SUSE Container Update Advisory: ses/7/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:315-1
Container Tags        : ses/7/ceph/ceph:15.2.14.84 , ses/7/ceph/ceph:15.2.14.84.6.1 , ses/7/ceph/ceph:latest , ses/7/ceph/ceph:sle15.2.octopus
Container Release     : 6.1
Severity              : critical
Type                  : security
References            : 1172505 1181291 1183561 1183818 1184517 1184614 1185246 1185748
                        1186348 1188571 1188979 1189173 1189206 1189465 1189465 1189520
                        1189521 1189521 1189534 1189554 1189683 CVE-2020-12049 CVE-2021-36222
                        CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-38185 CVE-2021-38185
-----------------------------------------------------------------

The container ses/7/ceph/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2689-1
Released:    Mon Aug 16 10:54:52 2021
Summary:     Security update for cpio
Type:        security
Severity:    important
References:  1189206,CVE-2021-38185
This update for cpio fixes the following issues:

It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2763-1
Released:    Tue Aug 17 17:16:22 2021
Summary:     Recommended update for cpio
Type:        recommended
Severity:    critical
References:  1189465
This update for cpio fixes the following issues:

- A regression in last update would cause builds to hang on various architectures(bsc#1189465)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2780-1
Released:    Thu Aug 19 16:09:15 2021
Summary:     Recommended update for cpio
Type:        recommended
Severity:    critical
References:  1189465,CVE-2021-38185
This update for cpio fixes the following issues:

- A regression in the previous update could lead to crashes (bsc#1189465)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2800-1
Released:    Fri Aug 20 10:43:04 2021
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1188571,CVE-2021-36222
This update for krb5 fixes the following issues:

- CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2810-1
Released:    Mon Aug 23 12:14:30 2021
Summary:     Security update for dbus-1
Type:        security
Severity:    moderate
References:  1172505,CVE-2020-12049
This update for dbus-1 fixes the following issues:

- CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505)

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:2816-1
Released:    Mon Aug 23 14:16:58 2021
Summary:     Optional update for python-kubernetes
Type:        optional
Severity:    low
References:  
This patch provides the python3-kubernetes package to the following modules:

- Container Module for SUSE Linux Enterprise 15 SP2
- Container Module for SUSE Linux Enterprise 15 SP3

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2830-1
Released:    Tue Aug 24 16:20:18 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1189520,1189521,CVE-2021-3711,CVE-2021-3712
This update for openssl-1_1 fixes the following security issues:

- CVE-2021-3711: A bug in the implementation of the SM2 decryption code
  could lead to buffer overflows. [bsc#1189520]

- CVE-2021-3712: a bug in the code for printing certificate details could
  lead to a buffer overrun that a malicious actor could exploit to crash
  the application, causing a denial-of-service attack. [bsc#1189521]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2863-1
Released:    Mon Aug 30 08:18:50 2021
Summary:     Recommended update for python-dbus-python
Type:        recommended
Severity:    moderate
References:  1183818
This update for python-dbus-python fixes the following issues:

- Update to latest version from tumbleweed. (jsc#ECO-3589, bsc#1183818)

- update to 1.2.16:
  * All tests are run even if the 'tap.py' module is not available, althoug diagnostics for failing tests will be better if it is present.

- Support builds with more than one python3 flavor
- Clean duplicate python flavor variables for configure

- Version update to version 1.2.14:
  * Ensure that the numeric types from dbus.types get the same str() under Python 3.8 that they did under previous versions.
  * Disable -Winline.
  * Add clearer license information using SPDX-License-Identifier.
  * Include inherited methods and properties when documenting objects, which regressed when migrating from epydoc to sphinx.
  * Add missing variant_level member to UnixFd type, for parity with the other dbus.types types
  * Don't reply to method calls if they have the NO_REPLY_EXPECTED flag
  * Silence '-Wcast-function-type' with gcc 8.
  * Fix distcheck with python3.7 by deleting '__pycache__' during uninstall.
  * Consistently save and restore the exception indicator when called from C code.

- Add missing dependency for pkg-config files

- Version update to version 1.2.8:
  * Python 2.7 required or 3.4 respectively
  * Upstream dropped epydoc completely

- Add dbus-1-python3 package
- Make BusConnection.list_activatable_names actually call struct entries than the signature allows with libdbus 1.4 imports dbus, is finalized, is re-initialized, and re-imports - When removing signal matches, clean up internal state, avoiding a memory leak in long-lived Python processes that connect to
- When setting the sender of a message, allow it to be org.freedesktop.DBus so you can implement a D-Bus daemon
- New package: dbus-1-python-devel

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2895-1
Released:    Tue Aug 31 19:40:50 2021
Summary:     Recommended update for unixODBC
Type:        recommended
Severity:    moderate
References:  
This update for unixODBC fixes the following issues:

- ECO: Update unixODBC to 2.3.9 in SLE 15. (jsc#SLE-18004)
- Fix incorrect permission for documentation files.
- Update requires and baselibs for new libodbc2.
- Employ shared library packaging guideline: new subpacakge libodbc2. 
- Update to 2.3.9:
  * Remove '#define UNIXODBC_SOURCE' from unixodbc_conf.h

- Update to 2.3.8:
  * Add configure support for editline
  * SQLDriversW was ignoring user config
  * SQLDataSources Fix termination character
  * Fix for pooling seg fault
  * Make calling SQLSetStmtAttrW call the W function in the driver is its there
  * Try and fix race condition clearing system odbc.ini file
  * Remove trailing space from isql/iusql SQL
  * When setting connection attributes set before connect also check if the W entry poins can be used
  * Try calling the W error functions first if available in the driver
  * Add iconvperdriver configure option to allow calling unicode_setup in SQLAllocHandle
  * iconv handles was being lost when reusing pooled connection
  * Catch null copy in iniPropertyInsert
  * Fix a few leaks 

- Update to 2.3.7:
  * Fix for pkg-config file update on no linux platforms
  * Add W entry for GUI work
  * Various fixes for SQLBrowseConnect/W, SQLGetConnectAttr/W,and SQLSetConnectAttr/W
  * Fix buffer overflows in SQLConnect/W and refine behaviour of SQLGet/WritePrivateProfileString
  * SQLBrowseConnect/W allow disconnecting a started browse session after error
  * Add --with-stats-ftok-name configure option to allow the selection of a file name
    used to generate the IPC id when collecting stats. Default is the system odbc.ini file
  * Improve diag record handling with the behavior of Windows DM and export SQLCancelHandle
  * bug fix when SQLGetPrivateProfileString() is called to get a list of sections or a list of keys
  * Connection pooling: Fix liveness check for Unicode drivers

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2938-1
Released:    Fri Sep  3 09:19:36 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1184614

This update for openldap2 fixes the following issue:

- openldap2-contrib is shipped to the Legacy Module. (bsc#1184614)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2966-1
Released:    Tue Sep  7 09:49:14 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    low
References:  1189521,CVE-2021-3712
This update for openssl-1_1 fixes the following issues:

- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. 
  Read buffer overruns processing ASN.1 strings (bsc#1189521).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3001-1
Released:    Thu Sep  9 15:08:13 2021
Summary:     Recommended update for netcfg
Type:        recommended
Severity:    moderate
References:  1189683
This update for netcfg fixes the following issues:

- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3021-1
Released:    Mon Sep 13 10:32:31 2021
Summary:     Recommended update for ceph
Type:        recommended
Severity:    moderate
References:  1181291,1183561,1184517,1185246,1186348,1188979,1189173
This update for ceph fixes the following issues:

- cls/rgw: look for plane entries in non-ascii plain namespace too (bsc#1184517)
- rgw: check object locks in multi-object delete (bsc#1185246)
- mgr/zabbix: adapt zabbix_sender default path (bsc#1186348)
- mgr/cephadm: pass --container-init to 'cephadm deploy' if specified (bsc#1188979)
- mgr/dashboard: Downstream branding: Adapt latest upstream changes to branded navigation component (bsc#1189173)
- qa/tasks/salt_manager: allow gatherlogs for files in subdir
- qa/tasks/ceph_salt: gather /var/log/ceph/cephadm.out
- mgr/zabbix: adapt zabbix_sender default path (bsc#1186348)
- Revert 'cephadm: default container_init to False' (bsc#1188979)
- mgr/cephadm: alias rgw-nfs -> nfs (bsc#1181291)
- mgr/cephadm: on ssh connection error, advice chmod 0600 (bsc#1183561)
- Update _constraints: only honor physical memory, not 'any memory'  (e.g. swap). 

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3030-1
Released:    Tue Sep 14 09:27:45 2021
Summary:     Recommended update for patterns-base
Type:        recommended
Severity:    moderate
References:  1189534,1189554

This update of patterns-base fixes the following issue:

- The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3034-1
Released:    Tue Sep 14 13:49:23 2021
Summary:     Recommended update for python-pytz
Type:        recommended
Severity:    moderate
References:  1185748
This update for python-pytz fixes the following issues:

- Add %pyunittest shim for platforms where it is missing.
- Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748)

- update to 2021.1:
  * update to IANA 2021a timezone release 

- update to 2020.5:
  * update to IANA 2020e timezone release 
  
- update to 2020.4:
  * update to IANA 2020d timezone release

- update to version 2020.1:
  * Test against Python 3.8 and Python 3.9
  * Bump version numbers to 2020.1/2020a
  * use .rst extension name
  * Make FixedOffset part of public API

- Update to 2019.3
  * IANA 2019c

- Add versioned dependency on timezone database to ensure the correct data is installed
- Add a symlink to the  system timezone database

- update to 2019.2
 *	IANA 2019b
 * 	Defer generating case-insensitive lookups