SUSE Container Update Advisory: ses/7/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:265-1
Container Tags        : ses/7/ceph/ceph:15.2.13.79 , ses/7/ceph/ceph:15.2.13.79.4.268 , ses/7/ceph/ceph:latest , ses/7/ceph/ceph:sle15.2.octopus
Container Release     : 4.268
Severity              : important
Type                  : security
References            : 1040589 1047218 1047218 1099521 1154935 1157818 1158812 1158958
                        1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438
                        1160439 1164719 1167471 1172091 1172115 1172234 1172236 1172240
                        1172389 1173641 1175448 1175449 1176248 1177233 1178561 1180196
                        1182604 1183670 1184124 1184124 1184527 1184761 1184961 1184967
                        1185046 1185208 1185221 1185331 1185505 1185540 1185797 1185807
                        1185958 1186049 1186110 1186447 1186503 1186561 1186579 1186642
                        1186642 1186642 1186706 1186706 1187060 1187105 1187210 1187212
                        1187292 1187400 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244
                        CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880
                        CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959
                        CVE-2019-20218 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631
                        CVE-2020-13632 CVE-2020-13757 CVE-2020-15358 CVE-2020-24370 CVE-2020-24371
                        CVE-2020-35512 CVE-2020-9327 CVE-2021-33560 CVE-2021-3580 
-----------------------------------------------------------------

The container ses/7/ceph/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1973-1
Released:    Tue Jun 15 12:10:54 2021
Summary:     Recommended update for libreoffice and xmlsec1
Type:        recommended
Severity:    important
References:  1184527,1184961,1185505,1185797,1186110,1186706
This update for libreoffice and xmlsec1 fixes the following issues:

libreoffice:

Update from version 7.1.2.2 to version 7.1.3.2

- Searching in PPTX document makes LibreOffice crash. (bsc#1185797)
- Fix a text highlight issue when saving as PPTX. (bsc#1185505)
- Recommend `libreoffice-qt5` only when it is actually created
- Fix a build error with GCC11. (bsc#1186110)
- LibreOffice requires at least java 1.8.0 to run properly.
- Fix a potential dataloss in LibreOffice Math. (bsc#1184961, bsc#1184527)

  The issue occurred only while trying to close the document via shortcuts. 
  In this case LibreOffice Math was closed without asking to save the document.

xmlsec1:

- Provide missing binaries to SUSE Linux Enterprise 15-SP3 with l3 support level. (bsc#1186706)

myspell-dictionaries:

- Provide missing binaries to SUSE Linux Enterprise 15-SP3 with l2 support level. (bsc#1186706)

 
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2001-1
Released:    Thu Jun 17 16:54:07 2021
Summary:     Recommended update for python-pycryptodome
Type:        recommended
Severity:    moderate
References:  1186642

This update for python-pycryptodome fixes the following issue:

- python-pycryptodome had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead
  to migration issues. (bsc#1186642)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2008-1
Released:    Thu Jun 17 18:07:45 2021
Summary:     Security update for python-rsa
Type:        security
Severity:    important
References:  1172389,CVE-2020-13757
This update for python-rsa fixes the following issues:

- CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext (bsc#1172389)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2096-1
Released:    Mon Jun 21 13:35:38 2021
Summary:     Recommended update for python-six
Type:        recommended
Severity:    moderate
References:  1186642

This update for python-six fixes the following issue:

- python-six had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead
  to migration issues. (bsc#1186642)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2143-1
Released:    Wed Jun 23 16:27:04 2021
Summary:     Security update for libnettle
Type:        security
Severity:    important
References:  1187060,CVE-2021-3580
This update for libnettle fixes the following issues:

- CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2157-1
Released:    Thu Jun 24 15:40:14 2021
Summary:     Security update for libgcrypt
Type:        security
Severity:    important
References:  1187212,CVE-2021-33560
This update for libgcrypt fixes the following issues:

- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2173-1
Released:    Mon Jun 28 14:59:45 2021
Summary:     Recommended update for automake
Type:        recommended
Severity:    moderate
References:  1040589,1047218,1182604,1185540,1186049
This update for automake fixes the following issues:

- Implement generated autoconf makefiles reproducible (bsc#1182604)
- Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
- Avoid bashisms in test-driver script. (bsc#1185540)

This update for pcre fixes the following issues:

- Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)

This update for brp-check-suse fixes the following issues:

- Add fixes to support reproducible builds. (bsc#1186049) 


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2178-1
Released:    Mon Jun 28 15:56:15 2021
Summary:     Recommended update for systemd-presets-common-SUSE
Type:        recommended
Severity:    moderate
References:  1186561
This update for systemd-presets-common-SUSE fixes the following issues:

When installing the systemd-presets-common-SUSE package for the
first time in a new system, it might happen that some services
are installed before systemd so the %systemd_pre/post macros
would not work. This is handled by enabling all preset services
in this package's %posttrans section but it wasn't enabling
user services, just system services. Now it enables also the
user services installed before this package (bsc#1186561)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2179-1
Released:    Mon Jun 28 17:36:37 2021
Summary:     Recommended update for thin-provisioning-tools
Type:        recommended
Severity:    moderate
References:  1184124
This update for thin-provisioning-tools fixes the following issues:

- Link as position-independent executable (bsc#1184124)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2196-1
Released:    Tue Jun 29 09:41:39 2021
Summary:     Security update for lua53
Type:        security
Severity:    moderate
References:  1175448,1175449,CVE-2020-24370,CVE-2020-24371
This update for lua53 fixes the following issues:

Update to version 5.3.6:

- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2205-1
Released:    Wed Jun 30 09:17:41 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    important
References:  1187210
This update for openldap2 fixes the following issues:

- Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2210-1
Released:    Wed Jun 30 13:00:09 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1184124
This update for lvm2 fixes the following issues:

- Link test as position independent executable and update packages with non-PIE binaries. (bsc#1184124)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2224-1
Released:    Thu Jul  1 13:48:44 2021
Summary:     Recommended update for psmisc
Type:        recommended
Severity:    important
References:  1185208
This update for psmisc fixes the following issues:

- It does no longer list all processes from different private namespaces
  when fuser is run on an NFS mount. This led to an issue where the wrong
  processes were terminated in an SAP application cluster environment (bsc#1185208)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2229-1
Released:    Thu Jul  1 20:40:37 2021
Summary:     Recommended update for release packages
Type:        recommended
Severity:    moderate
References:  1099521,1185221
This update for the release packages provides the following fix:

- Fix grub menu entries after migration from SLE-12*. (bsc#1099521)
- Adjust the sles-release changelog to include an entry for the previous release that was
  reverting a broken change. (bsc#1185221)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2233-1
Released:    Fri Jul  2 12:49:43 2021
Summary:     Recommended update for rdma-core
Type:        recommended
Severity:    moderate
References:  1176248,1180196
This update for rdma-core fixes the following issues:

Update to v31.0 (jsc#SLE-15657, jsc#SLE-15731, jsc#SLE-15743, jsc#SLE-15810, jsc#ECO-3504)

- Keep `rxe_cfg` binary available for SUSE Linux Enterprise 15-SP2 (bsc#1176248)
- Make sure `srp_daemon` is loaded at boot if enabled (bsc#1180196)
- Fix support of older providers with newer `rdma-core` internal ABI
 
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2246-1
Released:    Mon Jul  5 15:17:49 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400
This update for systemd fixes the following issues:

  cgroup: Parse infinity properly for memory protections. (bsc#1167471)
  cgroup: Make empty assignments reset to default. (bsc#1167471)
  cgroup: Support 0-value for memory protection directives. (bsc#1167471)
  core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935)
  bus-unit-util: Add proper 'MemorySwapMax' serialization.
  core: Accept MemorySwapMax= properties that are scaled.
  execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967)
  core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331)
  Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046)
  rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561)
  write_net_rules: Set execute bits. (bsc#1178561)
  udev: Rework network device renaming.
  Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available''
    
  mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761)
  core: fix output (logging) for mount units (#7603) (bsc#1187400)
  udev requires systemd in its %post (bsc#1185958)
  cgroup: Parse infinity properly for memory protections (bsc#1167471)
  cgroup: Make empty assignments reset to default (bsc#1167471)
  cgroup: Support 0-value for memory protection directives (bsc#1167471)
  Create /run/lock/subsys again (bsc#1187292)
  The creation of this directory was mistakenly dropped when
  'filesystem' package took the initialization of the generic paths
  over.
  Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
  
  

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:2249-1
Released:    Mon Jul  5 15:40:46 2021
Summary:     Optional update for gnutls
Type:        optional
Severity:    low
References:  1047218,1186579
This update for gnutls does not fix any user visible issues. It is therefore optional to install.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2261-1
Released:    Tue Jul  6 13:34:21 2021
Summary:     Recommended update for xmlsec1
Type:        recommended
Severity:    moderate
References:  1177233,1186642,1186706
This update rereleases xmlsec1 for SUSE Linux Enterprise 15 SP3 to fix a migration issue.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2273-1
Released:    Thu Jul  8 09:48:48 2021
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1186447,1186503
This update for libzypp, zypper fixes the following issues:

- Enhance XML output of repo GPG options
- Add optional attributes showing the raw values actually present in the '.repo' file.
- Link all executables with -PIE (bsc#1186447)
- Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645)
- Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503)
- Fix segv if 'ZYPP_FULLOG' is set.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2277-1
Released:    Fri Jul  9 11:08:40 2021
Summary:     Recommended update for strongswan
Type:        recommended
Severity:    moderate
References:  1183670
This update for strongswan fixes the following issues:

- Add config to run ipsec on namespaces. (bsc#1183670)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2292-1
Released:    Mon Jul 12 08:25:20 2021
Summary:     Security update for dbus-1
Type:        security
Severity:    important
References:  1187105,CVE-2020-35512
This update for dbus-1 fixes the following issues:

- CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2320-1
Released:    Wed Jul 14 17:01:06 2021
Summary:     Security update for sqlite3
Type:        security
Severity:    important
References:  1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327
This update for sqlite3 fixes the following issues:

- Update to version 3.36.0
- CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener
  optimization (bsc#1173641)
- CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in
  isAuxiliaryVtabOperator (bsc#1164719)
- CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)
- CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438)
- CVE-2019-19923: improper handling  of  certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer
  dereference (bsc#1160309)
- CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)
- CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)
- CVE-2019-19926: improper handling  of certain errors during parsing  multiSelect in select.c (bsc#1159715)
- CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference
  (bsc#1159491)
- CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with
  a shadow table name (bsc#1158960)
- CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated
  columns (bsc#1158959)
- CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views
  in conjunction with ALTER TABLE statements (bsc#1158958)
- CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column,
  which allows attackers to cause a denial of service (bsc#1158812)
- CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a
  sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)
- CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)
- CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)
- CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)
- CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow
- CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)
- CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)
- CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)