SUSE Container Update Advisory: trento/trento-runner
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:109-1
Container Tags        : trento/trento-runner:0.8.1 , trento/trento-runner:0.8.1-rev1.1.0 , trento/trento-runner:0.8.1-rev1.1.0-build150300.3.2.2 , trento/trento-runner:latest
Container Release     : 150300.3.2.2
Severity              : important
Type                  : security
References            : 1180125 1190566 1190824 1192249 1193179 1193711 1194251 1194362
                        1194474 1194476 1194477 1194478 1194479 1194480 CVE-2021-45960
                        CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825
                        CVE-2022-22826 CVE-2022-22827 
-----------------------------------------------------------------

The container trento/trento-runner was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:4162-1
Released:    Wed Dec 22 16:28:38 2021
Summary:     Feature update for trento-premium
Type:        optional
Severity:    moderate
References:  

This update ships 'trento-premium' monitoring solution for SLES 4 SAP.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:48-1
Released:    Tue Jan 11 09:17:57 2022
Summary:     Recommended update for python3
Type:        recommended
Severity:    moderate
References:  1190566,1192249,1193179
This update for python3 fixes the following issues:

- Don't use OpenSSL 1.1 on platforms which don't have it.

- Remove shebangs from python-base libraries in '_libdir'. (bsc#1193179, bsc#1192249).
- Build against 'openssl 1.1' as it is incompatible with 'openssl 3.0+'  (bsc#1190566)
- Fix for permission error when changing the mtime of the source file in presence of 'SOURCE_DATE_EPOCH'.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:96-1
Released:    Tue Jan 18 05:14:44 2022
Summary:     Recommended update for rpm
Type:        recommended
Severity:    important
References:  1180125,1190824,1193711
This update for rpm fixes the following issues:

- Fix header check so that old rpms no longer get rejected (bsc#1190824)
- Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:178-1
Released:    Tue Jan 25 14:16:23 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827
This update for expat fixes the following issues:
  
- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).
- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).
- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).
- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).
- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).
- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).
- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).
- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).  

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:314-1
Released:    Wed Feb  2 15:01:42 2022
Summary:     Recommended update for trento-premium
Type:        recommended
Severity:    moderate
References:  
This update for trento-premium fixes the following issues:

Release 0.8.1 fixes these issues:


- web pod crashing when receiving unexpected data
- Recover and handle panics in projectors- Fix parse azure cloud data

Release 0.8.0 fixes these issues:

- Cloud provider name is missing from the host's Cloud Detail section 
- Allow --help as non-root for install-agent.sh 
- 'Select All' and 'Deselect All' are missing in Filters 'Health status...' 
- Cross reference the related variables between the helm charts 
- Add mTLS agent/server configuration to the installers and the helm chart 
- Run npx prettier formatting on e2e test files 
- Add new e2e tests for the checks catalog view 
- Add provider field in the cloud details section 
- Check results pruning command and cron job 
- Store runner check results in the database 
- Projected events are skipped if events are coming almost in parallel 
- Filters not visualized when they are set in the URI 
- Individual checks are not properly highlighted when selected in the cluster settings modal 
- DB address appears as `` in the demo environment 
- Health overview should give information about all the hosts 
- Premium badge in the checks catalog out of place 
- Obsolete database info in Hosts detail view after un\_registration 
- Duplicate database after unregistration and registration process 
- page 'Pacemaker Clusters' not reloaded automatically after tag removed 
- Fix tag removal when filtering 
- Fix health container numbers and pagination numbers 
- Set table filters properly when the page is reloaded in a new tab 
- Fix checkbox not shown as selected inside tables 
- Replace premium check position to description column 
- Fix error in prune checks chart declaration 
- Create the premium detecion service mocks properly 
- Telemetry context: `apiHost` is a confusing name 
- Add tests to the cmd line and env variables usage 


The following package changes have been done:

- libexpat1-2.2.5-3.9.1 updated
- trento-premium-0.8.1+git.dev69.1643724601.92fd00b-150300.3.5.1 updated
- python3-base-3.6.15-10.15.1 updated
- libpython3_6m1_0-3.6.15-10.15.1 updated
- python3-3.6.15-10.15.1 updated
- python3-rpm-4.14.3-43.1 updated
- ansible-core-2.11.6-150300.1.2 updated
- python3-PrettyTable-0.7.2-3.23 removed
- python3-ara-1.5.7-1.1 removed
- python3-cliff-3.1.0-7.4.6 removed
- python3-cmd2-0.8.9-7.4.3 removed
- python3-pbr-4.3.0-6.22 removed
- python3-pyperclip-1.6.0-1.17 removed
- python3-stevedore-1.32.0-7.4.4 removed
- python3-wcwidth-0.1.8-3.5.11 removed

SUSE: 2022:109-1 trento/trento-runner Security Update

February 3, 2022
The container trento/trento-runner was updated

Summary

Advisory ID: SUSE-OU-2021:4162-1 Released: Wed Dec 22 16:28:38 2021 Summary: Feature update for trento-premium Type: optional Severity: moderate Advisory ID: SUSE-RU-2022:48-1 Released: Tue Jan 11 09:17:57 2022 Summary: Recommended update for python3 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important Advisory ID: SUSE-RU-2022:314-1 Released: Wed Feb 2 15:01:42 2022 Summary: Recommended update for trento-premium Type: recommended Severity: moderate

References

References : 1180125 1190566 1190824 1192249 1193179 1193711 1194251 1194362

1194474 1194476 1194477 1194478 1194479 1194480 CVE-2021-45960

CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825

CVE-2022-22826 CVE-2022-22827

This update ships 'trento-premium' monitoring solution for SLES 4 SAP.

1190566,1192249,1193179

This update for python3 fixes the following issues:

- Don't use OpenSSL 1.1 on platforms which don't have it.

- Remove shebangs from python-base libraries in '_libdir'. (bsc#1193179, bsc#1192249).

- Build against 'openssl 1.1' as it is incompatible with 'openssl 3.0+' (bsc#1190566)

- Fix for permission error when changing the mtime of the source file in presence of 'SOURCE_DATE_EPOCH'.

1180125,1190824,1193711

This update for rpm fixes the following issues:

- Fix header check so that old rpms no longer get rejected (bsc#1190824)

- Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711)

1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827

This update for expat fixes the following issues:

- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).

- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).

- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).

- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).

- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).

- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).

- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).

- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).

This update for trento-premium fixes the following issues:

Release 0.8.1 fixes these issues:

- web pod crashing when receiving unexpected data

- Recover and handle panics in projectors- Fix parse azure cloud data

Release 0.8.0 fixes these issues:

- Cloud provider name is missing from the host's Cloud Detail section

- Allow --help as non-root for install-agent.sh

- 'Select All' and 'Deselect All' are missing in Filters 'Health status...'

- Cross reference the related variables between the helm charts

- Add mTLS agent/server configuration to the installers and the helm chart

- Run npx prettier formatting on e2e test files

- Add new e2e tests for the checks catalog view

- Add provider field in the cloud details section

- Check results pruning command and cron job

- Store runner check results in the database

- Projected events are skipped if events are coming almost in parallel

- Filters not visualized when they are set in the URI

- Individual checks are not properly highlighted when selected in the cluster settings modal

- DB address appears as `` in the demo environment

- Health overview should give information about all the hosts

- Premium badge in the checks catalog out of place

- Obsolete database info in Hosts detail view after un\_registration

- Duplicate database after unregistration and registration process

- page 'Pacemaker Clusters' not reloaded automatically after tag removed

- Fix tag removal when filtering

- Fix health container numbers and pagination numbers

- Set table filters properly when the page is reloaded in a new tab

- Fix checkbox not shown as selected inside tables

- Replace premium check position to description column

- Fix error in prune checks chart declaration

- Create the premium detecion service mocks properly

- Telemetry context: `apiHost` is a confusing name

- Add tests to the cmd line and env variables usage

The following package changes have been done:

- libexpat1-2.2.5-3.9.1 updated

- trento-premium-0.8.1+git.dev69.1643724601.92fd00b-150300.3.5.1 updated

- python3-base-3.6.15-10.15.1 updated

- libpython3_6m1_0-3.6.15-10.15.1 updated

- python3-3.6.15-10.15.1 updated

- python3-rpm-4.14.3-43.1 updated

- ansible-core-2.11.6-150300.1.2 updated

- python3-PrettyTable-0.7.2-3.23 removed

- python3-ara-1.5.7-1.1 removed

- python3-cliff-3.1.0-7.4.6 removed

- python3-cmd2-0.8.9-7.4.3 removed

- python3-pbr-4.3.0-6.22 removed

- python3-pyperclip-1.6.0-1.17 removed

- python3-stevedore-1.32.0-7.4.4 removed

- python3-wcwidth-0.1.8-3.5.11 removed

Severity
Container Advisory ID : SUSE-CU-2022:109-1
Container Tags : trento/trento-runner:0.8.1 , trento/trento-runner:0.8.1-rev1.1.0 , trento/trento-runner:0.8.1-rev1.1.0-build150300.3.2.2 , trento/trento-runner:latest
Container Release : 150300.3.2.2
Severity : important
Type : security

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved