SUSE Security Update: Security update for SLES 12-SP2 Docker image
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2701-1
Rating: important
References: #1056193
Cross-References: CVE-2012-6702 CVE-2015-3238 CVE-2016-10156
CVE-2016-1839 CVE-2016-2037 CVE-2016-4658
CVE-2016-5011 CVE-2016-5300 CVE-2016-7055
CVE-2016-9063 CVE-2016-9318 CVE-2016-9401
CVE-2016-9586 CVE-2016-9597 CVE-2016-9840
CVE-2016-9841 CVE-2016-9842 CVE-2016-9843
CVE-2017-0663 CVE-2017-1000100 CVE-2017-1000101
CVE-2017-1000366 CVE-2017-10684 CVE-2017-10685
CVE-2017-11112 CVE-2017-11113 CVE-2017-2616
CVE-2017-3731 CVE-2017-3732 CVE-2017-5969
CVE-2017-6507 CVE-2017-7375 CVE-2017-7376
CVE-2017-7407 CVE-2017-7435 CVE-2017-7436
CVE-2017-7526 CVE-2017-8872 CVE-2017-9047
CVE-2017-9048 CVE-2017-9049 CVE-2017-9050
CVE-2017-9217 CVE-2017-9233 CVE-2017-9269
CVE-2017-9287 CVE-2017-9445
Affected Products:
SUSE Linux Enterprise Module for Containers 12
______________________________________________________________________________

An update that fixes 47 vulnerabilities is now available.

Description:

The SUSE Linux Enterprise Server 12 SP2 container image has been updated
to include security and stability fixes.

The following issues related to building of the container images have been
fixed:

– Included krb5 package to avoid the inclusion of krb5-mini which gets
selected as a dependency by the Build Service solver. (bsc#1056193)

A number of security issues that have been already fixed by updates
released for SUSE Linux Enterprise Server 12 are now included in the base
image. A package/CVE cross-reference is available below.

bash:

– CVE-2016-9401

expat:

– CVE-2012-6702
– CVE-2016-5300
– CVE-2016-9063
– CVE-2017-9233

curl:

– CVE-2016-9586
– CVE-2017-1000100
– CVE-2017-1000101
– CVE-2017-7407

glibc:

– CVE-2017-1000366

openssl:

– CVE-2017-3731
– CVE-2017-3732
– CVE-2016-7055

pam:

– CVE-2015-3238

apparmor:

– CVE-2017-6507

ncurses:

– CVE-2017-10684
– CVE-2017-10685
– CVE-2017-11112
– CVE-2017-11113

libgcrypt:

– CVE-2017-7526

libxml2:

– CVE-2016-1839
– CVE-2016-4658
– CVE-2016-9318
– CVE-2016-9597
– CVE-2017-0663
– CVE-2017-5969
– CVE-2017-7375
– CVE-2017-7376
– CVE-2017-8872
– CVE-2017-9047
– CVE-2017-9048
– CVE-2017-9049
– CVE-2017-9050

libzypp:

– CVE-2017-9269
– CVE-2017-7435
– CVE-2017-7436

openldap2:

– CVE-2017-9287

systemd:

– CVE-2016-10156
– CVE-2017-9217
– CVE-2017-9445

util-linux:

– CVE-2016-5011
– CVE-2017-2616

zlib:

– CVE-2016-9840
– CVE-2016-9841
– CVE-2016-9842
– CVE-2016-9843

zypper:

– CVE-2017-7436

Finally, the following packages received non-security fixes:

– binutils
– cpio
– cryptsetup
– cyrus-sasl
– dbus-1
– dirmngr
– e2fsprogs
– gpg2
– insserv-compat
– kmod
– libsolv
– libsemanage
– lvm2
– lua51
– netcfg
– procps
– sed
– sg3_utils
– shadow

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Module for Containers 12:

zypper in -t patch SUSE-SLE-Module-Containers-12-2017-1674=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64):

sles12sp2-docker-image-1.0.2-20171006

References:

https://www.suse.com/security/cve/CVE-2012-6702.html
https://www.suse.com/security/cve/CVE-2015-3238.html
https://www.suse.com/security/cve/CVE-2016-10156.html
https://www.suse.com/security/cve/CVE-2016-1839.html
https://www.suse.com/security/cve/CVE-2016-2037.html
https://www.suse.com/security/cve/CVE-2016-4658.html
https://www.suse.com/security/cve/CVE-2016-5011.html
https://www.suse.com/security/cve/CVE-2016-5300.html
https://www.suse.com/security/cve/CVE-2016-7055.html
https://www.suse.com/security/cve/CVE-2016-9063.html
https://www.suse.com/security/cve/CVE-2016-9318.html
https://www.suse.com/security/cve/CVE-2016-9401.html
https://www.suse.com/security/cve/CVE-2016-9586.html
https://www.suse.com/security/cve/CVE-2016-9597.html
https://www.suse.com/security/cve/CVE-2016-9840.html
https://www.suse.com/security/cve/CVE-2016-9841.html
https://www.suse.com/security/cve/CVE-2016-9842.html
https://www.suse.com/security/cve/CVE-2016-9843.html
https://www.suse.com/security/cve/CVE-2017-0663.html
https://www.suse.com/security/cve/CVE-2017-1000100.html
https://www.suse.com/security/cve/CVE-2017-1000101.html
https://www.suse.com/security/cve/CVE-2017-1000366.html
https://www.suse.com/security/cve/CVE-2017-10684.html
https://www.suse.com/security/cve/CVE-2017-10685.html
https://www.suse.com/security/cve/CVE-2017-11112.html
https://www.suse.com/security/cve/CVE-2017-11113.html
https://www.suse.com/security/cve/CVE-2017-2616.html
https://www.suse.com/security/cve/CVE-2017-3731.html
https://www.suse.com/security/cve/CVE-2017-3732.html
https://www.suse.com/security/cve/CVE-2017-5969.html
https://www.suse.com/security/cve/CVE-2017-6507.html
https://www.suse.com/security/cve/CVE-2017-7375.html
https://www.suse.com/security/cve/CVE-2017-7376.html
https://www.suse.com/security/cve/CVE-2017-7407.html
https://www.suse.com/security/cve/CVE-2017-7435.html
https://www.suse.com/security/cve/CVE-2017-7436.html
https://www.suse.com/security/cve/CVE-2017-7526.html
https://www.suse.com/security/cve/CVE-2017-8872.html
https://www.suse.com/security/cve/CVE-2017-9047.html
https://www.suse.com/security/cve/CVE-2017-9048.html
https://www.suse.com/security/cve/CVE-2017-9049.html
https://www.suse.com/security/cve/CVE-2017-9050.html
https://www.suse.com/security/cve/CVE-2017-9217.html
https://www.suse.com/security/cve/CVE-2017-9233.html
https://www.suse.com/security/cve/CVE-2017-9269.html
https://www.suse.com/security/cve/CVE-2017-9287.html
https://www.suse.com/security/cve/CVE-2017-9445.html
https://bugzilla.suse.com/1056193

—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org