183628)
- `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851)
- Do no cleanup in custom cache dirs. (bsc#1182936)
- `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`.
1185417
This update for procps fixes the following issues:
- Support up to 2048 CPU as well. (bsc#1185417)
1185363
This update for strongswan fixes the following issues:
- Added support for AES CCM aead algorithms to openssl plugin (bsc#1185363)
1183374,CVE-2021-3426
This update for python3 fixes the following issues:
- CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374)
1185163
This update for krb5 fixes the following issues:
- Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163);
1184687,1185190
This update for lvm2 fixes the following issues:
- Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190)
- Fixed and issue when LVM can't be disabled on boot. (bsc#1184687)
- Update patch for avoiding apply warning messages. (bsc#1012973)
1183797
This update for sed fixes the following issues:
- Fixed a building issue with glibc-2.31 (bsc#1183797).
This patch is optional to install.
1185277
This update for dracut fixes the following issue:
Update to version 049.1+suse.188.gbf445638:
- Do not resolve symbolic links before `instmod`. (bsc#1185277)
1184614
This update for openldap2 fixes the following issue:
- Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614)
1185363
This update for strongswan fixes the following issues:
- FIPS: Replace AEAD AES CCM patch with upstream variant (bsc#1185363)
1181443,1184358,1185562
This update for pam fixes the following issues:
- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to
an attempt to resolve it as a hostname (bsc#1184358)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)
1185438,CVE-2021-3520
This update for lz4 fixes the following issues:
- CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438).
1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537
This update for libxml2 fixes the following issues:
- CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).
1181540,1181651,1183194,1185170
This update for nfs-utils fixes the following issues:
- The '/var/run' is long deprecated - switch all relevant paths to '/run'. (bsc#1185170)
- Improve logging of authentication (bsc#1181540)
- Add man page of the 'nconnect mount'. (bsc#1181651)
- Fixed an issue when HANA crashed due to inaccessible/hanging NFS mount. (bsc#1183194)
1080040,1184507
This update for snappy fixes the following issues:
Update from version 1.1.3 to 1.1.8
- Small performance improvements.
- Removed `snappy::string` alias for `std::string`.
- Improved `CMake` configuration.
- Improved packages descriptions.
- Fix RPM groups.
- Aarch64 fixes
- PPC speedups
- PIE improvements
- Fix license install. (bsc#1080040)
- Fix a 1% performance regression when snappy is used in PIE executable.
- Improve compression performance by 5%.
- Improve decompression performance by 20%.
- Use better download URL.
- Fix a build issue for tensorflow2. (bsc#1184507)
1184399
This update for purge-kernels-service fixes the following issues:
- Add 'ZYPP_LOCK_TIMEOUT=-1' to keep waiting for the lock to avoid possible conflict with other background services uding zypper. (bsc#1184399)
1186114,CVE-2021-22898
This update for curl fixes the following issues:
- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).
- Allow partial chain verification [jsc#SLE-17956]
* Have intermediate certificates in the trust store be treated
as trust-anchors, in the same way as self-signed root CA
certificates are. This allows users to verify servers using
the intermediate cert only, instead of needing the whole chain.
* Set FLAG_TRUSTED_FIRST unconditionally.
* Do not check partial chains with CRL check.
This update for python3 fixes the following issues:
- Make sure to close the import_failed.map file after the exception
has been raised in order to avoid ResourceWarnings when the
failing import is part of a try...except block.
1185619,1186020,1186021,CVE-2021-3509,CVE-2021-3524,CVE-2021-3531
This update for ceph fixes the following issues:
- Update to 15.2.12-83-g528da226523:
- (CVE-2021-3509) fix cookie injection issue (bsc#1186021)
- (CVE-2021-3531) RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (bsc#1186020)
- (CVE-2021-3524) sanitize \r in s3 CORSConfiguration’s ExposeHeader (bsc#1185619)
1115550,1174162
This update for openssh fixes the following issues:
- Fixed a race condition leading to a sshd termination of multichannel sessions with non-root users (bsc#1115550, bsc#1174162).
1171998,1182053,CVE-2020-11078,CVE-2021-21240
This update for python-httplib2 fixes the following issues:
- Update to version 0.19.0 (bsc#1182053).
- CVE-2021-21240: Fixed regular expression denial of service via malicious header (bsc#1182053).
- CVE-2020-11078: Fixed unescaped part of uri where an attacker could change request headers and body (bsc#1182053).