Описание
Security update for zstd
This update for zstd fixes the following issues:
- CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371).
- CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370).
Список пакетов
Container bci/bci-init:15.3
libzstd1-1.4.4-1.6.1
Container bci/bci-minimal:15.3
libzstd1-1.4.4-1.6.1
Container bci/dotnet-aspnet:3.1
libzstd1-1.4.4-1.6.1
Container bci/dotnet-aspnet:5.0
libzstd1-1.4.4-1.6.1
Container bci/dotnet-aspnet:latest
libzstd1-1.4.4-1.6.1
Container bci/dotnet-runtime:3.1
libzstd1-1.4.4-1.6.1
Container bci/dotnet-runtime:5.0
libzstd1-1.4.4-1.6.1
Container bci/dotnet-runtime:latest
libzstd1-1.4.4-1.6.1
Container bci/dotnet-sdk:3.1
libzstd1-1.4.4-1.6.1
Container bci/dotnet-sdk:5.0
libzstd1-1.4.4-1.6.1
Container bci/dotnet-sdk:latest
libzstd1-1.4.4-1.6.1
Container bci/golang:1.16
libzstd1-1.4.4-1.6.1
Container bci/golang:1.17
libzstd1-1.4.4-1.6.1
Container bci/golang:latest
libzstd1-1.4.4-1.6.1
Container bci/node:12
libzstd1-1.4.4-1.6.1
Container bci/node:14
libzstd1-1.4.4-1.6.1
Container bci/nodejs:latest
libzstd1-1.4.4-1.6.1
Container bci/openjdk-devel:11
libzstd1-1.4.4-1.6.1
Container bci/openjdk:latest
libzstd1-1.4.4-1.6.1
Container bci/python:3
libzstd1-1.4.4-1.6.1
Container bci/ruby:latest
libzstd1-1.4.4-1.6.1
Container caasp/v4/389-ds:1.4.2
libzstd1-1.4.4-1.6.1
Container caasp/v4/busybox:1.34.1
libzstd1-1.4.4-1.6.1
Container caasp/v4/caasp-dex:2.16.0
libzstd1-1.4.4-1.6.1
Container caasp/v4/cert-exporter:2.3.0
libzstd1-1.4.4-1.6.1
Container caasp/v4/cilium-etcd-operator:2.0.5
libzstd1-1.4.4-1.6.1
Container caasp/v4/cilium-init:1.5.3
libzstd1-1.4.4-1.6.1
Container caasp/v4/cilium-operator:1.6.6
libzstd1-1.4.4-1.6.1
Container caasp/v4/cilium:1.6.6
libzstd1-1.4.4-1.6.1
Container caasp/v4/cloud-provider-openstack:1.15.0
libzstd1-1.4.4-1.6.1
Container caasp/v4/configmap-reload:0.3.0
libzstd1-1.4.4-1.6.1
Container caasp/v4/coredns:1.6.7
libzstd1-1.4.4-1.6.1
Container caasp/v4/curl:7.60.0
libzstd1-1.4.4-1.6.1
Container caasp/v4/etcd:3.4.13
libzstd1-1.4.4-1.6.1
Container caasp/v4/gangway:3.1.0
libzstd1-1.4.4-1.6.1
Container caasp/v4/grafana:7.5.12
libzstd1-1.4.4-1.6.1
Container caasp/v4/helm-tiller:2.16.12
libzstd1-1.4.4-1.6.1
Container caasp/v4/hyperkube:v1.17.17
libzstd1-1.4.4-1.6.1
Container caasp/v4/k8s-sidecar:0.1.75
libzstd1-1.4.4-1.6.1
Container caasp/v4/kube-state-metrics:1.9.3
libzstd1-1.4.4-1.6.1
Container caasp/v4/kubernetes-client:1.17.17
libzstd1-1.4.4-1.6.1
Container caasp/v4/kucero:1.3.0
libzstd1-1.4.4-1.6.1
Container caasp/v4/kured:1.3.0
libzstd1-1.4.4-1.6.1
Container caasp/v4/metrics-server:0.3.6
libzstd1-1.4.4-1.6.1
Container caasp/v4/prometheus-alertmanager:0.16.2
libzstd1-1.4.4-1.6.1
Container caasp/v4/prometheus-node-exporter:1.1.2
libzstd1-1.4.4-1.6.1
Container caasp/v4/prometheus-pushgateway:0.6.0
libzstd1-1.4.4-1.6.1
Container caasp/v4/prometheus-server:2.7.1
libzstd1-1.4.4-1.6.1
Container caasp/v4/rsyslog:8.39.0
libzstd1-1.4.4-1.6.1
Container caasp/v4/skuba-tooling:0.1.0
libzstd1-1.4.4-1.6.1
Container caasp/v4/test-update:beta
libzstd1-1.4.4-1.6.1
Container caasp/v4/velero-plugin-for-aws:1.0.1
libzstd1-1.4.4-1.6.1
Container caasp/v4/velero-plugin-for-gcp:1.0.1
libzstd1-1.4.4-1.6.1
Container caasp/v4/velero-plugin-for-microsoft-azure:1.0.1
libzstd1-1.4.4-1.6.1
Container caasp/v4/velero-restic-restore-helper:1.3.1
libzstd1-1.4.4-1.6.1
Container caasp/v4/velero:1.3.1
libzstd1-1.4.4-1.6.1
Container ses/6/cephcsi/cephcsi:latest
libzstd1-1.4.4-1.6.1
Container ses/6/rook/ceph:latest
libzstd1-1.4.4-1.6.1
Container ses/7.1/ceph/grafana:latest
libzstd1-1.4.4-1.6.1
Container ses/7.1/ceph/haproxy:latest
libzstd1-1.4.4-1.6.1
Container ses/7.1/ceph/keepalived:latest
libzstd1-1.4.4-1.6.1
Container ses/7.1/ceph/prometheus-alertmanager:latest
libzstd1-1.4.4-1.6.1
Container ses/7.1/ceph/prometheus-node-exporter:latest
libzstd1-1.4.4-1.6.1
Container ses/7.1/ceph/prometheus-server:latest
libzstd1-1.4.4-1.6.1
Container ses/7.1/ceph/prometheus-snmp_notifier:latest
libzstd1-1.4.4-1.6.1
Container ses/7.1/cephcsi/cephcsi:latest
libzstd1-1.4.4-1.6.1
Container ses/7.1/cephcsi/csi-attacher:v4.1.0
libzstd1-1.4.4-1.6.1
Container ses/7.1/cephcsi/csi-node-driver-registrar:v2.7.0
libzstd1-1.4.4-1.6.1
Container ses/7.1/cephcsi/csi-provisioner:v3.4.0
libzstd1-1.4.4-1.6.1
Container ses/7.1/cephcsi/csi-resizer:v1.7.0
libzstd1-1.4.4-1.6.1
Container ses/7.1/cephcsi/csi-snapshotter:v6.2.1
libzstd1-1.4.4-1.6.1
Container ses/7.1/rook/ceph:latest
libzstd1-1.4.4-1.6.1
Container ses/7/ceph/grafana:latest
libzstd1-1.4.4-1.6.1
Container ses/7/ceph/prometheus-alertmanager:latest
libzstd1-1.4.4-1.6.1
Container ses/7/ceph/prometheus-node-exporter:latest
libzstd1-1.4.4-1.6.1
Container ses/7/ceph/prometheus-server:latest
libzstd1-1.4.4-1.6.1
Container ses/7/cephcsi/cephcsi:latest
libzstd1-1.4.4-1.6.1
Container ses/7/cephcsi/csi-attacher:v3.3.0
libzstd1-1.4.4-1.6.1
Container ses/7/cephcsi/csi-livenessprobe:v1.1.0
libzstd1-1.4.4-1.6.1
Container ses/7/cephcsi/csi-node-driver-registrar:v2.3.0
libzstd1-1.4.4-1.6.1
Container ses/7/cephcsi/csi-provisioner:v3.0.0
libzstd1-1.4.4-1.6.1
Container ses/7/cephcsi/csi-resizer:v1.3.0
libzstd1-1.4.4-1.6.1
Container ses/7/cephcsi/csi-snapshotter:v2.1.0
libzstd1-1.4.4-1.6.1
Container ses/7/cephcsi/csi-snapshotter:v4.2.0
libzstd1-1.4.4-1.6.1
Container ses/7/prometheus-webhook-snmp:latest
libzstd1-1.4.4-1.6.1
Container ses/7/rook/ceph:latest
libzstd1-1.4.4-1.6.1
Container suse/pcp:latest
libzstd1-1.4.4-1.6.1
Container suse/rmt-mariadb-client:latest
libzstd1-1.4.4-1.6.1
Container suse/rmt-mariadb:latest
libzstd1-1.4.4-1.6.1
Container suse/rmt-nginx:latest
libzstd1-1.4.4-1.6.1
Container suse/rmt-server:latest
libzstd1-1.4.4-1.6.1
Container suse/sle-micro-rancher/5.2:latest
libzstd1-1.4.4-1.6.1
zstd-1.4.4-1.6.1
Container suse/sle-micro/5.1/toolbox:latest
libzstd1-1.4.4-1.6.1
Container suse/sle-micro/5.2/toolbox:latest
libzstd1-1.4.4-1.6.1
Container suse/sle15:15.0
libzstd1-1.4.4-1.6.1
Container suse/sle15:15.1
libzstd1-1.4.4-1.6.1
Container suse/sle15:15.2
libzstd1-1.4.4-1.6.1
Container suse/sle15:15.3
libzstd1-1.4.4-1.6.1
Container suse/sles/15.2/virt-api:0.38.1
libzstd1-1.4.4-1.6.1
Container suse/sles/15.2/virt-controller:0.38.1
libzstd1-1.4.4-1.6.1
Container suse/sles/15.2/virt-handler:0.38.1
libzstd1-1.4.4-1.6.1
Container suse/sles/15.2/virt-launcher:0.38.1
libzstd1-1.4.4-1.6.1
Container suse/sles/15.2/virt-operator:0.38.1
libzstd1-1.4.4-1.6.1
Container suse/sles/15.3/cdi-apiserver:1.37.1
libzstd1-1.4.4-1.6.1
Container suse/sles/15.3/cdi-cloner:1.37.1
libzstd1-1.4.4-1.6.1
Container suse/sles/15.3/cdi-controller:1.37.1
libzstd1-1.4.4-1.6.1
Container suse/sles/15.3/cdi-importer:1.37.1
libzstd1-1.4.4-1.6.1
Container suse/sles/15.3/cdi-operator:1.37.1
libzstd1-1.4.4-1.6.1
Container suse/sles/15.3/cdi-uploadproxy:1.37.1
libzstd1-1.4.4-1.6.1
Container suse/sles/15.3/cdi-uploadserver:1.37.1
libzstd1-1.4.4-1.6.1
Container suse/sles/15.3/libguestfs-tools:0.45.0
libzstd1-1.4.4-1.6.1
Container suse/sles/15.3/virt-api:0.45.0
libzstd1-1.4.4-1.6.1
Container suse/sles/15.3/virt-controller:0.45.0
libzstd1-1.4.4-1.6.1
Container suse/sles/15.3/virt-handler:0.45.0
libzstd1-1.4.4-1.6.1
Container suse/sles/15.3/virt-launcher:0.45.0
libzstd1-1.4.4-1.6.1
Container suse/sles/15.3/virt-operator:0.45.0
libzstd1-1.4.4-1.6.1
Container trento/trento-db:latest
libzstd1-1.4.4-1.6.1
Container trento/trento-runner:latest
libzstd1-1.4.4-1.6.1
Image SLES15-Azure-BYOS
libzstd1-1.4.4-1.6.1
Image SLES15-EC2-CHOST-HVM-BYOS
libzstd1-1.4.4-1.6.1
Image SLES15-EC2-HVM-BYOS
libzstd1-1.4.4-1.6.1
Image SLES15-GCE-BYOS
libzstd1-1.4.4-1.6.1
Image SLES15-SAP-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SAP-Azure-BYOS
libzstd1-1.4.4-1.6.1
Image SLES15-SAP-Azure-LI-BYOS-Production
libzstd1-1.4.4-1.6.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
libzstd1-1.4.4-1.6.1
Image SLES15-SAP-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SAP-EC2-HVM-BYOS
libzstd1-1.4.4-1.6.1
Image SLES15-SAP-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SAP-GCE-BYOS
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-Azure-BYOS
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-Azure-HPC-BYOS
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-CHOST-BYOS-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-CHOST-BYOS-EC2
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-CHOST-BYOS-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-EC2-HPC-HVM-BYOS
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-EC2-HVM-BYOS
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-GCE-BYOS
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-SAP-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-SAP-Azure-BYOS
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-SAP-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-SAP-EC2-HVM-BYOS
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-SAP-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-SAP-GCE-BYOS
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-SAPCAL-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-SAPCAL-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP1-SAPCAL-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-Azure-Basic
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-Azure-Standard
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-BYOS-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-BYOS-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-BYOS-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-CHOST-BYOS-Aliyun
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-CHOST-BYOS-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-CHOST-BYOS-EC2
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-CHOST-BYOS-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-EC2-ECS-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-HPC-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-HPC-BYOS-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-HPC-BYOS-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-SAP-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-SAP-BYOS-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-SAP-BYOS-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-SAP-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP2-SAP-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-BYOS-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-BYOS-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-BYOS-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-CHOST-BYOS-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-CHOST-BYOS-EC2
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-CHOST-BYOS-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-EC2-ECS-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-EC2-HVM
libzstd1-1.4.4-1.6.1
libzstd1-32bit-1.4.4-1.6.1
Image SLES15-SP3-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-HPC-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-HPC-BYOS-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-HPC-BYOS-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-Micro-5-1-BYOS-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-Micro-5-1-BYOS-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-Micro-5-2-BYOS-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-Micro-5-2-BYOS-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-Micro-BYOS-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-SAP-Azure
libzstd1-1.4.4-1.6.1
libzstd1-32bit-1.4.4-1.6.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-SAP-BYOS-Azure
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-SAP-BYOS-GCE
libzstd1-1.4.4-1.6.1
Image SLES15-SP3-SAP-EC2-HVM
libzstd1-1.4.4-1.6.1
libzstd1-32bit-1.4.4-1.6.1
Image SLES15-SP3-SAP-GCE
libzstd1-1.4.4-1.6.1
libzstd1-32bit-1.4.4-1.6.1
Image SLES15-SP3-SAPCAL-Azure
libzstd1-1.4.4-1.6.1
libzstd1-32bit-1.4.4-1.6.1
Image SLES15-SP3-SAPCAL-EC2-HVM
libzstd1-1.4.4-1.6.1
libzstd1-32bit-1.4.4-1.6.1
Image SLES15-SP3-SAPCAL-GCE
libzstd1-1.4.4-1.6.1
libzstd1-32bit-1.4.4-1.6.1
SUSE Linux Enterprise Micro 5.0
libzstd1-1.4.4-1.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
libzstd-devel-1.4.4-1.6.1
libzstd1-1.4.4-1.6.1
libzstd1-32bit-1.4.4-1.6.1
zstd-1.4.4-1.6.1
Ссылки
- Link for SUSE-SU-2021:0948-1
- E-Mail link for SUSE-SU-2021:0948-1
- SUSE Security Ratings
- SUSE Bug 1183370
- SUSE Bug 1183371
- SUSE CVE CVE-2021-24031 page
- SUSE CVE CVE-2021-24032 page
Описание
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
Затронутые продукты
Container bci/bci-init:15.3:libzstd1-1.4.4-1.6.1
Container bci/bci-minimal:15.3:libzstd1-1.4.4-1.6.1
Container bci/dotnet-aspnet:3.1:libzstd1-1.4.4-1.6.1
Container bci/dotnet-aspnet:5.0:libzstd1-1.4.4-1.6.1
Ссылки
- CVE-2021-24031
- SUSE Bug 1183371
Описание
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.
Затронутые продукты
Container bci/bci-init:15.3:libzstd1-1.4.4-1.6.1
Container bci/bci-minimal:15.3:libzstd1-1.4.4-1.6.1
Container bci/dotnet-aspnet:3.1:libzstd1-1.4.4-1.6.1
Container bci/dotnet-aspnet:5.0:libzstd1-1.4.4-1.6.1
Ссылки
- CVE-2021-24032
- SUSE Bug 1183370
- SUSE Bug 1183371