SUSE: 2021:384-1 suse/sle15 Security Update | LinuxSecurity.com

Advisories

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:384-1
Container Tags        : suse/sle15:15.3 , suse/sle15:15.3.17.8.9
Container Release     : 17.8.9
Severity              : moderate
Type                  : security
References            : 1134353 1184994 1186489 1187911 1188291 1188588 1188713 1189446
                        1189480 1190373 1190374 CVE-2021-22946 CVE-2021-22947 CVE-2021-33574
                        CVE-2021-35942 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3291-1
Released:    Wed Oct  6 16:45:36 2021
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1186489,1187911,CVE-2021-33574,CVE-2021-35942
This update for glibc fixes the following issues:

- CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489).
- CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3298-1
Released:    Wed Oct  6 16:54:52 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1190373,1190374,CVE-2021-22946,CVE-2021-22947
This update for curl fixes the following issues:

- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3310-1
Released:    Wed Oct  6 18:12:41 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1134353,1184994,1188291,1188588,1188713,1189446,1189480
This update for systemd fixes the following issues:

- Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353).
- Multipath: Rules weren't applied to dm devices (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994).
- Remove kernel unsupported single-queue block I/O.
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when updating active udev on sockets restart (bsc#1188291).

- Merge of v246.16, for a complete list of changes, visit:
   https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d

- Drop 1007-tmpfiles-follow-SUSE-policies.patch:
   Since most of the tmpfiles config files shipped by upstream are
   ignored (see previous commit 'Drop most of the tmpfiles that deal
   with generic paths'), this patch is no more relevant.

Additional fixes:
- core: make sure cgroup_oom_queue is flushed on manager exit.
- cgroup: do 'catchup' for unit cgroup inotify watch files.
- journalctl: never fail at flushing when the flushed flag is set (bsc#1188588).
- manager: reexecute on SIGRTMIN+25, user instances only.
- manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446).
- pid1: watchdog modernizations.

SUSE: 2021:384-1 suse/sle15 Security Update

October 9, 2021
The container suse/sle15 was updated

Summary

Advisory ID: SUSE-SU-2021:3291-1 Released: Wed Oct 6 16:45:36 2021 Summary: Security update for glibc Type: security Severity: moderate Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3310-1 Released: Wed Oct 6 18:12:41 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate

References

References : 1134353 1184994 1186489 1187911 1188291 1188588 1188713 1189446

1189480 1190373 1190374 CVE-2021-22946 CVE-2021-22947 CVE-2021-33574

CVE-2021-35942

1186489,1187911,CVE-2021-33574,CVE-2021-35942

This update for glibc fixes the following issues:

- CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489).

- CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911).

1190373,1190374,CVE-2021-22946,CVE-2021-22947

This update for curl fixes the following issues:

- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).

- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).

1134353,1184994,1188291,1188588,1188713,1189446,1189480

This update for systemd fixes the following issues:

- Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353).

- Multipath: Rules weren't applied to dm devices (bsc#1188713).

- Ignore obsolete 'elevator' kernel parameter (bsc#1184994).

- Remove kernel unsupported single-queue block I/O.

- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).

- Avoid error message when updating active udev on sockets restart (bsc#1188291).

- Merge of v246.16, for a complete list of changes, visit:

https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d

- Drop 1007-tmpfiles-follow-SUSE-policies.patch:

Since most of the tmpfiles config files shipped by upstream are

ignored (see previous commit 'Drop most of the tmpfiles that deal

with generic paths'), this patch is no more relevant.

Additional fixes:

- core: make sure cgroup_oom_queue is flushed on manager exit.

- cgroup: do 'catchup' for unit cgroup inotify watch files.

- journalctl: never fail at flushing when the flushed flag is set (bsc#1188588).

- manager: reexecute on SIGRTMIN+25, user instances only.

- manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446).

- pid1: watchdog modernizations.

Severity
Container Advisory ID : SUSE-CU-2021:384-1
Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.9
Container Release : 17.8.9
Severity : moderate
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.