SUSE: 2022:917-1 trento/trento-runner Security Update | LinuxSecuri...
SUSE Container Update Advisory: trento/trento-runner
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:917-1
Container Tags        : trento/trento-runner:1.0.0 , trento/trento-runner:1.0.0-rev1.1.0 , trento/trento-runner:1.0.0-rev1.1.0-build4.5.1 , trento/trento-runner:latest
Container Release     : 4.5.1
Severity              : important
Type                  : security
References            : 1029961 1082318 1120610 1120610 1130496 1130496 1172427 1176262
                        1177460 1181131 1181131 1182959 1184124 1186819 1191502 1193086
                        1194642 1194642 1194883 1195149 1195247 1195529 1195792 1195831
                        1195856 1195899 1196025 1196093 1196275 1196406 1196567 1196647
                        1196784 1196939 1197024 1197459 1198062 CVE-2018-20482 CVE-2018-20482
                        CVE-2018-25032 CVE-2019-20916 CVE-2019-9923 CVE-2019-9923 CVE-2021-20193
                        CVE-2021-20193 CVE-2021-3572 CVE-2022-1271 CVE-2022-25236 
-----------------------------------------------------------------

The container trento/trento-runner was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:926-1
Released:    Wed Apr 10 16:33:12 2019
Summary:     Security update for tar
Type:        security
Severity:    moderate
References:  1120610,1130496,CVE-2018-20482,CVE-2019-9923
This update for tar fixes the following issues:

Security issues fixed:

- CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496).
- CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:974-1
Released:    Mon Mar 29 19:31:27 2021
Summary:     Security update for tar
Type:        security
Severity:    low
References:  1181131,CVE-2021-20193
This update for tar fixes the following issues:

CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2193-1
Released:    Mon Jun 28 18:38:43 2021
Summary:     Recommended update for tar
Type:        recommended
Severity:    moderate
References:  1184124
This update for tar fixes the following issues:

- Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:844-1
Released:    Tue Mar 15 11:33:57 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1196025,1196784,CVE-2022-25236
This update for expat fixes the following issues:

- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:861-1
Released:    Tue Mar 15 23:30:48 2022
Summary:     Recommended update for openssl-1_1 
Type:        recommended
Severity:    moderate
References:  1182959,1195149,1195792,1195856
This update for openssl-1_1 fixes the following issues:

openssl-1_1:

- Fix PAC pointer authentication in ARM (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
    
glibc:

- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1
    
linux-glibc-devel:

- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1

libxcrypt:

- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1

zlib:

- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:884-1
Released:    Thu Mar 17 09:47:43 2022
Summary:     Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339
Type:        recommended
Severity:    moderate
References:  1082318
This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues:

- Add patch to fix build with new webcolors.

- update to version 3.2.0 (jsc#SLE-18756):
  * Added a format_nongpl setuptools extra, which installs only format
    dependencies that are non-GPL (#619).

- specfile:
  * require python-importlib-metadata
- update to version 3.1.1:
  * Temporarily revert the switch to js-regex until #611 and #612 are
    resolved.
- changes from version 3.1.0:
  - Regular expressions throughout schemas now respect the ECMA 262
    dialect, as recommended by the specification (#609).

- Activate more of the test suite
- Remove tests and benchmarking from the runtime package
- Update to v3.0.2
  - Fixed a bug where 0 and False were considered equal by
    const and enum
- from v3.0.1
  - Fixed a bug where extending validators did not preserve their 
    notion of which validator property contains $id information.

- Update to 3.0.1:
  - Support for Draft 6 and Draft 7
  - Draft 7 is now the default
  - New TypeChecker object for more complex type definitions (and overrides)
  - Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification

- Use %license instead of %doc (bsc#1082318)

- Remove hashbang from runtime module
- Replace PyPI URL with https://github.com/dgerber/rfc3987
- Activate doctests

- Add missing runtime dependency on timezone
- Replace dead link with GitHub URL
- Activate test suite

- Trim bias from descriptions.

- Initial commit, needed by flex
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:905-1
Released:    Mon Mar 21 08:46:09 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    important
References:  1172427,1194642
This update for util-linux fixes the following issues:

- Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642)
- Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642)
- Fix `su -s` bash completion. (bsc#1172427)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:936-1
Released:    Tue Mar 22 18:10:17 2022
Summary:     Recommended update for filesystem and systemd-rpm-macros
Type:        recommended
Severity:    moderate
References:  1196275,1196406
This update for filesystem and systemd-rpm-macros fixes the following issues:

filesystem:

- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)

systemd-rpm-macros:

- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:942-1
Released:    Thu Mar 24 10:30:15 2022
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1186819,CVE-2021-3572
This update for python3 fixes the following issues:

- CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released:    Wed Mar 30 16:20:56 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1196093,1197024
This update for pam fixes the following issues:

- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. 
  This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released:    Wed Mar 30 18:27:06 2022
Summary:     Security update for zlib
Type:        security
Severity:    important
References:  1197459,CVE-2018-25032
This update for zlib fixes the following issues:

- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released:    Mon Apr  4 12:53:05 2022
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1194883
This update for aaa_base fixes the following issues:

- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
  multi byte characters as well as support the vi mode of readline library

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1107-1
Released:    Mon Apr  4 17:49:17 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1194642
This update for util-linux fixes the following issue:

- Improve throughput and reduce clock sequence increments for high load situation with time based 
  version 1 uuids. (bsc#1194642)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released:    Tue Apr  5 18:34:06 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2022a (bsc#1177460):
  * Palestine will spring forward on 2022-03-27, not on 03-26
  * `zdump -v` now outputs better failure indications
  * Bug fixes for code that reads corrupted TZif data

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released:    Tue Apr 12 14:44:43 2022
Summary:     Security update for xz
Type:        security
Severity:    important
References:  1198062,CVE-2022-1271
This update for xz fixes the following issues:

- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1170-1
Released:    Tue Apr 12 18:20:07 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1191502,1193086,1195247,1195529,1195899,1196567
This update for systemd fixes the following issues:

- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
- When migrating from sysvinit to systemd (it probably won't happen anymore),
  let's use the default systemd target, which is the graphical.target one.
- Don't open /var journals in volatile mode when runtime_journal==NULL
- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: ignore failures for auxiliary files
- install: make UnitFileChangeType enum anonymous
- shared/install: reduce scope of iterator variables
- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
- Drop or soften some of the deprecation warnings (bsc#1193086)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released:    Wed Apr 20 12:26:38 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1196647
This update for libtirpc fixes the following issues:

- Add option to enforce connection via protocol version 2 first (bsc#1196647)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released:    Fri Apr 22 10:04:46 2022
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    moderate
References:  1196939
This update for e2fsprogs fixes the following issues:

- Add support for 'libreadline7' for Leap. (bsc#1196939)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1333-1
Released:    Mon Apr 25 11:29:26 2022
Summary:     Recommended update for sles15-image
Type:        recommended
Severity:    moderate
References:  
This update for sles15-image fixes the following issues:

- Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562)
- Add com.suse.supportlevel label (jsc#BCI-40)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1454-1
Released:    Thu Apr 28 11:15:06 2022
Summary:     Security update for python-pip
Type:        security
Severity:    moderate
References:  1176262,1195831,CVE-2019-20916
This update for python-pip fixes the following issues:

- Add wheel subpackage with the generated wheel for this package
  (bsc#1176262, CVE-2019-20916).

- Make wheel a separate build run to avoid the setuptools/wheel build
  cycle.

- Switch this package to use update-alternatives for all files
  in %{_bindir} so it doesn't collide with the versions on
  'the latest' versions of Python interpreter (jsc#SLE-18038,
  bsc#1195831).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1548-1
Released:    Thu May  5 16:45:28 2022
Summary:     Security update for tar
Type:        security
Severity:    moderate
References:  1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193
This update for tar fixes the following issues:

- CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131).
- CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496).
- CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610).

- Update to GNU tar 1.34:
  * Fix extraction over pipe
  * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131)
  * Fix extraction when . and .. are unreadable
  * Gracefully handle duplicate symlinks when extracting
  * Re-initialize supplementary groups when switching to user
    privileges

- Update to GNU tar 1.33:
  * POSIX extended format headers do not include PID by default
  * --delay-directory-restore works for archives with reversed
    member ordering
  * Fix extraction of a symbolic link hardlinked to another
    symbolic link
  * Wildcards in exclude-vcs-ignore mode don't match slash
  * Fix the --no-overwrite-dir option
  * Fix handling of chained renames in incremental backups
  * Link counting works for file names supplied with -T
  * Accept only position-sensitive (file-selection) options in file
    list files

- prepare usrmerge (bsc#1029961)

- Update to GNU 1.32
  * Fix the use of --checkpoint without explicit --checkpoint-action
  * Fix extraction with the -U option
  * Fix iconv usage on BSD-based systems
  * Fix possible NULL dereference (savannah bug #55369)
    [bsc#1130496] [CVE-2019-9923]
  * Improve the testsuite

- Update to GNU 1.31
  * Fix heap-buffer-overrun with --one-top-level, bug introduced
    with the addition of that option in 1.28
  * Support for zstd compression
  * New option '--zstd' instructs tar to use zstd as compression
    program. When listing, extractng and comparing, zstd compressed
    archives are recognized automatically. When '-a' option is in
    effect, zstd compression is selected if the destination archive
    name ends in '.zst' or '.tzst'.
  * The -K option interacts properly with member names given in the
    command line. Names of members to extract can be specified along
    with the '-K NAME' option. In this case, tar will extract NAME
    and those of named members that appear in the archive after it,
    which is consistent with the semantics of the option. Previous
    versions of tar extracted NAME, those of named members that
    appeared before it, and everything after it.
  * Fix CVE-2018-20482 - When creating archives with the --sparse
    option, previous versions of tar would loop endlessly if a
    sparse file had been truncated while being archived.


The following package changes have been done:

- libldap-data-2.4.46-9.64.1 updated
- filesystem-15.0-11.8.1 updated
- libtirpc-netconfig-1.2.6-150300.3.3.1 updated
- glibc-2.31-150300.20.7 updated
- libuuid1-2.36.2-150300.4.20.1 updated
- libsmartcols1-2.36.2-150300.4.20.1 updated
- libcrypt1-4.4.15-150300.4.2.41 updated
- libblkid1-2.36.2-150300.4.20.1 updated
- libfdisk1-2.36.2-150300.4.20.1 updated
- libz1-1.2.11-150000.3.30.1 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libcom_err2-1.43.8-150000.4.29.1 updated
- libopenssl1_1-1.1.1d-11.43.1 updated
- libopenssl1_1-hmac-1.1.1d-11.43.1 updated
- libudev1-246.16-150300.7.42.1 updated
- libmount1-2.36.2-150300.4.20.1 updated
- libtirpc3-1.2.6-150300.3.3.1 updated
- libldap-2_4-2-2.4.46-9.64.1 updated
- libsystemd0-246.16-150300.7.42.1 updated
- pam-1.3.0-150000.6.55.3 updated
- util-linux-2.36.2-150300.4.20.1 updated
- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- openssl-1_1-1.1.1d-11.43.1 updated
- tar-1.34-150000.3.12.1 added
- libexpat1-2.2.5-3.19.1 updated
- timezone-2022a-150000.75.7.1 updated
- python3-base-3.6.15-150300.10.21.1 updated
- libpython3_6m1_0-3.6.15-150300.10.21.1 updated
- python3-3.6.15-150300.10.21.1 updated
- python3-six-1.14.0-12.1 updated
- python3-pip-20.0.2-150100.6.18.1 updated
- container:sles15-image-15.0.0-17.12.1 updated
- golang-github-prometheus-node_exporter-1.1.2-3.9.3 removed
- trento-premium-0.9.1+git.dev82.1646995460.425fc30-150300.3.13.1 removed

SUSE: 2022:917-1 trento/trento-runner Security Update

May 6, 2022
The container trento/trento-runner was updated

Summary

Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:884-1 Released: Thu Mar 17 09:47:43 2022 Summary: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:942-1 Released: Thu Mar 24 10:30:15 2022 Summary: Security update for python3 Type: security Severity: moderate Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1333-1 Released: Mon Apr 25 11:29:26 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1454-1 Released: Thu Apr 28 11:15:06 2022 Summary: Security update for python-pip Type: security Severity: moderate Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate

References

References : 1029961 1082318 1120610 1120610 1130496 1130496 1172427 1176262

1177460 1181131 1181131 1182959 1184124 1186819 1191502 1193086

1194642 1194642 1194883 1195149 1195247 1195529 1195792 1195831

1195856 1195899 1196025 1196093 1196275 1196406 1196567 1196647

1196784 1196939 1197024 1197459 1198062 CVE-2018-20482 CVE-2018-20482

CVE-2018-25032 CVE-2019-20916 CVE-2019-9923 CVE-2019-9923 CVE-2021-20193

CVE-2021-20193 CVE-2021-3572 CVE-2022-1271 CVE-2022-25236

1120610,1130496,CVE-2018-20482,CVE-2019-9923

This update for tar fixes the following issues:

Security issues fixed:

- CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496).

- CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610).

1181131,CVE-2021-20193

This update for tar fixes the following issues:

CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131)

1184124

This update for tar fixes the following issues:

- Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124)

1196025,1196784,CVE-2022-25236

This update for expat fixes the following issues:

- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).

1182959,1195149,1195792,1195856

This update for openssl-1_1 fixes the following issues:

openssl-1_1:

- Fix PAC pointer authentication in ARM (bsc#1195856)

- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)

- FIPS: Fix function and reason error codes (bsc#1182959)

- Enable zlib compression support (bsc#1195149)

glibc:

- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1

linux-glibc-devel:

- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1

libxcrypt:

- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1

zlib:

- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1

1082318

This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues:

- Add patch to fix build with new webcolors.

- update to version 3.2.0 (jsc#SLE-18756):

* Added a format_nongpl setuptools extra, which installs only format

dependencies that are non-GPL (#619).

- specfile:

* require python-importlib-metadata

- update to version 3.1.1:

* Temporarily revert the switch to js-regex until #611 and #612 are

resolved.

- changes from version 3.1.0:

- Regular expressions throughout schemas now respect the ECMA 262

dialect, as recommended by the specification (#609).

- Activate more of the test suite

- Remove tests and benchmarking from the runtime package

- Update to v3.0.2

- Fixed a bug where 0 and False were considered equal by

const and enum

- from v3.0.1

- Fixed a bug where extending validators did not preserve their

notion of which validator property contains $id information.

- Update to 3.0.1:

- Support for Draft 6 and Draft 7

- Draft 7 is now the default

- New TypeChecker object for more complex type definitions (and overrides)

- Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification

- Use %license instead of %doc (bsc#1082318)

- Remove hashbang from runtime module

- Replace PyPI URL with https://github.com/dgerber/rfc3987

- Activate doctests

- Add missing runtime dependency on timezone

- Replace dead link with GitHub URL

- Activate test suite

- Trim bias from descriptions.

- Initial commit, needed by flex

1172427,1194642

This update for util-linux fixes the following issues:

- Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642)

- Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642)

- Fix `su -s` bash completion. (bsc#1172427)

1196275,1196406

This update for filesystem and systemd-rpm-macros fixes the following issues:

filesystem:

- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)

systemd-rpm-macros:

- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)

1186819,CVE-2021-3572

This update for python3 fixes the following issues:

- CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819).

1196093,1197024

This update for pam fixes the following issues:

- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)

- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.

This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)

1197459,CVE-2018-25032

This update for zlib fixes the following issues:

- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).

1194883

This update for aaa_base fixes the following issues:

- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)

- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8

multi byte characters as well as support the vi mode of readline library

1194642

This update for util-linux fixes the following issue:

- Improve throughput and reduce clock sequence increments for high load situation with time based

version 1 uuids. (bsc#1194642)

1177460

This update for timezone fixes the following issues:

- timezone update 2022a (bsc#1177460):

* Palestine will spring forward on 2022-03-27, not on 03-26

* `zdump -v` now outputs better failure indications

* Bug fixes for code that reads corrupted TZif data

1198062,CVE-2022-1271

This update for xz fixes the following issues:

- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)

1191502,1193086,1195247,1195529,1195899,1196567

This update for systemd fixes the following issues:

- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)

- When migrating from sysvinit to systemd (it probably won't happen anymore),

let's use the default systemd target, which is the graphical.target one.

- Don't open /var journals in volatile mode when runtime_journal==NULL

- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)

- man: tweak description of auto/noauto (bsc#1191502)

- shared/install: ignore failures for auxiliary files

- install: make UnitFileChangeType enum anonymous

- shared/install: reduce scope of iterator variables

- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)

- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)

- Drop or soften some of the deprecation warnings (bsc#1193086)

1196647

This update for libtirpc fixes the following issues:

- Add option to enforce connection via protocol version 2 first (bsc#1196647)

1196939

This update for e2fsprogs fixes the following issues:

- Add support for 'libreadline7' for Leap. (bsc#1196939)

This update for sles15-image fixes the following issues:

- Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562)

- Add com.suse.supportlevel label (jsc#BCI-40)

1176262,1195831,CVE-2019-20916

This update for python-pip fixes the following issues:

- Add wheel subpackage with the generated wheel for this package

(bsc#1176262, CVE-2019-20916).

- Make wheel a separate build run to avoid the setuptools/wheel build

cycle.

- Switch this package to use update-alternatives for all files

in %{_bindir} so it doesn't collide with the versions on

'the latest' versions of Python interpreter (jsc#SLE-18038,

bsc#1195831).

1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193

This update for tar fixes the following issues:

- CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131).

- CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496).

- CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610).

- Update to GNU tar 1.34:

* Fix extraction over pipe

* Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131)

* Fix extraction when . and .. are unreadable

* Gracefully handle duplicate symlinks when extracting

* Re-initialize supplementary groups when switching to user

privileges

- Update to GNU tar 1.33:

* POSIX extended format headers do not include PID by default

* --delay-directory-restore works for archives with reversed

member ordering

* Fix extraction of a symbolic link hardlinked to another

symbolic link

* Wildcards in exclude-vcs-ignore mode don't match slash

* Fix the --no-overwrite-dir option

* Fix handling of chained renames in incremental backups

* Link counting works for file names supplied with -T

* Accept only position-sensitive (file-selection) options in file

list files

- prepare usrmerge (bsc#1029961)

- Update to GNU 1.32

* Fix the use of --checkpoint without explicit --checkpoint-action

* Fix extraction with the -U option

* Fix iconv usage on BSD-based systems

* Fix possible NULL dereference (savannah bug #55369)

[bsc#1130496] [CVE-2019-9923]

* Improve the testsuite

- Update to GNU 1.31

* Fix heap-buffer-overrun with --one-top-level, bug introduced

with the addition of that option in 1.28

* Support for zstd compression

* New option '--zstd' instructs tar to use zstd as compression

program. When listing, extractng and comparing, zstd compressed

archives are recognized automatically. When '-a' option is in

effect, zstd compression is selected if the destination archive

name ends in '.zst' or '.tzst'.

* The -K option interacts properly with member names given in the

command line. Names of members to extract can be specified along

with the '-K NAME' option. In this case, tar will extract NAME

and those of named members that appear in the archive after it,

which is consistent with the semantics of the option. Previous

versions of tar extracted NAME, those of named members that

appeared before it, and everything after it.

* Fix CVE-2018-20482 - When creating archives with the --sparse

option, previous versions of tar would loop endlessly if a

sparse file had been truncated while being archived.

The following package changes have been done:

- libldap-data-2.4.46-9.64.1 updated

- filesystem-15.0-11.8.1 updated

- libtirpc-netconfig-1.2.6-150300.3.3.1 updated

- glibc-2.31-150300.20.7 updated

- libuuid1-2.36.2-150300.4.20.1 updated

- libsmartcols1-2.36.2-150300.4.20.1 updated

- libcrypt1-4.4.15-150300.4.2.41 updated

- libblkid1-2.36.2-150300.4.20.1 updated

- libfdisk1-2.36.2-150300.4.20.1 updated

- libz1-1.2.11-150000.3.30.1 updated

- liblzma5-5.2.3-150000.4.7.1 updated

- libcom_err2-1.43.8-150000.4.29.1 updated

- libopenssl1_1-1.1.1d-11.43.1 updated

- libopenssl1_1-hmac-1.1.1d-11.43.1 updated

- libudev1-246.16-150300.7.42.1 updated

- libmount1-2.36.2-150300.4.20.1 updated

- libtirpc3-1.2.6-150300.3.3.1 updated

- libldap-2_4-2-2.4.46-9.64.1 updated

- libsystemd0-246.16-150300.7.42.1 updated

- pam-1.3.0-150000.6.55.3 updated

- util-linux-2.36.2-150300.4.20.1 updated

- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated

- openssl-1_1-1.1.1d-11.43.1 updated

- tar-1.34-150000.3.12.1 added

- libexpat1-2.2.5-3.19.1 updated

- timezone-2022a-150000.75.7.1 updated

- python3-base-3.6.15-150300.10.21.1 updated

- libpython3_6m1_0-3.6.15-150300.10.21.1 updated

- python3-3.6.15-150300.10.21.1 updated

- python3-six-1.14.0-12.1 updated

- python3-pip-20.0.2-150100.6.18.1 updated

- container:sles15-image-15.0.0-17.12.1 updated

- golang-github-prometheus-node_exporter-1.1.2-3.9.3 removed

- trento-premium-0.9.1+git.dev82.1646995460.425fc30-150300.3.13.1 removed

Severity
Container Advisory ID : SUSE-CU-2022:917-1
Container Tags : trento/trento-runner:1.0.0 , trento/trento-runner:1.0.0-rev1.1.0 , trento/trento-runner:1.0.0-rev1.1.0-build4.5.1 , trento/trento-runner:latest
Container Release : 4.5.1
Severity : important
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.