SUSE: 2021:354-1 suse/dotnet-aspnet Security Update | LinuxSecurity...

Advisories

SUSE Container Update Advisory: suse/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:354-1
Container Tags        : suse/dotnet-aspnet:5.0 , suse/dotnet-aspnet:5.0.202
Container Release     : 5.1
Severity              : critical
Type                  : security
References            : 1029961 1040589 1047218 1057452 1099521 1106014 1161276 1175448
                        1175449 1178577 1178624 1178675 1181443 1182016 1182604 1182899
                        1183064 1183154 1184358 1184435 1184614 1185163 1185408 1185408
                        1185409 1185409 1185410 1185410 1185438 1185540 1185562 1185698
                        1185807 1185828 1185958 1186015 1186049 1186114 1186411 1186642
                        1187154 1187210 1187212 1187292 1188063 1188127 1188217 1188218
                        1188219 1188220 1188287 1188571 1189206 1189465 1189465 1189550
                        CVE-2020-24370 CVE-2020-24371 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923
                        CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 CVE-2021-3516
                        CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518
                        CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-36222 CVE-2021-38185
                        CVE-2021-38185 
-----------------------------------------------------------------

The container suse/dotnet-aspnet was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1466-1
Released:    Tue May  4 08:30:57 2021
Summary:     Security update for permissions
Type:        security
Severity:    important
References:  1182899
This update for permissions fixes the following issues:

- etc/permissions: remove unnecessary entries (bsc#1182899)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1523-1
Released:    Wed May  5 18:24:20 2021
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518
This update for libxml2 fixes the following issues:

- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1526-1
Released:    Thu May  6 08:57:30 2021
Summary:     Recommended update for bash
Type:        recommended
Severity:    important
References:  1183064
This update for bash fixes the following issues:

- Fixed a segmentation fault that used to occur when bash read a history file
  that was malformed in a very specific way. (bsc#1183064)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1528-1
Released:    Thu May  6 15:31:23 2021
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1161276
This update for openssl-1_1 fixes the following issues:

- Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1543-1
Released:    Fri May  7 15:16:32 2021
Summary:     Recommended update for patterns-microos
Type:        recommended
Severity:    moderate
References:  1184435
This update for patterns-microos provides the following fix:

- Require the libvirt-daemon-qemu package and include the needed dependencies in the
  product. (bsc#1184435)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1565-1
Released:    Tue May 11 14:20:04 2021
Summary:     Recommended update for krb5
Type:        recommended
Severity:    moderate
References:  1185163
This update for krb5 fixes the following issues:

- Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163);

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1612-1
Released:    Fri May 14 17:09:39 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1184614
This update for openldap2 fixes the following issue:

- Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1643-1
Released:    Wed May 19 13:51:48 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1181443,1184358,1185562
This update for pam fixes the following issues:

- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to
  an attempt to resolve it as a hostname (bsc#1184358)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1654-1
Released:    Wed May 19 16:43:36 2021
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537
This update for libxml2 fixes the following issues:

- CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1762-1
Released:    Wed May 26 12:30:01 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1186114,CVE-2021-22898
This update for curl fixes the following issues:

- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).
- Allow partial chain verification [jsc#SLE-17956]
  * Have intermediate certificates in the trust store be treated
    as trust-anchors, in the same way as self-signed root CA
    certificates are. This allows users to verify servers using
    the intermediate cert only, instead of needing the whole chain.
  * Set FLAG_TRUSTED_FIRST unconditionally.
  * Do not check partial chains with CRL check.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1825-1
Released:    Tue Jun  1 16:24:01 2021
Summary:     Security update for lz4
Type:        security
Severity:    important
References:  1185438,CVE-2021-3520
This update for lz4 fixes the following issues:

- CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1861-1
Released:    Fri Jun  4 09:59:40 2021
Summary:     Recommended update for gcc10
Type:        recommended
Severity:    moderate
References:  1029961,1106014,1178577,1178624,1178675,1182016
This update for gcc10 fixes the following issues:

- Disable nvptx offloading for aarch64 again since it doesn't work
- Fixed a build failure issue. (bsc#1182016)
- Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)
- Fix 32bit 'libgnat.so' link. (bsc#1178675)
- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)
- Build complete set of multilibs for arm-none target. (bsc#1106014)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1917-1
Released:    Wed Jun  9 14:48:05 2021
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1186015,CVE-2021-3541
This update for libxml2 fixes the following issues:

- CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1937-1
Released:    Thu Jun 10 10:47:09 2021
Summary:     Recommended update for nghttp2
Type:        recommended
Severity:    moderate
References:  1186642

This update for nghttp2 fixes the following issue:

- The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead
  to migration issues. (bsc#1186642)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2157-1
Released:    Thu Jun 24 15:40:14 2021
Summary:     Security update for libgcrypt
Type:        security
Severity:    important
References:  1187212,CVE-2021-33560
This update for libgcrypt fixes the following issues:

- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2173-1
Released:    Mon Jun 28 14:59:45 2021
Summary:     Recommended update for automake
Type:        recommended
Severity:    moderate
References:  1040589,1047218,1182604,1185540,1186049
This update for automake fixes the following issues:

- Implement generated autoconf makefiles reproducible (bsc#1182604)
- Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
- Avoid bashisms in test-driver script. (bsc#1185540)

This update for pcre fixes the following issues:

- Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)

This update for brp-check-suse fixes the following issues:

- Add fixes to support reproducible builds. (bsc#1186049) 


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2196-1
Released:    Tue Jun 29 09:41:39 2021
Summary:     Security update for lua53
Type:        security
Severity:    moderate
References:  1175448,1175449,CVE-2020-24370,CVE-2020-24371
This update for lua53 fixes the following issues:

Update to version 5.3.6:

- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2205-1
Released:    Wed Jun 30 09:17:41 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    important
References:  1187210
This update for openldap2 fixes the following issues:

- Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2316-1
Released:    Wed Jul 14 13:49:55 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1185807,1185828,1185958,1186411,1187154,1187292
This update for systemd fixes the following issues:

- Restore framebuffer devices as possible master of seat. Until simpledrm driver is released, this change is prematured as some graphical chips don't have DRM driver and fallback to framebuffer. (bsc#1187154)
- Fixed an issue when '/var/lock/subsys' dropped when the creation of 'filesystem' package took the initialization of the generic paths over. (bsc#1187292)

- 'udev' requires systemd in its %post (bsc#1185958)
  nspawn: turn on higher optimization level in seccomp
  nspawn: return ENOSYS by default, EPERM for 'known' calls (bsc#1186411)
  shared/seccomp-util: added functionality to make list of filtred syscalls
  hared/syscall-list: filter out some obviously platform-specific syscalls
  shared/seccomp: reduce scope of indexing variables
  generate-syscall-list: require python3
  shared: add @known syscall list
  meson: add syscall-names-update target
  shared/seccomp: use _cleanup_ in one more place
  home: fix homed.conf install location
- We need to make sure that the creation of the symlinks is done after  updating udev DB so if worker A is preempted by worker B before A  updates the DB but after it creates the symlinks, worker B won't
  manage to overwrite the freshly created symlinks (by A) because A
  has still yet not registered the symlinks in the DB. (bsc#1185828)

- Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2399-1
Released:    Mon Jul 19 19:06:22 2021
Summary:     Recommended update for release packages
Type:        recommended
Severity:    moderate
References:  1099521
This update for the release packages provides the following fix:

- Fix grub menu entries after migration from SLE-12*. (bsc#1099521)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2410-1
Released:    Tue Jul 20 14:41:26 2021
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1188063,CVE-2021-33910
This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1)  (bsc#1188063)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2439-1
Released:    Wed Jul 21 13:46:48 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925
This update for curl fixes the following issues:

- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released:    Thu Jul 29 14:21:52 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2689-1
Released:    Mon Aug 16 10:54:52 2021
Summary:     Security update for cpio
Type:        security
Severity:    important
References:  1189206,CVE-2021-38185
This update for cpio fixes the following issues:

It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2763-1
Released:    Tue Aug 17 17:16:22 2021
Summary:     Recommended update for cpio
Type:        recommended
Severity:    critical
References:  1189465
This update for cpio fixes the following issues:

- A regression in last update would cause builds to hang on various architectures(bsc#1189465)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2780-1
Released:    Thu Aug 19 16:09:15 2021
Summary:     Recommended update for cpio
Type:        recommended
Severity:    critical
References:  1189465,CVE-2021-38185
This update for cpio fixes the following issues:

- A regression in the previous update could lead to crashes (bsc#1189465)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2786-1
Released:    Fri Aug 20 02:02:23 2021
Summary:     Recommended update for bash
Type:        recommended
Severity:    important
References:  1057452,1188287
This update for bash fixes the following issues:

- Allow process group assignment even for modern kernels (bsc#1057452, bsc#1188287)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2800-1
Released:    Fri Aug 20 10:43:04 2021
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1188571,CVE-2021-36222
This update for krb5 fixes the following issues:

- CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3013-1
Released:    Thu Sep  9 16:55:40 2021
Summary:     Recommended update for patterns-base, patterns-server-enterprise, sles15-image
Type:        recommended
Severity:    moderate
References:  1183154,1189550
This update for patterns-base, patterns-server-enterprise, sles15-image fixes the following issues:

- Add pattern to install necessary packages for FIPS (bsc#1183154)
- Add patterns-base-fips to work also in FIPS environments (bsc#1183154)
- Use the same icon in the fips pattern as the previous pattern had (bsc#1189550)

SUSE: 2021:354-1 suse/dotnet-aspnet Security Update

September 23, 2021
The container suse/dotnet-aspnet was updated

Summary

Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate Advisory ID: SUSE-RU-2021:1526-1 Released: Thu May 6 08:57:30 2021 Summary: Recommended update for bash Type: recommended Severity: important Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-SU-2021:1825-1 Released: Tue Jun 1 16:24:01 2021 Summary: Security update for lz4 Type: security Severity: important Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important Advisory ID: SUSE-RU-2021:2316-1 Released: Wed Jul 14 13:49:55 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:2399-1 Released: Mon Jul 19 19:06:22 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:2410-1 Released: Tue Jul 20 14:41:26 2021 Summary: Security update for systemd Type: security Severity: important Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical Advisory ID: SUSE-RU-2021:2786-1 Released: Fri Aug 20 02:02:23 2021 Summary: Recommended update for bash Type: recommended Severity: important Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important Advisory ID: SUSE-RU-2021:3013-1 Released: Thu Sep 9 16:55:40 2021 Summary: Recommended update for patterns-base, patterns-server-enterprise, sles15-image Type: recommended Severity: moderate

References

References : 1029961 1040589 1047218 1057452 1099521 1106014 1161276 1175448

1175449 1178577 1178624 1178675 1181443 1182016 1182604 1182899

1183064 1183154 1184358 1184435 1184614 1185163 1185408 1185408

1185409 1185409 1185410 1185410 1185438 1185540 1185562 1185698

1185807 1185828 1185958 1186015 1186049 1186114 1186411 1186642

1187154 1187210 1187212 1187292 1188063 1188127 1188217 1188218

1188219 1188220 1188287 1188571 1189206 1189465 1189465 1189550

CVE-2020-24370 CVE-2020-24371 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923

CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 CVE-2021-3516

CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518

CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-36222 CVE-2021-38185

CVE-2021-38185

1182899

This update for permissions fixes the following issues:

- etc/permissions: remove unnecessary entries (bsc#1182899)

1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518

This update for libxml2 fixes the following issues:

- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).

- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).

- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).

1183064

This update for bash fixes the following issues:

- Fixed a segmentation fault that used to occur when bash read a history file

that was malformed in a very specific way. (bsc#1183064)

1161276

This update for openssl-1_1 fixes the following issues:

- Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276)

1184435

This update for patterns-microos provides the following fix:

- Require the libvirt-daemon-qemu package and include the needed dependencies in the

product. (bsc#1184435)

1185163

This update for krb5 fixes the following issues:

- Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163);

1184614

This update for openldap2 fixes the following issue:

- Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614)

1181443,1184358,1185562

This update for pam fixes the following issues:

- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)

- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to

an attempt to resolve it as a hostname (bsc#1184358)

- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)

1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537

This update for libxml2 fixes the following issues:

- CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)

- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).

- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).

- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).

1186114,CVE-2021-22898

This update for curl fixes the following issues:

- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).

- Allow partial chain verification [jsc#SLE-17956]

* Have intermediate certificates in the trust store be treated

as trust-anchors, in the same way as self-signed root CA

certificates are. This allows users to verify servers using

the intermediate cert only, instead of needing the whole chain.

* Set FLAG_TRUSTED_FIRST unconditionally.

* Do not check partial chains with CRL check.

1185438,CVE-2021-3520

This update for lz4 fixes the following issues:

- CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438).

1029961,1106014,1178577,1178624,1178675,1182016

This update for gcc10 fixes the following issues:

- Disable nvptx offloading for aarch64 again since it doesn't work

- Fixed a build failure issue. (bsc#1182016)

- Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)

- Fix 32bit 'libgnat.so' link. (bsc#1178675)

- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)

- Build complete set of multilibs for arm-none target. (bsc#1106014)

1186015,CVE-2021-3541

This update for libxml2 fixes the following issues:

- CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015)

1186642

This update for nghttp2 fixes the following issue:

- The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead

to migration issues. (bsc#1186642)

1187212,CVE-2021-33560

This update for libgcrypt fixes the following issues:

- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).

1040589,1047218,1182604,1185540,1186049

This update for automake fixes the following issues:

- Implement generated autoconf makefiles reproducible (bsc#1182604)

- Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)

- Avoid bashisms in test-driver script. (bsc#1185540)

This update for pcre fixes the following issues:

- Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)

This update for brp-check-suse fixes the following issues:

- Add fixes to support reproducible builds. (bsc#1186049)

1175448,1175449,CVE-2020-24370,CVE-2020-24371

This update for lua53 fixes the following issues:

Update to version 5.3.6:

- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)

- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)

- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.

1187210

This update for openldap2 fixes the following issues:

- Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210)

1185807,1185828,1185958,1186411,1187154,1187292

This update for systemd fixes the following issues:

- Restore framebuffer devices as possible master of seat. Until simpledrm driver is released, this change is prematured as some graphical chips don't have DRM driver and fallback to framebuffer. (bsc#1187154)

- Fixed an issue when '/var/lock/subsys' dropped when the creation of 'filesystem' package took the initialization of the generic paths over. (bsc#1187292)

- 'udev' requires systemd in its %post (bsc#1185958)

nspawn: turn on higher optimization level in seccomp

nspawn: return ENOSYS by default, EPERM for 'known' calls (bsc#1186411)

shared/seccomp-util: added functionality to make list of filtred syscalls

hared/syscall-list: filter out some obviously platform-specific syscalls

shared/seccomp: reduce scope of indexing variables

generate-syscall-list: require python3

shared: add @known syscall list

meson: add syscall-names-update target

shared/seccomp: use _cleanup_ in one more place

home: fix homed.conf install location

- We need to make sure that the creation of the symlinks is done after updating udev DB so if worker A is preempted by worker B before A updates the DB but after it creates the symlinks, worker B won't

manage to overwrite the freshly created symlinks (by A) because A

has still yet not registered the symlinks in the DB. (bsc#1185828)

- Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)

1099521

This update for the release packages provides the following fix:

- Fix grub menu entries after migration from SLE-12*. (bsc#1099521)

1188063,CVE-2021-33910

This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063)

1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925

This update for curl fixes the following issues:

- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)

- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)

- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)

- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)

1188127

This update for timezone fixes the following issue:

- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by

the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are

now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).

1189206,CVE-2021-38185

This update for cpio fixes the following issues:

It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)

1189465

This update for cpio fixes the following issues:

- A regression in last update would cause builds to hang on various architectures(bsc#1189465)

1189465,CVE-2021-38185

This update for cpio fixes the following issues:

- A regression in the previous update could lead to crashes (bsc#1189465)

1057452,1188287

This update for bash fixes the following issues:

- Allow process group assignment even for modern kernels (bsc#1057452, bsc#1188287)

1188571,CVE-2021-36222

This update for krb5 fixes the following issues:

- CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)

1183154,1189550

This update for patterns-base, patterns-server-enterprise, sles15-image fixes the following issues:

- Add pattern to install necessary packages for FIPS (bsc#1183154)

- Add patterns-base-fips to work also in FIPS environments (bsc#1183154)

- Use the same icon in the fips pattern as the previous pattern had (bsc#1189550)

Severity
Container Advisory ID : SUSE-CU-2021:354-1
Container Tags : suse/dotnet-aspnet:5.0 , suse/dotnet-aspnet:5.0.202
Container Release : 5.1
Severity : critical
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.