Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
100
security advisorycriticalcontainer updateSUSE SES 7.1 Security Update: 2023:799-1 Critical Rook Ceph Patch
The container ses/7.1/rook/ceph was updated. The following patches have been included in this update:. SUSE Container Update Advisory: ses/7.1/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:799-1 Container Tags : ses/7.1/rook/ceph:1.10.1 , ses/7.1/rook/ceph:1.10.1.16 , ses/7.1/rook/ceph:1.10.1.16.4.5.348 , ses/7.1/rook/ceph:latest , ses/7.1/rook/ceph:sle15.3.pacific Container Release : 4.5.348 Severity : critical Type : security References : 1176785 1178233 1187748 1188911 1192838 1192840 1196046 1199183 1199282 1199756 1200262 1200317 1200501 1200978 1201604 1201797 1201837 1201976 1202077 1202292 1203248 1203249 1203355 1203375 1203715 1204430 1204548 1204956 1205025 1205436 1205570 1205636 1206158 1206949 1207294 1208471 CVE-2022-0670 CVE-2022-29217 CVE-2022-3650 CVE-2022-3854 CVE-2023-24329 ----------------------------------------------------------------- The container ses/7.1/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes Thisupdate ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) -Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page andexplain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:794-1 Released: Fri Mar 17 08:42:12 2023 Summary: Security update for python-PyJWT Type: security Severity: critical References: 1176785,1199282,1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats (bsc#1199756). - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to 2.4.0 (bsc#1199756) - Explicit check the key for ECAlgorithm - Don't use implicit optionals - documentation fix: show correct scope - fix: Update copyright information - Don't mutate options dictionary in .decode_complete() - Add support for Python 3.10 - api_jwk: Add PyJWKSet.__getitem__ - Update usage.rst - Docs: mention performance reasons for reusing RSAPrivateKey when encoding - Fixed typo in usage.rst - Add detached payload support for JWS encoding and decoding - Replace various string interpolations with f-strings by ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1584-1 Released: Mon Mar 27 10:32:31 2023 Summary: Security update for ceph Type: security Severity: important References: 1187748,1188911,1192838,1192840,1196046,1199183,1200262,1200317,1200501,1200978,1201604,1201797,1201837,1201976,1202077,1202292,1203375,1204430,1205025,1205436,1206158,CVE-2022-0670,CVE-2022-3650,CVE-2022-3854 This update for ceph fixes the following issues: Security issues fixed: - CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837). - CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430). - CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025). Bug fixes: - osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183). - ceph-volume: fix fast device alloc size on mulitple device (bsc#1200262). - cephadm: update monitoring container images (bsc#1200501). - mgr/dashboard: prevent alert redirect (bsc#1200978). - mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797). - monitoring/ceph-mixin: add RGW host to label info (bsc#1201976). - mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077). - python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375). - mgr/dashboard: fix rgw connect when using ssl (bsc#1205436). - ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292). - cephfs-shell: move source to separate subdirectory (bsc#1201604). Fix in previous release: - mgr/cephadm: try to get FQDN for configuration files (bsc#1196046). - When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748). - OSD marked down causes wrong backfill_toofull (bsc#1188911). - cephadm: Fix iscsi client caps (allow mgr calls) (bsc#1192838). - mgr/cephadm: fix and improve osd draining (bsc#1200317). - add iscsi and nfs to upgrade process (bsc#1206158). - mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840). The following package changes have been done: - ceph-base-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - ceph-common-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated -ceph-grafana-dashboards-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - ceph-mds-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - ceph-mgr-cephadm-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - ceph-mgr-dashboard-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - ceph-mgr-modules-core-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - ceph-mgr-rook-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - ceph-mgr-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - ceph-mon-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - ceph-osd-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - ceph-prometheus-alerts-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - ceph-radosgw-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - cephadm-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - ceph-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - libcephfs2-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - libcephsqlite-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libpython3_6m1_0-3.6.15-150300.10.45.1 updated - librados2-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - librbd1-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - librgw2-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - libsolv-tools-0.7.23-150200.15.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libzypp-17.31.8-150200.50.1 updated - python3-PyJWT-2.4.0-150200.3.6.2 updated - python3-base-3.6.15-150300.10.45.1 updated - python3-ceph-argparse-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - python3-ceph-common-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - python3-cephfs-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - python3-curses-3.6.15-150300.10.45.1 updated - python3-rados-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - python3-rbd-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - python3-rgw-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - python3-3.6.15-150300.10.45.1 updated - rbd-mirror-16.2.11.58+g38d6afd3b78-150300.3.6.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - zypper-1.14.59-150200.42.2 updated - container:sles15-image-15.0.0-17.20.115 updated -python3-ecdsa-0.13.3-3.7.1 removed . Vital security enhancements released for SES 7.1 Rook Ceph Docker, tackling several problems and weaknesses.. SES Update, SUSE Advisory, Critical Security, Rook Ceph Update, Container Security. . Severity: Critical. LinuxSecurity.com Team
Mar 27, 2023
•Critical
SuSE
100
security advisorysecurity updatecriticalSUSE: 2022:45-3 Important: Rook Ceph Security Update for ses/7
The container ses/7/rook/ceph was updated. The following patches have been included in this update:. SUSE Container Update Advisory: ses/7/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:99-1 Container Tags : ses/7/rook/ceph:1.5.7 , ses/7/rook/ceph:1.5.7.4 , ses/7/rook/ceph:1.5.7.4.1.1546 , ses/7/rook/ceph:latest , ses/7/rook/ceph:sle15.2.octopus Container Release : 1.1546 Severity : important Type : security References : 1078466 1083473 1112500 1115408 1125671 1140565 1146705 1154393 1160876 1165780 1171549 1172442 1172926 1174514 1175289 1175519 1176201 1176390 1176489 1176679 1176784 1176785 1176828 1177360 1177857 1178168 1178407 1178775 1178837 1178860 1178905 1178932 1179569 1179847 1179997 1180020 1180073 1180083 1180596 1180713 1181011 1181328 1181358 1181622 1181831 1182328 1182362 1182379 1182629 1182766 1183012 1183094 1183370 1183371 1183456 1183457 1183852 1183933 1183934 CVE-2020-11080 CVE-2020-14343 CVE-2020-25659 CVE-2020-25678 CVE-2020-27839 CVE-2021-20231 CVE-2021-20232 CVE-2021-22876 CVE-2021-22890 CVE-2021-23336 CVE-2021-24031 CVE-2021-24032 CVE-2021-27218 CVE-2021-27219 CVE-2021-3449 ----------------------------------------------------------------- The container ses/7/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length butstores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' > = 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire > = 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use`updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:947-1 Released: Wed Mar 24 14:30:58 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1182379,CVE-2021-23336 This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed(bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:952-1 Released: Thu Mar 25 14:36:56 2021 Summary: Recommended update for libunwind Type: recommended Severity: moderate References: 1160876,1171549 This update for libunwind fixes the following issues: - Update to version 1.5.0. (jsc#ECO-3395) - Enable s390x for building. (jsc#ECO-3395) - Fix compilation with 'fno-common'. (bsc#1171549) - Fix build with 'GCC-10'. (bsc#1160876) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:953-1 Released: Thu Mar 25 14:37:26 2021 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1178407 This update for psmisc fixes the following issues: - Fix for 'fuser' when it does not show open kvm storage image files such as 'qcow2' files. (bsc#1178407) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:985-1 Released: Tue Mar 30 14:42:46 2021 Summary: Recommended update for the Azure SDK and CLI Type: recommended Severity: moderate References: 1125671,1140565,1154393,1174514,1175289,1176784,1176785,1178168,CVE-2020-14343,CVE-2020-25659 This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit). (bsc#1176784, jsc#ECO=3105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1109-1 Released: Thu Apr 8 11:49:10 2021 Summary: Security update for ceph Type: security Severity: moderate References: 1172926,1176390,1176489,1176679,1176828,1177360,1177857,1178837,1178860,1178905,1178932,1179569,1179997,1182766,CVE-2020-25678,CVE-2020-27839 This update for ceph fixes the following issues: - ceph was updated to to 15.2.9 - cephadm: fix 'inspect' and'pull' (bsc#1182766) - CVE-2020-27839: mgr/dashboard: Use secure cookies to store JWT Token (bsc#1179997) - CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905) - mgr/orchestrator: Sort 'ceph orch device ls' by host (bsc#1172926) - mgr/dashboard: enable different URL for users of browser to Grafana (bsc#1176390, bsc#1176679) - mgr/cephadm: lock multithreaded access to OSDRemovalQueue (bsc#1176489) - cephadm: command_unit: call systemctl with verbose=True (bsc#1176828) - cephadm: silence 'Failed to evict container' log msg (bsc#1177360) - mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails (bsc#1177857) - rgw: cls/user: set from_index for reset stats calls (bsc#1178837) - mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860) - cephadm: reference the last local image by digest (bsc#1178932, bsc#1179569) . SUSE advises on important security update for the Rook Ceph container in ses/7 to ensure system integrity and patch known issues.. SUSE Container Update,Rook Ceph,Security Update,System Integrity. . Severity: Important. LinuxSecurity.com Team
Apr 09, 2021
•Important
SuSE
100
security advisorysecurity issuepatchSUSE: 2020:764-2 Important: Rook Ceph Security Update Advisory
The container ses/7/rook/ceph was updated. The following patches have been included in this update: . SUSE Container Update Advisory: ses/7/rook/ceph -----------------------------------------------------------------Container Advisory ID : SUSE-CU-2020:763-1 Container Tags : ses/7/rook/ceph:1.4.7 , ses/7/rook/ceph:1.4.7.6 , ses/7/rook/ceph:1.4.7.6.1.1397 , ses/7/rook/ceph:latest , ses/7/rook/ceph:sle15.2.octopus Container Release : 1.1397 Severity : important Type : security References : 1176262 1176262 1178168 1178376 1179036 1179193 1179341 1179431 1179515 CVE-2019-20916 CVE-2019-20916 CVE-2020-25659 -----------------------------------------------------------------The container ses/7/rook/ceph was updated. The following patches have been included in this update: -----------------------------------------------------------------Advisory ID: SUSE-SU-2020:3566-1 Released: Mon Nov 30 16:56:52 2020 Summary: Security update for python-setuptools Type: security Severity: important References: 1176262,CVE-2019-20916 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) -----------------------------------------------------------------Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) -----------------------------------------------------------------Advisory ID: SUSE-SU-2020:3592-1 Released: Wed Dec 2 10:31:34 2020 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1178168,CVE-2020-25659 This update for python-cryptography fixes the followingissues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). -----------------------------------------------------------------Advisory ID: SUSE-SU-2020:3593-1 Released: Wed Dec 2 10:33:49 2020 Summary: Security update for python3 Type: security Severity: important References: 1176262,1179193,CVE-2019-20916 This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) -----------------------------------------------------------------Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` -----------------------------------------------------------------Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) -----------------------------------------------------------------Advisory ID: SUSE-RU-2020:3640-1 Released: Mon Dec 7 13:24:41 2020 Summary: Recommended update for binutils Type: recommended Severity: important References: 1179036,1179341 This update for binutils fixes the following issues: Update binutils 2.35 branch to commit 1c5243df: * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with certain DWARF variable descriptions. * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878, PR26740, PR26778,PR26763, PR26685, PR26699, PR26902, PR26869, PR26711 * The above includes fixes for dwo files produced by modern dwp, fixing several problems in the DWARF reader. Update binutils to 2.35.1 and rebased branch diff: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. This fixes an incompatibility introduced in the latest update that broke the install scripts of the Oracle server. [bsc#1179341] -----------------------------------------------------------------Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) -----------------------------------------------------------------Advisory ID: SUSE-RU-2020:3704-1 Released: Tue Dec 8 08:31:07 2020 Summary: Recommended update for rook Type: recommended Severity: moderate References: This update for rook fixes the following issues: - Derive CSI and sidecar image versions from code defaults rather than images found in the build service. . SUSE Container Maintenance Notice for ses/7/rook/ceph highlights critical vulnerabilities that require urgent attention and corrective measures.. SUSE Security, Rook Ceph, Container Update. . Severity: Important. LinuxSecurity.com Team
Dec 08, 2020
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!