SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:87-1
Container Tags        : suse/sle15:15.2 , suse/sle15:15.2.8.2.878
Container Release     : 8.2.878
Severity              : important
Type                  : security
References            : 1078466 1146705 1172442 1175519 1176201 1178775 1179847 1180020
                        1180083 1180596 1181011 1181328 1181358 1181622 1181831 1182328
                        1182362 1182629 1183094 1183370 1183371 1183456 1183457 1183852
                        CVE-2020-11080 CVE-2021-20231 CVE-2021-20232 CVE-2021-24031 CVE-2021-24032
                        CVE-2021-27218 CVE-2021-27219 CVE-2021-3449 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:778-1
Released:    Fri Mar 12 17:42:25 2021
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1182328,1182362,CVE-2021-27218,CVE-2021-27219
This update for glib2 fixes the following issues:

- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if
  the length is larger than guint. (bsc#1182328)
- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:786-1
Released:    Mon Mar 15 11:19:23 2021
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1176201
This update for zlib fixes the following issues:

- Fixed hw compression on z15 (bsc#1176201)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:874-1
Released:    Thu Mar 18 09:41:54 2021
Summary:     Recommended update for libsolv, libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1179847,1181328,1181622,1182629
This update for libsolv, libzypp, zypper fixes the following issues:

- support multiple collections in updateinfo parser
- Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328)
- Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629)
- Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847)
- Fix '%posttrans' script execution. (fixes #265)
- Repo: Allow multiple baseurls specified on one line (fixes #285)
- Regex: Fix memory leak and undefined behavior.
- Add rpm buildrequires for test suite (fixes #279)
- Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use.
- doc: give more details about creating versioned package locks. (bsc#1181622)
- man: Document synonymously used patch categories (bsc#1179847)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:924-1
Released:    Tue Mar 23 10:00:49 2021
Summary:     Recommended update for filesystem
Type:        recommended
Severity:    moderate
References:  1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094
This update for filesystem the following issues:

- Remove duplicate line due to merge error
- Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) 
- Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
- Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
- Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)

This update for systemd fixes the following issues:

- Fix for a possible memory leak. (bsc#1180020)
- Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
- Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
- Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
- Don't use shell redirections when calling a rpm macro. (bsc#1183094)
- 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:930-1
Released:    Wed Mar 24 12:09:23 2021
Summary:     Security update for nghttp2
Type:        security
Severity:    important
References:  1172442,1181358,CVE-2020-11080
This update for nghttp2 fixes the following issues:

- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:935-1
Released:    Wed Mar 24 12:19:10 2021
Summary:     Security update for gnutls
Type:        security
Severity:    important
References:  1183456,1183457,CVE-2021-20231,CVE-2021-20232
This update for gnutls fixes the following issues:

- CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456).
- CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:948-1
Released:    Wed Mar 24 14:31:34 2021
Summary:     Security update for zstd
Type:        security
Severity:    moderate
References:  1183370,1183371,CVE-2021-24031,CVE-2021-24032
This update for zstd fixes the following issues:

- CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371).
- CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:955-1
Released:    Thu Mar 25 16:11:48 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1183852,CVE-2021-3449
This update for openssl-1_1 fixes the security issue:

* CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted
  renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation
  ClientHello omits the signature_algorithms extension but includes a
  signature_algorithms_cert extension, then a NULL pointer dereference will
  result, leading to a crash and a denial of service attack. OpenSSL TLS
  clients are not impacted by this issue. [bsc#1183852]

SUSE: 2021:87-1 suse/sle15 Security Update

March 30, 2021
The container suse/sle15 was updated

Summary

Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important

References

References : 1078466 1146705 1172442 1175519 1176201 1178775 1179847 1180020

1180083 1180596 1181011 1181328 1181358 1181622 1181831 1182328

1182362 1182629 1183094 1183370 1183371 1183456 1183457 1183852

CVE-2020-11080 CVE-2021-20231 CVE-2021-20232 CVE-2021-24031 CVE-2021-24032

CVE-2021-27218 CVE-2021-27219 CVE-2021-3449

1182328,1182362,CVE-2021-27218,CVE-2021-27219

This update for glib2 fixes the following issues:

- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if

the length is larger than guint. (bsc#1182328)

- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)

1176201

This update for zlib fixes the following issues:

- Fixed hw compression on z15 (bsc#1176201)

1179847,1181328,1181622,1182629

This update for libsolv, libzypp, zypper fixes the following issues:

- support multiple collections in updateinfo parser

- Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328)

- Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629)

- Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847)

- Fix '%posttrans' script execution. (fixes #265)

- Repo: Allow multiple baseurls specified on one line (fixes #285)

- Regex: Fix memory leak and undefined behavior.

- Add rpm buildrequires for test suite (fixes #279)

- Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use.

- doc: give more details about creating versioned package locks. (bsc#1181622)

- man: Document synonymously used patch categories (bsc#1179847)

1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094

This update for filesystem the following issues:

- Remove duplicate line due to merge error

- Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011)

- Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)

- Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)

- Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)

This update for systemd fixes the following issues:

- Fix for a possible memory leak. (bsc#1180020)

- Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)

- Fixed an issue when starting a container conflicts with another one. (bsc#1178775)

- Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)

- Don't use shell redirections when calling a rpm macro. (bsc#1183094)

- 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)

1172442,1181358,CVE-2020-11080

This update for nghttp2 fixes the following issues:

- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358)

1183456,1183457,CVE-2021-20231,CVE-2021-20232

This update for gnutls fixes the following issues:

- CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456).

- CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457).

1183370,1183371,CVE-2021-24031,CVE-2021-24032

This update for zstd fixes the following issues:

- CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371).

- CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370).

1183852,CVE-2021-3449

This update for openssl-1_1 fixes the security issue:

* CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted

renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation

ClientHello omits the signature_algorithms extension but includes a

signature_algorithms_cert extension, then a NULL pointer dereference will

result, leading to a crash and a denial of service attack. OpenSSL TLS

clients are not impacted by this issue. [bsc#1183852]

Severity
Container Advisory ID : SUSE-CU-2021:87-1
Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.878
Container Release : 8.2.878
Severity : important
Type : security

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved