Linux Security
    Linux Security
    Linux Security

    SUSE: 2021:6-1 harbor/harbor-notary-server Security Update

    Date 04 Jan 2021
    77
    Posted By LinuxSecurity Advisories
    The container harbor/harbor-notary-server was updated. The following patches have been included in this update:
    SUSE Container Update Advisory: harbor/harbor-notary-server
    -----------------------------------------------------------------
    Container Advisory ID : SUSE-CU-2021:6-1
    Container Tags        : harbor/harbor-notary-server:2.1.2 , harbor/harbor-notary-server:2.1.2-rev1 , harbor/harbor-notary-server:2.1.2-rev1-build1.111
    Container Release     : 1.111
    Severity              : important
    Type                  : security
    References            : 1084671 1169006 1174232 1174593 1174942 1175514 1175623 1177458
                            1177490 1177510 1177858 1177864 1177998 1178346 1178376 1178387
                            1178512 1178554 1178727 1178823 1178825 1179398 1179399 1179431
                            1179491 1179515 1179593 1180138 CVE-2020-1971 CVE-2020-25692
                            CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 
    -----------------------------------------------------------------
    
    The container harbor/harbor-notary-server was updated. The following patches have been included in this update:
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3157-1
    Released:    Wed Nov  4 15:37:05 2020
    Summary:     Recommended update for ca-certificates-mozilla
    Type:        recommended
    Severity:    moderate
    References:  1177864
    This update for ca-certificates-mozilla fixes the following issues:
    
    The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864)
    
    - Removed CAs:
    
      - EE Certification Centre Root CA
      - Taiwan GRCA
    
    - Added CAs:
    
      - Trustwave Global Certification Authority
      - Trustwave Global ECC P256 Certification Authority
      - Trustwave Global ECC P384 Certification Authority
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3290-1
    Released:    Wed Nov 11 12:25:32 2020
    Summary:     Recommended update for findutils
    Type:        recommended
    Severity:    moderate
    References:  1174232
    This update for findutils fixes the following issues:
    
    - Do not unconditionally use leaf optimization for NFS. (bsc#1174232)
      NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made.
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3294-1
    Released:    Wed Nov 11 12:28:46 2020
    Summary:     Recommended update for SLES-release
    Type:        recommended
    Severity:    moderate
    References:  1177998
    This update for SLES-release fixes the following issue:
    
    - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:3313-1
    Released:    Thu Nov 12 16:07:37 2020
    Summary:     Security update for openldap2
    Type:        security
    Severity:    important
    References:  1178387,CVE-2020-25692
    This update for openldap2 fixes the following issues:
    
    - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:3377-1
    Released:    Thu Nov 19 09:29:32 2020
    Summary:     Security update for krb5
    Type:        security
    Severity:    moderate
    References:  1178512,CVE-2020-28196
    This update for krb5 fixes the following security issue:
    
    - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3381-1
    Released:    Thu Nov 19 10:53:38 2020
    Summary:     Recommended update for systemd
    Type:        recommended
    Severity:    moderate
    References:  1177458,1177490,1177510
    This update for systemd fixes the following issues:
    
    - build-sys: optionally disable support of journal over the network (bsc#1177458)
    - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510)
    - mount: don't propagate errors from mount_setup_unit() further up
    - Rely on the new build option --disable-remote for journal_remote
      This allows to drop the workaround that consisted in cleaning journal-upload files and
      {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled.
    - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package 
    - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458)
      These files were incorrectly packaged in the main package when systemd-journal_remote was disabled.
    - Make use of %{_unitdir} and %{_sysusersdir}
    - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3462-1
    Released:    Fri Nov 20 13:14:35 2020
    Summary:     Recommended update for pam and sudo
    Type:        recommended
    Severity:    moderate
    References:  1174593,1177858,1178727
    This update for pam and sudo fixes the following issue:
    
    pam:
    
    - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
    - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
    - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)
    
    sudo:
    
    - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3581-1
    Released:    Tue Dec  1 14:40:22 2020
    Summary:     Recommended update for libusb-1_0
    Type:        recommended
    Severity:    moderate
    References:  1178376
    This update for libusb-1_0 fixes the following issues:
    
    - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3620-1
    Released:    Thu Dec  3 17:03:55 2020
    Summary:     Recommended update for pam
    Type:        recommended
    Severity:    moderate
    References:  
    This update for pam fixes the following issues:
    
    - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720)
      - Check whether the password contains a substring of of the user's name of at least `` characters length in 
      some form. This is enabled by the new parameter `usersubstr=`
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3626-1
    Released:    Fri Dec  4 13:51:46 2020
    Summary:     Recommended update for audit
    Type:        recommended
    Severity:    moderate
    References:  1179515
    This update for audit fixes the following issues:
    
    - Enable Aarch64 processor support. (bsc#1179515) 
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3703-1
    Released:    Mon Dec  7 20:17:32 2020
    Summary:     Recommended update for aaa_base
    Type:        recommended
    Severity:    moderate
    References:  1179431
    This update for aaa_base fixes the following issue:
    
    - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:3721-1
    Released:    Wed Dec  9 13:36:46 2020
    Summary:     Security update for openssl-1_1
    Type:        security
    Severity:    important
    References:  1179491,CVE-2020-1971
    This update for openssl-1_1 fixes the following issues:
    	  
    - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-SU-2020:3735-1
    Released:    Wed Dec  9 18:19:24 2020
    Summary:     Security update for curl
    Type:        security
    Severity:    moderate
    References:  1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286
    This update for curl fixes the following issues:
    
    - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). 
    - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399).
    - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398).	  
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3809-1
    Released:    Tue Dec 15 13:46:05 2020
    Summary:     Recommended update for glib2
    Type:        recommended
    Severity:    moderate
    References:  1178346
    This update for glib2 fixes the following issues:
    
    Update from version 2.62.5 to version 2.62.6:
    
    - Support for slim format of timezone. (bsc#1178346)
    - Fix DST incorrect end day when using slim format. (bsc#1178346)
    - Fix SOCKS5 username/password authentication.
    - Updated translations.
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3853-1
    Released:    Wed Dec 16 12:27:27 2020
    Summary:     Recommended update for util-linux
    Type:        recommended
    Severity:    moderate
    References:  1084671,1169006,1174942,1175514,1175623,1178554,1178825
    This update for util-linux fixes the following issue:
    
    - Do not trigger the automatic close of CDROM. (bsc#1084671)
    - Try to automatically configure broken serial lines. (bsc#1175514)
    - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514)
    - Build with `libudev` support to support non-root users. (bsc#1169006)
    - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
    - Fix warning on mounts to `CIFS` with mount –a. (bsc#1174942)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3942-1
    Released:    Tue Dec 29 12:22:01 2020
    Summary:     Recommended update for libidn2
    Type:        recommended
    Severity:    moderate
    References:  1180138
    This update for libidn2 fixes the following issues:
    
    - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
      adjusted the RPM license tags (bsc#1180138)
    
    -----------------------------------------------------------------
    Advisory ID: SUSE-RU-2020:3943-1
    Released:    Tue Dec 29 12:24:45 2020
    Summary:     Recommended update for libxml2
    Type:        recommended
    Severity:    moderate
    References:  1178823
    This update for libxml2 fixes the following issues:
    
    Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823)
    * key/unique/keyref schema attributes currently use quadratic loops
      to check their various constraints (that keys are unique and that
      keyrefs refer to existing keys).
    * This fix uses a hash table to avoid the quadratic behaviour.
    

    Advisories

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.