SUSE: 2022:26-1 bci/init Security Update

Advisories

SUSE Container Update Advisory: bci/init
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:26-1
Container Tags        : bci/init:15.3 , bci/init:15.3.4.30 , bci/init:latest
Container Release     : 4.30
Severity              : important
Type                  : security
References            : 1161276 1174504 1183905 1187196 1190401 1191532 1191592 1191690
                        1192423 1192688 1192717 1192858 1193181 1193430 1193480 1193759
                        CVE-2021-43618 
-----------------------------------------------------------------

The container bci/init was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3946-1
Released:    Mon Dec  6 14:57:42 2021
Summary:     Security update for gmp
Type:        security
Severity:    moderate
References:  1192717,CVE-2021-43618
This update for gmp fixes the following issues:
    
- CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3963-1
Released:    Mon Dec  6 19:57:39 2021
Summary:     Recommended update for system-users
Type:        recommended
Severity:    moderate
References:  1190401
This update for system-users fixes the following issues:

- system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3980-1
Released:    Thu Dec  9 16:42:19 2021
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1191592

glibc was updated to fix the following issue:

- Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3985-1
Released:    Fri Dec 10 06:08:24 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    moderate
References:  1187196
This update for suse-module-tools fixes the following issues:

-  Blacklist isst_if_mbox_msr driver because uses hardware information based on 
   CPU family and model, which is too unspecific. On large systems, this causes a lot of 
   failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4014-1
Released:    Mon Dec 13 13:57:39 2021
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1191532,1191690
This update for apparmor fixes the following issues:

Changes in apparmor:

- Add a profile for 'samba-bgqd'. (bsc#1191532)
- Fix 'Requires' of python3 module. (bsc#1191690)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4145-1
Released:    Wed Dec 22 05:27:48 2021
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1161276
This update for openssl-1_1 fixes the following issues:

- Remove previously applied patch because it interferes with FIPS validation (bsc#1161276)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4165-1
Released:    Wed Dec 22 22:52:11 2021
Summary:     Recommended update for kmod
Type:        recommended
Severity:    moderate
References:  1193430
This update for kmod fixes the following issues:

- Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4175-1
Released:    Thu Dec 23 11:22:33 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1192423,1192858,1193759
This update for systemd fixes the following issues:

- Bump the max number of inodes for /dev to a million (bsc#1192858)
- sleep: don't skip resume device with low priority/available space (bsc#1192423)
- test: use kbd-mode-map we ship in one more test case
- test-keymap-util: always use kbd-model-map we ship
- Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4182-1
Released:    Thu Dec 23 11:51:51 2021
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1192688
This update for zlib fixes the following issues:

- Fix hardware compression incorrect result on z15 hardware (bsc#1192688)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4192-1
Released:    Tue Dec 28 10:39:50 2021
Summary:     Security update for permissions
Type:        security
Severity:    moderate
References:  1174504
This update for permissions fixes the following issues:

- Update to version 20181225:
  * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2-1
Released:    Mon Jan  3 08:27:18 2022
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1183905,1193181
This update for lvm2 fixes the following issues:

- Fix lvconvert not taking `--stripes` option (bsc#1183905)
- Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4-1
Released:    Mon Jan  3 08:28:54 2022
Summary:     Recommended update for libgcrypt
Type:        recommended
Severity:    moderate
References:  1193480
This update for libgcrypt fixes the following issues:

- Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480)


The following package changes have been done:

- glibc-2.31-9.6.1 updated
- kmod-29-4.15.1 updated
- libapparmor1-2.13.6-3.8.1 updated
- libdevmapper1_03-1.02.163-8.39.1 updated
- libgcrypt20-hmac-1.8.2-8.42.1 updated
- libgcrypt20-1.8.2-8.42.1 updated
- libgmp10-6.1.2-4.9.1 updated
- libkmod2-29-4.15.1 updated
- libopenssl1_1-hmac-1.1.1d-11.33.2 updated
- libopenssl1_1-1.1.1d-11.33.2 updated
- libsystemd0-246.16-7.28.1 updated
- libudev1-246.16-7.28.1 updated
- libz1-1.2.11-3.24.1 updated
- permissions-20181225-23.9.1 updated
- suse-module-tools-15.3.15-3.17.1 updated
- system-group-hardware-20170617-17.3.1 updated
- system-group-kvm-20170617-17.3.1 updated
- systemd-246.16-7.28.1 updated
- udev-246.16-7.28.1 updated
- container:sles15-image-15.0.0-17.8.55 updated

SUSE: 2022:26-1 bci/init Security Update

January 6, 2022
The container bci/init was updated

Summary

Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3985-1 Released: Fri Dec 10 06:08:24 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:4014-1 Released: Mon Dec 13 13:57:39 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:4165-1 Released: Wed Dec 22 22:52:11 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate Advisory ID: SUSE-RU-2022:2-1 Released: Mon Jan 3 08:27:18 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate

References

References : 1161276 1174504 1183905 1187196 1190401 1191532 1191592 1191690

1192423 1192688 1192717 1192858 1193181 1193430 1193480 1193759

CVE-2021-43618

1192717,CVE-2021-43618

This update for gmp fixes the following issues:

- CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).

1190401

This update for system-users fixes the following issues:

- system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401)

1191592

glibc was updated to fix the following issue:

- Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869)

1187196

This update for suse-module-tools fixes the following issues:

- Blacklist isst_if_mbox_msr driver because uses hardware information based on

CPU family and model, which is too unspecific. On large systems, this causes a lot of

failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196)

1191532,1191690

This update for apparmor fixes the following issues:

Changes in apparmor:

- Add a profile for 'samba-bgqd'. (bsc#1191532)

- Fix 'Requires' of python3 module. (bsc#1191690)

1161276

This update for openssl-1_1 fixes the following issues:

- Remove previously applied patch because it interferes with FIPS validation (bsc#1161276)

1193430

This update for kmod fixes the following issues:

- Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430)

1192423,1192858,1193759

This update for systemd fixes the following issues:

- Bump the max number of inodes for /dev to a million (bsc#1192858)

- sleep: don't skip resume device with low priority/available space (bsc#1192423)

- test: use kbd-mode-map we ship in one more test case

- test-keymap-util: always use kbd-model-map we ship

- Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759)

1192688

This update for zlib fixes the following issues:

- Fix hardware compression incorrect result on z15 hardware (bsc#1192688)

1174504

This update for permissions fixes the following issues:

- Update to version 20181225:

* drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)

1183905,1193181

This update for lvm2 fixes the following issues:

- Fix lvconvert not taking `--stripes` option (bsc#1183905)

- Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181)

1193480

This update for libgcrypt fixes the following issues:

- Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480)

The following package changes have been done:

- glibc-2.31-9.6.1 updated

- kmod-29-4.15.1 updated

- libapparmor1-2.13.6-3.8.1 updated

- libdevmapper1_03-1.02.163-8.39.1 updated

- libgcrypt20-hmac-1.8.2-8.42.1 updated

- libgcrypt20-1.8.2-8.42.1 updated

- libgmp10-6.1.2-4.9.1 updated

- libkmod2-29-4.15.1 updated

- libopenssl1_1-hmac-1.1.1d-11.33.2 updated

- libopenssl1_1-1.1.1d-11.33.2 updated

- libsystemd0-246.16-7.28.1 updated

- libudev1-246.16-7.28.1 updated

- libz1-1.2.11-3.24.1 updated

- permissions-20181225-23.9.1 updated

- suse-module-tools-15.3.15-3.17.1 updated

- system-group-hardware-20170617-17.3.1 updated

- system-group-kvm-20170617-17.3.1 updated

- systemd-246.16-7.28.1 updated

- udev-246.16-7.28.1 updated

- container:sles15-image-15.0.0-17.8.55 updated

Severity
Container Advisory ID : SUSE-CU-2022:26-1
Container Tags : bci/init:15.3 , bci/init:15.3.4.30 , bci/init:latest
Container Release : 4.30
Severity : important
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.