SUSE: 2021:278-1 suse/sles12sp5 Security Update
Summary
Advisory ID: SUSE-SU-2021:2016-1 Released: Fri Jun 18 09:39:25 2021 Summary: Security update for libxml2 Type: security Severity: moderate Advisory ID: SUSE-RU-2021:2086-1 Released: Fri Jun 18 17:28:57 2021 Summary: Recommended update for pam Type: recommended Severity: important Advisory ID: SUSE-SU-2021:2156-1 Released: Thu Jun 24 15:39:39 2021 Summary: Security update for libgcrypt Type: security Severity: important Advisory ID: SUSE-SU-2021:2180-1 Released: Mon Jun 28 17:40:39 2021 Summary: Security update for libsolv Type: security Severity: important Advisory ID: SUSE-SU-2021:2280-1 Released: Fri Jul 9 16:29:17 2021 Summary: Security update for permissions Type: security Severity: moderate Advisory ID: SUSE-SU-2021:2405-1 Released: Tue Jul 20 14:21:55 2021 Summary: Security update for systemd Type: security Severity: moderate Advisory ID: SUSE-SU-2021:2462-1 Released: Fri Jul 23 11:23:22 2021 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-SU-2021:2480-1 Released: Tue Jul 27 13:47:22 2021 Summary: Security update for glibc Type: security Severity: moderate Advisory ID: SUSE-RU-2021:2578-1 Released: Sun Aug 1 15:54:42 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate
References
References : 1027496 1047247 1050467 1093414 1097665 1123886 1131330 1150734
1155939 1157198 1160594 1160764 1161510 1161779 1163922 1171883
1181443 1182899 1184761 1185562 1185807 1186015 1186229 1187212
1187784 1187911 1188063 1188217 1188218 1188219 1188220 CVE-2016-10228
CVE-2019-20387 CVE-2019-3688 CVE-2019-3690 CVE-2020-8013 CVE-2021-22922
CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-3200 CVE-2021-33560
CVE-2021-33910 CVE-2021-3541 CVE-2021-35942
1186015,CVE-2021-3541
This update for libxml2 fixes the following issues:
- CVE-2021-3541: Fixed exponential entity expansion attack that could bypass all existing protection mechanisms (bsc#1186015).
1181443,1185562
This update for pam fixes the following issues:
- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)
1187212,CVE-2021-33560
This update for libgcrypt fixes the following issues:
- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).
1161510,1186229,CVE-2019-20387,CVE-2021-3200
This update for libsolv fixes the following issues:
Security issues fixed:
- CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510)
- CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229)
Other issues fixed:
- backport support for blacklisted packages to support ptf packages and retracted patches
- fix ruleinfo of complex dependencies returning the wrong origin
- fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason
- fix add_complex_recommends() selecting conflicted packages in rare cases
- fix potential segfault in resolve_jobrules
- fix solv_zchunk decoding error if large chunks are used
1047247,1050467,1093414,1097665,1123886,1150734,1155939,1157198,1160594,1160764,1161779,1163922,1171883,1182899,CVE-2019-3688,CVE-2019-3690,CVE-2020-8013
This update for permissions fixes the following issues:
- Fork package for 12-SP5 (bsc#1155939)
- make btmp root:utmp (bsc#1050467, bsc#1182899)
- pcp: remove no longer needed / conflicting entries (bsc#1171883). Fixes a potential security issue.
- do not follow symlinks that are the final path element (CVE-2020-8013, bsc#1163922)
- fix handling of relative directory symlinks in chkstat
- whitelist postgres sticky directories (bsc#1123886)
- fix regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594)
- fix capability handling when doing multiple permission changes at once (bsc#1161779,
- fix invalid free() when permfiles points to argv (bsc#1157198)
- the eror should be reported for permfiles[i], not argv[i], as these are not the same files. (bsc#1047247, bsc#1097665)
- fix /usr/sbin/pinger ownership to root:squid (bsc#1093414, CVE-2019-3688)
- fix privilege escalation through untrusted symlinks (bsc#1150734, CVE-2019-3690)
1184761,1185807,1188063,CVE-2021-33910
This update for systemd fixes the following issues:
- CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063)
- Fixed a regression with hostnamectl and timedatectl (bsc#1184761)
- Fixed permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925
This update for curl fixes the following issues:
- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)
1027496,1131330,1187911,CVE-2016-10228,CVE-2021-35942
This update for glibc fixes the following issues:
Security issues fixed:
- CVE-2021-35942: wordexp: Fixed handle overflow in positional parameter number (bsc#1187911)
- CVE-2016-10228: Rewrite iconv option parsing (bsc#1027496)
Other fixes:
- Fixed race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330)
1187784
This update for openldap2 rebuilds openldap2 against a symbol
versioned enabled openssl 1.0 library.
This is an enablemend for migrations to openssl 1.1.1 which will enable TLS 1.3 support.