SUSE: 2022:2229-1 ses/7.1/rook/ceph Security Update
Summary
Advisory ID: SUSE-RU-2022:2628-1 Released: Tue Aug 2 12:21:23 2022 Summary: Recommended update for apparmor Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2649-1 Released: Wed Aug 3 15:06:21 2022 Summary: Security update for pcre2 Type: security Severity: important Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate Advisory ID: SUSE-SU-2022:2817-1 Released: Tue Aug 16 12:03:46 2022 Summary: Security update for ceph Type: security Severity: important Advisory ID: SUSE-SU-2022:2831-1 Released: Wed Aug 17 14:41:07 2022 Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins Type: security Severity: moderate Advisory ID: SUSE-RU-2022:2853-1 Released: Fri Aug 19 15:59:42 2022 Summary: Recommended update for sle-module-legacy-release Type: recommended Severity: low Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2908-1 Released: Fri Aug 26 11:36:03 2022 Summary: Security update for python-lxml Type: security Severity: important Advisory ID: SUSE-RU-2022:2921-1 Released: Fri Aug 26 15:17:43 2022 Summary: Recommended update for systemd Type: recommended Severity: important Advisory ID: SUSE-feature-2022:2926-1 Released: Mon Aug 29 10:38:52 2022 Summary: Feature update for LibreOffice Type: feature Severity: moderate Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important Advisory ID: SUSE-RU-2022:2943-1 Released: Tue Aug 30 15:42:16 2022 Summary: Recommended update for python-iniconfig Type: recommended Severity: low Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important Advisory ID: SUSE-feature-2022:2972-1 Released: Thu Sep 1 11:08:16 2022 Summary: Feature update for python-kubernetes Type: feature Severity: moderate Advisory ID: SUSE-RU-2022:2982-1 Released: Thu Sep 1 12:33:47 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3004-1 Released: Fri Sep 2 15:02:14 2022 Summary: Security update for curl Type: security Severity: low Advisory ID: SUSE-RU-2022:3028-1 Released: Mon Sep 5 16:31:24 2022 Summary: Recommended update for python-pytz Type: recommended Severity: low Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3142-1 Released: Wed Sep 7 09:54:18 2022 Summary: Security update for icu Type: security Severity: moderate Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate
References
References : 1041090 1047178 1164384 1181475 1183308 1192616 1193951 1194131
1194875 1195059 1195359 1195463 1195881 1195916 1196017 1196044
1196212 1196499 1196696 1196733 1196785 1196850 1197017 1197178
1198341 1198627 1198731 1198752 1198925 1199140 1199235 1199524
1199895 1200064 1200485 1200553 1200800 1200842 1200993 1201092
1201253 1201576 1201638 1202175 1202310 1202498 1202498 1202593
CVE-2017-6512 CVE-2019-20454 CVE-2020-21913 CVE-2020-29651 CVE-2021-3979
CVE-2022-1587 CVE-2022-1706 CVE-2022-2309 CVE-2022-29458 CVE-2022-35252
CVE-2022-37434
1195463,1196850
This update for apparmor fixes the following issues:
- Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850)
- Add new rule to allow reading of openssl.cnf (bsc#1195463)
1164384,1199235,CVE-2019-20454,CVE-2022-1587
This update for pcre2 fixes the following issues:
- CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384).
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).
1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
1194131,1194875,1195359,1196044,1196733,1196785,1200064,1200553,CVE-2021-3979
This update for ceph fixes the following issues:
- Update to 16.2.9-536-g41a9f9a5573:
+ (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR
+ (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979)
- Update to 16.2.9-158-gd93952c7eea:
+ cmake: check for python(\d)\.(\d+) when building boost
+ make-dist: patch boost source to support python 3.10
- Update to ceph-16.2.9-58-ge2e5cb80063:
+ (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths
- Update to 16.2.9.50-g7d9f12156fb:
+ (jsc#SES-2515) High-availability NFS export
+ (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname
+ (bsc#1196785) cephadm: avoid crashing on expected non-zero exit
- Update to 16.2.7-969-g6195a460d89
+ (jsc#SES-2515) High-availability NFS export
- Update to v16.2.7-654-gd5a90ff46f0
+ (bsc#1196733) remove build directory during %clean
- Update to v16.2.7-652-gf5dc462fdb5
+ (bsc#1194875) [SES7P] include/buffer: include memory
1195916,1196696,CVE-2020-29651
This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues:
- Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972)
- Remove redundant python3 dependency from Requires
- Update regular expression to fix python shebang
- Style is enforced upstream and triggers unnecessary build version requirements
- Allow specifying fs_id in cloudwatch log group name
- Includes fix for stunnel path
- Added hardening to systemd service(s).
- Raise minimal pytest version
- Fix typo in the ansi2html Requires
- Cleanup with spec-cleaner
- Make sure the tests are really executed
- Remove useless devel dependency
- Multiprocessing support in Python 3.8 was broken, but is now fixed
- Bumpy the URL to point to github rather than to docs
1202498
This update for python-iniconfig provides the following fix:
- Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498)
1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
1201253,CVE-2022-2309
This update for python-lxml fixes the following issues:
- CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253).
1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
1041090,1183308,1192616,1195881,1196017,1196212,1196499,1197017
This feature update for LibreOffice provides the following fixes:
abseil-cpp:
- Provide abseil-cpp version 20211102.0 as LibreOffice 7.3 dependency. (jsc#SLE-23447)
- Mention already fixed issues. (fate#326485, bsc#1041090)
libcuckoo:
- Provide libcuckoo version 0.3 as LibreOffice dependency. (jsc#SLE-23447)
libixion:
- Update libixion from version 0.16.1 to version 0.17.0. (jsc#SLE-23447)
- Build with mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
- Build with gcc11 and gcc11-c++. (jsc#SLE-23447)
- Remove unneeded vulkan dependency
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
libreoffice:
- Update LibreOffice from version 7.2.5.1 to version 7.3.3.1. (jsc#SLE-23447, jsc#SLE-24021)
* Update bundled dependencies:
* gpgme from version 1.13.1 to version 1.16.0
* libgpg-error from version 1.37 to version 1.43
* libassuan from version 2.5.3 to version 2.5.5
* pdfium from version 4500 to version 4699
* skia from version m90-45c57e116ee0ce214bdf78405a4762722e4507d9 to version m97-a7230803d64ae9d44f4e1282444801119a3ae967
* boost from version 1_75 to version 1_77
* icu4c from version 69_1 to version 70_1
* On SUSE Linux Enterprise 15 SP3 and newer require curl-devel 7.68.0 or newer
* New build dependencies:
* abseil-cpp-devel
* libassuan0
* libcuckoo-devel
* libopenjp2
* requrire liborcus-0.17 instead of liborcus-0.16
* requrire mdds-2.0 instead of mdds-1.5
* Do not use serf-1 anymore but use curl instead.
* Other fixes:
* Extraneous/missing lines in table in Impress versus PowerPoint (bsc#1192616)
* Text with tabs appears quite different in Impress than in PowerPoint (bsc#1196212)
* Bullets appear larger and green instead of black. (bsc#1195881)
* Enable gtk3_kde5 and make it possible to use gtk3 in kde with the kde filepicker (bsc#1197017)
* Mention already fixed issues. (bsc#1183308, bsc#1196017, bsc#1196499)
liborcus:
- Update liborcus from version 0.16.1 to version 0.17.2. (jsc#SLE-23447)
- Require mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
- Require libixion-0.17 instead of libixion-0.16. (jsc#SLE-23447)
- Build with libtool and use autotools. (jsc#SLE-23447)
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
mdds-2_0:
- Provide mdds-2_0 version 2.0.2 as LibreOffice dependency. (jsc#SLE-23447)
myspell-dictionaries:
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
ucpp:
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
xmlsec1:
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
1202498
This update for python-iniconfig provides the following fix:
- Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)
1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
This feature update for python-kubernetes provides:
- Deliver python3-kubernetes to the Containers Module 15 SP4. (jsc#SLE-17904, MSC-443)
* Deliver python3-google-auth to Basesystem Module 15 SP4 as dependency of python3-kubernetes.
* Deliver python3-cachetools to Basesystem Module 15 SP4 as dependency of python3-google-auth.
- There are no visible changes for the final user.
1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
This update for python-pytz fixes the following issues:
- update to 2022.1:
matches tzdata 2022a
- declare python 3.10 compatibility
1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
1193951,CVE-2020-21913
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
after free (bsc#1193951).
This update for rpm fixes the following issues:
- Support Ed25519 RPM signatures [jsc#SLE-24714]
1199895,1200993,1201092,1201576,1201638
This update for libzypp, zypper fixes the following issues:
libzypp:
- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test
the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.
zypper:
- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
- Reject install/remove modifier without argument (bsc#1201576)
- zypper-download: Handle unresolvable arguments as errors- Put signing key supplying repository name in quotes
1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- ceph-base-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-grafana-dashboards-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mds-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-cephadm-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-dashboard-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-modules-core-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-rook-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mon-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-osd-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-prometheus-alerts-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-radosgw-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- cephadm-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libapparmor1-2.13.6-150300.3.15.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcephfs2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libcephsqlite-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libicu-suse65_1-65.1-150200.4.5.1 updated
- libicu65_1-ledata-65.1-150200.4.5.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libpcre2-8-0-10.31-150000.3.12.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- librados2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- librbd1-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- librgw2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxmlsec1-1-1.2.28-150100.7.11.1 updated
- libxmlsec1-openssl1-1.2.28-150100.7.11.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.31.0-150200.42.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- procps-3.3.15-150000.7.25.1 updated
- python3-apipkg-1.4-150000.3.2.1 updated
- python3-cachetools-4.1.0-150200.3.4.1 updated
- python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-cephfs-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-google-auth-1.21.2-150300.3.6.1 updated
- python3-iniconfig-1.1.1-150000.1.7.1 added
- python3-kubernetes-8.0.1-150100.3.7.1 updated
- python3-lxml-4.7.1-150200.3.10.1 updated
- python3-pytz-2022.1-150300.3.6.1 updated
- python3-py-1.10.0-150000.5.9.2 updated
- python3-rados-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-rbd-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-rgw-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- rbd-mirror-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- rpm-ndb-4.14.3-150300.49.1 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- systemd-246.16-150300.7.51.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 updated
- udev-246.16-150300.7.51.1 updated
- util-linux-systemd-2.36.2-150300.4.23.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- zypper-1.14.55-150200.36.1 updated
- container:sles15-image-15.0.0-17.20.36 updated
