SUSE Container Update Advisory: trento/trento-runner
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:238-1
Container Tags        : trento/trento-runner:0.9.0 , trento/trento-runner:0.9.0-rev1.1.0 , trento/trento-runner:0.9.0-rev1.1.0-build3.2.14 , trento/trento-runner:latest
Container Release     : 3.2.14
Severity              : important
Type                  : security
References            : 1194968 1195054 1195217 CVE-2022-23852 CVE-2022-23990 
-----------------------------------------------------------------

The container trento/trento-runner was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:471-1
Released:    Thu Feb 17 09:58:37 2022
Summary:     Recommended update for trento-premium
Type:        recommended
Severity:    important
References:  
This update for trento-premium fixes the following issues:
  
- Releasing new sub-package 'trento-premium-installer'. (jsc#MSC-302)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:498-1
Released:    Fri Feb 18 10:46:56 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1195054,1195217,CVE-2022-23852,CVE-2022-23990
This update for expat fixes the following issues:

- CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054).
- CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:520-1
Released:    Fri Feb 18 12:45:19 2022
Summary:     Recommended update for rpm
Type:        recommended
Severity:    moderate
References:  1194968
This update for rpm fixes the following issues:

- Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:579-1
Released:    Mon Feb 28 11:12:24 2022
Summary:     Recommended update for trento-premium
Type:        recommended
Severity:    moderate
References:  
This update for trento-premium fixes the following issues:

Release 0.9.0

### Added

- Pin specific container image versions in the helm chart values 
- review values for SUSE infrastructure 
- Add health summary api endpoint 
- Homepage UI component 
- Embed cpu and memory usage dashboards in host detail 
- Sap system health computation 
- Attach system replication status badge on secondary node 
- Add remediation command to the corosync token timeouts checks 
- Add node exporter state in the frontend 
- Add prometheus grafana to helm chart 
- Prometheus HTTP service discovery API 
- Adds feedback collector 
- Add connection retry when starting Web and Runner 

### Fixed

- Web serve command not stopped correctly during database initializaion tries 
- Links in compressed sidebar don't work 
- CD process doesn't clean up old node module tgz files 
- Aligns Overview 
- Use context correctly during db initialization 
- Compute attached database health 
- Fix dump scenario script clean-up command 
- Push catalog info after the checks 
- Show all sbd devices 
- Do not make assumptions about the shape of the payload of checks catalog 
- Remove mention of Blue Horizon from landing page 
- Links in compressed sidebar are working again 

### Closed Issues

- Checks catalog empty 
- Settings button missing in Pacemaker Clusters details view 

### Other Changes

- Enable Grafana persistence 
- Fix health summary api 
- Fix grafana secret  
- Fix grafana embedding 
- Implement cluster heatlh computation projection 
- refresh zypper repo before installing node exporter 
- Add Grafana initialization 
- Run prometheus installation as root 
- Do not add bitnami charts repo from the installer if it's not needed 
- Fix dependabot auto-merge workflow 
- Change trento path in the Dockerfile 
- Allows Grafana dashboards to be embedded 
- Add hana cluster details e2e test 
- E2e test cluster overview 
- Switch to the SLE BCI images 


The following package changes have been done:

- libexpat1-2.2.5-3.12.1 updated
- trento-premium-0.9.0+git.dev74.1645798943.a1180f8-150300.3.10.1 updated
- python3-rpm-4.14.3-150300.46.1 updated

SUSE: 2022:238-1 trento/trento-runner Security Update

March 1, 2022
The container trento/trento-runner was updated

Summary

Advisory ID: SUSE-RU-2022:471-1 Released: Thu Feb 17 09:58:37 2022 Summary: Recommended update for trento-premium Type: recommended Severity: important Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:579-1 Released: Mon Feb 28 11:12:24 2022 Summary: Recommended update for trento-premium Type: recommended Severity: moderate

References

References : 1194968 1195054 1195217 CVE-2022-23852 CVE-2022-23990

This update for trento-premium fixes the following issues:

- Releasing new sub-package 'trento-premium-installer'. (jsc#MSC-302)

1195054,1195217,CVE-2022-23852,CVE-2022-23990

This update for expat fixes the following issues:

- CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054).

- CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217).

1194968

This update for rpm fixes the following issues:

- Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968)

This update for trento-premium fixes the following issues:

Release 0.9.0

### Added

- Pin specific container image versions in the helm chart values

- review values for SUSE infrastructure

- Add health summary api endpoint

- Homepage UI component

- Embed cpu and memory usage dashboards in host detail

- Sap system health computation

- Attach system replication status badge on secondary node

- Add remediation command to the corosync token timeouts checks

- Add node exporter state in the frontend

- Add prometheus grafana to helm chart

- Prometheus HTTP service discovery API

- Adds feedback collector

- Add connection retry when starting Web and Runner

### Fixed

- Web serve command not stopped correctly during database initializaion tries

- Links in compressed sidebar don't work

- CD process doesn't clean up old node module tgz files

- Aligns Overview

- Use context correctly during db initialization

- Compute attached database health

- Fix dump scenario script clean-up command

- Push catalog info after the checks

- Show all sbd devices

- Do not make assumptions about the shape of the payload of checks catalog

- Remove mention of Blue Horizon from landing page

- Links in compressed sidebar are working again

### Closed Issues

- Checks catalog empty

- Settings button missing in Pacemaker Clusters details view

### Other Changes

- Enable Grafana persistence

- Fix health summary api

- Fix grafana secret

- Fix grafana embedding

- Implement cluster heatlh computation projection

- refresh zypper repo before installing node exporter

- Add Grafana initialization

- Run prometheus installation as root

- Do not add bitnami charts repo from the installer if it's not needed

- Fix dependabot auto-merge workflow

- Change trento path in the Dockerfile

- Allows Grafana dashboards to be embedded

- Add hana cluster details e2e test

- E2e test cluster overview

- Switch to the SLE BCI images

The following package changes have been done:

- libexpat1-2.2.5-3.12.1 updated

- trento-premium-0.9.0+git.dev74.1645798943.a1180f8-150300.3.10.1 updated

- python3-rpm-4.14.3-150300.46.1 updated

Severity
Container Advisory ID : SUSE-CU-2022:238-1
Container Tags : trento/trento-runner:0.9.0 , trento/trento-runner:0.9.0-rev1.1.0 , trento/trento-runner:0.9.0-rev1.1.0-build3.2.14 , trento/trento-runner:latest
Container Release : 3.2.14
Severity : important
Type : security

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved