SUSE: 2022:35-1 suse/sles/15.3/virt-handler Security Update | Linux...

Advisories

SUSE Container Update Advisory: suse/sles/15.3/virt-handler
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:35-1
Container Tags        : suse/sles/15.3/virt-handler:0.45.0 , suse/sles/15.3/virt-handler:0.45.0-8.7.1 , suse/sles/15.3/virt-handler:0.45.0.8.10.1
Container Release     : 8.10.1
Severity              : important
Type                  : security
References            : 1134353 1160242 1177902 1178236 1180125 1183247 1183374 1183858
                        1183905 1184994 1185588 1186071 1186398 1187196 1187668 1188291
                        1188588 1188713 1188921 1189176 1189234 1189241 1189287 1189441
                        1189446 1189480 1189537 1189702 1189841 1189938 1190190 1190401
                        1190420 1190425 1190440 1190493 1190587 1190598 1190622 1190693
                        1190695 1190839 1190917 1190984 1191019 1191200 1191242 1191260
                        1191480 1191532 1191668 1191690 1191690 1191804 1191804 1191922
                        1192017 1192104 1192161 1192423 1192858 1193181 1193430 1193623
                        1193719 1193759 1193930 1193981 1194041 CVE-2021-3426 CVE-2021-3713
                        CVE-2021-3733 CVE-2021-3737 CVE-2021-3748 CVE-2021-37600 CVE-2021-4147
                        CVE-2021-43565 
-----------------------------------------------------------------

The container suse/sles/15.3/virt-handler was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3203-1
Released:    Thu Sep 23 14:41:35 2021
Summary:     Recommended update for kmod
Type:        recommended
Severity:    moderate
References:  1189537,1190190
This update for kmod fixes the following issues:

- Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190).
- Enable support for ZSTD compressed modules    
- Display module information even for modules built into the running kernel (bsc#1189537)
- '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well.
- Remove test patches included in release 29

- Update to release 29
  * Fix `modinfo -F` not working for built-in modules and certain fields.
  * Fix a memory leak, overflow and double free on error path.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3241-1
Released:    Tue Sep 28 00:24:49 2021
Summary:     Recommended update for multipath-tools
Type:        recommended
Severity:    important
References:  1189176,1190622
This update for multipath-tools provides the following fixes:

- Update to version 0.8.5+82+suse.746b76e:
  * libmultipath: avoid buffer size warning with systemd 240+. (bsc#1189176)
- Add a versioned dependency of multipath-tools on libmpath0. (bsc#1190622)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3306-1
Released:    Wed Oct  6 18:11:57 2021
Summary:     Recommended update for numactl
Type:        recommended
Severity:    moderate
References:  
This update for numactl fixes the following issues:
    
- Fix System call numbers on s390x.
- Debug verify for --preferred option.
- Description for the usage of numactl.
- Varios memleacks on source files: sysfs.c, shm.c and numactl.c
- Description for numa_node_size64 and definition for numa_node_size in manpage.
- link with -latomic when needed.
- Clear race conditions on numa_police_memory().
- numademo: Use first two nodes instead of node 0 and 1
- Enhance _service settings
- Enable automake

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3310-1
Released:    Wed Oct  6 18:12:41 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1134353,1184994,1188291,1188588,1188713,1189446,1189480
This update for systemd fixes the following issues:

- Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353).
- Multipath: Rules weren't applied to dm devices (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994).
- Remove kernel unsupported single-queue block I/O.
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when updating active udev on sockets restart (bsc#1188291).

- Merge of v246.16, for a complete list of changes, visit:
   https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d

- Drop 1007-tmpfiles-follow-SUSE-policies.patch:
   Since most of the tmpfiles config files shipped by upstream are
   ignored (see previous commit 'Drop most of the tmpfiles that deal
   with generic paths'), this patch is no more relevant.

Additional fixes:
- core: make sure cgroup_oom_queue is flushed on manager exit.
- cgroup: do 'catchup' for unit cgroup inotify watch files.
- journalctl: never fail at flushing when the flushed flag is set (bsc#1188588).
- manager: reexecute on SIGRTMIN+25, user instances only.
- manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446).
- pid1: watchdog modernizations.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3410-1
Released:    Wed Oct 13 10:41:36 2021
Summary:     Recommended update for xkeyboard-config
Type:        recommended
Severity:    moderate
References:  1191242
This update for xkeyboard-config fixes the following issue:

- Wrong keyboard mapping causing input delays with ABNT2 keyboards. (bsc#1191242)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3411-1
Released:    Wed Oct 13 10:42:25 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1191019
This update for lvm2 fixes the following issues:

- Do not crash vgextend when extending VG with missing PV. (bsc#1191019)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3413-1
Released:    Wed Oct 13 10:50:45 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1189441,1189841,1190598
This update for suse-module-tools fixes the following issues:

- Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598)
- Fixed an issue where initrd was not always rebuilding after installing
  any kernel-*-extra package (bsc#1189441)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3474-1
Released:    Wed Oct 20 08:41:31 2021
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3509-1
Released:    Tue Oct 26 09:47:40 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1191200,1191260,1191480,1191804,1191922
This update for suse-module-tools fixes the following issues:

Update to version 15.3.13:

- Fix bad exit status in openQA. (bsc#1191922)
- Ignore kernel keyring for kernel certificates. (bsc#1191480)
- Deal with existing certificates that should be de-enrolled. (bsc#1191804)
- Don't pass existing files to weak-modules2. (bsc#1191200)
- Skip certificate scriptlet on non-UEFI systems. (bsc#1191260)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3538-1
Released:    Wed Oct 27 10:40:32 2021
Summary:     Recommended update for iproute2
Type:        recommended
Severity:    moderate
References:  1160242
This update for iproute2 fixes the following issues:

- Follow-up fixes backported from upstream. (bsc#1160242)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3589-1
Released:    Mon Nov  1 19:27:52 2021
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1191690
This update for apparmor fixes the following issues:

- Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3605-1
Released:    Wed Nov  3 14:59:32 2021
Summary:     Security update for qemu
Type:        security
Severity:    important
References:  1189234,1189702,1189938,1190425,CVE-2021-3713,CVE-2021-3748
This update for qemu fixes the following issues:

Security issues fixed:

- CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702)
- CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938)

Non-security issues fixed:

- Add transfer length item in block limits page of scsi vpd (bsc#1190425)
- Fix qemu crash while deleting xen-block (bsc#1189234)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3619-1
Released:    Fri Nov  5 12:29:52 2021
Summary:     Security update for libvirt
Type:        security
Severity:    moderate
References:  1177902,1183247,1186398,1190420,1190493,1190693,1190695,1190917
This update for libvirt fixes the following issues:

- lxc: controller: Fix container launch on cgroup v1. (bsc#1183247)
- supportconfig: Use systemctl command 'is-active' instead of 'is-enabled' when checking if libvirtd is active.
- qemu: Do not report error in the logs when processing monitor IO. (bsc#1190917)
- spec: Fix an issue when package update hangs (bsc#1177902, bsc#1190693)
- spec: Don't add '--timeout' argument to '/etc/sysconfig/libvirtd' when running in traditional mode without socket activation. (bsc#1190695)
- libxl: Improve reporting of 'die_id' in capabilities. (bsc#1190493)
- libxl: Fix driver reload. (bsc#1190420)
- qemu: Set label on virtual host network device when hotplugging. (bsc#1186398)
- supportconfig: When checking for installed hypervisor drivers,
  use the libvirtr-daemon-driver- package instead of
  libvirt-daemon-. The latter are not required packages
  for a functioning hypervisor driver.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3663-1
Released:    Mon Nov 15 19:14:32 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    moderate
References:  1191804
This update for suse-module-tools fixes the following issues:

- Update to version 15.3.14:
  * more fixes for updates under secure boot
  * cert-script: Deal with existing $cert.delete file (bsc#1191804).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3792-1
Released:    Wed Nov 24 06:12:09 2021
Summary:     Recommended update for kmod
Type:        recommended
Severity:    moderate
References:  1192104
This update for kmod fixes the following issues:

- Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3808-1
Released:    Fri Nov 26 00:30:54 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1186071,1190440,1190984,1192161
This update for systemd fixes the following issues:

- Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798)
- Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984)
- Support detection for ARM64 Hyper-V guests (bsc#1186071)
- Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440)
- Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694)
- Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3963-1
Released:    Mon Dec  6 19:57:39 2021
Summary:     Recommended update for system-users
Type:        recommended
Severity:    moderate
References:  1190401
This update for system-users fixes the following issues:

- system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3985-1
Released:    Fri Dec 10 06:08:24 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    moderate
References:  1187196
This update for suse-module-tools fixes the following issues:

-  Blacklist isst_if_mbox_msr driver because uses hardware information based on 
   CPU family and model, which is too unspecific. On large systems, this causes a lot of 
   failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4014-1
Released:    Mon Dec 13 13:57:39 2021
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1191532,1191690
This update for apparmor fixes the following issues:

Changes in apparmor:

- Add a profile for 'samba-bgqd'. (bsc#1191532)
- Fix 'Requires' of python3 module. (bsc#1191690)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4104-1
Released:    Thu Dec 16 11:14:12 2021
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737
This update for python3 fixes the following issues:

- CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374).
- CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241).
- CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287).

- We do not require python-rpm-macros package (bsc#1180125).
- Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858).
- Stop providing 'python' symbol, which means python2 currently (bsc#1185588).
- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4165-1
Released:    Wed Dec 22 22:52:11 2021
Summary:     Recommended update for kmod
Type:        recommended
Severity:    moderate
References:  1193430
This update for kmod fixes the following issues:

- Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4175-1
Released:    Thu Dec 23 11:22:33 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1192423,1192858,1193759
This update for systemd fixes the following issues:

- Bump the max number of inodes for /dev to a million (bsc#1192858)
- sleep: don't skip resume device with low priority/available space (bsc#1192423)
- test: use kbd-mode-map we ship in one more test case
- test-keymap-util: always use kbd-model-map we ship
- Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2-1
Released:    Mon Jan  3 08:27:18 2022
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1183905,1193181
This update for lvm2 fixes the following issues:

- Fix lvconvert not taking `--stripes` option (bsc#1183905)
- Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:21-1
Released:    Tue Jan  4 16:06:08 2022
Summary:     Security update for libvirt
Type:        security
Severity:    important
References:  1191668,1192017,1193623,1193719,1193981,1194041,CVE-2021-4147
This update for libvirt fixes the following issues:

- CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:40-1
Released:    Mon Jan 10 10:45:12 2022
Summary:     Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container
Type:        security
Severity:    important
References:  1190587,1190839,1193930,CVE-2021-43565
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues:

- CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. (bsc#1193930)


The following package changes have been done:

- kubevirt-container-disk-0.45.0-8.7.1 updated
- kubevirt-virt-handler-0.45.0-8.7.1 updated
- libapparmor1-2.13.6-3.8.1 updated
- libdevmapper1_03-1.02.163-8.39.1 updated
- libkmod2-29-4.15.1 updated
- libnuma1-2.0.14.20.g4ee5e0c-10.1 updated
- system-group-kvm-20170617-17.3.1 updated
- suse-module-tools-15.3.15-3.17.1 updated
- libpython3_6m1_0-3.6.15-10.9.1 updated
- libmpath0-0.8.5+82+suse.746b76e-2.7.1 updated
- iproute2-5.3-5.5.1 updated
- xkeyboard-config-2.23.1-3.9.1 updated
- system-user-qemu-20170617-17.3.1 updated
- kmod-29-4.15.1 updated
- python3-base-3.6.15-10.9.1 updated
- systemd-246.16-7.28.1 updated
- udev-246.16-7.28.1 updated
- qemu-tools-5.2.0-106.4 updated
- util-linux-systemd-2.36.2-4.5.1 updated
- libvirt-libs-7.1.0-6.11.1 updated
- libvirt-client-7.1.0-6.11.1 updated
- python-rpm-macros-20200207.5feb6c1-3.11.1 removed

SUSE: 2022:35-1 suse/sles/15.3/virt-handler Security Update

January 10, 2022
The container suse/sles/15.3/virt-handler was updated

Summary

Advisory ID: SUSE-RU-2021:3203-1 Released: Thu Sep 23 14:41:35 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3241-1 Released: Tue Sep 28 00:24:49 2021 Summary: Recommended update for multipath-tools Type: recommended Severity: important Advisory ID: SUSE-RU-2021:3306-1 Released: Wed Oct 6 18:11:57 2021 Summary: Recommended update for numactl Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3310-1 Released: Wed Oct 6 18:12:41 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3410-1 Released: Wed Oct 13 10:41:36 2021 Summary: Recommended update for xkeyboard-config Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3411-1 Released: Wed Oct 13 10:42:25 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3413-1 Released: Wed Oct 13 10:50:45 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important Advisory ID: SUSE-SU-2021:3474-1 Released: Wed Oct 20 08:41:31 2021 Summary: Security update for util-linux Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3509-1 Released: Tue Oct 26 09:47:40 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important Advisory ID: SUSE-RU-2021:3538-1 Released: Wed Oct 27 10:40:32 2021 Summary: Recommended update for iproute2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3589-1 Released: Mon Nov 1 19:27:52 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:3605-1 Released: Wed Nov 3 14:59:32 2021 Summary: Security update for qemu Type: security Severity: important Advisory ID: SUSE-SU-2021:3619-1 Released: Fri Nov 5 12:29:52 2021 Summary: Security update for libvirt Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3663-1 Released: Mon Nov 15 19:14:32 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3792-1 Released: Wed Nov 24 06:12:09 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3985-1 Released: Fri Dec 10 06:08:24 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:4014-1 Released: Mon Dec 13 13:57:39 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:4104-1 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Type: security Severity: moderate Advisory ID: SUSE-RU-2021:4165-1 Released: Wed Dec 22 22:52:11 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important Advisory ID: SUSE-RU-2022:2-1 Released: Mon Jan 3 08:27:18 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:21-1 Released: Tue Jan 4 16:06:08 2022 Summary: Security update for libvirt Type: security Severity: important Advisory ID: SUSE-SU-2022:40-1 Released: Mon Jan 10 10:45:12 2022 Summary: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container Type: security Severity: important

References

References : 1134353 1160242 1177902 1178236 1180125 1183247 1183374 1183858

1183905 1184994 1185588 1186071 1186398 1187196 1187668 1188291

1188588 1188713 1188921 1189176 1189234 1189241 1189287 1189441

1189446 1189480 1189537 1189702 1189841 1189938 1190190 1190401

1190420 1190425 1190440 1190493 1190587 1190598 1190622 1190693

1190695 1190839 1190917 1190984 1191019 1191200 1191242 1191260

1191480 1191532 1191668 1191690 1191690 1191804 1191804 1191922

1192017 1192104 1192161 1192423 1192858 1193181 1193430 1193623

1193719 1193759 1193930 1193981 1194041 CVE-2021-3426 CVE-2021-3713

CVE-2021-3733 CVE-2021-3737 CVE-2021-3748 CVE-2021-37600 CVE-2021-4147

CVE-2021-43565

1189537,1190190

This update for kmod fixes the following issues:

- Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190).

- Enable support for ZSTD compressed modules

- Display module information even for modules built into the running kernel (bsc#1189537)

- '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well.

- Remove test patches included in release 29

- Update to release 29

* Fix `modinfo -F` not working for built-in modules and certain fields.

* Fix a memory leak, overflow and double free on error path.

1189176,1190622

This update for multipath-tools provides the following fixes:

- Update to version 0.8.5+82+suse.746b76e:

* libmultipath: avoid buffer size warning with systemd 240+. (bsc#1189176)

- Add a versioned dependency of multipath-tools on libmpath0. (bsc#1190622)

This update for numactl fixes the following issues:

- Fix System call numbers on s390x.

- Debug verify for --preferred option.

- Description for the usage of numactl.

- Varios memleacks on source files: sysfs.c, shm.c and numactl.c

- Description for numa_node_size64 and definition for numa_node_size in manpage.

- link with -latomic when needed.

- Clear race conditions on numa_police_memory().

- numademo: Use first two nodes instead of node 0 and 1

- Enhance _service settings

- Enable automake

1134353,1184994,1188291,1188588,1188713,1189446,1189480

This update for systemd fixes the following issues:

- Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353).

- Multipath: Rules weren't applied to dm devices (bsc#1188713).

- Ignore obsolete 'elevator' kernel parameter (bsc#1184994).

- Remove kernel unsupported single-queue block I/O.

- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).

- Avoid error message when updating active udev on sockets restart (bsc#1188291).

- Merge of v246.16, for a complete list of changes, visit:

https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d

- Drop 1007-tmpfiles-follow-SUSE-policies.patch:

Since most of the tmpfiles config files shipped by upstream are

ignored (see previous commit 'Drop most of the tmpfiles that deal

with generic paths'), this patch is no more relevant.

Additional fixes:

- core: make sure cgroup_oom_queue is flushed on manager exit.

- cgroup: do 'catchup' for unit cgroup inotify watch files.

- journalctl: never fail at flushing when the flushed flag is set (bsc#1188588).

- manager: reexecute on SIGRTMIN+25, user instances only.

- manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446).

- pid1: watchdog modernizations.

1191242

This update for xkeyboard-config fixes the following issue:

- Wrong keyboard mapping causing input delays with ABNT2 keyboards. (bsc#1191242)

1191019

This update for lvm2 fixes the following issues:

- Do not crash vgextend when extending VG with missing PV. (bsc#1191019)

1189441,1189841,1190598

This update for suse-module-tools fixes the following issues:

- Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598)

- Fixed an issue where initrd was not always rebuilding after installing

any kernel-*-extra package (bsc#1189441)

1178236,1188921,CVE-2021-37600

This update for util-linux fixes the following issues:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921)

1191200,1191260,1191480,1191804,1191922

This update for suse-module-tools fixes the following issues:

Update to version 15.3.13:

- Fix bad exit status in openQA. (bsc#1191922)

- Ignore kernel keyring for kernel certificates. (bsc#1191480)

- Deal with existing certificates that should be de-enrolled. (bsc#1191804)

- Don't pass existing files to weak-modules2. (bsc#1191200)

- Skip certificate scriptlet on non-UEFI systems. (bsc#1191260)

1160242

This update for iproute2 fixes the following issues:

- Follow-up fixes backported from upstream. (bsc#1160242)

1191690

This update for apparmor fixes the following issues:

- Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690)

1189234,1189702,1189938,1190425,CVE-2021-3713,CVE-2021-3748

This update for qemu fixes the following issues:

Security issues fixed:

- CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702)

- CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938)

Non-security issues fixed:

- Add transfer length item in block limits page of scsi vpd (bsc#1190425)

- Fix qemu crash while deleting xen-block (bsc#1189234)

1177902,1183247,1186398,1190420,1190493,1190693,1190695,1190917

This update for libvirt fixes the following issues:

- lxc: controller: Fix container launch on cgroup v1. (bsc#1183247)

- supportconfig: Use systemctl command 'is-active' instead of 'is-enabled' when checking if libvirtd is active.

- qemu: Do not report error in the logs when processing monitor IO. (bsc#1190917)

- spec: Fix an issue when package update hangs (bsc#1177902, bsc#1190693)

- spec: Don't add '--timeout' argument to '/etc/sysconfig/libvirtd' when running in traditional mode without socket activation. (bsc#1190695)

- libxl: Improve reporting of 'die_id' in capabilities. (bsc#1190493)

- libxl: Fix driver reload. (bsc#1190420)

- qemu: Set label on virtual host network device when hotplugging. (bsc#1186398)

- supportconfig: When checking for installed hypervisor drivers,

use the libvirtr-daemon-driver- package instead of

libvirt-daemon-. The latter are not required packages

for a functioning hypervisor driver.

1191804

This update for suse-module-tools fixes the following issues:

- Update to version 15.3.14:

* more fixes for updates under secure boot

* cert-script: Deal with existing $cert.delete file (bsc#1191804).

1192104

This update for kmod fixes the following issues:

- Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256)

1186071,1190440,1190984,1192161

This update for systemd fixes the following issues:

- Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798)

- Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984)

- Support detection for ARM64 Hyper-V guests (bsc#1186071)

- Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440)

- Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694)

- Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)

1190401

This update for system-users fixes the following issues:

- system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401)

1187196

This update for suse-module-tools fixes the following issues:

- Blacklist isst_if_mbox_msr driver because uses hardware information based on

CPU family and model, which is too unspecific. On large systems, this causes a lot of

failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196)

1191532,1191690

This update for apparmor fixes the following issues:

Changes in apparmor:

- Add a profile for 'samba-bgqd'. (bsc#1191532)

- Fix 'Requires' of python3 module. (bsc#1191690)

1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737

This update for python3 fixes the following issues:

- CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374).

- CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241).

- CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287).

- We do not require python-rpm-macros package (bsc#1180125).

- Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858).

- Stop providing 'python' symbol, which means python2 currently (bsc#1185588).

- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).

1193430

This update for kmod fixes the following issues:

- Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430)

1192423,1192858,1193759

This update for systemd fixes the following issues:

- Bump the max number of inodes for /dev to a million (bsc#1192858)

- sleep: don't skip resume device with low priority/available space (bsc#1192423)

- test: use kbd-mode-map we ship in one more test case

- test-keymap-util: always use kbd-model-map we ship

- Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759)

1183905,1193181

This update for lvm2 fixes the following issues:

- Fix lvconvert not taking `--stripes` option (bsc#1183905)

- Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181)

1191668,1192017,1193623,1193719,1193981,1194041,CVE-2021-4147

This update for libvirt fixes the following issues:

- CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041)

1190587,1190839,1193930,CVE-2021-43565

This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues:

- CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. (bsc#1193930)

The following package changes have been done:

- kubevirt-container-disk-0.45.0-8.7.1 updated

- kubevirt-virt-handler-0.45.0-8.7.1 updated

- libapparmor1-2.13.6-3.8.1 updated

- libdevmapper1_03-1.02.163-8.39.1 updated

- libkmod2-29-4.15.1 updated

- libnuma1-2.0.14.20.g4ee5e0c-10.1 updated

- system-group-kvm-20170617-17.3.1 updated

- suse-module-tools-15.3.15-3.17.1 updated

- libpython3_6m1_0-3.6.15-10.9.1 updated

- libmpath0-0.8.5+82+suse.746b76e-2.7.1 updated

- iproute2-5.3-5.5.1 updated

- xkeyboard-config-2.23.1-3.9.1 updated

- system-user-qemu-20170617-17.3.1 updated

- kmod-29-4.15.1 updated

- python3-base-3.6.15-10.9.1 updated

- systemd-246.16-7.28.1 updated

- udev-246.16-7.28.1 updated

- qemu-tools-5.2.0-106.4 updated

- util-linux-systemd-2.36.2-4.5.1 updated

- libvirt-libs-7.1.0-6.11.1 updated

- libvirt-client-7.1.0-6.11.1 updated

- python-rpm-macros-20200207.5feb6c1-3.11.1 removed

Severity
Container Advisory ID : SUSE-CU-2022:35-1
Container Tags : suse/sles/15.3/virt-handler:0.45.0 , suse/sles/15.3/virt-handler:0.45.0-8.7.1 , suse/sles/15.3/virt-handler:0.45.0.8.10.1
Container Release : 8.10.1
Severity : important
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.