SUSE: 2022:240-1 trento/trento-web Security Update
Summary
Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:471-1 Released: Thu Feb 17 09:58:37 2022 Summary: Recommended update for trento-premium Type: recommended Severity: important Advisory ID: SUSE-RU-2022:579-1 Released: Mon Feb 28 11:12:24 2022 Summary: Recommended update for trento-premium Type: recommended Severity: moderate
References
References : 1120610 1130496 1181131 1184124 CVE-2018-20482 CVE-2019-9923
CVE-2021-20193
1120610,1130496,CVE-2018-20482,CVE-2019-9923
This update for tar fixes the following issues:
Security issues fixed:
- CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496).
- CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610).
1181131,CVE-2021-20193
This update for tar fixes the following issues:
CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131)
1184124
This update for tar fixes the following issues:
- Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124)
This update for trento-premium fixes the following issues:
- Releasing new sub-package 'trento-premium-installer'. (jsc#MSC-302)
This update for trento-premium fixes the following issues:
Release 0.9.0
### Added
- Pin specific container image versions in the helm chart values
- review values for SUSE infrastructure
- Add health summary api endpoint
- Homepage UI component
- Embed cpu and memory usage dashboards in host detail
- Sap system health computation
- Attach system replication status badge on secondary node
- Add remediation command to the corosync token timeouts checks
- Add node exporter state in the frontend
- Add prometheus grafana to helm chart
- Prometheus HTTP service discovery API
- Adds feedback collector
- Add connection retry when starting Web and Runner
### Fixed
- Web serve command not stopped correctly during database initializaion tries
- Links in compressed sidebar don't work
- CD process doesn't clean up old node module tgz files
- Aligns Overview
- Use context correctly during db initialization
- Compute attached database health
- Fix dump scenario script clean-up command
- Push catalog info after the checks
- Show all sbd devices
- Do not make assumptions about the shape of the payload of checks catalog
- Remove mention of Blue Horizon from landing page
- Links in compressed sidebar are working again
### Closed Issues
- Checks catalog empty
- Settings button missing in Pacemaker Clusters details view
### Other Changes
- Enable Grafana persistence
- Fix health summary api
- Fix grafana secret
- Fix grafana embedding
- Implement cluster heatlh computation projection
- refresh zypper repo before installing node exporter
- Add Grafana initialization
- Run prometheus installation as root
- Do not add bitnami charts repo from the installer if it's not needed
- Fix dependabot auto-merge workflow
- Change trento path in the Dockerfile
- Allows Grafana dashboards to be embedded
- Add hana cluster details e2e test
- E2e test cluster overview
- Switch to the SLE BCI images
The following package changes have been done:
- tar-1.30-3.9.1 added
- trento-premium-0.9.0+git.dev74.1645798943.a1180f8-150300.3.10.1 updated