SUSE Container Update Advisory: ses/7.1/ceph/grafana
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:1836-1
Container Tags        : ses/7.1/ceph/grafana:8.5.22 , ses/7.1/ceph/grafana:8.5.22.3.4.77 , ses/7.1/ceph/grafana:latest , ses/7.1/ceph/grafana:sle15.3.pacific
Container Release     : 3.4.77
Severity              : important
Type                  : security
References            : 1065270 1127591 1195633 1199132 1199880 1201088 1203599 1204585
                        1206513 1207571 1207957 1207975 1207992 1208329 1208358 1208819
                        1208820 1208821 1209122 1209209 1209210 1209211 1209212 1209214
                        1209406 1209533 1209621 1209624 1209645 1209713 1209714 1209873
                        1209878 1210135 1210153 1210164 1210243 1210314 1210411 1210412
                        1210434 1210507 1210593 1210719 1210784 1210870 1210944 1211090
                        1211231 1211232 1211233 1211339 1211430 1211795 CVE-2021-3541
                        CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466
                        CVE-2023-0507 CVE-2023-0594 CVE-2023-0687 CVE-2023-1410 CVE-2023-23916
                        CVE-2023-24593 CVE-2023-25180 CVE-2023-2650 CVE-2023-27533 CVE-2023-27534
                        CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321
                        CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491
                        CVE-2023-2953 
-----------------------------------------------------------------

The container ses/7.1/ceph/grafana was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1711-1
Released:    Fri Mar 31 13:33:04 2023
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538
This update for curl fixes the following issues:

- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).
- CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1718-1
Released:    Fri Mar 31 15:47:34 2023
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1207571,1207957,1207975,1208358,CVE-2023-0687
This update for glibc fixes the following issues:

Security issue fixed:

- CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)

Other issues fixed:

- Fix avx2 strncmp offset compare condition check (bsc#1208358)
- elf: Allow dlopen of filter object to work (bsc#1207571)
- powerpc: Fix unrecognized instruction errors with recent GCC
- x86: Cache computation for AMD architecture (bsc#1207957)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1790-1
Released:    Thu Apr  6 15:36:15 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466
This update for openssl-1_1 fixes the following issues:

- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1805-1
Released:    Tue Apr 11 10:12:41 2023
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  
This update for timezone fixes the following issues:

- Version update from 2022g to 2023c:
  * Egypt now uses DST again, from April through October.
  * This year Morocco springs forward April 23, not April 30.
  * Palestine delays the start of DST this year.
  * Much of Greenland still uses DST from 2024 on.
  * America/Yellowknife now links to America/Edmonton.
  * tzselect can now use current time to help infer timezone.
  * The code now defaults to C99 or later.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:1904-1
Released:    Wed Apr 19 05:09:21 2023
Summary:     Security update for grafana
Type:        security
Severity:    important
References:  1208819,1208821,1209645,CVE-2023-0507,CVE-2023-0594,CVE-2023-1410
This version update from 8.5.20 to 8.5.22 for grafana fixes the following issues:

- Security issues fixed:
  * CVE-2023-1410: Fix XSS in Graphite functions tooltip (bsc#1209645)
  * CVE-2023-0507: Apply attribute sanitation to GeomapPanel (bsc#1208821)
  * CVE-2023-0594: Avoid storing XSS in TraceView panel (bsc#1208819)

- The following non-security bug was fixed:
  * Login: Fix panic when UpsertUser is called without ReqContext


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1945-1
Released:    Fri Apr 21 14:13:27 2023
Summary:     Recommended update for elfutils
Type:        recommended
Severity:    moderate
References:  1203599
This update for elfutils fixes the following issues:

- go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2048-1
Released:    Wed Apr 26 21:05:45 2023
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469
This update for libxml2 fixes the following issues:

- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).
- CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). 
  
  The following non-security bugs were fixed:

- Added W3C conformance tests to the testsuite (bsc#1204585).
- Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2070-1
Released:    Fri Apr 28 13:56:33 2023
Summary:     Security update for shadow
Type:        security
Severity:    moderate
References:  1210507,CVE-2023-29383
This update for shadow fixes the following issues:

- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2074-1
Released:    Fri Apr 28 17:02:25 2023
Summary:     Security update for zstd
Type:        security
Severity:    moderate
References:  1209533,CVE-2022-4899
This update for zstd fixes the following issues:

- CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2076-1
Released:    Fri Apr 28 17:35:05 2023
Summary:     Security update for glib2
Type:        security
Severity:    moderate
References:  1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180
This update for glib2 fixes the following issues:

- CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714).
- CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713).

The following non-security bug was fixed:

- Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2104-1
Released:    Thu May  4 21:05:30 2023
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1209122
This update for procps fixes the following issue:

- Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2111-1
Released:    Fri May  5 14:34:00 2023
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1210434,CVE-2023-29491
This update for ncurses fixes the following issues:

- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2133-1
Released:    Tue May  9 13:37:10 2023
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1206513
This update for zlib fixes the following issues:

- Add DFLTCC support for using inflate() with a small window (bsc#1206513)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2227-1
Released:    Wed May 17 09:57:41 2023
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322
This update for curl fixes the following issues:

- CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2247-1
Released:    Thu May 18 17:04:38 2023
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1127591,1195633,1208329,1209406,1210870
This update for libzypp, zypper fixes the following issues:

- Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633)
- multicurl: propagate ssl settings stored in repo url (bsc#1127591)
- MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870)
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329)
- Teach MediaNetwork to retry on HTTP2 errors.
- Fix selecting installed patterns from picklist (bsc#1209406)
- man: better explanation of --priority

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2333-1
Released:    Wed May 31 09:01:28 2023
Summary:     Recommended update for zlib
Type:        recommended
Severity:    moderate
References:  1210593
This update for zlib fixes the following issue:

- Fix function calling order to avoid crashes (bsc#1210593)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2343-1
Released:    Thu Jun  1 11:35:28 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1211430,CVE-2023-2650
This update for openssl-1_1 fixes the following issues:

- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2365-1
Released:    Mon Jun  5 09:22:46 2023
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1210164
This update for util-linux fixes the following issues:

- Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2484-1
Released:    Mon Jun 12 08:49:58 2023
Summary:     Security update for openldap2
Type:        security
Severity:    moderate
References:  1211795,CVE-2023-2953
This update for openldap2 fixes the following issues:

- CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2488-1
Released:    Mon Jun 12 11:10:29 2023
Summary:     Recommended update for ceph, ceph-image, ceph-iscsi
Type:        recommended
Severity:    moderate
References:  1199880,1201088,1208820,1209621,1210153,1210243,1210314,1210719,1210784,1210944,1211090
This update for ceph, ceph-image, ceph-iscsi fixes the following issues:

- Update to 16.2.13-66-g54799ee0666:
  + (bsc#1199880) mgr: don't dump global config holding gil
  + (bsc#1209621) cephadm: fix NFS haproxy failover if active node disappears  + (bsc#1210153) mgr/cephadm: fix handling of mgr upgrades with 3 or more mgrs  + (bsc#1210243, bsc#1210314) ceph-volume: fix regression in activate 
  + (bsc#1210719) cephadm: mount host /etc/hosts for daemon containers in podman deployments
  + (bsc#1210784) mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode'
  + (bsc#1210944) cmake: patch boost source to support python 3.11  + (bsc#1211090) fix FTBFS on s390x

- Add _multibuild to define additional spec files as additional
  flavors.  Eliminates the need for source package links in OBS.

- Update to 16.2.11-65-g8b7e6fc0182:
  + (bsc#1201088) test/librados: fix FTBFS on gcc 13
  + (bsc#1208820) mgr/dashboard: allow to pass controls on iscsi disk create

- Update to 16.2.11-62-gce6291a3463:
  + (bsc#1201088) fix FTBFS on gcc 13

- Update to 16.2.13-66-g54799ee0666:
  + (bsc#1199880) mgr: don't dump global config holding gil
  + (bsc#1209621) cephadm: fix NFS haproxy failover if active node disappears  + (bsc#1210153) mgr/cephadm: fix handling of mgr upgrades with 3 or more mgrs  + (bsc#1210243, bsc#1210314) ceph-volume: fix regression in activate 
  + (bsc#1210719) cephadm: mount host /etc/hosts for daemon containers in podman deployments
  + (bsc#1210784) mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode'
  + (bsc#1210944) cmake: patch boost source to support python 3.11  + (bsc#1211090) fix FTBFS on s390x

- Add _multibuild to define additional spec files as additional
  flavors.  Eliminates the need for source package links in OBS.

- Update to 16.2.11-65-g8b7e6fc0182:
  + (bsc#1201088) test/librados: fix FTBFS on gcc 13
  + (bsc#1208820) mgr/dashboard: allow to pass controls on iscsi disk create

- Update to 16.2.11-62-gce6291a3463:
  + (bsc#1201088) fix FTBFS on gcc 13

- Update to 3.5+1679292226.g8769429:
  + rbd-target-api: don't ignore controls on disk create (bsc#1208820)
- checkin.sh: default to ses7 branch


The following package changes have been done:

- ceph-grafana-dashboards-16.2.13.66+g54799ee0666-150300.3.11.1 updated
- glibc-2.31-150300.46.1 updated
- grafana-8.5.22-150200.3.38.1 updated
- libblkid1-2.36.2-150300.4.35.1 updated
- libcurl4-7.66.0-150200.4.57.1 updated
- libdw1-0.177-150300.11.6.1 updated
- libebl-plugins-0.177-150300.11.6.1 updated
- libelf1-0.177-150300.11.6.1 updated
- libfdisk1-2.36.2-150300.4.35.1 updated
- libglib-2_0-0-2.62.6-150200.3.15.1 updated
- libldap-2_4-2-2.4.46-150200.14.14.1 updated
- libldap-data-2.4.46-150200.14.14.1 updated
- libmount1-2.36.2-150300.4.35.1 updated
- libncurses6-6.1-150000.5.15.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated
- libopenssl1_1-1.1.1d-150200.11.65.1 updated
- libprocps7-3.3.15-150000.7.31.1 updated
- libsmartcols1-2.36.2-150300.4.35.1 updated
- libsolv-tools-0.7.24-150200.18.1 updated
- libuuid1-2.36.2-150300.4.35.1 updated
- libxml2-2-2.9.7-150000.3.57.1 updated
- libz1-1.2.11-150000.3.45.1 updated
- libzstd1-1.4.4-150000.1.9.1 updated
- libzypp-17.31.11-150200.61.1 updated
- login_defs-4.8.1-150300.4.6.1 updated
- ncurses-utils-6.1-150000.5.15.1 updated
- openssl-1_1-1.1.1d-150200.11.65.1 updated
- procps-3.3.15-150000.7.31.1 updated
- shadow-4.8.1-150300.4.6.1 updated
- terminfo-base-6.1-150000.5.15.1 updated
- timezone-2023c-150000.75.23.1 updated
- util-linux-2.36.2-150300.4.35.1 updated
- zypper-1.14.60-150200.51.1 updated
- container:sles15-image-15.0.0-17.20.146 updated

SUSE: 2023:1836-1 ses/7.1/ceph/grafana Security Update

June 13, 2023
The container ses/7.1/ceph/grafana was updated

Summary

Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important Advisory ID: SUSE-SU-2023:1904-1 Released: Wed Apr 19 05:09:21 2023 Summary: Security update for grafana Type: security Severity: important Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate Advisory ID: SUSE-RU-2023:2488-1 Released: Mon Jun 12 11:10:29 2023 Summary: Recommended update for ceph, ceph-image, ceph-iscsi Type: recommended Severity: moderate

References

References : 1065270 1127591 1195633 1199132 1199880 1201088 1203599 1204585

1206513 1207571 1207957 1207975 1207992 1208329 1208358 1208819

1208820 1208821 1209122 1209209 1209210 1209211 1209212 1209214

1209406 1209533 1209621 1209624 1209645 1209713 1209714 1209873

1209878 1210135 1210153 1210164 1210243 1210314 1210411 1210412

1210434 1210507 1210593 1210719 1210784 1210870 1210944 1211090

1211231 1211232 1211233 1211339 1211430 1211795 CVE-2021-3541

CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466

CVE-2023-0507 CVE-2023-0594 CVE-2023-0687 CVE-2023-1410 CVE-2023-23916

CVE-2023-24593 CVE-2023-25180 CVE-2023-2650 CVE-2023-27533 CVE-2023-27534

CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321

CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491

CVE-2023-2953

1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538

This update for curl fixes the following issues:

- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).

- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).

- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).

- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).

- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).

- CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).

1207571,1207957,1207975,1208358,CVE-2023-0687

This update for glibc fixes the following issues:

Security issue fixed:

- CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)

Other issues fixed:

- Fix avx2 strncmp offset compare condition check (bsc#1208358)

- elf: Allow dlopen of filter object to work (bsc#1207571)

- powerpc: Fix unrecognized instruction errors with recent GCC

- x86: Cache computation for AMD architecture (bsc#1207957)

1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466

This update for openssl-1_1 fixes the following issues:

- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).

- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).

- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).

This update for timezone fixes the following issues:

- Version update from 2022g to 2023c:

* Egypt now uses DST again, from April through October.

* This year Morocco springs forward April 23, not April 30.

* Palestine delays the start of DST this year.

* Much of Greenland still uses DST from 2024 on.

* America/Yellowknife now links to America/Edmonton.

* tzselect can now use current time to help infer timezone.

* The code now defaults to C99 or later.

1208819,1208821,1209645,CVE-2023-0507,CVE-2023-0594,CVE-2023-1410

This version update from 8.5.20 to 8.5.22 for grafana fixes the following issues:

- Security issues fixed:

* CVE-2023-1410: Fix XSS in Graphite functions tooltip (bsc#1209645)

* CVE-2023-0507: Apply attribute sanitation to GeomapPanel (bsc#1208821)

* CVE-2023-0594: Avoid storing XSS in TraceView panel (bsc#1208819)

- The following non-security bug was fixed:

* Login: Fix panic when UpsertUser is called without ReqContext

1203599

This update for elfutils fixes the following issues:

- go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599)

1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469

This update for libxml2 fixes the following issues:

- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).

- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).

- CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132).

The following non-security bugs were fixed:

- Added W3C conformance tests to the testsuite (bsc#1204585).

- Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) .

1210507,CVE-2023-29383

This update for shadow fixes the following issues:

- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).

1209533,CVE-2022-4899

This update for zstd fixes the following issues:

- CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).

1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180

This update for glib2 fixes the following issues:

- CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714).

- CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713).

The following non-security bug was fixed:

- Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978).

1209122

This update for procps fixes the following issue:

- Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122)

1210434,CVE-2023-29491

This update for ncurses fixes the following issues:

- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).

1206513

This update for zlib fixes the following issues:

- Add DFLTCC support for using inflate() with a small window (bsc#1206513)

1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322

This update for curl fixes the following issues:

- CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231).

- CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232).

- CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233).

1127591,1195633,1208329,1209406,1210870

This update for libzypp, zypper fixes the following issues:

- Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633)

- multicurl: propagate ssl settings stored in repo url (bsc#1127591)

- MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870)

- zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329)

- Teach MediaNetwork to retry on HTTP2 errors.

- Fix selecting installed patterns from picklist (bsc#1209406)

- man: better explanation of --priority

1210593

This update for zlib fixes the following issue:

- Fix function calling order to avoid crashes (bsc#1210593)

1211430,CVE-2023-2650

This update for openssl-1_1 fixes the following issues:

- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).

1210164

This update for util-linux fixes the following issues:

- Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164)

1211795,CVE-2023-2953

This update for openldap2 fixes the following issues:

- CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795).

1199880,1201088,1208820,1209621,1210153,1210243,1210314,1210719,1210784,1210944,1211090

This update for ceph, ceph-image, ceph-iscsi fixes the following issues:

- Update to 16.2.13-66-g54799ee0666:

+ (bsc#1199880) mgr: don't dump global config holding gil

+ (bsc#1209621) cephadm: fix NFS haproxy failover if active node disappears + (bsc#1210153) mgr/cephadm: fix handling of mgr upgrades with 3 or more mgrs + (bsc#1210243, bsc#1210314) ceph-volume: fix regression in activate

+ (bsc#1210719) cephadm: mount host /etc/hosts for daemon containers in podman deployments

+ (bsc#1210784) mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode'

+ (bsc#1210944) cmake: patch boost source to support python 3.11 + (bsc#1211090) fix FTBFS on s390x

- Add _multibuild to define additional spec files as additional

flavors. Eliminates the need for source package links in OBS.

- Update to 16.2.11-65-g8b7e6fc0182:

+ (bsc#1201088) test/librados: fix FTBFS on gcc 13

+ (bsc#1208820) mgr/dashboard: allow to pass controls on iscsi disk create

- Update to 16.2.11-62-gce6291a3463:

+ (bsc#1201088) fix FTBFS on gcc 13

- Update to 16.2.13-66-g54799ee0666:

+ (bsc#1199880) mgr: don't dump global config holding gil

+ (bsc#1209621) cephadm: fix NFS haproxy failover if active node disappears + (bsc#1210153) mgr/cephadm: fix handling of mgr upgrades with 3 or more mgrs + (bsc#1210243, bsc#1210314) ceph-volume: fix regression in activate

+ (bsc#1210719) cephadm: mount host /etc/hosts for daemon containers in podman deployments

+ (bsc#1210784) mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode'

+ (bsc#1210944) cmake: patch boost source to support python 3.11 + (bsc#1211090) fix FTBFS on s390x

- Add _multibuild to define additional spec files as additional

flavors. Eliminates the need for source package links in OBS.

- Update to 16.2.11-65-g8b7e6fc0182:

+ (bsc#1201088) test/librados: fix FTBFS on gcc 13

+ (bsc#1208820) mgr/dashboard: allow to pass controls on iscsi disk create

- Update to 16.2.11-62-gce6291a3463:

+ (bsc#1201088) fix FTBFS on gcc 13

- Update to 3.5+1679292226.g8769429:

+ rbd-target-api: don't ignore controls on disk create (bsc#1208820)

- checkin.sh: default to ses7 branch

The following package changes have been done:

- ceph-grafana-dashboards-16.2.13.66+g54799ee0666-150300.3.11.1 updated

- glibc-2.31-150300.46.1 updated

- grafana-8.5.22-150200.3.38.1 updated

- libblkid1-2.36.2-150300.4.35.1 updated

- libcurl4-7.66.0-150200.4.57.1 updated

- libdw1-0.177-150300.11.6.1 updated

- libebl-plugins-0.177-150300.11.6.1 updated

- libelf1-0.177-150300.11.6.1 updated

- libfdisk1-2.36.2-150300.4.35.1 updated

- libglib-2_0-0-2.62.6-150200.3.15.1 updated

- libldap-2_4-2-2.4.46-150200.14.14.1 updated

- libldap-data-2.4.46-150200.14.14.1 updated

- libmount1-2.36.2-150300.4.35.1 updated

- libncurses6-6.1-150000.5.15.1 updated

- libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated

- libopenssl1_1-1.1.1d-150200.11.65.1 updated

- libprocps7-3.3.15-150000.7.31.1 updated

- libsmartcols1-2.36.2-150300.4.35.1 updated

- libsolv-tools-0.7.24-150200.18.1 updated

- libuuid1-2.36.2-150300.4.35.1 updated

- libxml2-2-2.9.7-150000.3.57.1 updated

- libz1-1.2.11-150000.3.45.1 updated

- libzstd1-1.4.4-150000.1.9.1 updated

- libzypp-17.31.11-150200.61.1 updated

- login_defs-4.8.1-150300.4.6.1 updated

- ncurses-utils-6.1-150000.5.15.1 updated

- openssl-1_1-1.1.1d-150200.11.65.1 updated

- procps-3.3.15-150000.7.31.1 updated

- shadow-4.8.1-150300.4.6.1 updated

- terminfo-base-6.1-150000.5.15.1 updated

- timezone-2023c-150000.75.23.1 updated

- util-linux-2.36.2-150300.4.35.1 updated

- zypper-1.14.60-150200.51.1 updated

- container:sles15-image-15.0.0-17.20.146 updated

Severity
Container Advisory ID : SUSE-CU-2023:1836-1
Container Tags : ses/7.1/ceph/grafana:8.5.22 , ses/7.1/ceph/grafana:8.5.22.3.4.77 , ses/7.1/ceph/grafana:latest , ses/7.1/ceph/grafana:sle15.3.pacific
Container Release : 3.4.77
Severity : important
Type : security
Feedback