Linux Security
    Linux Security
    Linux Security

    SUSE: 2021:51-1 caasp/v4.5/cilium-operator Security Update

    Date 08 Feb 2021
    140
    Posted By LinuxSecurity Advisories
    The container caasp/v4.5/cilium-operator was updated. The following patches have been included in this update:
    SUSE Container Update Advisory: caasp/v4.5/cilium-operator
    -----------------------------------------------------------------
    Container Advisory ID : SUSE-CU-2021:51-1
    Container Tags        : caasp/v4.5/cilium-operator:1.7.6 , caasp/v4.5/cilium-operator:1.7.6-rev5 , caasp/v4.5/cilium-operator:1.7.6-rev5-build5.15.3
    Container Release     : 5.15.3
    Severity              : important
    Type                  : security
    References            : 1050625 1084671 1141597 1169006 1171883 1172695 1173559 1174016
                            1174436 1174942 1175458 1175514 1175623 1177238 1177275 1177348
                            1177427 1177490 1177583 1178346 1178554 1178775 1178823 1178825
                            1178909 1178910 1178931 1178966 1179083 1179222 1179363 1179415
                            1179503 1179816 1179824 1179909 1180077 1180138 1180225 1180603
                            1180603 1180663 1180721 1180885 CVE-2017-9271 CVE-2020-12603
                            CVE-2020-12604 CVE-2020-12605 CVE-2020-25709 CVE-2020-25710 CVE-2020-35471
                            CVE-2020-8025 CVE-2020-8663 
    -----------------------------------------------------------------
    
    The container caasp/v4.5/cilium-operator was updated. The following patches have been included in this update:
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3809-1
    Released:    Tue Dec 15 13:46:05 2020
    Summary:     Recommended update for glib2
    Type:        recommended
    Severity:    moderate
    References:  1178346
    This update for glib2 fixes the following issues:
    
    Update from version 2.62.5 to version 2.62.6:
    
    - Support for slim format of timezone. (bsc#1178346)
    - Fix DST incorrect end day when using slim format. (bsc#1178346)
    - Fix SOCKS5 username/password authentication.
    - Updated translations.
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3853-1
    Released:    Wed Dec 16 12:27:27 2020
    Summary:     Recommended update for util-linux
    Type:        recommended
    Severity:    moderate
    References:  1084671,1169006,1174942,1175514,1175623,1178554,1178825
    This update for util-linux fixes the following issue:
    
    - Do not trigger the automatic close of CDROM. (bsc#1084671)
    - Try to automatically configure broken serial lines. (bsc#1175514)
    - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514)
    - Build with `libudev` support to support non-root users. (bsc#1169006)
    - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
    - Fix warning on mounts to `CIFS` with mount –a. (bsc#1174942)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3942-1
    Released:    Tue Dec 29 12:22:01 2020
    Summary:     Recommended update for libidn2
    Type:        recommended
    Severity:    moderate
    References:  1180138
    This update for libidn2 fixes the following issues:
    
    - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
      adjusted the RPM license tags (bsc#1180138)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3943-1
    Released:    Tue Dec 29 12:24:45 2020
    Summary:     Recommended update for libxml2
    Type:        recommended
    Severity:    moderate
    References:  1178823
    This update for libxml2 fixes the following issues:
    
    Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823)
    * key/unique/keyref schema attributes currently use quadratic loops
      to check their various constraints (that keys are unique and that
      keyrefs refer to existing keys).
    * This fix uses a hash table to avoid the quadratic behaviour.
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2021:109-1
    Released:    Wed Jan 13 10:13:24 2021
    Summary:     Security update for libzypp, zypper
    Type:        security
    Severity:    moderate
    References:  1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271
    This update for libzypp, zypper fixes the following issues:
    
    Update zypper to version 1.14.41
    
    Update libzypp to 17.25.4
    
    - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583)
    - RepoManager: Force refresh if repo url has changed (bsc#1174016)
    - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966)
    - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427).
    - RpmDb: If no database exists use the _dbpath configured in rpm.  Still makes sure a compat
      symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910)
    - Fixed update of gpg keys with elongated expire date (bsc#179222)
    - needreboot: remove udev from the list (bsc#1179083)
    - Fix lsof monitoring (bsc#1179909)
    
    yast-installation was updated to 4.2.48:
    
    - Do not cleanup the libzypp cache when the system has low memory,
      incomplete cache confuses libzypp later (bsc#1179415)
    
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2021:129-1
    Released:    Thu Jan 14 12:26:15 2021
    Summary:     Security update for openldap2
    Type:        security
    Severity:    moderate
    References:  1178909,1179503,CVE-2020-25709,CVE-2020-25710
    This update for openldap2 fixes the following issues:
    
    Security issues fixed:
    
    - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
    - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
    
    Non-security issue fixed:
    
    - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2021:169-1
    Released:    Tue Jan 19 16:18:46 2021
    Summary:     Recommended update for libsolv, libzypp, zypper
    Type:        recommended
    Severity:    moderate
    References:  1179816,1180077,1180663,1180721
    This update for libsolv, libzypp, zypper fixes the following issues:
    
    libzypp was updated to 17.25.6:
    
    - Rephrase solver problem descriptions (jsc#SLE-8482)
    - Adapt to changed gpg2/libgpgme behavior (bsc#1180721)
    - Multicurl backend breaks with with unknown filesize (fixes #277)
    
    zypper was updated to 1.14.42:
    
    - Fix source-download commnds help (bsc#1180663)
    - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816)
    - Extend apt packagemap (fixes #366)
    - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077)
    
    libsolv was updated to 0.7.16;
    
    - do not ask the namespace callback for splitprovides when writing a testcase
    - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes
    - improve choicerule generation so that package updates are prefered in more cases
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2021:174-1
    Released:    Wed Jan 20 07:55:23 2021
    Summary:     Recommended update for gnutls
    Type:        recommended
    Severity:    moderate
    References:  1172695
    This update for gnutls fixes the following issue:
    
    - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2021:197-1
    Released:    Fri Jan 22 15:17:42 2021
    Summary:     Security update for permissions
    Type:        security
    Severity:    moderate
    References:  1171883,CVE-2020-8025
    This update for permissions fixes the following issues:
    
    - Update to version 20181224:
      * pcp: remove no longer needed / conflicting entries
             (bsc#1171883, CVE-2020-8025)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2021:220-1
    Released:    Tue Jan 26 14:00:51 2021
    Summary:     Recommended update for keyutils
    Type:        recommended
    Severity:    moderate
    References:  1180603
    This update for keyutils fixes the following issues:
    
    - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2021:233-1
    Released:    Wed Jan 27 12:15:33 2021
    Summary:     Recommended update for systemd
    Type:        recommended
    Severity:    moderate
    References:  1141597,1174436,1175458,1177490,1179363,1179824,1180225
    This update for systemd fixes the following issues:
    
    - Added a timestamp to the output of the busctl monitor command (bsc#1180225)
    - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824)
    - Improved the caching of cgroups member mask (bsc#1175458)
    - Fixed the dependency definition of sound.target (bsc#1179363)
    - Fixed a bug that could lead to a potential error, when daemon-reload is called between
      StartTransientUnit and scope_start() (bsc#1174436)
    - time-util: treat /etc/localtime missing as UTC (bsc#1141597)
    - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2021:265-1
    Released:    Mon Feb  1 15:06:45 2021
    Summary:     Recommended update for systemd
    Type:        recommended
    Severity:    important
    References:  1178775,1180885
    This update for systemd fixes the following issues:
    
    - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998))
    - Fix for an issue when container start causes interference in other containers. (bsc#1178775)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2021:293-1
    Released:    Wed Feb  3 12:52:34 2021
    Summary:     Recommended update for gmp
    Type:        recommended
    Severity:    moderate
    References:  1180603
    This update for gmp fixes the following issues:
    
    - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2021:335-1
    Released:    Mon Feb  8 11:19:09 2021
    Summary:     Include cilium addon security fixes and a new skuba release with updated add-ons
    Type:        security
    Severity:    important
    References:  1173559,1177348,1178931,CVE-2020-12603,CVE-2020-12604,CVE-2020-12605,CVE-2020-35471,CVE-2020-8663
     == Cilium (Security fixes)
    This fix involves an upgrade of cilium add-on. See https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_updates.html#_updating_kubernetes_components for the upgrade procedure.
    == Skuba
    In order to update skuba you need to update the management workstation. See detailed instructions at https://documentation.suse.com/suse-caasp/4.5/html/caasp-admin/_cluster_updates.html#_update_management_workstation
    -----------------------------------------------------------------
    Advisory ID: SUSE-OU-2021:339-1
    Released:    Mon Feb  8 13:16:07 2021
    Summary:     Optional update for pam
    Type:        optional
    Severity:    low
    References:  
    This update for pam fixes the following issues:
    
    - Added rpm macros for this package, so that other packages can make use of it
    
    This patch is optional to be installed - it doesn't fix any bugs.
    

    Advisories

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.