SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:261-1
Container Tags        : suse/sle15:15.3 , suse/sle15:15.3.17.8.86
Container Release     : 17.8.86
Severity              : moderate
Type                  : security
References            : 1188348 1188507 1192954 1193632 1194976 CVE-2021-3995 CVE-2021-3996
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2626-1
Released:    Thu Aug  5 12:10:35 2021
Summary:     Recommended maintenance update for libeconf
Type:        recommended
Severity:    moderate
References:  1188348
This update for libeconf fixes the following issue:

- Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:727-1
Released:    Fri Mar  4 10:39:21 2022
Summary:     Security update for libeconf, shadow and util-linux
Type:        security
Severity:    moderate
References:  1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996
This security update for libeconf, shadow and util-linux fix the following issues:

libeconf:

- Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' 
  to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)

Issues fixed in libeconf:
- Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157)
- Fixed different issues while writing string values to file.
- Writing comments to file too.
- Fixed crash while merging values.
- Added econftool cat option (#146)
- new API call: econf_readDirsHistory (showing ALL locations)
- new API call: econf_getPath (absolute path of the configuration file)
- Man pages libeconf.3 and econftool.8.
- Handling multiline strings.
- Added libeconf_ext which returns more information like
  line_nr, comments, path of the configuration file,...
- Econftool, an command line interface for handling configuration
  files.
- Generating HTML API documentation with doxygen.
- Improving error handling and semantic file check.
- Joining entries with the same key to one single entry if
  env variable ECONF_JOIN_SAME_ENTRIES has been set.

shadow:

- The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to 
  read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)

util-linux:

- The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to 
  read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)
- Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507)
- Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507)
- CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) 
- CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976)


The following package changes have been done:

- libblkid1-2.36.2-150300.4.14.3 updated
- libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added
- libfdisk1-2.36.2-150300.4.14.3 updated
- libmount1-2.36.2-150300.4.14.3 updated
- libsmartcols1-2.36.2-150300.4.14.3 updated
- libuuid1-2.36.2-150300.4.14.3 updated
- login_defs-4.8.1-150300.4.3.8 updated
- shadow-4.8.1-150300.4.3.8 updated
- util-linux-2.36.2-150300.4.14.3 updated

SUSE: 2022:261-1 suse/sle15 Security Update

March 6, 2022
The container suse/sle15 was updated

Summary

Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate

References

References : 1188348 1188507 1192954 1193632 1194976 CVE-2021-3995 CVE-2021-3996

1188348

This update for libeconf fixes the following issue:

- Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348)

1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996

This security update for libeconf, shadow and util-linux fix the following issues:

libeconf:

- Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow'

to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)

Issues fixed in libeconf:

- Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157)

- Fixed different issues while writing string values to file.

- Writing comments to file too.

- Fixed crash while merging values.

- Added econftool cat option (#146)

- new API call: econf_readDirsHistory (showing ALL locations)

- new API call: econf_getPath (absolute path of the configuration file)

- Man pages libeconf.3 and econftool.8.

- Handling multiline strings.

- Added libeconf_ext which returns more information like

line_nr, comments, path of the configuration file,...

- Econftool, an command line interface for handling configuration

files.

- Generating HTML API documentation with doxygen.

- Improving error handling and semantic file check.

- Joining entries with the same key to one single entry if

env variable ECONF_JOIN_SAME_ENTRIES has been set.

shadow:

- The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to

read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)

util-linux:

- The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to

read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)

- Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507)

- Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507)

- CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976)

- CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976)

The following package changes have been done:

- libblkid1-2.36.2-150300.4.14.3 updated

- libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added

- libfdisk1-2.36.2-150300.4.14.3 updated

- libmount1-2.36.2-150300.4.14.3 updated

- libsmartcols1-2.36.2-150300.4.14.3 updated

- libuuid1-2.36.2-150300.4.14.3 updated

- login_defs-4.8.1-150300.4.3.8 updated

- shadow-4.8.1-150300.4.3.8 updated

- util-linux-2.36.2-150300.4.14.3 updated

Severity
Container Advisory ID : SUSE-CU-2022:261-1
Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.86
Container Release : 17.8.86
Severity : moderate
Type : security

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved