SUSE: 2021:482-1 suse/sle15 Security Update
Summary
Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:49 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3013-1 Released: Thu Sep 9 16:55:40 2021 Summary: Recommended update for patterns-base, patterns-server-enterprise, sles15-image Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3274-1 Released: Fri Oct 1 10:34:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important Advisory ID: SUSE-SU-2021:3291-1 Released: Wed Oct 6 16:45:36 2021 Summary: Security update for glibc Type: security Severity: moderate Advisory ID: SUSE-OU-2021:3327-1 Released: Mon Oct 11 11:44:50 2021 Summary: Optional update for coreutils Type: optional Severity: low Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:3474-1 Released: Wed Oct 20 08:41:31 2021 Summary: Security update for util-linux Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important
References
References : 1177127 1178236 1183154 1185016 1185524 1186489 1186503 1186602
1186910 1187224 1187270 1187425 1187466 1187512 1187738 1187760
1187911 1188156 1188344 1188435 1188921 1189031 1189454 1189550
1190052 1190059 1190199 1190465 1190645 1190712 1190739 1190793
1190815 1190858 1190915 1190933 1191987 CVE-2021-33574 CVE-2021-35942
CVE-2021-37600 CVE-2021-39537
This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398).
The following packages were included:
- python3-grpcio
- python3-protobuf
- python3-google-api-core
- python3-google-cloud-core
- python3-google-cloud-storage
- python3-google-resumable-media
- python3-googleapis-common-protos
- python3-grpcio-gcp
- python3-mock (updated to version 3.0.5)
libprotobuf was updated to fix:
- ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)
1177127
This update for protobuf fixes the following issues:
- Add missing dependency of python subpackages on python-six. (bsc#1177127)
1183154,1189550
This update for patterns-base, patterns-server-enterprise, sles15-image fixes the following issues:
- Add pattern to install necessary packages for FIPS (bsc#1183154)
- Add patterns-base-fips to work also in FIPS environments (bsc#1183154)
- Use the same icon in the fips pattern as the previous pattern had (bsc#1189550)
1190858
This update for ca-certificates-mozilla fixes the following issues:
- remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires
September 30th 2021 and openssl certificate chain handling does not
handle this correctly in openssl 1.0.2 and older.
(bsc#1190858)
1186489,1187911,CVE-2021-33574,CVE-2021-35942
This update for glibc fixes the following issues:
- CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489).
- CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911).
1189454
This optional update for coreutils fixes the following issue:
- Provide coreutils documentation, 'coreutils-doc', with 'L2' support level. (bsc#1189454)
This update for ca-certificates-mozilla fixes the following issues:
- A new sub-package for minimal base containers (jsc#SLE-22162)
1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:
- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921)
1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933
This update for yast2-network fixes the following issues:
- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).
- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).
- Consider aliases sections as case insensitive (bsc#1190739).
- Display user defined device name in the devices overview (bnc#1190645).
- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).
- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).
- Fix desktop file so the control center tooltip is translated (bsc#1187270).
- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).
- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).
1190793,CVE-2021-39537
This update for ncurses fixes the following issues:
- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)
1190052
This update for pam fixes the following issues:
- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)
1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815
This update for libzypp, zypper, libsolv and protobuf fixes the following issues:
- Choice rules: treat orphaned packages as newest (bsc#1190465)
- Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
- Do not check of signatures and keys two times(redundant) (bsc#1190059)
- Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
- Show key fpr from signature when signature check fails (bsc#1187224)
- Fix solver jobs for PTFs (bsc#1186503)
- Fix purge-kernels fails (bsc#1187738)
- Fix obs:// platform guessing for Leap (bsc#1187425)
- Make sure to keep states alives while transitioning. (bsc#1190199)
- Manpage: Improve description about patch updates(bsc#1187466)
- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
- Fix crashes in logging code when shutting down (bsc#1189031)
- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
- Add need reboot/restart hint to XML install summary (bsc#1188435)
- Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
- Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)
1191987
This update for pam fixes the following issues:
- Fixed a bad directive file which resulted in
the 'securetty' file to be installed as 'macros.pam'.
(bsc#1191987)
The following package changes have been done:
- bash-4.4-23.16 updated
- ca-certificates-mozilla-2.44-21.1 updated
- coreutils-8.32-3.2.1 updated
- glibc-2.31-9.3.2 updated
- krb5-1.19.2-1.1 updated
- libaugeas0-1.10.1-3.3.1 updated
- libblkid1-2.36.2-4.5.1 updated
- libbrotlicommon1-1.0.7-1.59 added
- libbrotlidec1-1.0.7-1.59 added
- libbz2-1-1.0.8-1.10 updated
- libcurl4-7.79.1-1.2 updated
- libdw1-0.185-2.10 updated
- libelf1-0.185-2.10 updated
- libfdisk1-2.36.2-4.5.1 updated
- libgcrypt20-hmac-1.9.4-1.25 added
- libgcrypt20-1.9.4-1.25 updated
- libglib-2_0-0-2.68.3-1.2 updated
- libgpg-error0-1.42-1.20 updated
- libgpgme11-1.16.0-1.7 updated
- libkeyutils1-1.6.3-1.26 updated
- liblz4-1-1.9.3-1.1 updated
- libmount1-2.36.2-4.5.1 updated
- libncurses6-6.1-5.9.1 updated
- libopenssl1_1-hmac-1.1.1l-1.15 added
- libopenssl1_1-1.1.1l-1.15 updated
- libp11-kit0-0.23.22-1.2 updated
- libprotobuf-lite20-3.9.2-4.9.1 added
- libreadline7-7.0-23.16 updated
- libsmartcols1-2.36.2-4.5.1 updated
- libsolv-tools-0.7.20-1.2 updated
- libsystemd0-249.4-1.1 updated
- libudev1-249.4-1.1 updated
- libuuid1-2.36.2-4.5.1 updated
- libxml2-2-2.9.12-1.1 updated
- libyaml-cpp0_6-0.6.3-1.1 updated
- libzstd1-1.4.9-1.4 updated
- libzypp-17.28.5-1.2 updated
- ncurses-utils-6.1-5.9.1 updated
- openssl-1_1-1.1.1l-1.15 updated
- p11-kit-tools-0.23.22-1.2 updated
- p11-kit-0.23.22-1.2 updated
- pam-1.3.0-6.50.1 updated
- patterns-base-fips-20200124-10.5.1 added
- rpm-config-SUSE-1-9.13 updated
- rpm-ndb-4.14.3-41.2 updated
- sles-release-15.4-19.1 updated
- system-group-hardware-20170617-20.18 updated
- terminfo-base-6.1-5.9.1 updated
- util-linux-2.36.2-4.5.1 updated
- zypper-1.14.49-1.1 updated