SUSE: 2021:566-1 suse/sle15 Security Update | LinuxSecurity.com

Advisories

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:566-1
Container Tags        : suse/sle15:15.3 , suse/sle15:15.3.17.8.40
Container Release     : 17.8.40
Severity              : moderate
Type                  : security
References            : 1029961 1113013 1162581 1174504 1187654 1191563 1192248 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3891-1
Released:    Fri Dec  3 10:21:49 2021
Summary:     Recommended update for keyutils
Type:        recommended
Severity:    moderate
References:  1029961,1113013,1187654
This update for keyutils fixes the following issues:

- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)

keyutils was updated to 1.6.3 (jsc#SLE-20016):

* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow 'keyctl supports' to retrieve raw capability data.
* Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.
* Allow 'keyctl new_session' to name the keyring.
* Allow 'keyctl add/padd/etc.' to take hex-encoded data.
* Add 'keyctl watch*' to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes. 

Updated to 1.6:

* Apply various specfile cleanups from Fedora.
* request-key: Provide a command line option to suppress helper execution.
* request-key: Find least-wildcard match rather than first match.
* Remove the dependency on MIT Kerberos.
* Fix some error messages
* keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
* Fix doc and comment typos.
* Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
* Add pkg-config support for finding libkeyutils.
* upstream isn't offering PGP signatures for the source tarballs anymore

Updated to 1.5.11 (bsc#1113013)

* Add keyring restriction support.
* Add KDF support to the Diffie-Helman function.
* DNS: Add support for AFS config files and SRV records
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3899-1
Released:    Fri Dec  3 11:27:41 2021
Summary:     Security update for aaa_base
Type:        security
Severity:    moderate
References:  1162581,1174504,1191563,1192248
This update for aaa_base fixes the following issues:

- Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504).
- Add $HOME/.local/bin to PATH, if it exists (bsc#1192248).
- Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563).
- Support xz compressed kernel (bsc#1162581)   


The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-3.52.1 updated
- libkeyutils1-1.6.3-5.6.1 updated

SUSE: 2021:566-1 suse/sle15 Security Update

December 5, 2021
The container suse/sle15 was updated

Summary

Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate

References

References : 1029961 1113013 1162581 1174504 1187654 1191563 1192248

1029961,1113013,1187654

This update for keyutils fixes the following issues:

- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)

keyutils was updated to 1.6.3 (jsc#SLE-20016):

* Revert the change notifications that were using /dev/watch_queue.

* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).

* Allow 'keyctl supports' to retrieve raw capability data.

* Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.

* Allow 'keyctl new_session' to name the keyring.

* Allow 'keyctl add/padd/etc.' to take hex-encoded data.

* Add 'keyctl watch*' to expose kernel change notifications on keys.

* Add caps for namespacing and notifications.

* Set a default TTL on keys that upcall for name resolution.

* Explicitly clear memory after it's held sensitive information.

* Various manual page fixes.

* Fix C++-related errors.

* Add support for keyctl_move().

* Add support for keyctl_capabilities().

* Make key=val list optional for various public-key ops.

* Fix system call signature for KEYCTL_PKEY_QUERY.

* Fix 'keyctl pkey_query' argument passing.

* Use keyctl_read_alloc() in dump_key_tree_aux().

* Various manual page fixes.

Updated to 1.6:

* Apply various specfile cleanups from Fedora.

* request-key: Provide a command line option to suppress helper execution.

* request-key: Find least-wildcard match rather than first match.

* Remove the dependency on MIT Kerberos.

* Fix some error messages

* keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.

* Fix doc and comment typos.

* Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).

* Add pkg-config support for finding libkeyutils.

* upstream isn't offering PGP signatures for the source tarballs anymore

Updated to 1.5.11 (bsc#1113013)

* Add keyring restriction support.

* Add KDF support to the Diffie-Helman function.

* DNS: Add support for AFS config files and SRV records

1162581,1174504,1191563,1192248

This update for aaa_base fixes the following issues:

- Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504).

- Add $HOME/.local/bin to PATH, if it exists (bsc#1192248).

- Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563).

- Support xz compressed kernel (bsc#1162581)

The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-3.52.1 updated

- libkeyutils1-1.6.3-5.6.1 updated

Severity
Container Advisory ID : SUSE-CU-2021:566-1
Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.40
Container Release : 17.8.40
Severity : moderate
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.