SUSE: 2021:316-1 ses/7/prometheus-webhook-snmp Security Update
Summary
Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important Advisory ID: SUSE-SU-2021:2817-1 Released: Mon Aug 23 15:05:36 2021 Summary: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 Type: security Severity: moderate Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3034-1 Released: Tue Sep 14 13:49:23 2021 Summary: Recommended update for python-pytz Type: recommended Severity: moderate
References
References : 1102408 1138715 1138746 1176389 1177120 1182421 1182422 1184614
1184994 1185748 1188063 1188127 1188217 1188218 1188219 1188220
1188571 1189206 1189465 1189465 1189520 1189521 1189521 1189534
1189554 1189683 CVE-2020-26137 CVE-2021-22922 CVE-2021-22923
CVE-2021-22924 CVE-2021-22925 CVE-2021-33910 CVE-2021-36222 CVE-2021-3711
CVE-2021-3712 CVE-2021-3712 CVE-2021-38185 CVE-2021-38185
1184994,1188063,CVE-2021-33910
This update for systemd fixes the following issues:
- CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063)
- Skip udev rules if 'elevator=' is used (bsc#1184994)
1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925
This update for curl fixes the following issues:
- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)
1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
1189206,CVE-2021-38185
This update for cpio fixes the following issues:
It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)
1189465
This update for cpio fixes the following issues:
- A regression in last update would cause builds to hang on various architectures(bsc#1189465)
1189465,CVE-2021-38185
This update for cpio fixes the following issues:
- A regression in the previous update could lead to crashes (bsc#1189465)
1188571,CVE-2021-36222
This update for krb5 fixes the following issues:
- CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)
1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137
This patch updates the Python AWS SDK stack in SLE 15:
General:
# aws-cli
- Version updated to upstream release v1.19.9
For a detailed list of all changes, please refer to the changelog file of this package.
# python-boto3
- Version updated to upstream release 1.17.9
For a detailed list of all changes, please refer to the changelog file of this package.
# python-botocore
- Version updated to upstream release 1.20.9
For a detailed list of all changes, please refer to the changelog file of this package.
# python-urllib3
- Version updated to upstream release 1.25.10
For a detailed list of all changes, please refer to the changelog file of this package.
# python-service_identity
- Added this new package to resolve runtime dependencies for other packages.
Version: 18.1.0
# python-trustme
- Added this new package to resolve runtime dependencies for other packages.
Version: 0.6.0
Security fixes:
# python-urllib3:
- CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated
by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120)
1189520,1189521,CVE-2021-3711,CVE-2021-3712
This update for openssl-1_1 fixes the following security issues:
- CVE-2021-3711: A bug in the implementation of the SM2 decryption code
could lead to buffer overflows. [bsc#1189520]
- CVE-2021-3712: a bug in the code for printing certificate details could
lead to a buffer overrun that a malicious actor could exploit to crash
the application, causing a denial-of-service attack. [bsc#1189521]
1184614
This update for openldap2 fixes the following issue:
- openldap2-contrib is shipped to the Legacy Module. (bsc#1184614)
1189521,CVE-2021-3712
This update for openssl-1_1 fixes the following issues:
- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712.
Read buffer overruns processing ASN.1 strings (bsc#1189521).
1189683
This update for netcfg fixes the following issues:
- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]
1189534,1189554
This update of patterns-base fixes the following issue:
- The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534)
1185748
This update for python-pytz fixes the following issues:
- Add %pyunittest shim for platforms where it is missing.
- Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748)
- update to 2021.1:
* update to IANA 2021a timezone release
- update to 2020.5:
* update to IANA 2020e timezone release
- update to 2020.4:
* update to IANA 2020d timezone release
- update to version 2020.1:
* Test against Python 3.8 and Python 3.9
* Bump version numbers to 2020.1/2020a
* use .rst extension name
* Make FixedOffset part of public API
- Update to 2019.3
* IANA 2019c
- Add versioned dependency on timezone database to ensure the correct data is installed
- Add a symlink to the system timezone database
- update to 2019.2
* IANA 2019b
* Defer generating case-insensitive lookups