SUSE: 2022:495-1 ses/7/cephcsi/csi-livenessprobe Security Update | ...
SUSE Container Update Advisory: ses/7/cephcsi/csi-livenessprobe
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:495-1
Container Tags        : ses/7/cephcsi/csi-livenessprobe:v1.1.0 , ses/7/cephcsi/csi-livenessprobe:v1.1.0-rev1 , ses/7/cephcsi/csi-livenessprobe:v1.1.0-rev1-build3.517
Container Release     : 3.517
Severity              : critical
Type                  : security
References            : 1027496 1029961 1029961 1040589 1047218 1047218 1050625 1078466
                        1082318 1084671 1099272 1099521 1106014 1113013 1115529 1121227
                        1121230 1122004 1122021 1122417 1125886 1128846 1134353 1141597
                        1146705 1153687 1154935 1157818 1158812 1158958 1158959 1158960
                        1159491 1159715 1159847 1159850 1160309 1160438 1160439 1161268
                        1161276 1161276 1162581 1162964 1164719 1167471 1169006 1169614
                        1171883 1171962 1172091 1172113 1172115 1172234 1172236 1172240
                        1172308 1172442 1172695 1172973 1172974 1173277 1173582 1173641
                        1174016 1174075 1174436 1174504 1174504 1174911 1174942 1175448
                        1175449 1175458 1175514 1175519 1175623 1176201 1177127 1177238
                        1177275 1177427 1177490 1177583 1178219 1178236 1178346 1178386
                        1178554 1178561 1178577 1178624 1178675 1178775 1178775 1178823
                        1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179398
                        1179399 1179415 1179416 1179491 1179503 1179593 1179694 1179721
                        1179816 1179824 1179847 1179909 1180020 1180038 1180064 1180073
                        1180077 1180083 1180125 1180138 1180225 1180596 1180603 1180603
                        1180663 1180689 1180721 1180836 1180851 1180851 1180885 1181011
                        1181328 1181358 1181443 1181505 1181622 1181826 1181831 1181874
                        1181874 1181976 1182016 1182117 1182279 1182328 1182331 1182333
                        1182362 1182372 1182408 1182411 1182412 1182413 1182415 1182416
                        1182417 1182418 1182419 1182420 1182604 1182629 1182791 1182899
                        1182936 1182936 1182959 1182959 1183064 1183085 1183094 1183268
                        1183370 1183371 1183456 1183457 1183543 1183545 1183589 1183628
                        1183628 1183632 1183659 1183791 1183797 1183801 1183852 1183933
                        1183934 1184326 1184358 1184399 1184401 1184435 1184614 1184614
                        1184690 1184761 1184967 1184994 1184994 1184997 1184997 1184997
                        1185016 1185046 1185163 1185221 1185239 1185239 1185299 1185325
                        1185331 1185408 1185408 1185409 1185409 1185410 1185410 1185417
                        1185438 1185524 1185540 1185562 1185698 1185807 1185958 1186015
                        1186049 1186114 1186447 1186489 1186503 1186503 1186579 1186602
                        1186642 1186910 1187060 1187153 1187210 1187212 1187224 1187270
                        1187273 1187292 1187400 1187425 1187466 1187512 1187512 1187654
                        1187670 1187738 1187760 1187906 1187911 1187993 1188018 1188063
                        1188063 1188156 1188217 1188218 1188219 1188220 1188291 1188344
                        1188435 1188548 1188571 1188623 1188713 1188921 1189031 1189152
                        1189206 1189465 1189465 1189480 1189520 1189521 1189521 1189534
                        1189554 1189683 1189803 1189929 1189996 1190052 1190059 1190199
                        1190234 1190325 1190356 1190373 1190374 1190440 1190447 1190465
                        1190645 1190712 1190739 1190793 1190815 1190915 1190926 1190933
                        1190984 1191252 1191286 1191324 1191370 1191563 1191609 1191736
                        1191987 1192161 1192248 1192337 1192436 1192489 1192688 1192717
                        1193007 1193480 1193481 1193488 1193521 1193625 1193711 1193759
                        1193805 1193841 1194229 1194522 1194597 1194640 1194768 1194770
                        1194898 1195149 1195258 1195326 1195468 1195560 1195792 1195856
                        1195899 1196036 1196093 1196167 1196275 1196406 1197004 1197024
                        1197459 928700 928701 954813 CVE-2015-3414 CVE-2015-3415 CVE-2015-8985
                        CVE-2016-10228 CVE-2017-9271 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032
                        CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646
                        CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926
                        CVE-2019-19959 CVE-2019-20218 CVE-2019-20838 CVE-2019-25013 CVE-2019-6285
                        CVE-2019-6292 CVE-2020-11080 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630
                        CVE-2020-13631 CVE-2020-13632 CVE-2020-14155 CVE-2020-14367 CVE-2020-15358
                        CVE-2020-1971 CVE-2020-24370 CVE-2020-24371 CVE-2020-25709 CVE-2020-25710
                        CVE-2020-27618 CVE-2020-29361 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221
                        CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226
                        CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025
                        CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-9327 CVE-2021-20231
                        CVE-2021-20232 CVE-2021-20266 CVE-2021-20271 CVE-2021-20305 CVE-2021-22570
                        CVE-2021-22876 CVE-2021-22890 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923
                        CVE-2021-22924 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-23840
                        CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218
                        CVE-2021-27219 CVE-2021-3326 CVE-2021-33560 CVE-2021-33574 CVE-2021-33910
                        CVE-2021-33910 CVE-2021-3421 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516
                        CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520
                        CVE-2021-3537 CVE-2021-3541 CVE-2021-3580 CVE-2021-35942 CVE-2021-36222
                        CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-37600 CVE-2021-37750
                        CVE-2021-38185 CVE-2021-38185 CVE-2021-39537 CVE-2021-3999 CVE-2021-4209
                        CVE-2021-43618 CVE-2022-23218 CVE-2022-23219 CVE-2022-24407 
-----------------------------------------------------------------

The container ses/7/cephcsi/csi-livenessprobe was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1989-1
Released:    Tue Jul 21 17:58:58 2020
Summary:     Recommended update to SLES-releases
Type:        recommended
Severity:    important
References:  1173582
This update of SLES-release provides the following fix:
- Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582)
  
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2020:3026-1
Released:    Fri Oct 23 15:35:51 2020
Summary:     Optional update for the Public Cloud Module
Type:        optional
Severity:    moderate
References:  

This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398).
The following packages were included:

- python3-grpcio
- python3-protobuf
- python3-google-api-core
- python3-google-cloud-core
- python3-google-cloud-storage
- python3-google-resumable-media
- python3-googleapis-common-protos
- python3-grpcio-gcp
- python3-mock (updated to version 3.0.5)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3721-1
Released:    Wed Dec  9 13:36:46 2020
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1179491,CVE-2020-1971
This update for openssl-1_1 fixes the following issues:
	  
- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3735-1
Released:    Wed Dec  9 18:19:24 2020
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286
This update for curl fixes the following issues:

- CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). 
- CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399).
- CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398).	  

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3809-1
Released:    Tue Dec 15 13:46:05 2020
Summary:     Recommended update for glib2
Type:        recommended
Severity:    moderate
References:  1178346
This update for glib2 fixes the following issues:

Update from version 2.62.5 to version 2.62.6:

- Support for slim format of timezone. (bsc#1178346)
- Fix DST incorrect end day when using slim format. (bsc#1178346)
- Fix SOCKS5 username/password authentication.
- Updated translations.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3853-1
Released:    Wed Dec 16 12:27:27 2020
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1084671,1169006,1174942,1175514,1175623,1178554,1178825
This update for util-linux fixes the following issue:

- Do not trigger the automatic close of CDROM. (bsc#1084671)
- Try to automatically configure broken serial lines. (bsc#1175514)
- Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514)
- Build with `libudev` support to support non-root users. (bsc#1169006)
- Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)
- Fix warning on mounts to `CIFS` with mount –a. (bsc#1174942)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3942-1
Released:    Tue Dec 29 12:22:01 2020
Summary:     Recommended update for libidn2
Type:        recommended
Severity:    moderate
References:  1180138
This update for libidn2 fixes the following issues:

- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
  adjusted the RPM license tags (bsc#1180138)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3943-1
Released:    Tue Dec 29 12:24:45 2020
Summary:     Recommended update for libxml2
Type:        recommended
Severity:    moderate
References:  1178823
This update for libxml2 fixes the following issues:

Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823)
* key/unique/keyref schema attributes currently use quadratic loops
  to check their various constraints (that keys are unique and that
  keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:109-1
Released:    Wed Jan 13 10:13:24 2021
Summary:     Security update for libzypp, zypper
Type:        security
Severity:    moderate
References:  1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271
This update for libzypp, zypper fixes the following issues:

Update zypper to version 1.14.41

Update libzypp to 17.25.4

- CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583)
- RepoManager: Force refresh if repo url has changed (bsc#1174016)
- RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966)
- RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427).
- RpmDb: If no database exists use the _dbpath configured in rpm.  Still makes sure a compat
  symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910)
- Fixed update of gpg keys with elongated expire date (bsc#179222)
- needreboot: remove udev from the list (bsc#1179083)
- Fix lsof monitoring (bsc#1179909)

yast-installation was updated to 4.2.48:

- Do not cleanup the libzypp cache when the system has low memory,
  incomplete cache confuses libzypp later (bsc#1179415)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:129-1
Released:    Thu Jan 14 12:26:15 2021
Summary:     Security update for openldap2
Type:        security
Severity:    moderate
References:  1178909,1179503,CVE-2020-25709,CVE-2020-25710
This update for openldap2 fixes the following issues:

Security issues fixed:

- CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
- CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909).

Non-security issue fixed:

- Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:169-1
Released:    Tue Jan 19 16:18:46 2021
Summary:     Recommended update for libsolv, libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1179816,1180077,1180663,1180721
This update for libsolv, libzypp, zypper fixes the following issues:

libzypp was updated to 17.25.6:

- Rephrase solver problem descriptions (jsc#SLE-8482)
- Adapt to changed gpg2/libgpgme behavior (bsc#1180721)
- Multicurl backend breaks with with unknown filesize (fixes #277)

zypper was updated to 1.14.42:

- Fix source-download commnds help (bsc#1180663)
- man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816)
- Extend apt packagemap (fixes #366)
- --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077)

libsolv was updated to 0.7.16;

- do not ask the namespace callback for splitprovides when writing a testcase
- fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes
- improve choicerule generation so that package updates are prefered in more cases

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:174-1
Released:    Wed Jan 20 07:55:23 2021
Summary:     Recommended update for gnutls
Type:        recommended
Severity:    moderate
References:  1172695
This update for gnutls fixes the following issue:

- Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:197-1
Released:    Fri Jan 22 15:17:42 2021
Summary:     Security update for permissions
Type:        security
Severity:    moderate
References:  1171883,CVE-2020-8025
This update for permissions fixes the following issues:

- Update to version 20181224:
  * pcp: remove no longer needed / conflicting entries
         (bsc#1171883, CVE-2020-8025)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:220-1
Released:    Tue Jan 26 14:00:51 2021
Summary:     Recommended update for keyutils
Type:        recommended
Severity:    moderate
References:  1180603
This update for keyutils fixes the following issues:

- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:233-1
Released:    Wed Jan 27 12:15:33 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1141597,1174436,1175458,1177490,1179363,1179824,1180225
This update for systemd fixes the following issues:

- Added a timestamp to the output of the busctl monitor command (bsc#1180225)
- Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824)
- Improved the caching of cgroups member mask (bsc#1175458)
- Fixed the dependency definition of sound.target (bsc#1179363)
- Fixed a bug that could lead to a potential error, when daemon-reload is called between
  StartTransientUnit and scope_start() (bsc#1174436)
- time-util: treat /etc/localtime missing as UTC (bsc#1141597)
- Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:265-1
Released:    Mon Feb  1 15:06:45 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1178775,1180885
This update for systemd fixes the following issues:

- Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998))
- Fix for an issue when container start causes interference in other containers. (bsc#1178775)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:293-1
Released:    Wed Feb  3 12:52:34 2021
Summary:     Recommended update for gmp
Type:        recommended
Severity:    moderate
References:  1180603
This update for gmp fixes the following issues:

- correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:294-1
Released:    Wed Feb  3 12:54:28 2021
Summary:     Recommended update for libprotobuf
Type:        recommended
Severity:    moderate
References:  

libprotobuf was updated to fix:

- ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)
  
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:339-1
Released:    Mon Feb  8 13:16:07 2021
Summary:     Optional update for pam
Type:        optional
Severity:    low
References:  
This update for pam fixes the following issues:

- Added rpm macros for this package, so that other packages can make use of it

This patch is optional to be installed - it doesn't fix any bugs.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:653-1
Released:    Fri Feb 26 19:53:43 2021
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326
This update for glibc fixes the following issues:

- Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973)
- x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649)
- gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256)
- iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224)
- iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923)
- Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:656-1
Released:    Mon Mar  1 09:34:21 2021
Summary:     Recommended update for protobuf
Type:        recommended
Severity:    moderate
References:  1177127
This update for protobuf fixes the following issues:

- Add missing dependency of python subpackages on python-six. (bsc#1177127)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:723-1
Released:    Mon Mar  8 16:45:27 2021
Summary:     Security update for openldap2
Type:        security
Severity:    important
References:  1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212
This update for openldap2 fixes the following issues:

- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the
  X.509 DN parsing in decode.c ber_next_element, resulting in denial
  of service.
- bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN
  parsing in ad_keystring, resulting in denial of service.
- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash
  in the Certificate List Exact Assertion processing, resulting in
  denial of service.
- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the
  cancel_extop Cancel operation, resulting in denial of service.
- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the
  saslAuthzTo processing, resulting in denial of service.
- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash
  in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd
  crash in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the
  saslAuthzTo validation, resulting in denial of service.
- bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact
  Assertion processing, resulting in denial of service (schema_init.c
  serialNumberAndIssuerCheck).
- bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter
  control handling, resulting in denial of service (double free and
  out-of-bounds read).
- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur
    in the issuerAndThisUpdateCheck function via a crafted packet,
    resulting in a denial of service (daemon exit) via a short timestamp.
    This is related to schema_init.c and checkTime.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:754-1
Released:    Tue Mar  9 17:10:49 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841
This update for openssl-1_1 fixes the following issues:

- CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)
- CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)
- Fixed unresolved error codes in FIPS (bsc#1182959).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:778-1
Released:    Fri Mar 12 17:42:25 2021
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1182328,1182362,CVE-2021-27218,CVE-2021-27219
This update for glib2 fixes the following issues:

- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if
  the length is larger than guint. (bsc#1182328)
- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:786-1
Released:    Mon Mar 15 11:19:23 2021
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1176201
This update for zlib fixes the following issues:

- Fixed hw compression on z15 (bsc#1176201)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:874-1
Released:    Thu Mar 18 09:41:54 2021
Summary:     Recommended update for libsolv, libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1179847,1181328,1181622,1182629
This update for libsolv, libzypp, zypper fixes the following issues:

- support multiple collections in updateinfo parser
- Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328)
- Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629)
- Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847)
- Fix '%posttrans' script execution. (fixes #265)
- Repo: Allow multiple baseurls specified on one line (fixes #285)
- Regex: Fix memory leak and undefined behavior.
- Add rpm buildrequires for test suite (fixes #279)
- Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use.
- doc: give more details about creating versioned package locks. (bsc#1181622)
- man: Document synonymously used patch categories (bsc#1179847)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:924-1
Released:    Tue Mar 23 10:00:49 2021
Summary:     Recommended update for filesystem
Type:        recommended
Severity:    moderate
References:  1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094
This update for filesystem the following issues:

- Remove duplicate line due to merge error
- Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) 
- Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
- Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
- Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)

This update for systemd fixes the following issues:

- Fix for a possible memory leak. (bsc#1180020)
- Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
- Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
- Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
- Don't use shell redirections when calling a rpm macro. (bsc#1183094)
- 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:930-1
Released:    Wed Mar 24 12:09:23 2021
Summary:     Security update for nghttp2
Type:        security
Severity:    important
References:  1172442,1181358,CVE-2020-11080
This update for nghttp2 fixes the following issues:

- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:935-1
Released:    Wed Mar 24 12:19:10 2021
Summary:     Security update for gnutls
Type:        security
Severity:    important
References:  1183456,1183457,CVE-2021-20231,CVE-2021-20232
This update for gnutls fixes the following issues:

- CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456).
- CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:948-1
Released:    Wed Mar 24 14:31:34 2021
Summary:     Security update for zstd
Type:        security
Severity:    moderate
References:  1183370,1183371,CVE-2021-24031,CVE-2021-24032
This update for zstd fixes the following issues:

- CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371).
- CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:955-1
Released:    Thu Mar 25 16:11:48 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1183852,CVE-2021-3449
This update for openssl-1_1 fixes the security issue:

* CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted
  renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation
  ClientHello omits the signature_algorithms extension but includes a
  signature_algorithms_cert extension, then a NULL pointer dereference will
  result, leading to a crash and a denial of service attack. OpenSSL TLS
  clients are not impacted by this issue. [bsc#1183852]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1004-1
Released:    Thu Apr  1 15:07:09 2021
Summary:     Recommended update for libcap
Type:        recommended
Severity:    moderate
References:  1180073
This update for libcap fixes the following issues:

- Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460)
- Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1006-1
Released:    Thu Apr  1 17:44:57 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1183933,1183934,CVE-2021-22876,CVE-2021-22890
This update for curl fixes the following issues:

- CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934)
- CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1141-1
Released:    Mon Apr 12 13:13:36 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    low
References:  1182791
This update for openldap2 fixes the following issues:

- Improved the proxy connection timeout options to prune connections properly (bsc#1182791)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1169-1
Released:    Tue Apr 13 15:01:42 2021
Summary:     Recommended update for procps
Type:        recommended
Severity:    low
References:  1181976
This update for procps fixes the following issues:

- Corrected a statement in the man page about processor pinning via taskset (bsc#1181976)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1286-1
Released:    Tue Apr 20 20:10:21 2021
Summary:     Recommended update for SLES-release
Type:        recommended
Severity:    moderate
References:  1180836
This recommended update for SLES-release provides the following fix:

- Revert the problematic changes previously released and make sure the version is high
  enough to obsolete the package on containers and images. (bsc#1180836)

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1296-1
Released:    Wed Apr 21 14:09:28 2021
Summary:     Optional update for e2fsprogs
Type:        optional
Severity:    low
References:  1183791
This update for e2fsprogs fixes the following issues:

- Fixed an issue when building e2fsprogs (bsc#1183791)

This patch does not fix any user visible issues and is therefore optional to install.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1297-1
Released:    Wed Apr 21 14:10:10 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1178219
This update for systemd fixes the following issues:

- Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot
  be stopped properly and would leave mount points mounted.

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1299-1
Released:    Wed Apr 21 14:11:41 2021
Summary:     Optional update for gpgme
Type:        optional
Severity:    low
References:  1183801
This update for gpgme fixes the following issues:

- Fixed a bug in test cases (bsc#1183801)

This patch is optional to install and does not provide any user visible bug fixes.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1407-1
Released:    Wed Apr 28 15:49:02 2021
Summary:     Recommended update for libcap
Type:        recommended
Severity:    important
References:  1184690
This update for libcap fixes the following issues:

- Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1412-1
Released:    Wed Apr 28 17:09:28 2021
Summary:     Security update for libnettle
Type:        security
Severity:    important
References:  1184401,CVE-2021-20305
This update for libnettle fixes the following issues:

- CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1426-1
Released:    Thu Apr 29 06:23:13 2021
Summary:     Recommended update for libsolv
Type:        recommended
Severity:    moderate
References:  
This update for libsolv fixes the following issues:

- Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt.
- Fix a couple of memory leaks in error cases.
- Fix error handling in solv_xfopen_fd()
- Fixed 'regex' code on win32.
- Fixed memory leak in choice rule generation

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1466-1
Released:    Tue May  4 08:30:57 2021
Summary:     Security update for permissions
Type:        security
Severity:    important
References:  1182899
This update for permissions fixes the following issues:

- etc/permissions: remove unnecessary entries (bsc#1182899)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1523-1
Released:    Wed May  5 18:24:20 2021
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518
This update for libxml2 fixes the following issues:

- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1527-1
Released:    Thu May  6 08:58:53 2021
Summary:     Recommended update for bash
Type:        recommended
Severity:    important
References:  1183064
This update for bash fixes the following issues:

- Fixed a segmentation fault that used to occur when bash read a history file
  that was malformed in a very specific way. (bsc#1183064)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1528-1
Released:    Thu May  6 15:31:23 2021
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1161276
This update for openssl-1_1 fixes the following issues:

- Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1543-1
Released:    Fri May  7 15:16:33 2021
Summary:     Recommended update for patterns-microos
Type:        recommended
Severity:    moderate
References:  1184435
This update for patterns-microos provides the following fix:

- Require the libvirt-daemon-qemu package and include the needed dependencies in the
  product. (bsc#1184435)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1544-1
Released:    Fri May  7 16:34:41 2021
Summary:     Recommended update for libzypp
Type:        recommended
Severity:    moderate
References:  1180851,1181874,1182936,1183628,1184997,1185239
This update for libzypp fixes the following issues:

Upgrade from version 17.25.8 to version 17.25.10

- Properly handle permission denied when providing optional files. (bsc#1185239)
- Fix service detection with `cgroupv2`. (bsc#1184997)
- Add missing includes for GCC 11. (bsc#1181874)
- Fix unsafe usage of static in media verifier.
- `Solver`: Avoid segfault if no system is loaded. (bsc#1183628)
- `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851)
- Do no cleanup in custom cache dirs. (bsc#1182936)
- `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1549-1
Released:    Mon May 10 13:48:00 2021
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1185417
This update for procps fixes the following issues:

- Support up to 2048 CPU as well. (bsc#1185417)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1565-1
Released:    Tue May 11 14:20:04 2021
Summary:     Recommended update for krb5
Type:        recommended
Severity:    moderate
References:  1185163
This update for krb5 fixes the following issues:

- Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163);

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1592-1
Released:    Wed May 12 13:47:41 2021
Summary:     Optional update for sed
Type:        optional
Severity:    low
References:  1183797
This update for sed fixes the following issues:

- Fixed a building issue with glibc-2.31 (bsc#1183797).

This patch is optional to install.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1612-1
Released:    Fri May 14 17:09:39 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1184614
This update for openldap2 fixes the following issue:

- Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1643-1
Released:    Wed May 19 13:51:48 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1181443,1184358,1185562
This update for pam fixes the following issues:

- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to
  an attempt to resolve it as a hostname (bsc#1184358)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1647-1
Released:    Wed May 19 13:59:12 2021
Summary:     Security update for lz4
Type:        security
Severity:    important
References:  1185438,CVE-2021-3520
This update for lz4 fixes the following issues:

- CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1654-1
Released:    Wed May 19 16:43:36 2021
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537
This update for libxml2 fixes the following issues:

- CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1762-1
Released:    Wed May 26 12:30:01 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1186114,CVE-2021-22898
This update for curl fixes the following issues:

- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).
- Allow partial chain verification [jsc#SLE-17956]
  * Have intermediate certificates in the trust store be treated
    as trust-anchors, in the same way as self-signed root CA
    certificates are. This allows users to verify servers using
    the intermediate cert only, instead of needing the whole chain.
  * Set FLAG_TRUSTED_FIRST unconditionally.
  * Do not check partial chains with CRL check.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1833-1
Released:    Wed Jun  2 15:32:28 2021
Summary:     Recommended update for zypper
Type:        recommended
Severity:    moderate
References:  1153687,1180851,1181874,1182372,1182936,1183268,1183589,1183628,1184997,1185239
This update for zypper fixes the following issues:

zypper was upgraded to 1.14.44:

- man page: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- patch: Let a patch's reboot-needed flag overrule included packages. (bsc#1183268)
- Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687)
- Protect against strict/relaxed user umask via sudo. (bsc#1183589)
- xml summary: Add solvables repository alias. (bsc#1182372)

libzypp was upgraded from version 17.25.8 to version 17.25.10

- Properly handle permission denied when providing optional files. (bsc#1185239)
- Fix service detection with `cgroupv2`. (bsc#1184997)
- Add missing includes for GCC 11. (bsc#1181874)
- Fix unsafe usage of static in media verifier.
- `Solver`: Avoid segfault if no system is loaded. (bsc#1183628)
- `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851)
- Do no cleanup in custom cache dirs. (bsc#1182936)
- `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1861-1
Released:    Fri Jun  4 09:59:40 2021
Summary:     Recommended update for gcc10
Type:        recommended
Severity:    moderate
References:  1029961,1106014,1178577,1178624,1178675,1182016
This update for gcc10 fixes the following issues:

- Disable nvptx offloading for aarch64 again since it doesn't work
- Fixed a build failure issue. (bsc#1182016)
- Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)
- Fix 32bit 'libgnat.so' link. (bsc#1178675)
- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)
- Build complete set of multilibs for arm-none target. (bsc#1106014)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1879-1
Released:    Tue Jun  8 09:16:09 2021
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    important
References:  1184326,1184399,1184997,1185325
This update for libzypp, zypper fixes the following issues:

libzypp was updated to 17.26.0:

- Work around download.o.o broken https redirects.
- Allow trusted repos to add additional signing keys (bsc#1184326)
  Repositories signed with a trusted gpg key may import additional
  package signing keys. This is needed if different keys were used
  to sign the the packages shipped by the repository.
- MediaCurl: Fix logging of redirects.
- Use 15.3 resolver problem and solution texts on all distros.
- $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the
  zypp lock (bsc#1184399)
  Helps boot time services like 'zypper purge-kernels' to wait for
  the zypp lock until other services using zypper have completed.
- Fix purge-kernels is broken in Leap 15.3 (bsc#1185325)
  Leap 15.3 introduces a new kernel package called
  kernel-flavour-extra, which contain kmp's. Currently kmp's are
  detected by name '.*-kmp(-.*)?' but this does not work which
  those new packages. This patch fixes the problem by checking
  packages for kmod(*) and ksym(*) provides and only falls back to
  name checking if the package in question does not provide one of
  those.
- Introduce zypp-runpurge, a tool to run purge-kernels on
  testcases.

zypper was updated to 1.14.45:

- Fix service detection with cgroupv2 (bsc#1184997)
- Add hints to 'trust GPG key' prompt.
- Add report when receiving new package signing keys from a
  trusted repo (bsc#1184326)
- Added translation using Weblate (Kabyle)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1917-1
Released:    Wed Jun  9 14:48:05 2021
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1186015,CVE-2021-3541
This update for libxml2 fixes the following issues:

- CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1937-1
Released:    Thu Jun 10 10:47:09 2021
Summary:     Recommended update for nghttp2
Type:        recommended
Severity:    moderate
References:  1186642

This update for nghttp2 fixes the following issue:

- The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead
  to migration issues. (bsc#1186642)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1953-1
Released:    Thu Jun 10 16:18:50 2021
Summary:     Recommended update for gpg2
Type:        recommended
Severity:    moderate
References:  1161268,1172308
This update for gpg2 fixes the following issues:

- Fixed an issue where the gpg-agent's ssh-agent does not handle flags 
  in signing requests properly (bsc#1161268 and bsc#1172308).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2143-1
Released:    Wed Jun 23 16:27:04 2021
Summary:     Security update for libnettle
Type:        security
Severity:    important
References:  1187060,CVE-2021-3580
This update for libnettle fixes the following issues:

- CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2157-1
Released:    Thu Jun 24 15:40:14 2021
Summary:     Security update for libgcrypt
Type:        security
Severity:    important
References:  1187212,CVE-2021-33560
This update for libgcrypt fixes the following issues:

- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2173-1
Released:    Mon Jun 28 14:59:45 2021
Summary:     Recommended update for automake
Type:        recommended
Severity:    moderate
References:  1040589,1047218,1182604,1185540,1186049
This update for automake fixes the following issues:

- Implement generated autoconf makefiles reproducible (bsc#1182604)
- Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
- Avoid bashisms in test-driver script. (bsc#1185540)

This update for pcre fixes the following issues:

- Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)

This update for brp-check-suse fixes the following issues:

- Add fixes to support reproducible builds. (bsc#1186049) 


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2196-1
Released:    Tue Jun 29 09:41:39 2021
Summary:     Security update for lua53
Type:        security
Severity:    moderate
References:  1175448,1175449,CVE-2020-24370,CVE-2020-24371
This update for lua53 fixes the following issues:

Update to version 5.3.6:

- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2205-1
Released:    Wed Jun 30 09:17:41 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    important
References:  1187210
This update for openldap2 fixes the following issues:

- Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2229-1
Released:    Thu Jul  1 20:40:37 2021
Summary:     Recommended update for release packages
Type:        recommended
Severity:    moderate
References:  1099521,1185221
This update for the release packages provides the following fix:

- Fix grub menu entries after migration from SLE-12*. (bsc#1099521)
- Adjust the sles-release changelog to include an entry for the previous release that was
  reverting a broken change. (bsc#1185221)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2246-1
Released:    Mon Jul  5 15:17:49 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400
This update for systemd fixes the following issues:

  cgroup: Parse infinity properly for memory protections. (bsc#1167471)
  cgroup: Make empty assignments reset to default. (bsc#1167471)
  cgroup: Support 0-value for memory protection directives. (bsc#1167471)
  core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935)
  bus-unit-util: Add proper 'MemorySwapMax' serialization.
  core: Accept MemorySwapMax= properties that are scaled.
  execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967)
  core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331)
  Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046)
  rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561)
  write_net_rules: Set execute bits. (bsc#1178561)
  udev: Rework network device renaming.
  Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available''
    
  mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761)
  core: fix output (logging) for mount units (#7603) (bsc#1187400)
  udev requires systemd in its %post (bsc#1185958)
  cgroup: Parse infinity properly for memory protections (bsc#1167471)
  cgroup: Make empty assignments reset to default (bsc#1167471)
  cgroup: Support 0-value for memory protection directives (bsc#1167471)
  Create /run/lock/subsys again (bsc#1187292)
  The creation of this directory was mistakenly dropped when
  'filesystem' package took the initialization of the generic paths
  over.
  Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
  
  

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:2249-1
Released:    Mon Jul  5 15:40:46 2021
Summary:     Optional update for gnutls
Type:        optional
Severity:    low
References:  1047218,1186579
This update for gnutls does not fix any user visible issues. It is therefore optional to install.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2273-1
Released:    Thu Jul  8 09:48:48 2021
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1186447,1186503
This update for libzypp, zypper fixes the following issues:

- Enhance XML output of repo GPG options
- Add optional attributes showing the raw values actually present in the '.repo' file.
- Link all executables with -PIE (bsc#1186447)
- Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645)
- Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503)
- Fix segv if 'ZYPP_FULLOG' is set.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2320-1
Released:    Wed Jul 14 17:01:06 2021
Summary:     Security update for sqlite3
Type:        security
Severity:    important
References:  1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327
This update for sqlite3 fixes the following issues:

- Update to version 3.36.0
- CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener
  optimization (bsc#1173641)
- CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in
  isAuxiliaryVtabOperator (bsc#1164719)
- CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)
- CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438)
- CVE-2019-19923: improper handling  of  certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer
  dereference (bsc#1160309)
- CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)
- CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)
- CVE-2019-19926: improper handling  of certain errors during parsing  multiSelect in select.c (bsc#1159715)
- CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference
  (bsc#1159491)
- CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with
  a shadow table name (bsc#1158960)
- CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated
  columns (bsc#1158959)
- CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views
  in conjunction with ALTER TABLE statements (bsc#1158958)
- CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column,
  which allows attackers to cause a denial of service (bsc#1158812)
- CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a
  sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)
- CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)
- CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)
- CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)
- CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow
- CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)
- CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)
- CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2404-1
Released:    Tue Jul 20 14:21:30 2021
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1184994,1188063,CVE-2021-33910
This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063)
- Skip udev rules if 'elevator=' is used (bsc#1184994)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2439-1
Released:    Wed Jul 21 13:46:48 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925
This update for curl fixes the following issues:

- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2689-1
Released:    Mon Aug 16 10:54:52 2021
Summary:     Security update for cpio
Type:        security
Severity:    important
References:  1189206,CVE-2021-38185
This update for cpio fixes the following issues:

It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2763-1
Released:    Tue Aug 17 17:16:22 2021
Summary:     Recommended update for cpio
Type:        recommended
Severity:    critical
References:  1189465
This update for cpio fixes the following issues:

- A regression in last update would cause builds to hang on various architectures(bsc#1189465)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2780-1
Released:    Thu Aug 19 16:09:15 2021
Summary:     Recommended update for cpio
Type:        recommended
Severity:    critical
References:  1189465,CVE-2021-38185
This update for cpio fixes the following issues:

- A regression in the previous update could lead to crashes (bsc#1189465)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2800-1
Released:    Fri Aug 20 10:43:04 2021
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1188571,CVE-2021-36222
This update for krb5 fixes the following issues:

- CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2830-1
Released:    Tue Aug 24 16:20:18 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1189520,1189521,CVE-2021-3711,CVE-2021-3712
This update for openssl-1_1 fixes the following security issues:

- CVE-2021-3711: A bug in the implementation of the SM2 decryption code
  could lead to buffer overflows. [bsc#1189520]

- CVE-2021-3712: a bug in the code for printing certificate details could
  lead to a buffer overrun that a malicious actor could exploit to crash
  the application, causing a denial-of-service attack. [bsc#1189521]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2938-1
Released:    Fri Sep  3 09:19:36 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1184614

This update for openldap2 fixes the following issue:

- openldap2-contrib is shipped to the Legacy Module. (bsc#1184614)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2966-1
Released:    Tue Sep  7 09:49:14 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    low
References:  1189521,CVE-2021-3712
This update for openssl-1_1 fixes the following issues:

- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. 
  Read buffer overruns processing ASN.1 strings (bsc#1189521).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3001-1
Released:    Thu Sep  9 15:08:13 2021
Summary:     Recommended update for netcfg
Type:        recommended
Severity:    moderate
References:  1189683
This update for netcfg fixes the following issues:

- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3030-1
Released:    Tue Sep 14 09:27:45 2021
Summary:     Recommended update for patterns-base
Type:        recommended
Severity:    moderate
References:  1189534,1189554

This update of patterns-base fixes the following issue:

- The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3182-1
Released:    Tue Sep 21 17:04:26 2021
Summary:     Recommended update for file
Type:        recommended
Severity:    moderate
References:  1189996
This update for file fixes the following issues:

- Fixes exception thrown by memory allocation problem (bsc#1189996)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3298-1
Released:    Wed Oct  6 16:54:52 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1190373,1190374,CVE-2021-22946,CVE-2021-22947
This update for curl fixes the following issues:

- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3348-1
Released:    Tue Oct 12 13:08:06 2021
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910
This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063).

- logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018).
- Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353).
- Rules weren't applied to dm devices (multipath) (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234).
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291).
- Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3385-1
Released:    Tue Oct 12 15:54:31 2021
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1186489,1187911,CVE-2021-33574,CVE-2021-35942
This update for glibc fixes the following issues:

- CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911)
- CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3444-1
Released:    Fri Oct 15 09:03:07 2021
Summary:     Security update for rpm
Type:        security
Severity:    important
References:  1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421
This update for rpm fixes the following issues:

Security issues fixed:

- CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632)
- PGP hardening changes (bsc#1185299)
- Fixed potential access of freed mem in ndb's glue code (bsc#1179416)

Maintaince issues fixed:

- Fixed zstd detection (bsc#1187670)
- Added ndb rofs support (bsc#1188548)
- Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3454-1
Released:    Mon Oct 18 09:29:26 2021
Summary:     Security update for krb5
Type:        security
Severity:    moderate
References:  1189929,CVE-2021-37750
This update for krb5 fixes the following issues:

- CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3480-1
Released:    Wed Oct 20 11:24:10 2021
Summary:     Recommended update for yast2-network
Type:        recommended
Severity:    moderate
References:  1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933
This update for yast2-network fixes the following issues:

- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).
- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).
- Consider aliases sections as case insensitive (bsc#1190739).
- Display user defined device name in the devices overview (bnc#1190645).
- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).
- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).
- Fix desktop file so the control center tooltip is translated (bsc#1187270).
- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).
- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3490-1
Released:    Wed Oct 20 16:31:55 2021
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1190793,CVE-2021-39537
This update for ncurses fixes the following issues:

- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3494-1
Released:    Wed Oct 20 16:48:46 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1190052
This update for pam fixes the following issues:

- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3501-1
Released:    Fri Oct 22 10:42:46 2021
Summary:     Recommended update for libzypp, zypper, libsolv, protobuf
Type:        recommended
Severity:    moderate
References:  1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815
This update for libzypp, zypper, libsolv and protobuf fixes the following issues:

- Choice rules: treat orphaned packages as newest (bsc#1190465)
- Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
- Do not check of signatures and keys two times(redundant) (bsc#1190059)
- Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
- Show key fpr from signature when signature check fails (bsc#1187224)
- Fix solver jobs for PTFs (bsc#1186503)
- Fix purge-kernels fails (bsc#1187738)
- Fix obs:// platform guessing for Leap (bsc#1187425)
- Make sure to keep states alives while transitioning. (bsc#1190199)
- Manpage: Improve description about patch updates(bsc#1187466)
- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
- Fix crashes in logging code when shutting down (bsc#1189031)
- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
- Add need reboot/restart hint to XML install summary (bsc#1188435)
- Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
- Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released:    Tue Oct 26 11:22:15 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1191987
This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in
  the 'securetty' file to be installed as 'macros.pam'.
  (bsc#1191987)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3523-1
Released:    Tue Oct 26 15:40:13 2021
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1122417,1125886,1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:

Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921).
- agetty: Fix 8-bit processing in get_logname() (bsc#1125886).
- mount: Fix 'mount' output for net file systems (bsc#1122417).
- ipcs: Avoid overflows (bsc#1178236)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3529-1
Released:    Wed Oct 27 09:23:32 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1172973,1172974,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3799-1
Released:    Wed Nov 24 18:07:54 2021
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1187153,1187273,1188623
This update for gcc11 fixes the following issues:

The additional GNU compiler collection GCC 11 is provided:

To select these compilers install the packages:

- gcc11
- gcc-c++11
- and others with 11 prefix.

to select them for building:

- CC='gcc-11'
- CXX='g++-11'

The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3809-1
Released:    Fri Nov 26 00:31:59 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1189803,1190325,1190440,1190984,1191252,1192161
This update for systemd fixes the following issues:

- Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103)
- Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)
- shutdown: Reduce log level of unmounts (bsc#1191252)
- pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803)
- core: rework how we connect to the bus (bsc#1190325)
- mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984)
- virt: detect Amazon EC2 Nitro instance (bsc#1190440)
- Several fixes for umount
- busctl: use usec granularity for the timestamp printed by the busctl monitor command
- fix unitialized fields in MountPoint in dm_list_get()
- shutdown: explicitly set a log target
- mount-util: add mount_option_mangle()
- dissect: automatically mark partitions read-only that have a read-only file system
- build-sys: require proper libmount version
- systemd-shutdown: use log_set_prohibit_ipc(true)
- rationalize interface for opening/closing logging
- pid1: when we can't log to journal, remember our fallback log target
- log: remove LOG_TARGET_SAFE pseudo log target
- log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console()
- log: add new 'prohibit_ipc' flag to logging system
- log: make log_set_upgrade_syslog_to_journal() take effect immediately
- dbus: split up bus_done() into seperate functions
- machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
- virt: if we detect Xen by DMI, trust that over CPUID

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3830-1
Released:    Wed Dec  1 13:45:46 2021
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1027496,1183085,CVE-2016-10228

This update for glibc fixes the following issues:


- libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) 
- CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3870-1
Released:    Thu Dec  2 07:11:50 2021
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1190356,1191286,1191324,1191370,1191609,1192337,1192436
This update for libzypp, zypper fixes the following issues:

libzypp:

- Check log writer before accessing it (bsc#1192337)
- Zypper should keep cached files if transaction is aborted (bsc#1190356)
- Require a minimum number of mirrors for multicurl (bsc#1191609)
- Fixed slowdowns when rlimit is too high by using procfs to detect niumber of 
  open file descriptors (bsc#1191324)
- Fixed zypper incomplete messages when using non English localization (bsc#1191370)
- RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286)
- Disable logger in the child process after fork (bsc#1192436)

zypper:

- Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3872-1
Released:    Thu Dec  2 07:25:55 2021
Summary:     Recommended update for cracklib
Type:        recommended
Severity:    moderate
References:  1191736
This update for cracklib fixes the following issues:

- Enable build time tests (bsc#1191736)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3891-1
Released:    Fri Dec  3 10:21:49 2021
Summary:     Recommended update for keyutils
Type:        recommended
Severity:    moderate
References:  1029961,1113013,1187654
This update for keyutils fixes the following issues:

- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)

keyutils was updated to 1.6.3 (jsc#SLE-20016):

* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow 'keyctl supports' to retrieve raw capability data.
* Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.
* Allow 'keyctl new_session' to name the keyring.
* Allow 'keyctl add/padd/etc.' to take hex-encoded data.
* Add 'keyctl watch*' to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes. 

Updated to 1.6:

* Apply various specfile cleanups from Fedora.
* request-key: Provide a command line option to suppress helper execution.
* request-key: Find least-wildcard match rather than first match.
* Remove the dependency on MIT Kerberos.
* Fix some error messages
* keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
* Fix doc and comment typos.
* Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
* Add pkg-config support for finding libkeyutils.
* upstream isn't offering PGP signatures for the source tarballs anymore

Updated to 1.5.11 (bsc#1113013)

* Add keyring restriction support.
* Add KDF support to the Diffie-Helman function.
* DNS: Add support for AFS config files and SRV records
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3899-1
Released:    Fri Dec  3 11:27:41 2021
Summary:     Security update for aaa_base
Type:        security
Severity:    moderate
References:  1162581,1174504,1191563,1192248
This update for aaa_base fixes the following issues:

- Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504).
- Add $HOME/.local/bin to PATH, if it exists (bsc#1192248).
- Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563).
- Support xz compressed kernel (bsc#1162581)   

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3946-1
Released:    Mon Dec  6 14:57:42 2021
Summary:     Security update for gmp
Type:        security
Severity:    moderate
References:  1192717,CVE-2021-43618
This update for gmp fixes the following issues:
    
- CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4139-1
Released:    Tue Dec 21 17:02:44 2021
Summary:     Recommended update for systemd
Type:        recommended
Severity:    critical
References:  1193481,1193521
This update for systemd fixes the following issues:

- Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481)
  sleep-config: partitions can't be deleted, only files can
  shared/sleep-config: exclude zram devices from hibernation candidates

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4145-1
Released:    Wed Dec 22 05:27:48 2021
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1161276
This update for openssl-1_1 fixes the following issues:

- Remove previously applied patch because it interferes with FIPS validation (bsc#1161276)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4154-1
Released:    Wed Dec 22 11:02:38 2021
Summary:     Security update for p11-kit
Type:        security
Severity:    important
References:  1180064,1187993,CVE-2020-29361
This update for p11-kit fixes the following issues:

- CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064)
- Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:4182-1
Released:    Thu Dec 23 11:51:51 2021
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1192688
This update for zlib fixes the following issues:

- Fix hardware compression incorrect result on z15 hardware (bsc#1192688)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:4192-1
Released:    Tue Dec 28 10:39:50 2021
Summary:     Security update for permissions
Type:        security
Severity:    moderate
References:  1174504
This update for permissions fixes the following issues:

- Update to version 20181225:
  * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4-1
Released:    Mon Jan  3 08:28:54 2022
Summary:     Recommended update for libgcrypt
Type:        recommended
Severity:    moderate
References:  1193480
This update for libgcrypt fixes the following issues:

- Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:93-1
Released:    Tue Jan 18 05:11:58 2022
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    important
References:  1192489
This update for openssl-1_1 fixes the following issues:

- Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:94-1
Released:    Tue Jan 18 05:13:24 2022
Summary:     Recommended update for rpm
Type:        recommended
Severity:    important
References:  1180125,1193711
This update for rpm fixes the following issues:

- Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:141-1
Released:    Thu Jan 20 13:47:16 2022
Summary:     Security update for permissions
Type:        security
Severity:    moderate
References:  1169614
This update for permissions fixes the following issues:

- Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:228-1
Released:    Mon Jan 31 06:07:52 2022
Summary:     Recommended update for boost
Type:        recommended
Severity:    moderate
References:  1194522
This update for boost fixes the following issues:

- Fix compilation errors (bsc#1194522)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:348-1
Released:    Tue Feb  8 13:02:20 2022
Summary:     Recommended update for libzypp
Type:        recommended
Severity:    important
References:  1193007,1193488,1194597,1194898,954813
This update for libzypp fixes the following issues:

- RepoManager: remember execution errors in exception history (bsc#1193007)
- Fix exception handling when reading or writing credentials (bsc#1194898)
- Fix install path for parser (bsc#1194597)
- Fix Legacy include (bsc#1194597)
- Public header files on older distros must use c++11 (bsc#1194597)
- Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488)
- Fix wrong encoding of URI compontents of ISO images (bsc#954813)
- When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible
- Introduce zypp-curl as a sublibrary for CURL related code
- zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set
- Save all signatures associated with a public key in its PublicKeyData

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:511-1
Released:    Fri Feb 18 12:41:53 2022
Summary:     Recommended update for coreutils
Type:        recommended
Severity:    moderate
References:  1082318,1189152
This update for coreutils fixes the following issues:

- Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152).
- Properly sort docs and license files (bsc#1082318).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:523-1
Released:    Fri Feb 18 12:49:09 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1193759,1193841
This update for systemd fixes the following issues:

- systemctl: exit with 1 if no unit files found (bsc#1193841).
- add rules for virtual devices (bsc#1193759).
- enforce 'none' for loop devices (bsc#1193759).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:674-1
Released:    Wed Mar  2 13:24:38 2022
Summary:     Recommended update for yast2-network
Type:        recommended
Severity:    moderate
References:  1187512
This update for yast2-network fixes the following issues:
  
- Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:692-1
Released:    Thu Mar  3 15:46:47 2022
Summary:     Recommended update for filesystem
Type:        recommended
Severity:    moderate
References:  1190447
This update for filesystem fixes the following issues:

- Release ported filesystem to LTSS channels (bsc#1190447).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:702-1
Released:    Thu Mar  3 18:22:59 2022
Summary:     Security update for cyrus-sasl
Type:        security
Severity:    important
References:  1196036,CVE-2022-24407
This update for cyrus-sasl fixes the following issues:

- CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:717-1
Released:    Fri Mar  4 09:45:20 2022
Summary:     Security update for gnutls
Type:        security
Severity:    moderate
References:  1196167,CVE-2021-4209
This update for gnutls fixes the following issues:

- CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:787-1
Released:    Thu Mar 10 11:20:13 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  
This update for openldap2 fixes the following issue:

- restore CLDAP functionality in CLI tools (jsc#PM-3288)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:788-1
Released:    Thu Mar 10 11:21:04 2022
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1195326
This update for libzypp, zypper fixes the following issues:

- Fix handling of redirected command in-/output (bsc#1195326)
  This fixes delays at the end of zypper operations, where
  zypper unintentionally waits for appdata plugin scripts to
  complete.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:808-1
Released:    Fri Mar 11 06:07:58 2022
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1195468
This update for procps fixes the following issues:

- Stop registering signal handler for SIGURG, to avoid `ps` failure if
  someone sends such signal. Without the signal handler, SIGURG will
  just be ignored. (bsc#1195468)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:832-1
Released:    Mon Mar 14 17:27:03 2022
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219

glibc was updated to fix the following issues:

Security issues fixed:

- CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)
- CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770)
- CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640)
- CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625)

Also the following bug was fixed:

- Fix pthread_rwlock_try*lock stalls (bsc#1195560)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:845-1
Released:    Tue Mar 15 11:40:52 2022
Summary:     Security update for chrony
Type:        security
Severity:    moderate
References:  1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367
This update for chrony fixes the following issues:

Chrony was updated to 4.1, bringing features and bugfixes.

Update to 4.1

  * Add support for NTS servers specified by IP address (matching
    Subject Alternative Name in server certificate)
  * Add source-specific configuration of trusted certificates
  * Allow multiple files and directories with trusted certificates
  * Allow multiple pairs of server keys and certificates
  * Add copy option to server/pool directive
  * Increase PPS lock limit to 40% of pulse interval
  * Perform source selection immediately after loading dump files
  * Reload dump files for addresses negotiated by NTS-KE server
  * Update seccomp filter and add less restrictive level
  * Restart ongoing name resolution on online command
  * Fix dump files to not include uncorrected offset
  * Fix initstepslew to accept time from own NTP clients
  * Reset NTP address and port when no longer negotiated by NTS-KE
    server

- Ensure the correct pool packages are installed for openSUSE
  and SLE (bsc#1180689).
- Fix pool package dependencies, so that SLE prefers chrony-pool-suse
  over chrony-pool-empty. (bsc#1194229)

- Enable syscallfilter unconditionally [bsc#1181826].

Update to 4.0

  - Enhancements

    - Add support for Network Time Security (NTS) authentication
    - Add support for AES-CMAC keys (AES128, AES256) with Nettle
    - Add authselectmode directive to control selection of
      unauthenticated sources
    - Add binddevice, bindacqdevice, bindcmddevice directives
    - Add confdir directive to better support fragmented
      configuration
    - Add sourcedir directive and 'reload sources' command to
      support dynamic NTP sources specified in files
    - Add clockprecision directive
    - Add dscp directive to set Differentiated Services Code Point
      (DSCP)
    - Add -L option to limit log messages by severity
    - Add -p option to print whole configuration with included
      files
    - Add -U option to allow start under non-root user
    - Allow maxsamples to be set to 1 for faster update with -q/-Q
      option
    - Avoid replacing NTP sources with sources that have
      unreachable address
    - Improve pools to repeat name resolution to get 'maxsources'
      sources
    - Improve source selection with trusted sources
    - Improve NTP loop test to prevent synchronisation to itself
    - Repeat iburst when NTP source is switched from offline state
      to online
    - Update clock synchronisation status and leap status more
      frequently
    - Update seccomp filter
    - Add 'add pool' command
    - Add 'reset sources' command to drop all measurements
    - Add authdata command to print details about NTP
      authentication
    - Add selectdata command to print details about source
      selection
    - Add -N option and sourcename command to print original names
      of sources
    - Add -a option to some commands to print also unresolved
      sources
    - Add -k, -p, -r options to clients command to select, limit,
      reset data

  - Bug fixes

    - Don’t set interface for NTP responses to allow asymmetric
      routing
    - Handle RTCs that don’t support interrupts
    - Respond to command requests with correct address on
      multihomed hosts
  - Removed features
    - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
    - Drop support for long (non-standard) MACs in NTPv4 packets
      (chrony 2.x clients using non-MD5/SHA1 keys need to use
      option 'version 3')
    - Drop support for line editing with GNU Readline

- By default we don't write log files but log to journald, so
  only recommend logrotate.

- Adjust and rename the sysconfig file, so that it matches the
  expectations of chronyd.service (bsc#1173277).

Update to 3.5.1:

  * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)

- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)

- Use iburst in the default pool statements to speed up initial
  synchronisation (bsc#1172113).




Update to 3.5:

+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems

- Fix location of helper script in [email protected]
  (bsc#1128846).


- Read runtime servers from /var/run/netconfig/chrony.servers to
  fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
  should be no executables in /usr/share.

Update to version 3.4

  * Enhancements

    + Add filter option to server/pool/peer directive
    + Add minsamples and maxsamples options to hwtimestamp directive
    + Add support for faster frequency adjustments in Linux 4.19
    + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd 
      without root privileges to remove it on exit
    + Disable sub-second polling intervals for distant NTP sources
    + Extend range of supported sub-second polling intervals
    + Get/set IPv4 destination/source address of NTP packets on FreeBSD
    + Make burst options and command useful with short polling intervals
    + Modify auto_offline option to activate when sending request failed
    + Respond from interface that received NTP request if possible
    + Add onoffline command to switch between online and offline state 
      according to current system network configuration
    + Improve example NetworkManager dispatcher script

  * Bug fixes

    + Avoid waiting in Linux getrandom system call
    + Fix PPS support on FreeBSD and NetBSD

Update to version 3.3

  * Enhancements:

    + Add burst option to server/pool directive
    + Add stratum and tai options to refclock directive
    + Add support for Nettle crypto library
    + Add workaround for missing kernel receive timestamps on Linux
    + Wait for late hardware transmit timestamps
    + Improve source selection with unreachable sources
    + Improve protection against replay attacks on symmetric mode
    + Allow PHC refclock to use socket in /var/run/chrony
    + Add shutdown command to stop chronyd
    + Simplify format of response to manual list command
    + Improve handling of unknown responses in chronyc

  * Bug fixes:

    + Respond to NTPv1 client requests with zero mode
    + Fix -x option to not require CAP_SYS_TIME under non-root user
    + Fix acquisitionport directive to work with privilege separation
    + Fix handling of socket errors on Linux to avoid high CPU usage
    + Fix chronyc to not get stuck in infinite loop after clock step
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:861-1
Released:    Tue Mar 15 23:30:48 2022
Summary:     Recommended update for openssl-1_1 
Type:        recommended
Severity:    moderate
References:  1182959,1195149,1195792,1195856
This update for openssl-1_1 fixes the following issues:

openssl-1_1:

- Fix PAC pointer authentication in ARM (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
    
glibc:

- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1
    
linux-glibc-devel:

- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1

libxcrypt:

- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1

zlib:

- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:867-1
Released:    Wed Mar 16 07:14:44 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1193805
This update for libtirpc fixes the following issues:

- Fix memory leak in client protocol version 2 code (bsc#1193805)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:874-1
Released:    Wed Mar 16 10:40:52 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1197004
This update for openldap2 fixes the following issue:

- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:936-1
Released:    Tue Mar 22 18:10:17 2022
Summary:     Recommended update for filesystem and systemd-rpm-macros
Type:        recommended
Severity:    moderate
References:  1196275,1196406
This update for filesystem and systemd-rpm-macros fixes the following issues:

filesystem:

- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)

systemd-rpm-macros:

- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1021-1
Released:    Tue Mar 29 13:24:21 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1195899
This update for systemd fixes the following issues:

- allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1040-1
Released:    Wed Mar 30 09:40:58 2022
Summary:     Security update for protobuf
Type:        security
Severity:    moderate
References:  1195258,CVE-2021-22570
This update for protobuf fixes the following issues:

- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released:    Wed Mar 30 16:20:56 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1196093,1197024
This update for pam fixes the following issues:

- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. 
  This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released:    Wed Mar 30 18:27:06 2022
Summary:     Security update for zlib
Type:        security
Severity:    important
References:  1197459,CVE-2018-25032
This update for zlib fixes the following issues:

- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1073-1
Released:    Fri Apr  1 11:45:01 2022
Summary:     Security update for yaml-cpp
Type:        security
Severity:    moderate
References:  1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:

- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).


The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-3.52.1 updated
- bash-4.4-9.14.1 updated
- boost-license1_66_0-1.66.0-12.3.1 updated
- coreutils-8.29-4.3.1 updated
- cpio-2.12-3.9.1 updated
- cracklib-dict-small-2.9.7-11.6.1 updated
- cracklib-2.9.7-11.6.1 updated
- file-magic-5.32-7.14.1 updated
- filesystem-15.0-11.8.1 updated
- glibc-2.26-13.65.1 updated
- gpg2-2.2.5-4.19.8 updated
- krb5-1.16.3-3.24.1 updated
- libaugeas0-1.10.1-3.9.1 updated
- libblkid1-2.33.2-4.16.1 updated
- libboost_system1_66_0-1.66.0-12.3.1 updated
- libboost_thread1_66_0-1.66.0-12.3.1 updated
- libbz2-1-1.0.6-5.11.1 updated
- libcap2-2.26-4.6.1 updated
- libcom_err2-1.43.8-4.26.1 updated
- libcrack2-2.9.7-11.6.1 updated
- libcurl4-7.66.0-4.27.1 updated
- libfdisk1-2.33.2-4.16.1 updated
- libgcc_s1-11.2.1+git610-1.3.9 updated
- libgcrypt20-hmac-1.8.2-8.42.1 added
- libgcrypt20-1.8.2-8.42.1 updated
- libglib-2_0-0-2.62.6-3.6.1 updated
- libgmp10-6.1.2-4.9.1 updated
- libgnutls30-hmac-3.6.7-14.16.1 added
- libgnutls30-3.6.7-14.16.1 updated
- libgpgme11-1.13.1-4.3.1 updated
- libhogweed4-3.4.1-4.18.1 updated
- libidn2-0-2.2.0-3.6.1 updated
- libkeyutils1-1.6.3-5.6.1 updated
- libldap-2_4-2-2.4.46-9.64.1 updated
- libldap-data-2.4.46-9.64.1 updated
- liblua5_3-5-5.3.6-3.6.1 updated
- liblz4-1-1.8.0-3.8.1 updated
- libmagic1-5.32-7.14.1 updated
- libmount1-2.33.2-4.16.1 updated
- libncurses6-6.1-5.9.1 updated
- libnettle6-3.4.1-4.18.1 updated
- libnghttp2-14-1.40.0-6.1 updated
- libopenssl1_1-hmac-1.1.1d-11.43.1 added
- libopenssl1_1-1.1.1d-11.43.1 updated
- libp11-kit0-0.23.2-4.13.1 updated
- libpcre1-8.45-20.10.1 updated
- libprocps7-3.3.15-7.22.1 updated
- libprotobuf-lite20-3.9.2-4.12.1 added
- libreadline7-7.0-9.14.1 updated
- libsasl2-3-2.1.26-5.10.1 updated
- libsmartcols1-2.33.2-4.16.1 updated
- libsolv-tools-0.7.20-9.2 updated
- libsqlite3-0-3.36.0-3.12.1 updated
- libstdc++6-11.2.1+git610-1.3.9 updated
- libsystemd0-234-24.108.1 updated
- libtirpc-netconfig-1.0.2-3.11.1 updated
- libtirpc3-1.0.2-3.11.1 updated
- libudev1-234-24.108.1 updated
- libuuid1-2.33.2-4.16.1 updated
- libxml2-2-2.9.7-3.37.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.30.1 updated
- libzstd1-1.4.4-1.6.1 updated
- libzypp-17.29.4-31.1 updated
- ncurses-utils-6.1-5.9.1 updated
- netcfg-11.6-3.3.1 updated
- openssl-1_1-1.1.1d-11.43.1 updated
- pam-1.3.0-150000.6.55.3 updated
- patterns-base-fips-20200124-4.12.1 added
- permissions-20181225-23.12.1 updated
- procps-3.3.15-7.22.1 updated
- rpm-4.14.1-22.7.1 updated
- sed-4.4-4.3.1 updated
- sles-release-15.2-52.8.2 added
- terminfo-base-6.1-5.9.1 updated
- util-linux-2.33.2-4.16.1 updated
- zypper-1.14.51-27.1 updated
- container:sles15-image-15.0.0-9.5.113 updated
- ca-certificates-2+git20170807.10b2785-7.3.3 removed
- ca-certificates-mozilla-2.44-9.6.1 removed
- p11-kit-0.23.2-4.8.3 removed
- p11-kit-tools-0.23.2-4.8.3 removed

SUSE: 2022:495-1 ses/7/cephcsi/csi-livenessprobe Security Update

April 3, 2022
The container ses/7/cephcsi/csi-livenessprobe was updated

Summary

Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:51 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:33 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-RU-2021:1833-1 Released: Wed Jun 2 15:32:28 2021 Summary: Recommended update for zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1879-1 Released: Tue Jun 8 09:16:09 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:1953-1 Released: Thu Jun 10 16:18:50 2021 Summary: Recommended update for gpg2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:2143-1 Released: Wed Jun 23 16:27:04 2021 Summary: Security update for libnettle Type: security Severity: important Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important Advisory ID: SUSE-RU-2021:2229-1 Released: Thu Jul 1 20:40:37 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:2246-1 Released: Mon Jul 5 15:17:49 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-OU-2021:2249-1 Released: Mon Jul 5 15:40:46 2021 Summary: Optional update for gnutls Type: optional Severity: low Advisory ID: SUSE-RU-2021:2273-1 Released: Thu Jul 8 09:48:48 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-SU-2021:3348-1 Released: Tue Oct 12 13:08:06 2021 Summary: Security update for systemd Type: security Severity: moderate Advisory ID: SUSE-SU-2021:3385-1 Released: Tue Oct 12 15:54:31 2021 Summary: Security update for glibc Type: security Severity: moderate Advisory ID: SUSE-SU-2021:3444-1 Released: Fri Oct 15 09:03:07 2021 Summary: Security update for rpm Type: security Severity: important Advisory ID: SUSE-SU-2021:3454-1 Released: Mon Oct 18 09:29:26 2021 Summary: Security update for krb5 Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important Advisory ID: SUSE-SU-2021:3523-1 Released: Tue Oct 26 15:40:13 2021 Summary: Security update for util-linux Type: security Severity: moderate Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3809-1 Released: Fri Nov 26 00:31:59 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate Advisory ID: SUSE-RU-2021:4139-1 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Type: recommended Severity: critical Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important Advisory ID: SUSE-RU-2022:94-1 Released: Tue Jan 18 05:13:24 2022 Summary: Recommended update for rpm Type: recommended Severity: important Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate

References

References : 1027496 1029961 1029961 1040589 1047218 1047218 1050625 1078466

1082318 1084671 1099272 1099521 1106014 1113013 1115529 1121227

1121230 1122004 1122021 1122417 1125886 1128846 1134353 1141597

1146705 1153687 1154935 1157818 1158812 1158958 1158959 1158960

1159491 1159715 1159847 1159850 1160309 1160438 1160439 1161268

1161276 1161276 1162581 1162964 1164719 1167471 1169006 1169614

1171883 1171962 1172091 1172113 1172115 1172234 1172236 1172240

1172308 1172442 1172695 1172973 1172974 1173277 1173582 1173641

1174016 1174075 1174436 1174504 1174504 1174911 1174942 1175448

1175449 1175458 1175514 1175519 1175623 1176201 1177127 1177238

1177275 1177427 1177490 1177583 1178219 1178236 1178346 1178386

1178554 1178561 1178577 1178624 1178675 1178775 1178775 1178823

1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179398

1179399 1179415 1179416 1179491 1179503 1179593 1179694 1179721

1179816 1179824 1179847 1179909 1180020 1180038 1180064 1180073

1180077 1180083 1180125 1180138 1180225 1180596 1180603 1180603

1180663 1180689 1180721 1180836 1180851 1180851 1180885 1181011

1181328 1181358 1181443 1181505 1181622 1181826 1181831 1181874

1181874 1181976 1182016 1182117 1182279 1182328 1182331 1182333

1182362 1182372 1182408 1182411 1182412 1182413 1182415 1182416

1182417 1182418 1182419 1182420 1182604 1182629 1182791 1182899

1182936 1182936 1182959 1182959 1183064 1183085 1183094 1183268

1183370 1183371 1183456 1183457 1183543 1183545 1183589 1183628

1183628 1183632 1183659 1183791 1183797 1183801 1183852 1183933

1183934 1184326 1184358 1184399 1184401 1184435 1184614 1184614

1184690 1184761 1184967 1184994 1184994 1184997 1184997 1184997

1185016 1185046 1185163 1185221 1185239 1185239 1185299 1185325

1185331 1185408 1185408 1185409 1185409 1185410 1185410 1185417

1185438 1185524 1185540 1185562 1185698 1185807 1185958 1186015

1186049 1186114 1186447 1186489 1186503 1186503 1186579 1186602

1186642 1186910 1187060 1187153 1187210 1187212 1187224 1187270

1187273 1187292 1187400 1187425 1187466 1187512 1187512 1187654

1187670 1187738 1187760 1187906 1187911 1187993 1188018 1188063

1188063 1188156 1188217 1188218 1188219 1188220 1188291 1188344

1188435 1188548 1188571 1188623 1188713 1188921 1189031 1189152

1189206 1189465 1189465 1189480 1189520 1189521 1189521 1189534

1189554 1189683 1189803 1189929 1189996 1190052 1190059 1190199

1190234 1190325 1190356 1190373 1190374 1190440 1190447 1190465

1190645 1190712 1190739 1190793 1190815 1190915 1190926 1190933

1190984 1191252 1191286 1191324 1191370 1191563 1191609 1191736

1191987 1192161 1192248 1192337 1192436 1192489 1192688 1192717

1193007 1193480 1193481 1193488 1193521 1193625 1193711 1193759

1193805 1193841 1194229 1194522 1194597 1194640 1194768 1194770

1194898 1195149 1195258 1195326 1195468 1195560 1195792 1195856

1195899 1196036 1196093 1196167 1196275 1196406 1197004 1197024

1197459 928700 928701 954813 CVE-2015-3414 CVE-2015-3415 CVE-2015-8985

CVE-2016-10228 CVE-2017-9271 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032

CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646

CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926

CVE-2019-19959 CVE-2019-20218 CVE-2019-20838 CVE-2019-25013 CVE-2019-6285

CVE-2019-6292 CVE-2020-11080 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630

CVE-2020-13631 CVE-2020-13632 CVE-2020-14155 CVE-2020-14367 CVE-2020-15358

CVE-2020-1971 CVE-2020-24370 CVE-2020-24371 CVE-2020-25709 CVE-2020-25710

CVE-2020-27618 CVE-2020-29361 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221

CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226

CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025

CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-9327 CVE-2021-20231

CVE-2021-20232 CVE-2021-20266 CVE-2021-20271 CVE-2021-20305 CVE-2021-22570

CVE-2021-22876 CVE-2021-22890 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923

CVE-2021-22924 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-23840

CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218

CVE-2021-27219 CVE-2021-3326 CVE-2021-33560 CVE-2021-33574 CVE-2021-33910

CVE-2021-33910 CVE-2021-3421 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516

CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520

CVE-2021-3537 CVE-2021-3541 CVE-2021-3580 CVE-2021-35942 CVE-2021-36222

CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-37600 CVE-2021-37750

CVE-2021-38185 CVE-2021-38185 CVE-2021-39537 CVE-2021-3999 CVE-2021-4209

CVE-2021-43618 CVE-2022-23218 CVE-2022-23219 CVE-2022-24407

1173582

This update of SLES-release provides the following fix:

- Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582)

This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398).

The following packages were included:

- python3-grpcio

- python3-protobuf

- python3-google-api-core

- python3-google-cloud-core

- python3-google-cloud-storage

- python3-google-resumable-media

- python3-googleapis-common-protos

- python3-grpcio-gcp

- python3-mock (updated to version 3.0.5)

1179491,CVE-2020-1971

This update for openssl-1_1 fixes the following issues:

- CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491).

1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286

This update for curl fixes the following issues:

- CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593).

- CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399).

- CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398).

1178346

This update for glib2 fixes the following issues:

Update from version 2.62.5 to version 2.62.6:

- Support for slim format of timezone. (bsc#1178346)

- Fix DST incorrect end day when using slim format. (bsc#1178346)

- Fix SOCKS5 username/password authentication.

- Updated translations.

1084671,1169006,1174942,1175514,1175623,1178554,1178825

This update for util-linux fixes the following issue:

- Do not trigger the automatic close of CDROM. (bsc#1084671)

- Try to automatically configure broken serial lines. (bsc#1175514)

- Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514)

- Build with `libudev` support to support non-root users. (bsc#1169006)

- Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825)

- Fix warning on mounts to `CIFS` with mount –a. (bsc#1174942)

1180138

This update for libidn2 fixes the following issues:

- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,

adjusted the RPM license tags (bsc#1180138)

1178823

This update for libxml2 fixes the following issues:

Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823)

* key/unique/keyref schema attributes currently use quadratic loops

to check their various constraints (that keys are unique and that

keyrefs refer to existing keys).

* This fix uses a hash table to avoid the quadratic behaviour.

1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271

This update for libzypp, zypper fixes the following issues:

Update zypper to version 1.14.41

Update libzypp to 17.25.4

- CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583)

- RepoManager: Force refresh if repo url has changed (bsc#1174016)

- RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966)

- RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427).

- RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat

symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910)

- Fixed update of gpg keys with elongated expire date (bsc#179222)

- needreboot: remove udev from the list (bsc#1179083)

- Fix lsof monitoring (bsc#1179909)

yast-installation was updated to 4.2.48:

- Do not cleanup the libzypp cache when the system has low memory,

incomplete cache confuses libzypp later (bsc#1179415)

1178909,1179503,CVE-2020-25709,CVE-2020-25710

This update for openldap2 fixes the following issues:

Security issues fixed:

- CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909).

- CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909).

Non-security issue fixed:

- Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503)

1179816,1180077,1180663,1180721

This update for libsolv, libzypp, zypper fixes the following issues:

libzypp was updated to 17.25.6:

- Rephrase solver problem descriptions (jsc#SLE-8482)

- Adapt to changed gpg2/libgpgme behavior (bsc#1180721)

- Multicurl backend breaks with with unknown filesize (fixes #277)

zypper was updated to 1.14.42:

- Fix source-download commnds help (bsc#1180663)

- man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816)

- Extend apt packagemap (fixes #366)

- --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077)

libsolv was updated to 0.7.16;

- do not ask the namespace callback for splitprovides when writing a testcase

- fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes

- improve choicerule generation so that package updates are prefered in more cases

1172695

This update for gnutls fixes the following issue:

- Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695)

1171883,CVE-2020-8025

This update for permissions fixes the following issues:

- Update to version 20181224:

* pcp: remove no longer needed / conflicting entries

(bsc#1171883, CVE-2020-8025)

1180603

This update for keyutils fixes the following issues:

- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)

1141597,1174436,1175458,1177490,1179363,1179824,1180225

This update for systemd fixes the following issues:

- Added a timestamp to the output of the busctl monitor command (bsc#1180225)

- Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824)

- Improved the caching of cgroups member mask (bsc#1175458)

- Fixed the dependency definition of sound.target (bsc#1179363)

- Fixed a bug that could lead to a potential error, when daemon-reload is called between

StartTransientUnit and scope_start() (bsc#1174436)

- time-util: treat /etc/localtime missing as UTC (bsc#1141597)

- Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490)

1178775,1180885

This update for systemd fixes the following issues:

- Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998))

- Fix for an issue when container start causes interference in other containers. (bsc#1178775)

1180603

This update for gmp fixes the following issues:

- correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)

libprotobuf was updated to fix:

- ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)

This update for pam fixes the following issues:

- Added rpm macros for this package, so that other packages can make use of it

This patch is optional to be installed - it doesn't fix any bugs.

1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326

This update for glibc fixes the following issues:

- Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973)

- x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649)

- gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256)

- iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224)

- iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923)

- Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859)

1177127

This update for protobuf fixes the following issues:

- Add missing dependency of python subpackages on python-six. (bsc#1177127)

1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212

This update for openldap2 fixes the following issues:

- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the

X.509 DN parsing in decode.c ber_next_element, resulting in denial

of service.

- bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN

parsing in ad_keystring, resulting in denial of service.

- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash

in the Certificate List Exact Assertion processing, resulting in

denial of service.

- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the

cancel_extop Cancel operation, resulting in denial of service.

- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the

saslAuthzTo processing, resulting in denial of service.

- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash

in the saslAuthzTo processing, resulting in denial of service.

- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd

crash in the saslAuthzTo processing, resulting in denial of service.

- bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the

saslAuthzTo validation, resulting in denial of service.

- bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact

Assertion processing, resulting in denial of service (schema_init.c

serialNumberAndIssuerCheck).

- bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter

control handling, resulting in denial of service (double free and

out-of-bounds read).

- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur

in the issuerAndThisUpdateCheck function via a crafted packet,

resulting in a denial of service (daemon exit) via a short timestamp.

This is related to schema_init.c and checkTime.

1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841

This update for openssl-1_1 fixes the following issues:

- CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)

- CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)

- Fixed unresolved error codes in FIPS (bsc#1182959).

1182328,1182362,CVE-2021-27218,CVE-2021-27219

This update for glib2 fixes the following issues:

- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if

the length is larger than guint. (bsc#1182328)

- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)

1176201

This update for zlib fixes the following issues:

- Fixed hw compression on z15 (bsc#1176201)

1179847,1181328,1181622,1182629

This update for libsolv, libzypp, zypper fixes the following issues:

- support multiple collections in updateinfo parser

- Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328)

- Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629)

- Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847)

- Fix '%posttrans' script execution. (fixes #265)

- Repo: Allow multiple baseurls specified on one line (fixes #285)

- Regex: Fix memory leak and undefined behavior.

- Add rpm buildrequires for test suite (fixes #279)

- Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use.

- doc: give more details about creating versioned package locks. (bsc#1181622)

- man: Document synonymously used patch categories (bsc#1179847)

1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094

This update for filesystem the following issues:

- Remove duplicate line due to merge error

- Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011)

- Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)

- Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)

- Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)

This update for systemd fixes the following issues:

- Fix for a possible memory leak. (bsc#1180020)

- Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)

- Fixed an issue when starting a container conflicts with another one. (bsc#1178775)

- Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)

- Don't use shell redirections when calling a rpm macro. (bsc#1183094)

- 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)

1172442,1181358,CVE-2020-11080

This update for nghttp2 fixes the following issues:

- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358)

1183456,1183457,CVE-2021-20231,CVE-2021-20232

This update for gnutls fixes the following issues:

- CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456).

- CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457).

1183370,1183371,CVE-2021-24031,CVE-2021-24032

This update for zstd fixes the following issues:

- CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371).

- CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370).

1183852,CVE-2021-3449

This update for openssl-1_1 fixes the security issue:

* CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted

renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation

ClientHello omits the signature_algorithms extension but includes a

signature_algorithms_cert extension, then a NULL pointer dereference will

result, leading to a crash and a denial of service attack. OpenSSL TLS

clients are not impacted by this issue. [bsc#1183852]

1180073

This update for libcap fixes the following issues:

- Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460)

- Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073)

1183933,1183934,CVE-2021-22876,CVE-2021-22890

This update for curl fixes the following issues:

- CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934)

- CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933)

1182791

This update for openldap2 fixes the following issues:

- Improved the proxy connection timeout options to prune connections properly (bsc#1182791)

1181976

This update for procps fixes the following issues:

- Corrected a statement in the man page about processor pinning via taskset (bsc#1181976)

1180836

This recommended update for SLES-release provides the following fix:

- Revert the problematic changes previously released and make sure the version is high

enough to obsolete the package on containers and images. (bsc#1180836)

1183791

This update for e2fsprogs fixes the following issues:

- Fixed an issue when building e2fsprogs (bsc#1183791)

This patch does not fix any user visible issues and is therefore optional to install.

1178219

This update for systemd fixes the following issues:

- Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot

be stopped properly and would leave mount points mounted.

1183801

This update for gpgme fixes the following issues:

- Fixed a bug in test cases (bsc#1183801)

This patch is optional to install and does not provide any user visible bug fixes.

1184690

This update for libcap fixes the following issues:

- Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690)

1184401,CVE-2021-20305

This update for libnettle fixes the following issues:

- CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401).

This update for libsolv fixes the following issues:

- Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt.

- Fix a couple of memory leaks in error cases.

- Fix error handling in solv_xfopen_fd()

- Fixed 'regex' code on win32.

- Fixed memory leak in choice rule generation

1182899

This update for permissions fixes the following issues:

- etc/permissions: remove unnecessary entries (bsc#1182899)

1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518

This update for libxml2 fixes the following issues:

- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).

- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).

- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).

1183064

This update for bash fixes the following issues:

- Fixed a segmentation fault that used to occur when bash read a history file

that was malformed in a very specific way. (bsc#1183064)

1161276

This update for openssl-1_1 fixes the following issues:

- Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276)

1184435

This update for patterns-microos provides the following fix:

- Require the libvirt-daemon-qemu package and include the needed dependencies in the

product. (bsc#1184435)

1180851,1181874,1182936,1183628,1184997,1185239

This update for libzypp fixes the following issues:

Upgrade from version 17.25.8 to version 17.25.10

- Properly handle permission denied when providing optional files. (bsc#1185239)

- Fix service detection with `cgroupv2`. (bsc#1184997)

- Add missing includes for GCC 11. (bsc#1181874)

- Fix unsafe usage of static in media verifier.

- `Solver`: Avoid segfault if no system is loaded. (bsc#1183628)

- `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851)

- Do no cleanup in custom cache dirs. (bsc#1182936)

- `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`.

1185417

This update for procps fixes the following issues:

- Support up to 2048 CPU as well. (bsc#1185417)

1185163

This update for krb5 fixes the following issues:

- Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163);

1183797

This update for sed fixes the following issues:

- Fixed a building issue with glibc-2.31 (bsc#1183797).

This patch is optional to install.

1184614

This update for openldap2 fixes the following issue:

- Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614)

1181443,1184358,1185562

This update for pam fixes the following issues:

- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)

- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to

an attempt to resolve it as a hostname (bsc#1184358)

- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)

1185438,CVE-2021-3520

This update for lz4 fixes the following issues:

- CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438).

1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537

This update for libxml2 fixes the following issues:

- CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)

- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).

- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).

- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).

1186114,CVE-2021-22898

This update for curl fixes the following issues:

- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).

- Allow partial chain verification [jsc#SLE-17956]

* Have intermediate certificates in the trust store be treated

as trust-anchors, in the same way as self-signed root CA

certificates are. This allows users to verify servers using

the intermediate cert only, instead of needing the whole chain.

* Set FLAG_TRUSTED_FIRST unconditionally.

* Do not check partial chains with CRL check.

1153687,1180851,1181874,1182372,1182936,1183268,1183589,1183628,1184997,1185239

This update for zypper fixes the following issues:

zypper was upgraded to 1.14.44:

- man page: Recommend the needs-rebooting command to test whether a system reboot is suggested.

- patch: Let a patch's reboot-needed flag overrule included packages. (bsc#1183268)

- Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687)

- Protect against strict/relaxed user umask via sudo. (bsc#1183589)

- xml summary: Add solvables repository alias. (bsc#1182372)

libzypp was upgraded from version 17.25.8 to version 17.25.10

- Properly handle permission denied when providing optional files. (bsc#1185239)

- Fix service detection with `cgroupv2`. (bsc#1184997)

- Add missing includes for GCC 11. (bsc#1181874)

- Fix unsafe usage of static in media verifier.

- `Solver`: Avoid segfault if no system is loaded. (bsc#1183628)

- `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851)

- Do no cleanup in custom cache dirs. (bsc#1182936)

- `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`.

1029961,1106014,1178577,1178624,1178675,1182016

This update for gcc10 fixes the following issues:

- Disable nvptx offloading for aarch64 again since it doesn't work

- Fixed a build failure issue. (bsc#1182016)

- Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)

- Fix 32bit 'libgnat.so' link. (bsc#1178675)

- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)

- Build complete set of multilibs for arm-none target. (bsc#1106014)

1184326,1184399,1184997,1185325

This update for libzypp, zypper fixes the following issues:

libzypp was updated to 17.26.0:

- Work around download.o.o broken https redirects.

- Allow trusted repos to add additional signing keys (bsc#1184326)

Repositories signed with a trusted gpg key may import additional

package signing keys. This is needed if different keys were used

to sign the the packages shipped by the repository.

- MediaCurl: Fix logging of redirects.

- Use 15.3 resolver problem and solution texts on all distros.

- $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the

zypp lock (bsc#1184399)

Helps boot time services like 'zypper purge-kernels' to wait for

the zypp lock until other services using zypper have completed.

- Fix purge-kernels is broken in Leap 15.3 (bsc#1185325)

Leap 15.3 introduces a new kernel package called

kernel-flavour-extra, which contain kmp's. Currently kmp's are

detected by name '.*-kmp(-.*)?' but this does not work which

those new packages. This patch fixes the problem by checking

packages for kmod(*) and ksym(*) provides and only falls back to

name checking if the package in question does not provide one of

those.

- Introduce zypp-runpurge, a tool to run purge-kernels on

testcases.

zypper was updated to 1.14.45:

- Fix service detection with cgroupv2 (bsc#1184997)

- Add hints to 'trust GPG key' prompt.

- Add report when receiving new package signing keys from a

trusted repo (bsc#1184326)

- Added translation using Weblate (Kabyle)

1186015,CVE-2021-3541

This update for libxml2 fixes the following issues:

- CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015)

1186642

This update for nghttp2 fixes the following issue:

- The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead

to migration issues. (bsc#1186642)

1161268,1172308

This update for gpg2 fixes the following issues:

- Fixed an issue where the gpg-agent's ssh-agent does not handle flags

in signing requests properly (bsc#1161268 and bsc#1172308).

1187060,CVE-2021-3580

This update for libnettle fixes the following issues:

- CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060).

1187212,CVE-2021-33560

This update for libgcrypt fixes the following issues:

- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).

1040589,1047218,1182604,1185540,1186049

This update for automake fixes the following issues:

- Implement generated autoconf makefiles reproducible (bsc#1182604)

- Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)

- Avoid bashisms in test-driver script. (bsc#1185540)

This update for pcre fixes the following issues:

- Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)

This update for brp-check-suse fixes the following issues:

- Add fixes to support reproducible builds. (bsc#1186049)

1175448,1175449,CVE-2020-24370,CVE-2020-24371

This update for lua53 fixes the following issues:

Update to version 5.3.6:

- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)

- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)

- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.

1187210

This update for openldap2 fixes the following issues:

- Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210)

1099521,1185221

This update for the release packages provides the following fix:

- Fix grub menu entries after migration from SLE-12*. (bsc#1099521)

- Adjust the sles-release changelog to include an entry for the previous release that was

reverting a broken change. (bsc#1185221)

1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400

This update for systemd fixes the following issues:

cgroup: Parse infinity properly for memory protections. (bsc#1167471)

cgroup: Make empty assignments reset to default. (bsc#1167471)

cgroup: Support 0-value for memory protection directives. (bsc#1167471)

core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935)

bus-unit-util: Add proper 'MemorySwapMax' serialization.

core: Accept MemorySwapMax= properties that are scaled.

execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967)

core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331)

Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046)

rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561)

write_net_rules: Set execute bits. (bsc#1178561)

udev: Rework network device renaming.

Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available''

mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761)

core: fix output (logging) for mount units (#7603) (bsc#1187400)

udev requires systemd in its %post (bsc#1185958)

cgroup: Parse infinity properly for memory protections (bsc#1167471)

cgroup: Make empty assignments reset to default (bsc#1167471)

cgroup: Support 0-value for memory protection directives (bsc#1167471)

Create /run/lock/subsys again (bsc#1187292)

The creation of this directory was mistakenly dropped when

'filesystem' package took the initialization of the generic paths

over.

Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)

1047218,1186579

This update for gnutls does not fix any user visible issues. It is therefore optional to install.

1186447,1186503

This update for libzypp, zypper fixes the following issues:

- Enhance XML output of repo GPG options

- Add optional attributes showing the raw values actually present in the '.repo' file.

- Link all executables with -PIE (bsc#1186447)

- Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645)

- Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503)

- Fix segv if 'ZYPP_FULLOG' is set.

1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327

This update for sqlite3 fixes the following issues:

- Update to version 3.36.0

- CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener

optimization (bsc#1173641)

- CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in

isAuxiliaryVtabOperator (bsc#1164719)

- CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)

- CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438)

- CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer

dereference (bsc#1160309)

- CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)

- CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)

- CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715)

- CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference

(bsc#1159491)

- CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with

a shadow table name (bsc#1158960)

- CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated

columns (bsc#1158959)

- CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views

in conjunction with ALTER TABLE statements (bsc#1158958)

- CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column,

which allows attackers to cause a denial of service (bsc#1158812)

- CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a

sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)

- CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)

- CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)

- CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)

- CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow

- CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)

- CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)

- CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)

1184994,1188063,CVE-2021-33910

This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063)

- Skip udev rules if 'elevator=' is used (bsc#1184994)

1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925

This update for curl fixes the following issues:

- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)

- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)

- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)

- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)

1189206,CVE-2021-38185

This update for cpio fixes the following issues:

It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)

1189465

This update for cpio fixes the following issues:

- A regression in last update would cause builds to hang on various architectures(bsc#1189465)

1189465,CVE-2021-38185

This update for cpio fixes the following issues:

- A regression in the previous update could lead to crashes (bsc#1189465)

1188571,CVE-2021-36222

This update for krb5 fixes the following issues:

- CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)

1189520,1189521,CVE-2021-3711,CVE-2021-3712

This update for openssl-1_1 fixes the following security issues:

- CVE-2021-3711: A bug in the implementation of the SM2 decryption code

could lead to buffer overflows. [bsc#1189520]

- CVE-2021-3712: a bug in the code for printing certificate details could

lead to a buffer overrun that a malicious actor could exploit to crash

the application, causing a denial-of-service attack. [bsc#1189521]

1184614

This update for openldap2 fixes the following issue:

- openldap2-contrib is shipped to the Legacy Module. (bsc#1184614)

1189521,CVE-2021-3712

This update for openssl-1_1 fixes the following issues:

- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712.

Read buffer overruns processing ASN.1 strings (bsc#1189521).

1189683

This update for netcfg fixes the following issues:

- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]

1189534,1189554

This update of patterns-base fixes the following issue:

- The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534)

1189996

This update for file fixes the following issues:

- Fixes exception thrown by memory allocation problem (bsc#1189996)

1190373,1190374,CVE-2021-22946,CVE-2021-22947

This update for curl fixes the following issues:

- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).

- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).

1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910

This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063).

- logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018).

- Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353).

- Rules weren't applied to dm devices (multipath) (bsc#1188713).

- Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234).

- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).

- Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291).

- Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962).

1186489,1187911,CVE-2021-33574,CVE-2021-35942

This update for glibc fixes the following issues:

- CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911)

- CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489)

1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421

This update for rpm fixes the following issues:

Security issues fixed:

- CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632)

- PGP hardening changes (bsc#1185299)

- Fixed potential access of freed mem in ndb's glue code (bsc#1179416)

Maintaince issues fixed:

- Fixed zstd detection (bsc#1187670)

- Added ndb rofs support (bsc#1188548)

- Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659)

1189929,CVE-2021-37750

This update for krb5 fixes the following issues:

- CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929).

1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933

This update for yast2-network fixes the following issues:

- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).

- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).

- Consider aliases sections as case insensitive (bsc#1190739).

- Display user defined device name in the devices overview (bnc#1190645).

- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).

- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).

- Fix desktop file so the control center tooltip is translated (bsc#1187270).

- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).

- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).

1190793,CVE-2021-39537

This update for ncurses fixes the following issues:

- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

1190052

This update for pam fixes the following issues:

- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)

- Added new file macros.pam on request of systemd. (bsc#1190052)

1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815

This update for libzypp, zypper, libsolv and protobuf fixes the following issues:

- Choice rules: treat orphaned packages as newest (bsc#1190465)

- Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)

- Do not check of signatures and keys two times(redundant) (bsc#1190059)

- Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)

- Show key fpr from signature when signature check fails (bsc#1187224)

- Fix solver jobs for PTFs (bsc#1186503)

- Fix purge-kernels fails (bsc#1187738)

- Fix obs:// platform guessing for Leap (bsc#1187425)

- Make sure to keep states alives while transitioning. (bsc#1190199)

- Manpage: Improve description about patch updates(bsc#1187466)

- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.

- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)

- Fix crashes in logging code when shutting down (bsc#1189031)

- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)

- Add need reboot/restart hint to XML install summary (bsc#1188435)

- Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)

- Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)

1191987

This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in

the 'securetty' file to be installed as 'macros.pam'.

(bsc#1191987)

1122417,1125886,1178236,1188921,CVE-2021-37600

This update for util-linux fixes the following issues:

Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921).

- agetty: Fix 8-bit processing in get_logname() (bsc#1125886).

- mount: Fix 'mount' output for net file systems (bsc#1122417).

- ipcs: Avoid overflows (bsc#1178236)

1172973,1172974,CVE-2019-20838,CVE-2020-14155

This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).

- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

1187153,1187273,1188623

This update for gcc11 fixes the following issues:

The additional GNU compiler collection GCC 11 is provided:

To select these compilers install the packages:

- gcc11

- gcc-c++11

- and others with 11 prefix.

to select them for building:

- CC='gcc-11'

- CXX='g++-11'

The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.

1189803,1190325,1190440,1190984,1191252,1192161

This update for systemd fixes the following issues:

- Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103)

- Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)

- shutdown: Reduce log level of unmounts (bsc#1191252)

- pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803)

- core: rework how we connect to the bus (bsc#1190325)

- mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984)

- virt: detect Amazon EC2 Nitro instance (bsc#1190440)

- Several fixes for umount

- busctl: use usec granularity for the timestamp printed by the busctl monitor command

- fix unitialized fields in MountPoint in dm_list_get()

- shutdown: explicitly set a log target

- mount-util: add mount_option_mangle()

- dissect: automatically mark partitions read-only that have a read-only file system

- build-sys: require proper libmount version

- systemd-shutdown: use log_set_prohibit_ipc(true)

- rationalize interface for opening/closing logging

- pid1: when we can't log to journal, remember our fallback log target

- log: remove LOG_TARGET_SAFE pseudo log target

- log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console()

- log: add new 'prohibit_ipc' flag to logging system

- log: make log_set_upgrade_syslog_to_journal() take effect immediately

- dbus: split up bus_done() into seperate functions

- machine-id-setup: generate machine-id from DMI product ID on Amazon EC2

- virt: if we detect Xen by DMI, trust that over CPUID

1027496,1183085,CVE-2016-10228

This update for glibc fixes the following issues:

- libio: do not attempt to free wide buffers of legacy streams (bsc#1183085)

- CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496)

1190356,1191286,1191324,1191370,1191609,1192337,1192436

This update for libzypp, zypper fixes the following issues:

libzypp:

- Check log writer before accessing it (bsc#1192337)

- Zypper should keep cached files if transaction is aborted (bsc#1190356)

- Require a minimum number of mirrors for multicurl (bsc#1191609)

- Fixed slowdowns when rlimit is too high by using procfs to detect niumber of

open file descriptors (bsc#1191324)

- Fixed zypper incomplete messages when using non English localization (bsc#1191370)

- RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286)

- Disable logger in the child process after fork (bsc#1192436)

zypper:

- Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418)

1191736

This update for cracklib fixes the following issues:

- Enable build time tests (bsc#1191736)

1029961,1113013,1187654

This update for keyutils fixes the following issues:

- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)

keyutils was updated to 1.6.3 (jsc#SLE-20016):

* Revert the change notifications that were using /dev/watch_queue.

* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).

* Allow 'keyctl supports' to retrieve raw capability data.

* Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.

* Allow 'keyctl new_session' to name the keyring.

* Allow 'keyctl add/padd/etc.' to take hex-encoded data.

* Add 'keyctl watch*' to expose kernel change notifications on keys.

* Add caps for namespacing and notifications.

* Set a default TTL on keys that upcall for name resolution.

* Explicitly clear memory after it's held sensitive information.

* Various manual page fixes.

* Fix C++-related errors.

* Add support for keyctl_move().

* Add support for keyctl_capabilities().

* Make key=val list optional for various public-key ops.

* Fix system call signature for KEYCTL_PKEY_QUERY.

* Fix 'keyctl pkey_query' argument passing.

* Use keyctl_read_alloc() in dump_key_tree_aux().

* Various manual page fixes.

Updated to 1.6:

* Apply various specfile cleanups from Fedora.

* request-key: Provide a command line option to suppress helper execution.

* request-key: Find least-wildcard match rather than first match.

* Remove the dependency on MIT Kerberos.

* Fix some error messages

* keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.

* Fix doc and comment typos.

* Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).

* Add pkg-config support for finding libkeyutils.

* upstream isn't offering PGP signatures for the source tarballs anymore

Updated to 1.5.11 (bsc#1113013)

* Add keyring restriction support.

* Add KDF support to the Diffie-Helman function.

* DNS: Add support for AFS config files and SRV records

1162581,1174504,1191563,1192248

This update for aaa_base fixes the following issues:

- Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504).

- Add $HOME/.local/bin to PATH, if it exists (bsc#1192248).

- Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563).

- Support xz compressed kernel (bsc#1162581)

1192717,CVE-2021-43618

This update for gmp fixes the following issues:

- CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).

1193481,1193521

This update for systemd fixes the following issues:

- Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481)

sleep-config: partitions can't be deleted, only files can

shared/sleep-config: exclude zram devices from hibernation candidates

1161276

This update for openssl-1_1 fixes the following issues:

- Remove previously applied patch because it interferes with FIPS validation (bsc#1161276)

1180064,1187993,CVE-2020-29361

This update for p11-kit fixes the following issues:

- CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064)

- Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993).

1192688

This update for zlib fixes the following issues:

- Fix hardware compression incorrect result on z15 hardware (bsc#1192688)

1174504

This update for permissions fixes the following issues:

- Update to version 20181225:

* drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)

1193480

This update for libgcrypt fixes the following issues:

- Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480)

1192489

This update for openssl-1_1 fixes the following issues:

- Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489)

1180125,1193711

This update for rpm fixes the following issues:

- Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711)

1169614

This update for permissions fixes the following issues:

- Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614).

1194522

This update for boost fixes the following issues:

- Fix compilation errors (bsc#1194522)

1193007,1193488,1194597,1194898,954813

This update for libzypp fixes the following issues:

- RepoManager: remember execution errors in exception history (bsc#1193007)

- Fix exception handling when reading or writing credentials (bsc#1194898)

- Fix install path for parser (bsc#1194597)

- Fix Legacy include (bsc#1194597)

- Public header files on older distros must use c++11 (bsc#1194597)

- Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488)

- Fix wrong encoding of URI compontents of ISO images (bsc#954813)

- When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible

- Introduce zypp-curl as a sublibrary for CURL related code

- zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set

- Save all signatures associated with a public key in its PublicKeyData

1082318,1189152

This update for coreutils fixes the following issues:

- Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152).

- Properly sort docs and license files (bsc#1082318).

1193759,1193841

This update for systemd fixes the following issues:

- systemctl: exit with 1 if no unit files found (bsc#1193841).

- add rules for virtual devices (bsc#1193759).

- enforce 'none' for loop devices (bsc#1193759).

1187512

This update for yast2-network fixes the following issues:

- Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512)

1190447

This update for filesystem fixes the following issues:

- Release ported filesystem to LTSS channels (bsc#1190447).

1196036,CVE-2022-24407

This update for cyrus-sasl fixes the following issues:

- CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036).

1196167,CVE-2021-4209

This update for gnutls fixes the following issues:

- CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167).

This update for openldap2 fixes the following issue:

- restore CLDAP functionality in CLI tools (jsc#PM-3288)

1195326

This update for libzypp, zypper fixes the following issues:

- Fix handling of redirected command in-/output (bsc#1195326)

This fixes delays at the end of zypper operations, where

zypper unintentionally waits for appdata plugin scripts to

complete.

1195468

This update for procps fixes the following issues:

- Stop registering signal handler for SIGURG, to avoid `ps` failure if

someone sends such signal. Without the signal handler, SIGURG will

just be ignored. (bsc#1195468)

1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219

glibc was updated to fix the following issues:

Security issues fixed:

- CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)

- CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770)

- CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640)

- CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625)

Also the following bug was fixed:

- Fix pthread_rwlock_try*lock stalls (bsc#1195560)

1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367

This update for chrony fixes the following issues:

Chrony was updated to 4.1, bringing features and bugfixes.

Update to 4.1

* Add support for NTS servers specified by IP address (matching

Subject Alternative Name in server certificate)

* Add source-specific configuration of trusted certificates

* Allow multiple files and directories with trusted certificates

* Allow multiple pairs of server keys and certificates

* Add copy option to server/pool directive

* Increase PPS lock limit to 40% of pulse interval

* Perform source selection immediately after loading dump files

* Reload dump files for addresses negotiated by NTS-KE server

* Update seccomp filter and add less restrictive level

* Restart ongoing name resolution on online command

* Fix dump files to not include uncorrected offset

* Fix initstepslew to accept time from own NTP clients

* Reset NTP address and port when no longer negotiated by NTS-KE

server

- Ensure the correct pool packages are installed for openSUSE

and SLE (bsc#1180689).

- Fix pool package dependencies, so that SLE prefers chrony-pool-suse

over chrony-pool-empty. (bsc#1194229)

- Enable syscallfilter unconditionally [bsc#1181826].

Update to 4.0

- Enhancements

- Add support for Network Time Security (NTS) authentication

- Add support for AES-CMAC keys (AES128, AES256) with Nettle

- Add authselectmode directive to control selection of

unauthenticated sources

- Add binddevice, bindacqdevice, bindcmddevice directives

- Add confdir directive to better support fragmented

configuration

- Add sourcedir directive and 'reload sources' command to

support dynamic NTP sources specified in files

- Add clockprecision directive

- Add dscp directive to set Differentiated Services Code Point

(DSCP)

- Add -L option to limit log messages by severity

- Add -p option to print whole configuration with included

files

- Add -U option to allow start under non-root user

- Allow maxsamples to be set to 1 for faster update with -q/-Q

option

- Avoid replacing NTP sources with sources that have

unreachable address

- Improve pools to repeat name resolution to get 'maxsources'

sources

- Improve source selection with trusted sources

- Improve NTP loop test to prevent synchronisation to itself

- Repeat iburst when NTP source is switched from offline state

to online

- Update clock synchronisation status and leap status more

frequently

- Update seccomp filter

- Add 'add pool' command

- Add 'reset sources' command to drop all measurements

- Add authdata command to print details about NTP

authentication

- Add selectdata command to print details about source

selection

- Add -N option and sourcename command to print original names

of sources

- Add -a option to some commands to print also unresolved

sources

- Add -k, -p, -r options to clients command to select, limit,

reset data

- Bug fixes

- Don’t set interface for NTP responses to allow asymmetric

routing

- Handle RTCs that don’t support interrupts

- Respond to command requests with correct address on

multihomed hosts

- Removed features

- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)

- Drop support for long (non-standard) MACs in NTPv4 packets

(chrony 2.x clients using non-MD5/SHA1 keys need to use

option 'version 3')

- Drop support for line editing with GNU Readline

- By default we don't write log files but log to journald, so

only recommend logrotate.

- Adjust and rename the sysconfig file, so that it matches the

expectations of chronyd.service (bsc#1173277).

Update to 3.5.1:

* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)

- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)

- Use iburst in the default pool statements to speed up initial

synchronisation (bsc#1172113).

Update to 3.5:

+ Add support for more accurate reading of PHC on Linux 5.0

+ Add support for hardware timestamping on interfaces with read-only timestamping configuration

+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris

+ Update seccomp filter to work on more architectures

+ Validate refclock driver options

+ Fix bindaddress directive on FreeBSD

+ Fix transposition of hardware RX timestamp on Linux 4.13 and later

+ Fix building on non-glibc systems

- Fix location of helper script in [email protected]

(bsc#1128846).

- Read runtime servers from /var/run/netconfig/chrony.servers to

fix bsc#1099272.

- Move chrony-helper to /usr/lib/chrony/helper, because there

should be no executables in /usr/share.

Update to version 3.4

* Enhancements

+ Add filter option to server/pool/peer directive

+ Add minsamples and maxsamples options to hwtimestamp directive

+ Add support for faster frequency adjustments in Linux 4.19

+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd

without root privileges to remove it on exit

+ Disable sub-second polling intervals for distant NTP sources

+ Extend range of supported sub-second polling intervals

+ Get/set IPv4 destination/source address of NTP packets on FreeBSD

+ Make burst options and command useful with short polling intervals

+ Modify auto_offline option to activate when sending request failed

+ Respond from interface that received NTP request if possible

+ Add onoffline command to switch between online and offline state

according to current system network configuration

+ Improve example NetworkManager dispatcher script

* Bug fixes

+ Avoid waiting in Linux getrandom system call

+ Fix PPS support on FreeBSD and NetBSD

Update to version 3.3

* Enhancements:

+ Add burst option to server/pool directive

+ Add stratum and tai options to refclock directive

+ Add support for Nettle crypto library

+ Add workaround for missing kernel receive timestamps on Linux

+ Wait for late hardware transmit timestamps

+ Improve source selection with unreachable sources

+ Improve protection against replay attacks on symmetric mode

+ Allow PHC refclock to use socket in /var/run/chrony

+ Add shutdown command to stop chronyd

+ Simplify format of response to manual list command

+ Improve handling of unknown responses in chronyc

* Bug fixes:

+ Respond to NTPv1 client requests with zero mode

+ Fix -x option to not require CAP_SYS_TIME under non-root user

+ Fix acquisitionport directive to work with privilege separation

+ Fix handling of socket errors on Linux to avoid high CPU usage

+ Fix chronyc to not get stuck in infinite loop after clock step

1182959,1195149,1195792,1195856

This update for openssl-1_1 fixes the following issues:

openssl-1_1:

- Fix PAC pointer authentication in ARM (bsc#1195856)

- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)

- FIPS: Fix function and reason error codes (bsc#1182959)

- Enable zlib compression support (bsc#1195149)

glibc:

- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1

linux-glibc-devel:

- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1

libxcrypt:

- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1

zlib:

- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1

1193805

This update for libtirpc fixes the following issues:

- Fix memory leak in client protocol version 2 code (bsc#1193805)

1197004

This update for openldap2 fixes the following issue:

- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004)

1196275,1196406

This update for filesystem and systemd-rpm-macros fixes the following issues:

filesystem:

- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)

systemd-rpm-macros:

- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)

1195899

This update for systemd fixes the following issues:

- allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870)

1195258,CVE-2021-22570

This update for protobuf fixes the following issues:

- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).

1196093,1197024

This update for pam fixes the following issues:

- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)

- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.

This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)

1197459,CVE-2018-25032

This update for zlib fixes the following issues:

- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).

1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292

This update for yaml-cpp fixes the following issues:

- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).

- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).

- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).

- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).

The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-3.52.1 updated

- bash-4.4-9.14.1 updated

- boost-license1_66_0-1.66.0-12.3.1 updated

- coreutils-8.29-4.3.1 updated

- cpio-2.12-3.9.1 updated

- cracklib-dict-small-2.9.7-11.6.1 updated

- cracklib-2.9.7-11.6.1 updated

- file-magic-5.32-7.14.1 updated

- filesystem-15.0-11.8.1 updated

- glibc-2.26-13.65.1 updated

- gpg2-2.2.5-4.19.8 updated

- krb5-1.16.3-3.24.1 updated

- libaugeas0-1.10.1-3.9.1 updated

- libblkid1-2.33.2-4.16.1 updated

- libboost_system1_66_0-1.66.0-12.3.1 updated

- libboost_thread1_66_0-1.66.0-12.3.1 updated

- libbz2-1-1.0.6-5.11.1 updated

- libcap2-2.26-4.6.1 updated

- libcom_err2-1.43.8-4.26.1 updated

- libcrack2-2.9.7-11.6.1 updated

- libcurl4-7.66.0-4.27.1 updated

- libfdisk1-2.33.2-4.16.1 updated

- libgcc_s1-11.2.1+git610-1.3.9 updated

- libgcrypt20-hmac-1.8.2-8.42.1 added

- libgcrypt20-1.8.2-8.42.1 updated

- libglib-2_0-0-2.62.6-3.6.1 updated

- libgmp10-6.1.2-4.9.1 updated

- libgnutls30-hmac-3.6.7-14.16.1 added

- libgnutls30-3.6.7-14.16.1 updated

- libgpgme11-1.13.1-4.3.1 updated

- libhogweed4-3.4.1-4.18.1 updated

- libidn2-0-2.2.0-3.6.1 updated

- libkeyutils1-1.6.3-5.6.1 updated

- libldap-2_4-2-2.4.46-9.64.1 updated

- libldap-data-2.4.46-9.64.1 updated

- liblua5_3-5-5.3.6-3.6.1 updated

- liblz4-1-1.8.0-3.8.1 updated

- libmagic1-5.32-7.14.1 updated

- libmount1-2.33.2-4.16.1 updated

- libncurses6-6.1-5.9.1 updated

- libnettle6-3.4.1-4.18.1 updated

- libnghttp2-14-1.40.0-6.1 updated

- libopenssl1_1-hmac-1.1.1d-11.43.1 added

- libopenssl1_1-1.1.1d-11.43.1 updated

- libp11-kit0-0.23.2-4.13.1 updated

- libpcre1-8.45-20.10.1 updated

- libprocps7-3.3.15-7.22.1 updated

- libprotobuf-lite20-3.9.2-4.12.1 added

- libreadline7-7.0-9.14.1 updated

- libsasl2-3-2.1.26-5.10.1 updated

- libsmartcols1-2.33.2-4.16.1 updated

- libsolv-tools-0.7.20-9.2 updated

- libsqlite3-0-3.36.0-3.12.1 updated

- libstdc++6-11.2.1+git610-1.3.9 updated

- libsystemd0-234-24.108.1 updated

- libtirpc-netconfig-1.0.2-3.11.1 updated

- libtirpc3-1.0.2-3.11.1 updated

- libudev1-234-24.108.1 updated

- libuuid1-2.33.2-4.16.1 updated

- libxml2-2-2.9.7-3.37.1 updated

- libyaml-cpp0_6-0.6.1-4.5.1 updated

- libz1-1.2.11-150000.3.30.1 updated

- libzstd1-1.4.4-1.6.1 updated

- libzypp-17.29.4-31.1 updated

- ncurses-utils-6.1-5.9.1 updated

- netcfg-11.6-3.3.1 updated

- openssl-1_1-1.1.1d-11.43.1 updated

- pam-1.3.0-150000.6.55.3 updated

- patterns-base-fips-20200124-4.12.1 added

- permissions-20181225-23.12.1 updated

- procps-3.3.15-7.22.1 updated

- rpm-4.14.1-22.7.1 updated

- sed-4.4-4.3.1 updated

- sles-release-15.2-52.8.2 added

- terminfo-base-6.1-5.9.1 updated

- util-linux-2.33.2-4.16.1 updated

- zypper-1.14.51-27.1 updated

- container:sles15-image-15.0.0-9.5.113 updated

- ca-certificates-2+git20170807.10b2785-7.3.3 removed

- ca-certificates-mozilla-2.44-9.6.1 removed

- p11-kit-0.23.2-4.8.3 removed

- p11-kit-tools-0.23.2-4.8.3 removed

Severity
Container Advisory ID : SUSE-CU-2022:495-1
Container Tags : ses/7/cephcsi/csi-livenessprobe:v1.1.0 , ses/7/cephcsi/csi-livenessprobe:v1.1.0-rev1 , ses/7/cephcsi/csi-livenessprobe:v1.1.0-rev1-build3.517
Container Release : 3.517
Severity : critical
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.