SUSE: 2022:35-1 suse/sles/15.3/virt-handler Security Update
Summary
Advisory ID: SUSE-RU-2021:3203-1 Released: Thu Sep 23 14:41:35 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3241-1 Released: Tue Sep 28 00:24:49 2021 Summary: Recommended update for multipath-tools Type: recommended Severity: important Advisory ID: SUSE-RU-2021:3306-1 Released: Wed Oct 6 18:11:57 2021 Summary: Recommended update for numactl Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3310-1 Released: Wed Oct 6 18:12:41 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3410-1 Released: Wed Oct 13 10:41:36 2021 Summary: Recommended update for xkeyboard-config Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3411-1 Released: Wed Oct 13 10:42:25 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3413-1 Released: Wed Oct 13 10:50:45 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important Advisory ID: SUSE-SU-2021:3474-1 Released: Wed Oct 20 08:41:31 2021 Summary: Security update for util-linux Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3509-1 Released: Tue Oct 26 09:47:40 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important Advisory ID: SUSE-RU-2021:3538-1 Released: Wed Oct 27 10:40:32 2021 Summary: Recommended update for iproute2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3589-1 Released: Mon Nov 1 19:27:52 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:3605-1 Released: Wed Nov 3 14:59:32 2021 Summary: Security update for qemu Type: security Severity: important Advisory ID: SUSE-SU-2021:3619-1 Released: Fri Nov 5 12:29:52 2021 Summary: Security update for libvirt Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3663-1 Released: Mon Nov 15 19:14:32 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3792-1 Released: Wed Nov 24 06:12:09 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-usersType: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3985-1 Released: Fri Dec 10 06:08:24 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:4014-1 Released: Mon Dec 13 13:57:39 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:4104-1 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Type: security Severity: moderate Advisory ID: SUSE-RU-2021:4165-1 Released: Wed Dec 22 22:52:11 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important Advisory ID: SUSE-RU-2022:2-1 Released: Mon Jan 3 08:27:18 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:21-1 Released: Tue Jan 4 16:06:08 2022 Summary: Security update for libvirt Type: security Severity: important Advisory ID: SUSE-SU-2022:40-1 Released: Mon Jan 10 10:45:12 2022 Summary: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container Type: security Severity: important
References
References : 1134353 1160242 1177902 1178236 1180125 1183247 1183374 1183858
1183905 1184994 1185588 1186071 1186398 1187196 1187668 1188291
1188588 1188713 1188921 1189176 1189234 1189241 1189287 1189441
1189446 1189480 1189537 1189702 1189841 1189938 1190190 1190401
1190420 1190425 1190440 1190493 1190587 1190598 1190622 1190693
1190695 1190839 1190917 1190984 1191019 1191200 1191242 1191260
1191480 1191532 1191668 1191690 1191690 1191804 1191804 1191922
1192017 1192104 1192161 1192423 1192858 1193181 1193430 1193623
1193719 1193759 1193930 1193981 1194041 CVE-2021-3426 CVE-2021-3713
CVE-2021-3733 CVE-2021-3737 CVE-2021-3748 CVE-2021-37600 CVE-2021-4147
CVE-2021-43565
1189537,1190190
This update for kmod fixes the following issues:
- Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190).
- Enable support for ZSTD compressed modules
- Display module information even for modules built into the running kernel (bsc#1189537)
- '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well.
- Remove test patches included in release 29
- Update to release 29
* Fix `modinfo -F` not working for built-in modules and certain fields.
* Fix a memory leak, overflow and double free on error path.
1189176,1190622
This update for multipath-tools provides the following fixes:
- Update to version 0.8.5+82+suse.746b76e:
* libmultipath: avoid buffer size warning with systemd 240+. (bsc#1189176)
- Add a versioned dependency of multipath-tools on libmpath0. (bsc#1190622)
This update for numactl fixes the following issues:
- Fix System call numbers on s390x.
- Debug verify for --preferred option.
- Description for the usage of numactl.
- Varios memleacks on source files: sysfs.c, shm.c and numactl.c
- Description for numa_node_size64 and definition for numa_node_size in manpage.
- link with -latomic when needed.
- Clear race conditions on numa_police_memory().
- numademo: Use first two nodes instead of node 0 and 1
- Enhance _service settings
- Enable automake
1134353,1184994,1188291,1188588,1188713,1189446,1189480
This update for systemd fixes the following issues:
- Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353).
- Multipath: Rules weren't applied to dm devices (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994).
- Remove kernel unsupported single-queue block I/O.
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when updating active udev on sockets restart (bsc#1188291).
- Merge of v246.16, for a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d
- Drop 1007-tmpfiles-follow-SUSE-policies.patch:
Since most of the tmpfiles config files shipped by upstream are
ignored (see previous commit 'Drop most of the tmpfiles that deal
with generic paths'), this patch is no more relevant.
Additional fixes:
- core: make sure cgroup_oom_queue is flushed on manager exit.
- cgroup: do 'catchup' for unit cgroup inotify watch files.
- journalctl: never fail at flushing when the flushed flag is set (bsc#1188588).
- manager: reexecute on SIGRTMIN+25, user instances only.
- manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446).
- pid1: watchdog modernizations.
1191242
This update for xkeyboard-config fixes the following issue:
- Wrong keyboard mapping causing input delays with ABNT2 keyboards. (bsc#1191242)
1191019
This update for lvm2 fixes the following issues:
- Do not crash vgextend when extending VG with missing PV. (bsc#1191019)
1189441,1189841,1190598
This update for suse-module-tools fixes the following issues:
- Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598)
- Fixed an issue where initrd was not always rebuilding after installing
any kernel-*-extra package (bsc#1189441)
1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:
- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921)
1191200,1191260,1191480,1191804,1191922
This update for suse-module-tools fixes the following issues:
Update to version 15.3.13:
- Fix bad exit status in openQA. (bsc#1191922)
- Ignore kernel keyring for kernel certificates. (bsc#1191480)
- Deal with existing certificates that should be de-enrolled. (bsc#1191804)
- Don't pass existing files to weak-modules2. (bsc#1191200)
- Skip certificate scriptlet on non-UEFI systems. (bsc#1191260)
1160242
This update for iproute2 fixes the following issues:
- Follow-up fixes backported from upstream. (bsc#1160242)
1191690
This update for apparmor fixes the following issues:
- Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690)
1189234,1189702,1189938,1190425,CVE-2021-3713,CVE-2021-3748
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702)
- CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938)
Non-security issues fixed:
- Add transfer length item in block limits page of scsi vpd (bsc#1190425)
- Fix qemu crash while deleting xen-block (bsc#1189234)
1177902,1183247,1186398,1190420,1190493,1190693,1190695,1190917
This update for libvirt fixes the following issues:
- lxc: controller: Fix container launch on cgroup v1. (bsc#1183247)
- supportconfig: Use systemctl command 'is-active' instead of 'is-enabled' when checking if libvirtd is active.
- qemu: Do not report error in the logs when processing monitor IO. (bsc#1190917)
- spec: Fix an issue when package update hangs (bsc#1177902, bsc#1190693)
- spec: Don't add '--timeout' argument to '/etc/sysconfig/libvirtd' when running in traditional mode without socket activation. (bsc#1190695)
- libxl: Improve reporting of 'die_id' in capabilities. (bsc#1190493)
- libxl: Fix driver reload. (bsc#1190420)
- qemu: Set label on virtual host network device when hotplugging. (bsc#1186398)
- supportconfig: When checking for installed hypervisor drivers,
use the libvirtr-daemon-driver-
libvirt-daemon-
for a functioning hypervisor driver.
1191804
This update for suse-module-tools fixes the following issues:
- Update to version 15.3.14:
* more fixes for updates under secure boot
* cert-script: Deal with existing $cert.delete file (bsc#1191804).
1192104
This update for kmod fixes the following issues:
- Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256)
1186071,1190440,1190984,1192161
This update for systemd fixes the following issues:
- Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798)
- Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984)
- Support detection for ARM64 Hyper-V guests (bsc#1186071)
- Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440)
- Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694)
- Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)
1190401
This update for system-users fixes the following issues:
- system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401)
1187196
This update for suse-module-tools fixes the following issues:
- Blacklist isst_if_mbox_msr driver because uses hardware information based on
CPU family and model, which is too unspecific. On large systems, this causes a lot of
failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196)
1191532,1191690
This update for apparmor fixes the following issues:
Changes in apparmor:
- Add a profile for 'samba-bgqd'. (bsc#1191532)
- Fix 'Requires' of python3 module. (bsc#1191690)
1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737
This update for python3 fixes the following issues:
- CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374).
- CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241).
- CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287).
- We do not require python-rpm-macros package (bsc#1180125).
- Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858).
- Stop providing 'python' symbol, which means python2 currently (bsc#1185588).
- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).
1193430
This update for kmod fixes the following issues:
- Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430)
1192423,1192858,1193759
This update for systemd fixes the following issues:
- Bump the max number of inodes for /dev to a million (bsc#1192858)
- sleep: don't skip resume device with low priority/available space (bsc#1192423)
- test: use kbd-mode-map we ship in one more test case
- test-keymap-util: always use kbd-model-map we ship
- Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759)
1183905,1193181
This update for lvm2 fixes the following issues:
- Fix lvconvert not taking `--stripes` option (bsc#1183905)
- Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181)
1191668,1192017,1193623,1193719,1193981,1194041,CVE-2021-4147
This update for libvirt fixes the following issues:
- CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041)
1190587,1190839,1193930,CVE-2021-43565
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues:
- CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. (bsc#1193930)
The following package changes have been done:
- kubevirt-container-disk-0.45.0-8.7.1 updated
- kubevirt-virt-handler-0.45.0-8.7.1 updated
- libapparmor1-2.13.6-3.8.1 updated
- libdevmapper1_03-1.02.163-8.39.1 updated
- libkmod2-29-4.15.1 updated
- libnuma1-2.0.14.20.g4ee5e0c-10.1 updated
- system-group-kvm-20170617-17.3.1 updated
- suse-module-tools-15.3.15-3.17.1 updated
- libpython3_6m1_0-3.6.15-10.9.1 updated
- libmpath0-0.8.5+82+suse.746b76e-2.7.1 updated
- iproute2-5.3-5.5.1 updated
- xkeyboard-config-2.23.1-3.9.1 updated
- system-user-qemu-20170617-17.3.1 updated
- kmod-29-4.15.1 updated
- python3-base-3.6.15-10.9.1 updated
- systemd-246.16-7.28.1 updated
- udev-246.16-7.28.1 updated
- qemu-tools-5.2.0-106.4 updated
- util-linux-systemd-2.36.2-4.5.1 updated
- libvirt-libs-7.1.0-6.11.1 updated
- libvirt-client-7.1.0-6.11.1 updated
- python-rpm-macros-20200207.5feb6c1-3.11.1 removed