Stay Secure with the Latest Linux Advisories

security advisorydenial of serviceimportant

SUSE Container Update: Trento 0.9.0 Important Denial Of Service Fix

The container trento/trento-web was updated. The following patches have been included in this update:. SUSE Container Update Advisory: trento/trento-web ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:240-1 Container Tags : trento/trento-web:0.9.0 , trento/trento-web:0.9.0-rev1.0.1 , trento/trento-web:0.9.0-rev1.0.1-build3.2.2 , trento/trento-web:latest Container Release : 3.2.2 Severity : important Type : security References : 1120610 1130496 1181131 1184124 CVE-2018-20482 CVE-2019-9923 CVE-2021-20193 ----------------------------------------------------------------- The container trento/trento-web was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:471-1 Released: Thu Feb 17 09:58:37 2022 Summary: Recommended update for trento-premium Type: recommended Severity: important References: This update for trento-premium fixes the following issues: - Releasing new sub-package 'trento-premium-installer'. (jsc#MSC-302) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:579-1 Released: Mon Feb 28 11:12:24 2022 Summary: Recommended update for trento-premium Type: recommended Severity: moderate References: This update for trento-premium fixes the following issues: Release 0.9.0 ### Added - Pin specific container image versions in the helm chart values - review values for SUSE infrastructure - Add health summary api endpoint - Homepage UI component - Embed cpu and memory usage dashboards in host detail - Sap system health computation - Attach system replication status badge on secondary node - Add remediation command to the corosync token timeouts checks - Add node exporter state in the frontend - Add prometheus grafana to helm chart - Prometheus HTTP service discovery API - Adds feedback collector - Add connection retry when starting Web and Runner ### Fixed - Web serve command not stopped correctly during database initializaion tries - Links in compressed sidebar don't work - CD process doesn't clean up old node module tgz files - Aligns Overview - Use context correctly during db initialization - Compute attached database health - Fix dump scenario script clean-up command - Push catalog info after the checks - Show all sbd devices - Do not make assumptions about the shape of the payload of checks catalog - Remove mention of Blue Horizon from landing page - Links in compressed sidebar are working again ### ClosedIssues - Checks catalog empty - Settings button missing in Pacemaker Clusters details view ### Other Changes - Enable Grafana persistence - Fix health summary api - Fix grafana secret - Fix grafana embedding - Implement cluster heatlh computation projection - refresh zypper repo before installing node exporter - Add Grafana initialization - Run prometheus installation as root - Do not add bitnami charts repo from the installer if it's not needed - Fix dependabot auto-merge workflow - Change trento path in the Dockerfile - Allows Grafana dashboards to be embedded - Add hana cluster details e2e test - E2e test cluster overview - Switch to the SLE BCI images The following package changes have been done: - tar-1.30-3.9.1 added - trento-premium-0.9.0+git.dev74.1645798943.a1180f8-150300.3.10.1 updated . Important patches released for SUSE container trento/trento-web addressing potential denial of service vulnerabilities. Maintain your security!. SUSE Container Advisory, Trento Web, Denial of Service Update, Security Fixes. . Severity: Important. LinuxSecurity.com Team

Mar 01, 2022 •Important SuSE