SUSE-SU-2022:3896-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20223896-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3896-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:3896-1
Related
Published
2022-11-08T09:17:04Z
Modified
2022-11-08T09:17:04Z
Summary
Security update for conmon
Details

This update for conmon fixes the following issues:

conmon was updated to 2.1.3:

  • Stop using gunixsignal_add() to avoid threads
  • Rename CLI optionlog-size-global-max to log-global-size-max

Update to version 2.1.2:

  • add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285)
  • journald: print tag and name if both are specified
  • drop some logs to debug level

Update to version 2.1.0

  • logging: buffer partial messages to journald
  • exit: close all fds >= 3
  • fix: cgroup: Free memorycgroupfilepath if open fails. Call gfree instead of free.

Update to version 2.0.32

  • Fix: Avoid mainfd_std{in,out} sharing the same file descriptor.
  • exit_command: Fix: unset subreaper attribute before running exit command

Update to version 2.0.31

  • logging: new mode -l passthrough
  • ctrlogs: use container name or ID as SYSLOGIDENTIFIER for journald
  • conmon: Fix: free userdata files before exec cleanup

Update to version 2.0.30:

  • Remove unreachable code path
  • exit: report if the exit command was killed
  • exit: fix race zombie reaper
  • conn_sock: allow watchdog messages through the notify socket proxy
  • seccomp: add support for seccomp notify

Update to version 2.0.29:

  • Reset OOM score back to 0 for container runtime
  • call functions registered with atexit on SIGTERM
  • conn_sock: fix potential segfault

Update to version 2.0.27:

  • Add CRI-O integration test GitHub action
  • exec: don't fail on EBADFD
  • close_fds: fix close of external fds
  • Add arm64 static build binary

Update to version 2.0.26:

  • conn_sock: do not fail on EAGAIN
  • fix segfault from a double freed pointer
  • Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was.
  • improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it)
  • add full-attach option to allow callers to not truncate a very long path for the attach socket
  • close only opened FDs
  • set locale to inherit environment

Update to version 2.0.22:

  • added man page
  • attach: always chdir
  • conn_sock: Explicitly free a heap-allocated string
  • refactor I/O and add SD_NOTIFY proxy support

Update to version 2.0.21:

  • protect against kill(-1)
  • Makefile: enable debuginfo generation
  • Remove go.sum file and add go.mod
  • Fail if conmon config could not be written
  • nix: remove double definition for e2fsprogs
  • Speedup static build by utilizing CI cache on /nix folder
  • Fix nix build for failing e2fsprogs tests
  • test: fix CI
  • Use Podman for building
References

Affected packages

SUSE:Linux Enterprise High Performance Computing 15 SP1-ESPOS / conmon

Package

Name
conmon
Purl
purl:rpm/suse/conmon&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-150100.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "conmon": "2.1.3-150100.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS / conmon

Package

Name
conmon
Purl
purl:rpm/suse/conmon&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-150100.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "conmon": "2.1.3-150100.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOS / conmon

Package

Name
conmon
Purl
purl:rpm/suse/conmon&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-150100.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "conmon": "2.1.3-150100.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS / conmon

Package

Name
conmon
Purl
purl:rpm/suse/conmon&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-150100.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "conmon": "2.1.3-150100.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-BCL / conmon

Package

Name
conmon
Purl
purl:rpm/suse/conmon&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-150100.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "conmon": "2.1.3-150100.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-LTSS / conmon

Package

Name
conmon
Purl
purl:rpm/suse/conmon&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-150100.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "conmon": "2.1.3-150100.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-BCL / conmon

Package

Name
conmon
Purl
purl:rpm/suse/conmon&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-150100.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "conmon": "2.1.3-150100.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-LTSS / conmon

Package

Name
conmon
Purl
purl:rpm/suse/conmon&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-150100.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "conmon": "2.1.3-150100.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / conmon

Package

Name
conmon
Purl
purl:rpm/suse/conmon&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-150100.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "conmon": "2.1.3-150100.3.9.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / conmon

Package

Name
conmon
Purl
purl:rpm/suse/conmon&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-150100.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "conmon": "2.1.3-150100.3.9.1"
        }
    ]
}

SUSE:Manager Proxy 4.1 / conmon

Package

Name
conmon
Purl
purl:rpm/suse/conmon&distro=SUSE%20Manager%20Proxy%204.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-150100.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "conmon": "2.1.3-150100.3.9.1"
        }
    ]
}

SUSE:Manager Retail Branch Server 4.1 / conmon

Package

Name
conmon
Purl
purl:rpm/suse/conmon&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-150100.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "conmon": "2.1.3-150100.3.9.1"
        }
    ]
}

SUSE:Manager Server 4.1 / conmon

Package

Name
conmon
Purl
purl:rpm/suse/conmon&distro=SUSE%20Manager%20Server%204.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-150100.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "conmon": "2.1.3-150100.3.9.1"
        }
    ]
}

SUSE:Enterprise Storage 6 / conmon

Package

Name
conmon
Purl
purl:rpm/suse/conmon&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-150100.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "conmon": "2.1.3-150100.3.9.1"
        }
    ]
}

SUSE:Enterprise Storage 7 / conmon

Package

Name
conmon
Purl
purl:rpm/suse/conmon&distro=SUSE%20Enterprise%20Storage%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.3-150100.3.9.1

Ecosystem specific

{
    "binaries": [
        {
            "conmon": "2.1.3-150100.3.9.1"
        }
    ]
}