SUSE: 2022:973-1 ses/6/cephcsi/cephcsi Security Update
Summary
Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1131-1 Released: Fri Apr 8 09:43:53 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important Advisory ID: SUSE-SU-2022:1149-1 Released: Mon Apr 11 16:29:14 2022 Summary: Security update for mozilla-nss Type: security Severity: important Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important Advisory ID: SUSE-SU-2022:1250-1 Released: Sun Apr 17 15:39:47 2022 Summary: Security update for gzip Type: security Severity: important Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1491-1 Released: Tue May 3 07:09:44 2022 Summary: Recommended update for psmisc Type: recommended Severity: moderate
References
References : 1121227 1121230 1122004 1122021 1172427 1177047 1177460 1180713
1184501 1193489 1194172 1194642 1194848 1194883 1195251 1195628
1195899 1195999 1196061 1196093 1196107 1196275 1196317 1196368
1196406 1196514 1196925 1196939 1197024 1197134 1197297 1197459
1197788 1197903 1198062 1198062 1198237 CVE-2018-20573 CVE-2018-20574
CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2022-1097 CVE-2022-1271
CVE-2022-1271
1196275,1196406
This update for filesystem and systemd-rpm-macros fixes the following issues:
filesystem:
- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
systemd-rpm-macros:
- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)
1195899
This update for systemd fixes the following issues:
- allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870)
1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
1197459,CVE-2018-25032
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
1194883
This update for aaa_base fixes the following issues:
- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
multi byte characters as well as support the vi mode of readline library
1172427,1194642
This update for util-linux fixes the following issues:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
- Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642)
- Warn if uuidd lock state is not usable. (bsc#1194642)
- Fix 'su -s' bash completion. (bsc#1172427)
1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
1197297,1197788
This update for nfs-utils fixes the following issues:
- Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297)
* This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels.
- Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788)
1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm
protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
1197903,CVE-2022-1097
This update for mozilla-nss fixes the following issues:
Mozilla NSS 3.68.3 (bsc#1197903):
- CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11
tokens are removed while in use.
1198062,CVE-2022-1271
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
1177047,1180713,1198062,CVE-2022-1271
This update for gzip fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
The following non-security bugs were fixed:
- Fixed an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713)
- Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047)
1196939
This update for e2fsprogs fixes the following issues:
- Add support for 'libreadline7' for Leap. (bsc#1196939)
1195628,1196107
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
1195251
This update for systemd-presets-common-SUSE fixes the following issue:
- enable vgauthd service for VMWare by default (bsc#1195251)
1198237
This update for binutils fixes the following issues:
- The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237)
1193489
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
1194172
This update for psmisc fixes the following issues:
- Add a fallback if the system call name_to_handle_at() is not supported by the used file system.
- Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from
pthreads(7) (bsc#1194172)
- Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process (bsc#1194172)
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- binutils-2.37-150100.7.29.1 updated
- e2fsprogs-1.43.8-150000.4.29.1 updated
- filesystem-15.0-11.8.1 updated
- gzip-1.10-150000.4.12.1 updated
- libblkid1-2.33.2-150100.4.21.1 updated
- libcom_err2-1.43.8-150000.4.29.1 updated
- libctf-nobfd0-2.37-150100.7.29.1 updated
- libctf0-2.37-150100.7.29.1 updated
- libext2fs2-1.43.8-150000.4.29.1 updated
- libfdisk1-2.33.2-150100.4.21.1 updated
- libfreebl3-3.68.3-150000.3.67.1 updated
- libgcc_s1-11.2.1+git610-150000.1.6.6 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.33.2-150100.4.21.1 updated
- libquadmath0-11.2.1+git610-150000.1.6.6 updated
- libsmartcols1-2.33.2-150100.4.21.1 updated
- libsoftokn3-3.68.3-150000.3.67.1 updated
- libsolv-tools-0.7.22-150100.4.6.1 updated
- libstdc++6-11.2.1+git610-150000.1.6.6 updated
- libsystemd0-234-24.108.1 updated
- libudev1-234-24.108.1 updated
- libuuid1-2.33.2-150100.4.21.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.30.1 updated
- libzypp-17.30.0-150100.3.78.1 updated
- mozilla-nss-certs-3.68.3-150000.3.67.1 updated
- mozilla-nss-3.68.3-150000.3.67.1 updated
- nfs-client-2.1.1-150100.10.24.1 updated
- nfs-kernel-server-2.1.1-150100.10.24.1 updated
- pam-1.3.0-150000.6.55.3 updated
- perl-base-5.26.1-150000.7.15.1 updated
- psmisc-23.0-150000.6.22.1 updated
- systemd-presets-common-SUSE-15-150100.8.12.1 updated
- systemd-234-24.108.1 updated
- timezone-2022a-150000.75.7.1 updated
- udev-234-24.108.1 updated
- util-linux-2.33.2-150100.4.21.1 updated
- xz-5.2.3-150000.4.7.1 updated
- zypper-1.14.52-150100.3.55.2 updated
- container:sles15-image-15.0.0-6.2.613 updated
