From sle-security-updates at lists.suse.com Wed Jul 1 04:17:15 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 1 Jul 2020 12:17:15 +0200 (CEST) Subject: SUSE-CU-2020:353-1: Security update of suse/sle15 Message-ID: <20200701101715.A3703FEE0@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:353-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.227 Container Release : 4.22.227 Severity : important Type : security References : 1157315 1162698 1164538 1169488 1171145 1172072 1173027 CVE-2020-8177 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1760-1 Released: Thu Jun 25 18:46:13 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1157315,1162698,1164538,1169488,1171145,1172072 This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1773-1 Released: Fri Jun 26 08:05:59 2020 Summary: Security update for curl Type: security Severity: important References: 1173027,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). From sle-security-updates at lists.suse.com Wed Jul 1 04:23:57 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 1 Jul 2020 12:23:57 +0200 (CEST) Subject: SUSE-CU-2020:354-1: Security update of suse/sle15 Message-ID: <20200701102357.D82AFFF0B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:354-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.260 Container Release : 6.2.260 Severity : important Type : security References : 1157315 1162698 1164538 1169357 1169488 1171145 1172072 1173027 CVE-2020-8177 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1759-1 Released: Thu Jun 25 18:44:37 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1169357 This update for krb5 fixes the following issue: - Call systemd to reload the services instead of init-scripts. (bsc#1169357) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1760-1 Released: Thu Jun 25 18:46:13 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1157315,1162698,1164538,1169488,1171145,1172072 This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1773-1 Released: Fri Jun 26 08:05:59 2020 Summary: Security update for curl Type: security Severity: important References: 1173027,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). From sle-security-updates at lists.suse.com Wed Jul 1 13:12:14 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 1 Jul 2020 21:12:14 +0200 (CEST) Subject: SUSE-SU-2020:14415-1: moderate: Security update for ntp Message-ID: <20200701191214.D8518FEE0@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14415-1 Rating: moderate References: #1169740 #1171355 #1172651 #1173334 Cross-References: CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-ntp-14415=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ntp-14415=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): ntp-4.2.8p15-64.16.1 ntp-doc-4.2.8p15-64.16.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): ntp-debuginfo-4.2.8p15-64.16.1 ntp-debugsource-4.2.8p15-64.16.1 References: https://www.suse.com/security/cve/CVE-2018-8956.html https://www.suse.com/security/cve/CVE-2020-11868.html https://www.suse.com/security/cve/CVE-2020-13817.html https://www.suse.com/security/cve/CVE-2020-15025.html https://bugzilla.suse.com/1169740 https://bugzilla.suse.com/1171355 https://bugzilla.suse.com/1172651 https://bugzilla.suse.com/1173334 From sle-security-updates at lists.suse.com Wed Jul 1 13:14:44 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 1 Jul 2020 21:14:44 +0200 (CEST) Subject: SUSE-SU-2020:1819-1: important: Security update for unbound Message-ID: <20200701191444.B86C9FEE0@maintenance.suse.de> SUSE Security Update: Security update for unbound ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1819-1 Rating: important References: #1157268 #1171889 Cross-References: CVE-2019-18934 CVE-2020-12662 CVE-2020-12663 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for unbound fixes the following issues: - CVE-2020-12662: Fixed an issue where unbound could have been tricked into amplifying an incoming query into a large number of queries directed to a target (bsc#1171889). - CVE-2020-12663: Fixed an issue where malformed answers from upstream name servers could have been used to make unbound unresponsive (bsc#1171889). - CVE-2019-18934: Fixed a vulnerability in the IPSec module which could have allowed code execution after receiving a special crafted answer (bsc#1157268). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1819=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1819=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1819=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1819=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libunbound2-1.6.8-3.6.1 libunbound2-debuginfo-1.6.8-3.6.1 unbound-anchor-1.6.8-3.6.1 unbound-anchor-debuginfo-1.6.8-3.6.1 unbound-debuginfo-1.6.8-3.6.1 unbound-debugsource-1.6.8-3.6.1 unbound-devel-1.6.8-3.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libunbound2-1.6.8-3.6.1 libunbound2-debuginfo-1.6.8-3.6.1 unbound-anchor-1.6.8-3.6.1 unbound-anchor-debuginfo-1.6.8-3.6.1 unbound-debuginfo-1.6.8-3.6.1 unbound-debugsource-1.6.8-3.6.1 unbound-devel-1.6.8-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libunbound2-1.6.8-3.6.1 libunbound2-debuginfo-1.6.8-3.6.1 unbound-anchor-1.6.8-3.6.1 unbound-anchor-debuginfo-1.6.8-3.6.1 unbound-debuginfo-1.6.8-3.6.1 unbound-debugsource-1.6.8-3.6.1 unbound-devel-1.6.8-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libunbound2-1.6.8-3.6.1 libunbound2-debuginfo-1.6.8-3.6.1 unbound-anchor-1.6.8-3.6.1 unbound-anchor-debuginfo-1.6.8-3.6.1 unbound-debuginfo-1.6.8-3.6.1 unbound-debugsource-1.6.8-3.6.1 unbound-devel-1.6.8-3.6.1 References: https://www.suse.com/security/cve/CVE-2019-18934.html https://www.suse.com/security/cve/CVE-2020-12662.html https://www.suse.com/security/cve/CVE-2020-12663.html https://bugzilla.suse.com/1157268 https://bugzilla.suse.com/1171889 From sle-security-updates at lists.suse.com Thu Jul 2 01:02:11 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Jul 2020 09:02:11 +0200 (CEST) Subject: SUSE-CU-2020:356-1: Security update of suse/sles12sp3 Message-ID: <20200702070211.A91BBFDE1@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:356-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.171 , suse/sles12sp3:latest Container Release : 24.171 Severity : important Type : security References : 1173027 CVE-2020-8177 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1732-1 Released: Wed Jun 24 09:42:55 2020 Summary: Security update for curl Type: security Severity: important References: 1173027,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). From sle-security-updates at lists.suse.com Thu Jul 2 01:10:48 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Jul 2020 09:10:48 +0200 (CEST) Subject: SUSE-CU-2020:357-1: Security update of suse/sles12sp4 Message-ID: <20200702071048.BEBC2FDE1@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:357-1 Container Tags : suse/sles12sp4:26.202 , suse/sles12sp4:latest Container Release : 26.202 Severity : important Type : security References : 1173027 CVE-2020-8177 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1735-1 Released: Wed Jun 24 09:44:20 2020 Summary: Security update for curl Type: security Severity: important References: 1173027,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). From sle-security-updates at lists.suse.com Thu Jul 2 01:14:30 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Jul 2020 09:14:30 +0200 (CEST) Subject: SUSE-CU-2020:358-1: Security update of suse/sles12sp5 Message-ID: <20200702071430.39A65FDE1@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:358-1 Container Tags : suse/sles12sp5:6.5.18 , suse/sles12sp5:latest Container Release : 6.5.18 Severity : important Type : security References : 1173027 CVE-2020-8177 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1734-1 Released: Wed Jun 24 09:43:55 2020 Summary: Security update for curl Type: security Severity: important References: 1173027,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). From sle-security-updates at lists.suse.com Thu Jul 2 07:12:53 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Jul 2020 15:12:53 +0200 (CEST) Subject: SUSE-SU-2020:1823-1: moderate: Security update for ntp Message-ID: <20200702131253.2DA24FDE1@maintenance.suse.de> SUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1823-1 Rating: moderate References: #1125401 #1169740 #1171355 #1172651 #1173334 #992038 Cross-References: CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). - Removed an OpenSSL version warning (bsc#992038 and bsc#1125401). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1823=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1823=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-1823=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-1823=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): ntp-4.2.8p15-4.10.1 ntp-debuginfo-4.2.8p15-4.10.1 ntp-debugsource-4.2.8p15-4.10.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): ntp-4.2.8p15-4.10.1 ntp-debuginfo-4.2.8p15-4.10.1 ntp-debugsource-4.2.8p15-4.10.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p15-4.10.1 ntp-debuginfo-4.2.8p15-4.10.1 ntp-debugsource-4.2.8p15-4.10.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): ntp-4.2.8p15-4.10.1 ntp-debuginfo-4.2.8p15-4.10.1 ntp-debugsource-4.2.8p15-4.10.1 References: https://www.suse.com/security/cve/CVE-2018-8956.html https://www.suse.com/security/cve/CVE-2020-11868.html https://www.suse.com/security/cve/CVE-2020-13817.html https://www.suse.com/security/cve/CVE-2020-15025.html https://bugzilla.suse.com/1125401 https://bugzilla.suse.com/1169740 https://bugzilla.suse.com/1171355 https://bugzilla.suse.com/1172651 https://bugzilla.suse.com/1173334 https://bugzilla.suse.com/992038 From sle-security-updates at lists.suse.com Thu Jul 2 07:14:07 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Jul 2020 15:14:07 +0200 (CEST) Subject: SUSE-SU-2020:1822-1: important: Security update for python3 Message-ID: <20200702131407.D074DFDE1@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1822-1 Rating: important References: #1173274 Cross-References: CVE-2020-14422 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1822=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1822=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1822=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-1822=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1822=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1822=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1822=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1822=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpython3_6m1_0-3.6.10-3.56.1 libpython3_6m1_0-debuginfo-3.6.10-3.56.1 python3-3.6.10-3.56.1 python3-base-3.6.10-3.56.1 python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-curses-3.6.10-3.56.1 python3-curses-debuginfo-3.6.10-3.56.1 python3-dbm-3.6.10-3.56.1 python3-dbm-debuginfo-3.6.10-3.56.1 python3-debuginfo-3.6.10-3.56.1 python3-debugsource-3.6.10-3.56.1 python3-devel-3.6.10-3.56.1 python3-devel-debuginfo-3.6.10-3.56.1 python3-idle-3.6.10-3.56.1 python3-tk-3.6.10-3.56.1 python3-tk-debuginfo-3.6.10-3.56.1 python3-tools-3.6.10-3.56.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpython3_6m1_0-3.6.10-3.56.1 libpython3_6m1_0-debuginfo-3.6.10-3.56.1 python3-3.6.10-3.56.1 python3-base-3.6.10-3.56.1 python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-curses-3.6.10-3.56.1 python3-curses-debuginfo-3.6.10-3.56.1 python3-dbm-3.6.10-3.56.1 python3-dbm-debuginfo-3.6.10-3.56.1 python3-debuginfo-3.6.10-3.56.1 python3-debugsource-3.6.10-3.56.1 python3-devel-3.6.10-3.56.1 python3-devel-debuginfo-3.6.10-3.56.1 python3-idle-3.6.10-3.56.1 python3-tk-3.6.10-3.56.1 python3-tk-debuginfo-3.6.10-3.56.1 python3-tools-3.6.10-3.56.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-tools-3.6.10-3.56.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-tools-3.6.10-3.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.10-3.56.1 libpython3_6m1_0-debuginfo-3.6.10-3.56.1 python3-3.6.10-3.56.1 python3-base-3.6.10-3.56.1 python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-curses-3.6.10-3.56.1 python3-curses-debuginfo-3.6.10-3.56.1 python3-dbm-3.6.10-3.56.1 python3-dbm-debuginfo-3.6.10-3.56.1 python3-debuginfo-3.6.10-3.56.1 python3-debugsource-3.6.10-3.56.1 python3-devel-3.6.10-3.56.1 python3-devel-debuginfo-3.6.10-3.56.1 python3-idle-3.6.10-3.56.1 python3-tk-3.6.10-3.56.1 python3-tk-debuginfo-3.6.10-3.56.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.10-3.56.1 libpython3_6m1_0-debuginfo-3.6.10-3.56.1 python3-3.6.10-3.56.1 python3-base-3.6.10-3.56.1 python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-curses-3.6.10-3.56.1 python3-curses-debuginfo-3.6.10-3.56.1 python3-dbm-3.6.10-3.56.1 python3-dbm-debuginfo-3.6.10-3.56.1 python3-debuginfo-3.6.10-3.56.1 python3-debugsource-3.6.10-3.56.1 python3-devel-3.6.10-3.56.1 python3-devel-debuginfo-3.6.10-3.56.1 python3-idle-3.6.10-3.56.1 python3-testsuite-3.6.10-3.56.1 python3-tk-3.6.10-3.56.1 python3-tk-debuginfo-3.6.10-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.10-3.56.1 libpython3_6m1_0-debuginfo-3.6.10-3.56.1 python3-3.6.10-3.56.1 python3-base-3.6.10-3.56.1 python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-curses-3.6.10-3.56.1 python3-curses-debuginfo-3.6.10-3.56.1 python3-dbm-3.6.10-3.56.1 python3-dbm-debuginfo-3.6.10-3.56.1 python3-debuginfo-3.6.10-3.56.1 python3-debugsource-3.6.10-3.56.1 python3-devel-3.6.10-3.56.1 python3-devel-debuginfo-3.6.10-3.56.1 python3-idle-3.6.10-3.56.1 python3-tk-3.6.10-3.56.1 python3-tk-debuginfo-3.6.10-3.56.1 python3-tools-3.6.10-3.56.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.10-3.56.1 libpython3_6m1_0-debuginfo-3.6.10-3.56.1 python3-3.6.10-3.56.1 python3-base-3.6.10-3.56.1 python3-base-debuginfo-3.6.10-3.56.1 python3-base-debugsource-3.6.10-3.56.1 python3-curses-3.6.10-3.56.1 python3-curses-debuginfo-3.6.10-3.56.1 python3-dbm-3.6.10-3.56.1 python3-dbm-debuginfo-3.6.10-3.56.1 python3-debuginfo-3.6.10-3.56.1 python3-debugsource-3.6.10-3.56.1 python3-devel-3.6.10-3.56.1 python3-devel-debuginfo-3.6.10-3.56.1 python3-idle-3.6.10-3.56.1 python3-tk-3.6.10-3.56.1 python3-tk-debuginfo-3.6.10-3.56.1 python3-tools-3.6.10-3.56.1 References: https://www.suse.com/security/cve/CVE-2020-14422.html https://bugzilla.suse.com/1173274 From sle-security-updates at lists.suse.com Thu Jul 2 10:14:11 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 2 Jul 2020 18:14:11 +0200 (CEST) Subject: SUSE-SU-2020:1828-1: moderate: Security update for systemd Message-ID: <20200702161411.20471FDE1@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1828-1 Rating: moderate References: #1084671 #1154256 #1157315 #1161262 #1161436 #1162698 #1164538 #1165633 #1167622 #1171145 Cross-References: CVE-2019-20386 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has 9 fixes is now available. Description: This update for systemd fixes the following issues: - CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command (bsc#1161436). - Renamed the persistent link for ATA devices (bsc#1164538) - shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) - tmpfiles: removed unnecessary assert (bsc#1171145) - pid1: by default make user units inherit their umask from the user manager (bsc#1162698) - manager: fixed job mode when signalled to shutdown etc (bsc#1161262) - coredump: fixed bug that loses core dump files when core dumps are compressed and disk space is low. (bsc#1167622) - udev: inform systemd how many workers we can potentially spawn (#4036) (bsc#1165633) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1828=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1828=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libudev-devel-228-157.12.5 systemd-debuginfo-228-157.12.5 systemd-debugsource-228-157.12.5 systemd-devel-228-157.12.5 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsystemd0-228-157.12.5 libsystemd0-debuginfo-228-157.12.5 libudev-devel-228-157.12.5 libudev1-228-157.12.5 libudev1-debuginfo-228-157.12.5 systemd-228-157.12.5 systemd-debuginfo-228-157.12.5 systemd-debugsource-228-157.12.5 systemd-devel-228-157.12.5 systemd-sysvinit-228-157.12.5 udev-228-157.12.5 udev-debuginfo-228-157.12.5 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsystemd0-32bit-228-157.12.5 libsystemd0-debuginfo-32bit-228-157.12.5 libudev1-32bit-228-157.12.5 libudev1-debuginfo-32bit-228-157.12.5 systemd-32bit-228-157.12.5 systemd-debuginfo-32bit-228-157.12.5 - SUSE Linux Enterprise Server 12-SP5 (noarch): systemd-bash-completion-228-157.12.5 References: https://www.suse.com/security/cve/CVE-2019-20386.html https://bugzilla.suse.com/1084671 https://bugzilla.suse.com/1154256 https://bugzilla.suse.com/1157315 https://bugzilla.suse.com/1161262 https://bugzilla.suse.com/1161436 https://bugzilla.suse.com/1162698 https://bugzilla.suse.com/1164538 https://bugzilla.suse.com/1165633 https://bugzilla.suse.com/1167622 https://bugzilla.suse.com/1171145 From sle-security-updates at lists.suse.com Fri Jul 3 10:12:54 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Jul 2020 18:12:54 +0200 (CEST) Subject: SUSE-SU-2020:1839-1: important: Security update for mozilla-nspr, mozilla-nss Message-ID: <20200703161254.A4D4BFC39@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1839-1 Rating: important References: #1159819 #1168669 #1169746 #1170908 #1171978 #1173022 Cross-References: CVE-2019-17006 CVE-2020-12399 CVE-2020-12402 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves three vulnerabilities and has three fixes is now available. Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032). - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). - Fixed an issue where Firefox tab was crashing (bsc#1170908). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_rele ase_notes mozilla-nspr to version 4.25 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1839=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1839=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1839=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1839=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1839=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1839=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1839=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1839=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1839=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1839=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1839=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1839=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1839=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1839=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1839=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1839=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1839=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE OpenStack Cloud 9 (x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE OpenStack Cloud 8 (x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 - SUSE Enterprise Storage 5 (x86_64): libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 - HPE Helion Openstack 8 (x86_64): libfreebl3-3.53.1-58.48.1 libfreebl3-32bit-3.53.1-58.48.1 libfreebl3-debuginfo-3.53.1-58.48.1 libfreebl3-debuginfo-32bit-3.53.1-58.48.1 libfreebl3-hmac-3.53.1-58.48.1 libfreebl3-hmac-32bit-3.53.1-58.48.1 libsoftokn3-3.53.1-58.48.1 libsoftokn3-32bit-3.53.1-58.48.1 libsoftokn3-debuginfo-3.53.1-58.48.1 libsoftokn3-debuginfo-32bit-3.53.1-58.48.1 libsoftokn3-hmac-3.53.1-58.48.1 libsoftokn3-hmac-32bit-3.53.1-58.48.1 mozilla-nspr-32bit-4.25-19.15.1 mozilla-nspr-4.25-19.15.1 mozilla-nspr-debuginfo-32bit-4.25-19.15.1 mozilla-nspr-debuginfo-4.25-19.15.1 mozilla-nspr-debugsource-4.25-19.15.1 mozilla-nspr-devel-4.25-19.15.1 mozilla-nss-3.53.1-58.48.1 mozilla-nss-32bit-3.53.1-58.48.1 mozilla-nss-certs-3.53.1-58.48.1 mozilla-nss-certs-32bit-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-3.53.1-58.48.1 mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debuginfo-3.53.1-58.48.1 mozilla-nss-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-debugsource-3.53.1-58.48.1 mozilla-nss-devel-3.53.1-58.48.1 mozilla-nss-sysinit-3.53.1-58.48.1 mozilla-nss-sysinit-32bit-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1 mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1 mozilla-nss-tools-3.53.1-58.48.1 mozilla-nss-tools-debuginfo-3.53.1-58.48.1 References: https://www.suse.com/security/cve/CVE-2019-17006.html https://www.suse.com/security/cve/CVE-2020-12399.html https://www.suse.com/security/cve/CVE-2020-12402.html https://bugzilla.suse.com/1159819 https://bugzilla.suse.com/1168669 https://bugzilla.suse.com/1169746 https://bugzilla.suse.com/1170908 https://bugzilla.suse.com/1171978 https://bugzilla.suse.com/1173022 From sle-security-updates at lists.suse.com Fri Jul 3 10:14:50 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 3 Jul 2020 18:14:50 +0200 (CEST) Subject: SUSE-SU-2020:1396-2: moderate: Security update for zstd Message-ID: <20200703161450.D5201FC39@maintenance.suse.de> SUSE Security Update: Security update for zstd ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1396-2 Rating: moderate References: #1082318 #1133297 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1396=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1396=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1396=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1396=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1396=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libzstd1-1.4.4-1.3.1 libzstd1-debuginfo-1.4.4-1.3.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libzstd1-32bit-1.4.4-1.3.1 libzstd1-32bit-debuginfo-1.4.4-1.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libzstd1-1.4.4-1.3.1 libzstd1-debuginfo-1.4.4-1.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libzstd-devel-1.4.4-1.3.1 libzstd1-1.4.4-1.3.1 libzstd1-debuginfo-1.4.4-1.3.1 zstd-1.4.4-1.3.1 zstd-debuginfo-1.4.4-1.3.1 zstd-debugsource-1.4.4-1.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libzstd1-32bit-1.4.4-1.3.1 libzstd1-32bit-debuginfo-1.4.4-1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libzstd1-1.4.4-1.3.1 libzstd1-debuginfo-1.4.4-1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libzstd1-32bit-1.4.4-1.3.1 libzstd1-32bit-debuginfo-1.4.4-1.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libzstd1-1.4.4-1.3.1 libzstd1-debuginfo-1.4.4-1.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libzstd1-32bit-1.4.4-1.3.1 libzstd1-32bit-debuginfo-1.4.4-1.3.1 References: https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1133297 From sle-security-updates at lists.suse.com Fri Jul 3 19:12:31 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 4 Jul 2020 03:12:31 +0200 (CEST) Subject: SUSE-SU-2020:1841-1: important: Security update for tomcat Message-ID: <20200704011231.75753FC39@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1841-1 Rating: important References: #1173389 Cross-References: CVE-2020-11996 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1841=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1841=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1841=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1841=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): tomcat-9.0.36-3.60.1 tomcat-admin-webapps-9.0.36-3.60.1 tomcat-el-3_0-api-9.0.36-3.60.1 tomcat-jsp-2_3-api-9.0.36-3.60.1 tomcat-lib-9.0.36-3.60.1 tomcat-servlet-4_0-api-9.0.36-3.60.1 tomcat-webapps-9.0.36-3.60.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): tomcat-9.0.36-3.60.1 tomcat-admin-webapps-9.0.36-3.60.1 tomcat-el-3_0-api-9.0.36-3.60.1 tomcat-jsp-2_3-api-9.0.36-3.60.1 tomcat-lib-9.0.36-3.60.1 tomcat-servlet-4_0-api-9.0.36-3.60.1 tomcat-webapps-9.0.36-3.60.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): tomcat-9.0.36-3.60.1 tomcat-admin-webapps-9.0.36-3.60.1 tomcat-el-3_0-api-9.0.36-3.60.1 tomcat-jsp-2_3-api-9.0.36-3.60.1 tomcat-lib-9.0.36-3.60.1 tomcat-servlet-4_0-api-9.0.36-3.60.1 tomcat-webapps-9.0.36-3.60.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): tomcat-9.0.36-3.60.1 tomcat-admin-webapps-9.0.36-3.60.1 tomcat-el-3_0-api-9.0.36-3.60.1 tomcat-jsp-2_3-api-9.0.36-3.60.1 tomcat-lib-9.0.36-3.60.1 tomcat-servlet-4_0-api-9.0.36-3.60.1 tomcat-webapps-9.0.36-3.60.1 References: https://www.suse.com/security/cve/CVE-2020-11996.html https://bugzilla.suse.com/1173389 From sle-security-updates at lists.suse.com Fri Jul 3 19:13:09 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 4 Jul 2020 03:13:09 +0200 (CEST) Subject: SUSE-SU-2020:1842-1: moderate: Security update for systemd Message-ID: <20200704011309.D451AFC39@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1842-1 Rating: moderate References: #1084671 #1154256 #1157315 #1161262 #1161436 #1162698 #1164538 #1165633 #1167622 #1171145 Cross-References: CVE-2019-20386 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has 9 fixes is now available. Description: This update for systemd fixes the following issues: - CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command (bsc#1161436). - Renamed the persistent link for ATA devices (bsc#1164538) - shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) - tmpfiles: removed unnecessary assert (bsc#1171145) - pid1: by default make user units inherit their umask from the user manager (bsc#1162698) - manager: fixed job mode when signalled to shutdown etc (bsc#1161262) - coredump: fixed bug that loses core dump files when core dumps are compressed and disk space is low. (bsc#1167622) - udev: inform systemd how many workers we can potentially spawn (#4036) (bsc#1165633) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-1842=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1842=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libudev-devel-228-150.86.3 systemd-debuginfo-228-150.86.3 systemd-debugsource-228-150.86.3 systemd-devel-228-150.86.3 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.86.3 libsystemd0-debuginfo-228-150.86.3 libudev-devel-228-150.86.3 libudev1-228-150.86.3 libudev1-debuginfo-228-150.86.3 systemd-228-150.86.3 systemd-debuginfo-228-150.86.3 systemd-debugsource-228-150.86.3 systemd-devel-228-150.86.3 systemd-sysvinit-228-150.86.3 udev-228-150.86.3 udev-debuginfo-228-150.86.3 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libsystemd0-32bit-228-150.86.3 libsystemd0-debuginfo-32bit-228-150.86.3 libudev1-32bit-228-150.86.3 libudev1-debuginfo-32bit-228-150.86.3 systemd-32bit-228-150.86.3 systemd-debuginfo-32bit-228-150.86.3 - SUSE Linux Enterprise Server 12-SP4 (noarch): systemd-bash-completion-228-150.86.3 References: https://www.suse.com/security/cve/CVE-2019-20386.html https://bugzilla.suse.com/1084671 https://bugzilla.suse.com/1154256 https://bugzilla.suse.com/1157315 https://bugzilla.suse.com/1161262 https://bugzilla.suse.com/1161436 https://bugzilla.suse.com/1162698 https://bugzilla.suse.com/1164538 https://bugzilla.suse.com/1165633 https://bugzilla.suse.com/1167622 https://bugzilla.suse.com/1171145 From sle-security-updates at lists.suse.com Mon Jul 6 10:14:41 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Jul 2020 18:14:41 +0200 (CEST) Subject: SUSE-SU-2020:1843-1: moderate: Security update for nasm Message-ID: <20200706161441.C2ED2FC39@maintenance.suse.de> SUSE Security Update: Security update for nasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1843-1 Rating: moderate References: #1084631 #1086186 #1086227 #1086228 #1090519 #1090840 #1106878 #1107592 #1107594 #1108404 #1115758 #1115774 #1115795 #1173538 Cross-References: CVE-2018-1000667 CVE-2018-10016 CVE-2018-10254 CVE-2018-10316 CVE-2018-16382 CVE-2018-16517 CVE-2018-16999 CVE-2018-19214 CVE-2018-19215 CVE-2018-19216 CVE-2018-8881 CVE-2018-8882 CVE-2018-8883 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has one errata is now available. Description: This update for nasm fixes the following issues: nasm was updated to version 2.14.02. This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements. * Fix crash due to multiple errors or warnings during the code generation pass if a list file is specified. * Create all system-defined macros defore processing command-line given preprocessing directives (-p, -d, -u, --pragma, --before). * If debugging is enabled, define a __DEBUG_FORMAT__ predefined macro. See section 4.11.7. * Fix an assert for the case in the obj format when a SEG operator refers to an EXTERN symbol declared further down in the code. * Fix a corner case in the floating-point code where a binary, octal or hexadecimal floating-point having at least 32, 11, or 8 mantissa digits could produce slightly incorrect results under very specific conditions. * Support -MD without a filename, for gcc compatibility. -MF can be used to set the dependencies output filename. See section 2.1.7. * Fix -E in combination with -MD. See section 2.1.21. * Fix missing errors on redefined labels; would cause convergence failure instead which is very slow and not easy to debug. * Duplicate definitions of the same label with the same value is now explicitly permitted (2.14 would allow it in some circumstances.) * Add the option --no-line to ignore %line directives in the source. See section 2.1.33 and section 4.10.1. * Changed -I option semantics by adding a trailing path separator unconditionally. * Fixed null dereference in corrupted invalid single line macros. * Fixed division by zero which may happen if source code is malformed. * Fixed out of bound access in processing of malformed segment override. * Fixed out of bound access in certain EQU parsing. * Fixed buffer underflow in float parsing. * Added SGX (Intel Software Guard Extensions) instructions. * Added +n syntax for multiple contiguous registers. * Fixed subsections_via_symbols for macho object format. * Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line options, to allow command line base symbol renaming. See section 2.1.28. * Allow label renaming to be specified by %pragma in addition to from the command line. See section 6.9. * Supported generic %pragma namespaces, output and debug. See section 6.10. * Added the --pragma command line option to inject a %pragma directive. See section 2.1.29. * Added the --before command line option to accept preprocess statement before input. See section 2.1.30. * Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural Network), BITALG (Bit Algorithm), and GFNI (Galois Field New Instruction) instructions. * Added the STATIC directive for local symbols that should be renamed using global-symbol rules. See section 6.8. * Allow a symbol to be defined as EXTERN and then later overridden as GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined will be treated as GLOBAL. See section 6.5. * The GLOBAL directive no longer is required to precede the definition of the symbol. * Support private_extern as macho specific extension to the GLOBAL directive. See section 7.8.5. * Updated UD0 encoding to match with the specification * Added the --limit-X command line option to set execution limits. See section 2.1.31. * Updated the Codeview version number to be aligned with MASM. * Added the --keep-all command line option to preserve output files. See section 2.1.32. * Added the --include command line option, an alias to -P (section 2.1.18). * Added the --help command line option as an alias to -h (section 3.1). * Added -W, -D, and -Q suffix aliases for RET instructions so the operand sizes of these instructions can be encoded without using o16, o32 or o64. New upstream version 2.13.03: * Add flags: AES, VAES, VPCLMULQDQ * Add VPCLMULQDQ instruction * elf: Add missing dwarf loc section * documentation updates Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1843=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-1843=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): nasm-2.14.02-3.4.1 nasm-debuginfo-2.14.02-3.4.1 nasm-debugsource-2.14.02-3.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): nasm-2.14.02-3.4.1 nasm-debuginfo-2.14.02-3.4.1 nasm-debugsource-2.14.02-3.4.1 References: https://www.suse.com/security/cve/CVE-2018-1000667.html https://www.suse.com/security/cve/CVE-2018-10016.html https://www.suse.com/security/cve/CVE-2018-10254.html https://www.suse.com/security/cve/CVE-2018-10316.html https://www.suse.com/security/cve/CVE-2018-16382.html https://www.suse.com/security/cve/CVE-2018-16517.html https://www.suse.com/security/cve/CVE-2018-16999.html https://www.suse.com/security/cve/CVE-2018-19214.html https://www.suse.com/security/cve/CVE-2018-19215.html https://www.suse.com/security/cve/CVE-2018-19216.html https://www.suse.com/security/cve/CVE-2018-8881.html https://www.suse.com/security/cve/CVE-2018-8882.html https://www.suse.com/security/cve/CVE-2018-8883.html https://bugzilla.suse.com/1084631 https://bugzilla.suse.com/1086186 https://bugzilla.suse.com/1086227 https://bugzilla.suse.com/1086228 https://bugzilla.suse.com/1090519 https://bugzilla.suse.com/1090840 https://bugzilla.suse.com/1106878 https://bugzilla.suse.com/1107592 https://bugzilla.suse.com/1107594 https://bugzilla.suse.com/1108404 https://bugzilla.suse.com/1115758 https://bugzilla.suse.com/1115774 https://bugzilla.suse.com/1115795 https://bugzilla.suse.com/1173538 From sle-security-updates at lists.suse.com Mon Jul 6 10:16:52 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Jul 2020 18:16:52 +0200 (CEST) Subject: SUSE-SU-2020:1850-1: moderate: Security update for mozilla-nss Message-ID: <20200706161652.6BDC9FEC3@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1850-1 Rating: moderate References: #1168669 #1173032 Cross-References: CVE-2020-12402 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032) - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1850=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1850=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1850=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-1850=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1850=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1850=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1850=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1850=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libfreebl3-3.53.1-3.45.1 libfreebl3-debuginfo-3.53.1-3.45.1 libfreebl3-hmac-3.53.1-3.45.1 libsoftokn3-3.53.1-3.45.1 libsoftokn3-debuginfo-3.53.1-3.45.1 libsoftokn3-hmac-3.53.1-3.45.1 mozilla-nss-3.53.1-3.45.1 mozilla-nss-certs-3.53.1-3.45.1 mozilla-nss-certs-debuginfo-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 mozilla-nss-devel-3.53.1-3.45.1 mozilla-nss-sysinit-3.53.1-3.45.1 mozilla-nss-sysinit-debuginfo-3.53.1-3.45.1 mozilla-nss-tools-3.53.1-3.45.1 mozilla-nss-tools-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libfreebl3-32bit-3.53.1-3.45.1 libfreebl3-32bit-debuginfo-3.53.1-3.45.1 libfreebl3-hmac-32bit-3.53.1-3.45.1 libsoftokn3-32bit-3.53.1-3.45.1 libsoftokn3-32bit-debuginfo-3.53.1-3.45.1 libsoftokn3-hmac-32bit-3.53.1-3.45.1 mozilla-nss-32bit-3.53.1-3.45.1 mozilla-nss-32bit-debuginfo-3.53.1-3.45.1 mozilla-nss-certs-32bit-3.53.1-3.45.1 mozilla-nss-certs-32bit-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libfreebl3-3.53.1-3.45.1 libfreebl3-debuginfo-3.53.1-3.45.1 libfreebl3-hmac-3.53.1-3.45.1 libsoftokn3-3.53.1-3.45.1 libsoftokn3-debuginfo-3.53.1-3.45.1 libsoftokn3-hmac-3.53.1-3.45.1 mozilla-nss-3.53.1-3.45.1 mozilla-nss-certs-3.53.1-3.45.1 mozilla-nss-certs-debuginfo-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 mozilla-nss-devel-3.53.1-3.45.1 mozilla-nss-sysinit-3.53.1-3.45.1 mozilla-nss-sysinit-debuginfo-3.53.1-3.45.1 mozilla-nss-tools-3.53.1-3.45.1 mozilla-nss-tools-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.53.1-3.45.1 libsoftokn3-hmac-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.53.1-3.45.1 libsoftokn3-hmac-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libfreebl3-3.53.1-3.45.1 libfreebl3-debuginfo-3.53.1-3.45.1 libsoftokn3-3.53.1-3.45.1 libsoftokn3-debuginfo-3.53.1-3.45.1 mozilla-nss-3.53.1-3.45.1 mozilla-nss-certs-3.53.1-3.45.1 mozilla-nss-certs-debuginfo-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 mozilla-nss-devel-3.53.1-3.45.1 mozilla-nss-sysinit-3.53.1-3.45.1 mozilla-nss-sysinit-debuginfo-3.53.1-3.45.1 mozilla-nss-tools-3.53.1-3.45.1 mozilla-nss-tools-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libfreebl3-32bit-3.53.1-3.45.1 libfreebl3-32bit-debuginfo-3.53.1-3.45.1 libsoftokn3-32bit-3.53.1-3.45.1 libsoftokn3-32bit-debuginfo-3.53.1-3.45.1 mozilla-nss-32bit-3.53.1-3.45.1 mozilla-nss-32bit-debuginfo-3.53.1-3.45.1 mozilla-nss-certs-32bit-3.53.1-3.45.1 mozilla-nss-certs-32bit-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libfreebl3-3.53.1-3.45.1 libfreebl3-debuginfo-3.53.1-3.45.1 libsoftokn3-3.53.1-3.45.1 libsoftokn3-debuginfo-3.53.1-3.45.1 mozilla-nss-3.53.1-3.45.1 mozilla-nss-certs-3.53.1-3.45.1 mozilla-nss-certs-debuginfo-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 mozilla-nss-devel-3.53.1-3.45.1 mozilla-nss-sysinit-3.53.1-3.45.1 mozilla-nss-sysinit-debuginfo-3.53.1-3.45.1 mozilla-nss-tools-3.53.1-3.45.1 mozilla-nss-tools-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libfreebl3-32bit-3.53.1-3.45.1 libfreebl3-32bit-debuginfo-3.53.1-3.45.1 libsoftokn3-32bit-3.53.1-3.45.1 libsoftokn3-32bit-debuginfo-3.53.1-3.45.1 mozilla-nss-32bit-3.53.1-3.45.1 mozilla-nss-32bit-debuginfo-3.53.1-3.45.1 mozilla-nss-certs-32bit-3.53.1-3.45.1 mozilla-nss-certs-32bit-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libfreebl3-3.53.1-3.45.1 libfreebl3-debuginfo-3.53.1-3.45.1 libfreebl3-hmac-3.53.1-3.45.1 libsoftokn3-3.53.1-3.45.1 libsoftokn3-debuginfo-3.53.1-3.45.1 libsoftokn3-hmac-3.53.1-3.45.1 mozilla-nss-3.53.1-3.45.1 mozilla-nss-certs-3.53.1-3.45.1 mozilla-nss-certs-debuginfo-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 mozilla-nss-devel-3.53.1-3.45.1 mozilla-nss-sysinit-3.53.1-3.45.1 mozilla-nss-sysinit-debuginfo-3.53.1-3.45.1 mozilla-nss-tools-3.53.1-3.45.1 mozilla-nss-tools-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libfreebl3-32bit-3.53.1-3.45.1 libfreebl3-32bit-debuginfo-3.53.1-3.45.1 libfreebl3-hmac-32bit-3.53.1-3.45.1 libsoftokn3-32bit-3.53.1-3.45.1 libsoftokn3-32bit-debuginfo-3.53.1-3.45.1 libsoftokn3-hmac-32bit-3.53.1-3.45.1 mozilla-nss-32bit-3.53.1-3.45.1 mozilla-nss-32bit-debuginfo-3.53.1-3.45.1 mozilla-nss-certs-32bit-3.53.1-3.45.1 mozilla-nss-certs-32bit-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libfreebl3-3.53.1-3.45.1 libfreebl3-debuginfo-3.53.1-3.45.1 libfreebl3-hmac-3.53.1-3.45.1 libsoftokn3-3.53.1-3.45.1 libsoftokn3-debuginfo-3.53.1-3.45.1 libsoftokn3-hmac-3.53.1-3.45.1 mozilla-nss-3.53.1-3.45.1 mozilla-nss-certs-3.53.1-3.45.1 mozilla-nss-certs-debuginfo-3.53.1-3.45.1 mozilla-nss-debuginfo-3.53.1-3.45.1 mozilla-nss-debugsource-3.53.1-3.45.1 mozilla-nss-devel-3.53.1-3.45.1 mozilla-nss-sysinit-3.53.1-3.45.1 mozilla-nss-sysinit-debuginfo-3.53.1-3.45.1 mozilla-nss-tools-3.53.1-3.45.1 mozilla-nss-tools-debuginfo-3.53.1-3.45.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libfreebl3-32bit-3.53.1-3.45.1 libfreebl3-32bit-debuginfo-3.53.1-3.45.1 libfreebl3-hmac-32bit-3.53.1-3.45.1 libsoftokn3-32bit-3.53.1-3.45.1 libsoftokn3-32bit-debuginfo-3.53.1-3.45.1 libsoftokn3-hmac-32bit-3.53.1-3.45.1 mozilla-nss-32bit-3.53.1-3.45.1 mozilla-nss-32bit-debuginfo-3.53.1-3.45.1 mozilla-nss-certs-32bit-3.53.1-3.45.1 mozilla-nss-certs-32bit-debuginfo-3.53.1-3.45.1 References: https://www.suse.com/security/cve/CVE-2020-12402.html https://bugzilla.suse.com/1168669 https://bugzilla.suse.com/1173032 From sle-security-updates at lists.suse.com Mon Jul 6 10:20:03 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Jul 2020 18:20:03 +0200 (CEST) Subject: SUSE-SU-2019:2971-2: important: Security update for libjpeg-turbo Message-ID: <20200706162003.874F1FEC3@maintenance.suse.de> SUSE Security Update: Security update for libjpeg-turbo ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2971-2 Rating: important References: #1156402 Cross-References: CVE-2019-2201 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libjpeg-turbo fixes the following issues: - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1847=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1847=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1847=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1847=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-5.12.1 libjpeg-turbo-debuginfo-1.5.3-5.12.1 libjpeg-turbo-debugsource-1.5.3-5.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-5.12.1 libjpeg-turbo-debuginfo-1.5.3-5.12.1 libjpeg-turbo-debugsource-1.5.3-5.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (x86_64): libjpeg8-32bit-8.1.2-5.12.1 libjpeg8-32bit-debuginfo-8.1.2-5.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libjpeg62-62.2.0-5.12.1 libjpeg62-debuginfo-62.2.0-5.12.1 libjpeg62-devel-62.2.0-5.12.1 libjpeg8-8.1.2-5.12.1 libjpeg8-debuginfo-8.1.2-5.12.1 libjpeg8-devel-8.1.2-5.12.1 libturbojpeg0-8.1.2-5.12.1 libturbojpeg0-debuginfo-8.1.2-5.12.1 References: https://www.suse.com/security/cve/CVE-2019-2201.html https://bugzilla.suse.com/1156402 From sle-security-updates at lists.suse.com Mon Jul 6 13:13:15 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:13:15 +0200 (CEST) Subject: SUSE-SU-2020:1860-1: moderate: Security update for permissions Message-ID: <20200706191316.0138AFDE1@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1860-1 Rating: moderate References: #1171883 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1860=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): permissions-20181116-9.35.1 permissions-debuginfo-20181116-9.35.1 permissions-debugsource-20181116-9.35.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): permissions-zypp-plugin-20181116-9.35.1 References: https://bugzilla.suse.com/1171883 From sle-security-updates at lists.suse.com Mon Jul 6 13:14:04 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:14:04 +0200 (CEST) Subject: SUSE-SU-2020:1859-1: important: Security update for openldap2 Message-ID: <20200706191404.5735CFDE1@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1859-1 Rating: important References: #1170715 #1172698 #1172704 Cross-References: CVE-2020-8023 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND="ldap" was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). - Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1859=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1859=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1859=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1859=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-1859=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1859=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1859=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1859=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1859=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1859=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1859=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1859=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1859=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1859=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1859=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE OpenStack Cloud 8 (x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE OpenStack Cloud 8 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE OpenStack Cloud 7 (s390x x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE OpenStack Cloud 7 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-18.71.2 openldap2-back-perl-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-devel-2.4.41-18.71.2 openldap2-devel-static-2.4.41-18.71.2 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-18.71.2 openldap2-back-perl-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-devel-2.4.41-18.71.2 openldap2-devel-static-2.4.41-18.71.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP4 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 - SUSE Enterprise Storage 5 (aarch64 x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 - SUSE Enterprise Storage 5 (noarch): openldap2-doc-2.4.41-18.71.2 - SUSE Enterprise Storage 5 (x86_64): libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 - HPE Helion Openstack 8 (noarch): openldap2-doc-2.4.41-18.71.2 - HPE Helion Openstack 8 (x86_64): libldap-2_4-2-2.4.41-18.71.2 libldap-2_4-2-32bit-2.4.41-18.71.2 libldap-2_4-2-debuginfo-2.4.41-18.71.2 libldap-2_4-2-debuginfo-32bit-2.4.41-18.71.2 openldap2-2.4.41-18.71.2 openldap2-back-meta-2.4.41-18.71.2 openldap2-back-meta-debuginfo-2.4.41-18.71.2 openldap2-client-2.4.41-18.71.2 openldap2-client-debuginfo-2.4.41-18.71.2 openldap2-debuginfo-2.4.41-18.71.2 openldap2-debugsource-2.4.41-18.71.2 openldap2-ppolicy-check-password-1.2-18.71.2 openldap2-ppolicy-check-password-debuginfo-1.2-18.71.2 References: https://www.suse.com/security/cve/CVE-2020-8023.html https://bugzilla.suse.com/1170715 https://bugzilla.suse.com/1172698 https://bugzilla.suse.com/1172704 From sle-security-updates at lists.suse.com Mon Jul 6 13:15:54 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:15:54 +0200 (CEST) Subject: SUSE-SU-2020:1856-1: important: Security update for openldap2 Message-ID: <20200706191554.29522FDE1@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1856-1 Rating: important References: #1172698 #1172704 Cross-References: CVE-2020-8023 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND="ldap" was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1856=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1856=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-1856=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-1856=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1856=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-1856=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1856=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1856=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1856=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1856=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libldap-2_4-2-2.4.46-9.31.1 libldap-2_4-2-debuginfo-2.4.46-9.31.1 openldap2-2.4.46-9.31.1 openldap2-back-meta-2.4.46-9.31.1 openldap2-back-meta-debuginfo-2.4.46-9.31.1 openldap2-back-perl-2.4.46-9.31.1 openldap2-back-perl-debuginfo-2.4.46-9.31.1 openldap2-client-2.4.46-9.31.1 openldap2-client-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-2.4.46-9.31.1 openldap2-devel-static-2.4.46-9.31.1 openldap2-ppolicy-check-password-1.2-9.31.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.31.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libldap-2_4-2-32bit-2.4.46-9.31.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.31.1 openldap2-devel-32bit-2.4.46-9.31.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libldap-data-2.4.46-9.31.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libldap-2_4-2-2.4.46-9.31.1 libldap-2_4-2-debuginfo-2.4.46-9.31.1 openldap2-2.4.46-9.31.1 openldap2-back-meta-2.4.46-9.31.1 openldap2-back-meta-debuginfo-2.4.46-9.31.1 openldap2-back-perl-2.4.46-9.31.1 openldap2-back-perl-debuginfo-2.4.46-9.31.1 openldap2-client-2.4.46-9.31.1 openldap2-client-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-2.4.46-9.31.1 openldap2-devel-static-2.4.46-9.31.1 openldap2-ppolicy-check-password-1.2-9.31.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.31.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libldap-data-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): openldap2-back-meta-2.4.46-9.31.1 openldap2-back-meta-debuginfo-2.4.46-9.31.1 openldap2-back-perl-2.4.46-9.31.1 openldap2-back-perl-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.31.1 openldap2-back-meta-2.4.46-9.31.1 openldap2-back-meta-debuginfo-2.4.46-9.31.1 openldap2-back-perl-2.4.46-9.31.1 openldap2-back-perl-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-32bit-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-32bit-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.31.1 libldap-2_4-2-debuginfo-2.4.46-9.31.1 openldap2-2.4.46-9.31.1 openldap2-client-2.4.46-9.31.1 openldap2-client-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-2.4.46-9.31.1 openldap2-devel-static-2.4.46-9.31.1 openldap2-ppolicy-check-password-1.2-9.31.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libldap-data-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libldap-2_4-2-32bit-2.4.46-9.31.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.31.1 libldap-2_4-2-debuginfo-2.4.46-9.31.1 openldap2-client-2.4.46-9.31.1 openldap2-client-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-2.4.46-9.31.1 openldap2-devel-static-2.4.46-9.31.1 openldap2-ppolicy-check-password-1.2-9.31.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libldap-data-2.4.46-9.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libldap-2_4-2-32bit-2.4.46-9.31.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.31.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libldap-2_4-2-2.4.46-9.31.1 libldap-2_4-2-debuginfo-2.4.46-9.31.1 openldap2-client-2.4.46-9.31.1 openldap2-client-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-2.4.46-9.31.1 openldap2-devel-static-2.4.46-9.31.1 openldap2-ppolicy-check-password-1.2-9.31.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.31.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libldap-data-2.4.46-9.31.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libldap-2_4-2-32bit-2.4.46-9.31.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.31.1 openldap2-devel-32bit-2.4.46-9.31.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libldap-2_4-2-2.4.46-9.31.1 libldap-2_4-2-debuginfo-2.4.46-9.31.1 openldap2-client-2.4.46-9.31.1 openldap2-client-debuginfo-2.4.46-9.31.1 openldap2-debuginfo-2.4.46-9.31.1 openldap2-debugsource-2.4.46-9.31.1 openldap2-devel-2.4.46-9.31.1 openldap2-devel-static-2.4.46-9.31.1 openldap2-ppolicy-check-password-1.2-9.31.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.31.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libldap-2_4-2-32bit-2.4.46-9.31.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.31.1 openldap2-devel-32bit-2.4.46-9.31.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libldap-data-2.4.46-9.31.1 References: https://www.suse.com/security/cve/CVE-2020-8023.html https://bugzilla.suse.com/1172698 https://bugzilla.suse.com/1172704 From sle-security-updates at lists.suse.com Mon Jul 6 13:16:45 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:16:45 +0200 (CEST) Subject: SUSE-SU-2020:14418-1: important: Security update for mozilla-nspr, mozilla-nss Message-ID: <20200706191645.11439FDE1@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nspr, mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14418-1 Rating: important References: #1141322 #1158527 #1159819 #1168669 #1169746 #1170908 #1171978 #1173032 Cross-References: CVE-2019-11727 CVE-2019-11745 CVE-2019-17006 CVE-2020-12399 CVE-2020-12402 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that solves 5 vulnerabilities and has three fixes is now available. Description: This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2019-11745: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032). - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11727: A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). - Fixed an issue where Firefox tab was crashing (bsc#1170908). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_rele ase_notes mozilla-nspr was updated to version 4.25. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-mozilla-nss-nspr-202007-14418=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): mozilla-nspr-4.25-29.12.2 mozilla-nspr-devel-4.25-29.12.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): mozilla-nspr-32bit-4.25-29.12.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): libfreebl3-3.53.1-38.23.1 libsoftokn3-3.53.1-38.23.1 mozilla-nss-3.53.1-38.23.1 mozilla-nss-certs-3.53.1-38.23.1 mozilla-nss-devel-3.53.1-38.23.1 mozilla-nss-tools-3.53.1-38.23.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): libfreebl3-32bit-3.53.1-38.23.1 libsoftokn3-32bit-3.53.1-38.23.1 mozilla-nss-32bit-3.53.1-38.23.1 mozilla-nss-certs-32bit-3.53.1-38.23.1 References: https://www.suse.com/security/cve/CVE-2019-11727.html https://www.suse.com/security/cve/CVE-2019-11745.html https://www.suse.com/security/cve/CVE-2019-17006.html https://www.suse.com/security/cve/CVE-2020-12399.html https://www.suse.com/security/cve/CVE-2020-12402.html https://bugzilla.suse.com/1141322 https://bugzilla.suse.com/1158527 https://bugzilla.suse.com/1159819 https://bugzilla.suse.com/1168669 https://bugzilla.suse.com/1169746 https://bugzilla.suse.com/1170908 https://bugzilla.suse.com/1171978 https://bugzilla.suse.com/1173032 From sle-security-updates at lists.suse.com Mon Jul 6 13:19:26 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:19:26 +0200 (CEST) Subject: SUSE-SU-2020:1857-1: moderate: Security update for permissions Message-ID: <20200706191926.398D4FDE1@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1857-1 Rating: moderate References: #1171883 Affected Products: SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1857=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): permissions-20170707-3.24.1 permissions-debuginfo-20170707-3.24.1 permissions-debugsource-20170707-3.24.1 References: https://bugzilla.suse.com/1171883 From sle-security-updates at lists.suse.com Mon Jul 6 13:20:07 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:20:07 +0200 (CEST) Subject: SUSE-SU-2020:1858-1: moderate: Security update for permissions Message-ID: <20200706192007.1C878FDE1@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1858-1 Rating: moderate References: #1171883 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1858=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1858=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1858=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1858=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): permissions-20180125-3.27.1 permissions-debuginfo-20180125-3.27.1 permissions-debugsource-20180125-3.27.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): permissions-20180125-3.27.1 permissions-debuginfo-20180125-3.27.1 permissions-debugsource-20180125-3.27.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): permissions-20180125-3.27.1 permissions-debuginfo-20180125-3.27.1 permissions-debugsource-20180125-3.27.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): permissions-20180125-3.27.1 permissions-debuginfo-20180125-3.27.1 permissions-debugsource-20180125-3.27.1 References: https://bugzilla.suse.com/1171883 From sle-security-updates at lists.suse.com Mon Jul 6 13:21:33 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:21:33 +0200 (CEST) Subject: SUSE-SU-2020:1855-1: important: Security update for openldap2 Message-ID: <20200706192133.5AF45FDE1@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1855-1 Rating: important References: #1172698 #1172704 Cross-References: CVE-2020-8023 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND="ldap" was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2020-1855=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1855=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1855=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1855=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2020-1855=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.20.2 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.20.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.20.2 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.20.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.20.2 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.20.2 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.20.2 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.20.2 - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): compat-libldap-2_3-0-2.3.37-18.24.20.2 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.20.2 References: https://www.suse.com/security/cve/CVE-2020-8023.html https://bugzilla.suse.com/1172698 https://bugzilla.suse.com/1172704 From sle-security-updates at lists.suse.com Mon Jul 6 13:22:22 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 6 Jul 2020 21:22:22 +0200 (CEST) Subject: SUSE-SU-2020:14419-1: important: Security update for openldap2 Message-ID: <20200706192222.5C0A4FDE1@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14419-1 Rating: important References: #1172698 Cross-References: CVE-2020-8023 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND="ldap" was used (bsc#1172698). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openldap2-14419=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openldap2-14419=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-openldap2-14419=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openldap2-14419=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-openldap2-14419=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): compat-libldap-2_3-0-2.3.37-2.74.13.1 libldap-2_4-2-2.4.26-0.74.13.1 openldap2-2.4.26-0.74.13.1 openldap2-back-meta-2.4.26-0.74.13.1 openldap2-client-2.4.26-0.74.13.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libldap-2_4-2-32bit-2.4.26-0.74.13.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libldap-openssl1-2_4-2-2.4.26-0.74.13.1 openldap2-client-openssl1-2.4.26-0.74.13.1 openldap2-openssl1-2.4.26-0.74.13.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libldap-openssl1-2_4-2-32bit-2.4.26-0.74.13.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libldap-openssl1-2_4-2-x86-2.4.26-0.74.13.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): compat-libldap-2_3-0-2.3.37-2.74.13.1 libldap-2_4-2-2.4.26-0.74.13.1 openldap2-2.4.26-0.74.13.1 openldap2-back-meta-2.4.26-0.74.13.1 openldap2-client-2.4.26-0.74.13.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): openldap2-client-debuginfo-2.4.26-0.74.13.1 openldap2-client-debugsource-2.4.26-0.74.13.1 openldap2-debuginfo-2.4.26-0.74.13.1 openldap2-debugsource-2.4.26-0.74.13.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): openldap2-client-debuginfo-2.4.26-0.74.13.1 openldap2-client-debugsource-2.4.26-0.74.13.1 openldap2-client-openssl1-debuginfo-2.4.26-0.74.13.1 openldap2-client-openssl1-debugsource-2.4.26-0.74.13.1 openldap2-debuginfo-2.4.26-0.74.13.1 openldap2-debugsource-2.4.26-0.74.13.1 References: https://www.suse.com/security/cve/CVE-2020-8023.html https://bugzilla.suse.com/1172698 From sle-security-updates at lists.suse.com Tue Jul 7 10:12:57 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:12:57 +0200 (CEST) Subject: SUSE-SU-2019:3184-2: important: Security update for ffmpeg Message-ID: <20200707161257.39034FEC3@maintenance.suse.de> SUSE Security Update: Security update for ffmpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:3184-2 Rating: important References: #1100352 #1129715 #1137526 #1154064 Cross-References: CVE-2018-13301 CVE-2019-12730 CVE-2019-17542 CVE-2019-9718 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ffmpeg fixes the following issues: Security issues fixed: - CVE-2019-17542: Fixed a heap-buffer overflow in vqa_decode_chunk due to an out-of-array access (bsc#1154064). - CVE-2019-12730: Fixed an uninitialized use of variables due to an improper check (bsc#1137526). - CVE-2019-9718: Fixed a denial of service in the subtitle decode (bsc#1129715). - CVE-2018-13301: Fixed a denial of service while converting a crafted AVI file to MPEG4 (bsc#1100352). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1867=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): ffmpeg-3.4.2-4.27.1 ffmpeg-debuginfo-3.4.2-4.27.1 ffmpeg-debugsource-3.4.2-4.27.1 libavdevice57-3.4.2-4.27.1 libavdevice57-debuginfo-3.4.2-4.27.1 libavfilter6-3.4.2-4.27.1 libavfilter6-debuginfo-3.4.2-4.27.1 References: https://www.suse.com/security/cve/CVE-2018-13301.html https://www.suse.com/security/cve/CVE-2019-12730.html https://www.suse.com/security/cve/CVE-2019-17542.html https://www.suse.com/security/cve/CVE-2019-9718.html https://bugzilla.suse.com/1100352 https://bugzilla.suse.com/1129715 https://bugzilla.suse.com/1137526 https://bugzilla.suse.com/1154064 From sle-security-updates at lists.suse.com Tue Jul 7 10:13:55 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:13:55 +0200 (CEST) Subject: SUSE-SU-2020:1511-2: important: Security update for java-11-openjdk Message-ID: <20200707161355.80CADFEC3@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1511-2 Rating: important References: #1167462 #1169511 Cross-References: CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 CVE-2020-2830 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for java-11-openjdk fixes the following issues: Java was updated to jdk-11.0.7+10 (April 2020 CPU, bsc#1169511). Security issues fixed: - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2755: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2756: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2757: Fixed an object deserialization issue that could have resulted in denial of service via crafted serialized input (bsc#1169511). - CVE-2020-2767: Fixed an incorrect handling of certificate messages during TLS handshakes (bsc#1169511). - CVE-2020-2773: Fixed the incorrect handling of exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature() (bsc#1169511). - CVE-2020-2778: Fixed the incorrect handling of SSLParameters in setAlgorithmConstraints(), which could have been abused to override the defined systems security policy and lead to the use of weak crypto algorithms (bsc#1169511). - CVE-2020-2781: Fixed the incorrect re-use of single null TLS sessions (bsc#1169511). - CVE-2020-2800: Fixed an HTTP header injection issue caused by mishandling of CR/LF in header values (bsc#1169511). - CVE-2020-2803: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2805: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2816: Fixed an incorrect handling of application data packets during TLS handshakes (bsc#1169511). - CVE-2020-2830: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1511=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): java-11-openjdk-javadoc-11.0.7.0-3.42.4 References: https://www.suse.com/security/cve/CVE-2020-2754.html https://www.suse.com/security/cve/CVE-2020-2755.html https://www.suse.com/security/cve/CVE-2020-2756.html https://www.suse.com/security/cve/CVE-2020-2757.html https://www.suse.com/security/cve/CVE-2020-2767.html https://www.suse.com/security/cve/CVE-2020-2773.html https://www.suse.com/security/cve/CVE-2020-2778.html https://www.suse.com/security/cve/CVE-2020-2781.html https://www.suse.com/security/cve/CVE-2020-2800.html https://www.suse.com/security/cve/CVE-2020-2803.html https://www.suse.com/security/cve/CVE-2020-2805.html https://www.suse.com/security/cve/CVE-2020-2816.html https://www.suse.com/security/cve/CVE-2020-2830.html https://bugzilla.suse.com/1167462 https://bugzilla.suse.com/1169511 From sle-security-updates at lists.suse.com Tue Jul 7 10:14:40 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:14:40 +0200 (CEST) Subject: SUSE-SU-2019:2463-2: moderate: Security update for SDL2 Message-ID: <20200707161440.1AB13FEC3@maintenance.suse.de> SUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2463-2 Rating: moderate References: #1141844 #1142031 Cross-References: CVE-2019-13616 CVE-2019-13626 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for SDL2 fixes the following issues: Security issues fixed: - CVE-2019-13616: Fixed heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c (bsc#1141844). - CVE-2019-13626: Fixed integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c (bsc#1142031). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1866=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): SDL2-debugsource-2.0.8-3.15.1 libSDL2-2_0-0-32bit-2.0.8-3.15.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-3.15.1 References: https://www.suse.com/security/cve/CVE-2019-13616.html https://www.suse.com/security/cve/CVE-2019-13626.html https://bugzilla.suse.com/1141844 https://bugzilla.suse.com/1142031 From sle-security-updates at lists.suse.com Tue Jul 7 10:17:28 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:17:28 +0200 (CEST) Subject: SUSE-SU-2019:3033-2: moderate: Security update for djvulibre Message-ID: <20200707161728.B9BF9FEC3@maintenance.suse.de> SUSE Security Update: Security update for djvulibre ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:3033-2 Rating: moderate References: #1154401 #1156188 Cross-References: CVE-2019-18804 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for djvulibre fixes the following issues: Security issue fixed: - CVE-2019-18804: Fixed a null pointer dereference (bsc#1156188). Other issue addressed: - Fixed a crash when mmx was enabled (bsc#1154401) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1865=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): djvulibre-3.5.27-3.8.1 djvulibre-debuginfo-3.5.27-3.8.1 djvulibre-debugsource-3.5.27-3.8.1 References: https://www.suse.com/security/cve/CVE-2019-18804.html https://bugzilla.suse.com/1154401 https://bugzilla.suse.com/1156188 From sle-security-updates at lists.suse.com Tue Jul 7 10:18:17 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:18:17 +0200 (CEST) Subject: SUSE-SU-2020:1864-1: moderate: Security update for nasm Message-ID: <20200707161817.D3B67FEC3@maintenance.suse.de> SUSE Security Update: Security update for nasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1864-1 Rating: moderate References: #1058013 #1073796 #1073798 #1073799 #1073803 #1073808 #1073818 #1073823 #1073829 #1073830 #1073832 #1073846 #1084631 Cross-References: CVE-2017-14228 CVE-2017-17810 CVE-2017-17811 CVE-2017-17812 CVE-2017-17813 CVE-2017-17814 CVE-2017-17815 CVE-2017-17816 CVE-2017-17817 CVE-2017-17818 CVE-2017-17819 CVE-2017-17820 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has one errata is now available. Description: nasm was updated to version 2.14.02: * Fix crash due to multiple errors or warnings during the code generation pass if a list file is specified. * Create all system-defined macros defore processing command-line given preprocessing directives (-p, -d, -u, --pragma, --before). * If debugging is enabled, define a __DEBUG_FORMAT__ predefined macro. See section 4.11.7. * Fix an assert for the case in the obj format when a SEG operator refers to an EXTERN symbol declared further down in the code. * Fix a corner case in the floating-point code where a binary, octal or hexadecimal floating-point having at least 32, 11, or 8 mantissa digits could produce slightly incorrect results under very specific conditions. * Support -MD without a filename, for gcc compatibility. -MF can be used to set the dependencies output filename. See section 2.1.7. * Fix -E in combination with -MD. See section 2.1.21. * Fix missing errors on redefined labels; would cause convergence failure instead which is very slow and not easy to debug. * Duplicate definitions of the same label with the same value is now explicitly permitted (2.14 would allow it in some circumstances.) * Add the option --no-line to ignore %line directives in the source. See section 2.1.33 and section 4.10.1. * Changed -I option semantics by adding a trailing path separator unconditionally. * Fixed null dereference in corrupted invalid single line macros. * Fixed division by zero which may happen if source code is malformed. * Fixed out of bound access in processing of malformed segment override. * Fixed out of bound access in certain EQU parsing. * Fixed buffer underflow in float parsing. * Added SGX (Intel Software Guard Extensions) instructions. * Added +n syntax for multiple contiguous registers. * Fixed subsections_via_symbols for macho object format. * Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line options, to allow command line base symbol renaming. See section 2.1.28. * Allow label renaming to be specified by %pragma in addition to from the command line. See section 6.9. * Supported generic %pragma namespaces, output and debug. See section 6.10. * Added the --pragma command line option to inject a %pragma directive. See section 2.1.29. * Added the --before command line option to accept preprocess statement before input. See section 2.1.30. * Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural Network), BITALG (Bit Algorithm), and GFNI (Galois Field New Instruction) instructions. * Added the STATIC directive for local symbols that should be renamed using global-symbol rules. See section 6.8. * Allow a symbol to be defined as EXTERN and then later overridden as GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined will be treated as GLOBAL. See section 6.5. * The GLOBAL directive no longer is required to precede the definition of the symbol. * Support private_extern as macho specific extension to the GLOBAL directive. See section 7.8.5. * Updated UD0 encoding to match with the specification * Added the --limit-X command line option to set execution limits. See section 2.1.31. * Updated the Codeview version number to be aligned with MASM. * Added the --keep-all command line option to preserve output files. See section 2.1.32. * Added the --include command line option, an alias to -P (section 2.1.18). * Added the --help command line option as an alias to -h (section 3.1). * Added -W, -D, and -Q suffix aliases for RET instructions so the operand sizes of these instructions can be encoded without using o16, o32 or o64. New upstream version 2.13.03: * Add flags: AES, VAES, VPCLMULQDQ * Add VPCLMULQDQ instruction * elf: Add missing dwarf loc section * documentation updates nasm was updated to new upstream version 2.13.02: * Fix generation of PEXTRW instruction. * Fix smartalign package which could trigger an error during optimization if the alignment code expanded too much due to optimization of the previous code. * Fix a case where negative value in TIMES directive causes panic instead of an error. * Fix the incorrect generation of VEX-encoded instruction when static mode decorators are specified on scalar instructions, losing the decorators as they require EVEX encoding. * Fix generation of dependency lists. * Fixes macro calls that have the wrong number of arguments (bsc#1073796, CVE-2017-17810) * Fixes Heap-based buffer overflow allows related to a strcpy in paste_tokens (bsc#1073798, CVE-2017-17811) * Fixes Heap-based buffer over-read in the function detoken() (bsc#1073799, CVE-2017-17812) * Fixes Use-after-free in the pp_list_one_macro function (bsc#1073803, CVE-2017-17813) * Fixes Use-after-free in do_directive (bsc#1073808, CVE-2017-17814) * Fixes Illegal address access in is_mmacro() (bsc#1073818, CVE-2017-17815) * Fixes Use-after-free in pp_getline (bsc#1073823, CVE-2017-17816) * Fixes Use-after-free in pp_verror (bsc#1073829, CVE-2017-17817) * Fixes Heap-based buffer over-read related to a while loop in paste_tokens (bsc#1073830, CVE-2017-17818) * Fixes Illegal address access in the function find_cc (bsc#1073832, CVE-2017-17819) * Fixes Use-after-free in pp_list_one_macro (bsc#1073846, CVE-2017-17820) * Fixes illegal address access in thefunction paste_tokens() (bsc#1058013, CVE-2017-14228) nasm was updated to version 2.13.01: * Fix incorrect output for some types of FAR or SEG references in the obj output format, and possibly other 16-bit output formats. * Fix the address in the list file for an instruction containing a TIMES directive. * Fix error with TIMES used together with an instruction which can vary in size, e.g. JMP. * Fix breakage on some uses of the DZ pseudo-op. nasm was updated to version 2.13.00: * Support the official forms of the UD0 and UD1 instructions. * Allow self-segment-relative expressions in immediates and displacements * Handle a 64-bit origin in NDISASM. * NASM can now generate sparse output files for relevant output formats, if the underlying operating system supports them. * Fix a number of bugs related to AVX-512 decorators. * Fix the {z} decorator on AVX-512 VMOVDQ* instructions. * Add new warnings for certain dangerous constructs which never ought to have been allowed. * Fix the EVEX (AVX-512) versions of the VPBROADCAST, VPEXTR, and VPINSR instructions. * Support contracted forms of additional instructions. * Fix Codeview malformed compiler version record. * Add the CLWB and PCOMMIT instructions. * Add the %pragma preprocessor directive for soft-error directives. * Add the RDPID instruction. nasm was updated to version 2.12.02: * Fix preprocessor errors, especially %error and %warning, inside if statements. * Fix relative relocations in 32-bit Mach-O. * More Codeview debug format fixes. * If the MASM PTR keyword is encountered, issue a warning. This is much more likely to indicate a MASM-ism encountered in NASM than it is a valid label. * This warning can be suppressed with -w-ptr, the [warning] directive (see section 2.1.24) or by the macro definition %idefine ptr %??. * When an error or a warning comes from the expansion of a multi-line macro, display the file and line numbers for the expanded macros. * Macros defined with .nolist do not get displayed. * Add macros ilog2fw() and ilog2cw() to the ifunc macro package. See section 5.4.1. nasm was updated to version 2.12.01: * Portability fixes for some platforms. * Fix error when not specifying a list file. * Correct the handling of macro-local labels in the Codeview debugging format. * Add CLZERO, MONITORX and MWAITX instructions. nasm was updated to version 2.12: * Major fixes to the macho backend (section 7.8); earlier versions would produce invalid symbols and relocations on a regular basis. * Support for thread-local storage in Mach-O. * Support for arbitrary sections in Mach-O. * Fix wrong negative size treated as a big positive value passed into backend causing NASM to crash. * Fix handling of zero-extending unsigned relocations, we have been printing wrong message and forgot to assign segment with predefined value before passing it into output format. * Fix potential write of oversized (with size greater than allowed in output format) relative relocations. * Portability fixes for building NASM with LLVM compiler. * Add support of Codeview version 8 (cv8) debug format for win32 and win64 formats in the COFF backend, see section 7.5.3. * Allow 64-bit outputs in 16/32-bit only backends. Unsigned 64-bit relocations are zero-extended from 32-bits with a warning (suppressible via -w-zext-reloc); signed 64-bit relocations are an arror. * Line numbers in list files now correspond to the lines in the source files, instead of simply being sequential. nasm was updated to version 2.11.09: * Fix potential stack overwrite in macho32 backend. * Fix relocation records in macho64 backend. * Fix symbol lookup computation in macho64 backend. * Adjust .symtab and .rela.text sections alignments to 8 bytes in elf64 backed. * Fix section length computation in bin backend which leaded in incorrect relocation records. nasm was updated to version 2.11.08: * Fix section length computation in bin backend which leaded in incorrect relocation records. * Add a warning for numeric preprocessor definitions passed via command line which might have unexpected results otherwise. * Add ability to specify a module name record in rdoff linker Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1864=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): nasm-2.14.02-4.8.1 nasm-debuginfo-2.14.02-4.8.1 nasm-debugsource-2.14.02-4.8.1 References: https://www.suse.com/security/cve/CVE-2017-14228.html https://www.suse.com/security/cve/CVE-2017-17810.html https://www.suse.com/security/cve/CVE-2017-17811.html https://www.suse.com/security/cve/CVE-2017-17812.html https://www.suse.com/security/cve/CVE-2017-17813.html https://www.suse.com/security/cve/CVE-2017-17814.html https://www.suse.com/security/cve/CVE-2017-17815.html https://www.suse.com/security/cve/CVE-2017-17816.html https://www.suse.com/security/cve/CVE-2017-17817.html https://www.suse.com/security/cve/CVE-2017-17818.html https://www.suse.com/security/cve/CVE-2017-17819.html https://www.suse.com/security/cve/CVE-2017-17820.html https://bugzilla.suse.com/1058013 https://bugzilla.suse.com/1073796 https://bugzilla.suse.com/1073798 https://bugzilla.suse.com/1073799 https://bugzilla.suse.com/1073803 https://bugzilla.suse.com/1073808 https://bugzilla.suse.com/1073818 https://bugzilla.suse.com/1073823 https://bugzilla.suse.com/1073829 https://bugzilla.suse.com/1073830 https://bugzilla.suse.com/1073832 https://bugzilla.suse.com/1073846 https://bugzilla.suse.com/1084631 From sle-security-updates at lists.suse.com Tue Jul 7 10:21:05 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:21:05 +0200 (CEST) Subject: SUSE-SU-2020:1300-2: important: Security update for gstreamer-plugins-base Message-ID: <20200707162105.15BBCFF11@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-base ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1300-2 Rating: important References: #1133375 Cross-References: CVE-2019-9928 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-plugins-base fixes the following issue: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1300=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): gstreamer-plugins-base-32bit-debuginfo-1.12.5-3.3.1 gstreamer-plugins-base-debugsource-1.12.5-3.3.1 libgstaudio-1_0-0-32bit-1.12.5-3.3.1 libgstaudio-1_0-0-32bit-debuginfo-1.12.5-3.3.1 libgsttag-1_0-0-32bit-1.12.5-3.3.1 libgsttag-1_0-0-32bit-debuginfo-1.12.5-3.3.1 libgstvideo-1_0-0-32bit-1.12.5-3.3.1 libgstvideo-1_0-0-32bit-debuginfo-1.12.5-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-9928.html https://bugzilla.suse.com/1133375 From sle-security-updates at lists.suse.com Tue Jul 7 10:21:47 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:21:47 +0200 (CEST) Subject: SUSE-SU-2020:1164-2: important: Security update for LibVNCServer Message-ID: <20200707162147.43F29FF0B@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1164-2 Rating: important References: #1155419 #1160471 #1170441 Cross-References: CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: - CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471). - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). - CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1164=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.14.1 libvncserver0-0.9.10-4.14.1 libvncserver0-debuginfo-0.9.10-4.14.1 References: https://www.suse.com/security/cve/CVE-2019-15681.html https://www.suse.com/security/cve/CVE-2019-15690.html https://www.suse.com/security/cve/CVE-2019-20788.html https://bugzilla.suse.com/1155419 https://bugzilla.suse.com/1160471 https://bugzilla.suse.com/1170441 From sle-security-updates at lists.suse.com Tue Jul 7 10:22:41 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:22:41 +0200 (CEST) Subject: SUSE-SU-2020:0629-2: moderate: Security update for librsvg Message-ID: <20200707162241.9A374FF0B@maintenance.suse.de> SUSE Security Update: Security update for librsvg ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0629-2 Rating: moderate References: #1162501 Cross-References: CVE-2019-20446 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for librsvg to version 2.42.8 fixes the following issues: librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service (bsc#1162501). NOTE: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. - Fixed a stack exhaustion with circular references in elements. - Fixed a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG "use" elements in malicious SVGs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-629=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-629=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): librsvg-debugsource-2.42.8-3.3.1 rsvg-view-2.42.8-3.3.1 rsvg-view-debuginfo-2.42.8-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): librsvg-debugsource-2.42.8-3.3.1 rsvg-view-2.42.8-3.3.1 rsvg-view-debuginfo-2.42.8-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-20446.html https://bugzilla.suse.com/1162501 From sle-security-updates at lists.suse.com Tue Jul 7 10:24:00 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:24:00 +0200 (CEST) Subject: SUSE-SU-2020:1682-2: important: Security update for perl Message-ID: <20200707162400.557ABFF0B@maintenance.suse.de> SUSE Security Update: Security update for perl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1682-2 Rating: important References: #1171863 #1171864 #1171866 #1172348 Cross-References: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed a bad warning in features.ph (bsc#1172348). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1682=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): perl-32bit-5.26.1-7.12.1 perl-32bit-debuginfo-5.26.1-7.12.1 perl-debugsource-5.26.1-7.12.1 References: https://www.suse.com/security/cve/CVE-2020-10543.html https://www.suse.com/security/cve/CVE-2020-10878.html https://www.suse.com/security/cve/CVE-2020-12723.html https://bugzilla.suse.com/1171863 https://bugzilla.suse.com/1171864 https://bugzilla.suse.com/1171866 https://bugzilla.suse.com/1172348 From sle-security-updates at lists.suse.com Tue Jul 7 10:25:46 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:25:46 +0200 (CEST) Subject: SUSE-SU-2020:1661-2: moderate: Security update for php7 Message-ID: <20200707162546.965E7FEC3@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1661-2 Rating: moderate References: #1171999 Cross-References: CVE-2019-11048 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads (bsc#1171999). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1661=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.58.2 php7-debugsource-7.2.5-4.58.2 php7-embed-7.2.5-4.58.2 php7-embed-debuginfo-7.2.5-4.58.2 References: https://www.suse.com/security/cve/CVE-2019-11048.html https://bugzilla.suse.com/1171999 From sle-security-updates at lists.suse.com Tue Jul 7 10:26:25 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:26:25 +0200 (CEST) Subject: SUSE-SU-2020:0594-2: moderate: Security update for gd Message-ID: <20200707162625.CA072FEC3@maintenance.suse.de> SUSE Security Update: Security update for gd ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0594-2 Rating: moderate References: #1140120 #1165471 Cross-References: CVE-2018-14553 CVE-2019-11038 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gd fixes the following issues: Security issue fixed: - CVE-2018-14553: Fixed a null pointer dereference in gdImageClone (bsc#1165471). - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm() (bsc#1140120). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-594=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): gd-debugsource-2.2.5-4.14.1 libgd3-32bit-2.2.5-4.14.1 libgd3-32bit-debuginfo-2.2.5-4.14.1 References: https://www.suse.com/security/cve/CVE-2018-14553.html https://www.suse.com/security/cve/CVE-2019-11038.html https://bugzilla.suse.com/1140120 https://bugzilla.suse.com/1165471 From sle-security-updates at lists.suse.com Tue Jul 7 10:27:13 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jul 2020 18:27:13 +0200 (CEST) Subject: SUSE-SU-2020:0111-2: moderate: Security update for Mesa Message-ID: <20200707162713.81EC0FEC3@maintenance.suse.de> SUSE Security Update: Security update for Mesa ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0111-2 Rating: moderate References: #1156015 Cross-References: CVE-2019-5068 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for Mesa fixes the following issues: Security issue fixed: - CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability (bsc#1156015). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-111=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): Mesa-debugsource-18.3.2-34.9.1 libOSMesa8-32bit-18.3.2-34.9.1 libOSMesa8-32bit-debuginfo-18.3.2-34.9.1 References: https://www.suse.com/security/cve/CVE-2019-5068.html https://bugzilla.suse.com/1156015 From sle-security-updates at lists.suse.com Tue Jul 7 13:13:15 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 7 Jul 2020 21:13:15 +0200 (CEST) Subject: SUSE-SU-2020:1873-1: important: Security update for LibVNCServer Message-ID: <20200707191315.87CAFFDE1@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1873-1 Rating: important References: #1173477 Cross-References: CVE-2017-18922 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for LibVNCServer fixes the following issues: - CVE-2017-18922: Fixed an issue which could have allowed to an attacker to pre-auth overwrite a function pointer which subsequently used leading to potential remote code execution (bsc#1173477). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1873=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-1873=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1873=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1873=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): LibVNCServer-debugsource-0.9.10-4.19.1 libvncclient0-0.9.10-4.19.1 libvncclient0-debuginfo-0.9.10-4.19.1 libvncserver0-0.9.10-4.19.1 libvncserver0-debuginfo-0.9.10-4.19.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): LibVNCServer-debugsource-0.9.10-4.19.1 libvncclient0-0.9.10-4.19.1 libvncclient0-debuginfo-0.9.10-4.19.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.19.1 libvncserver0-0.9.10-4.19.1 libvncserver0-debuginfo-0.9.10-4.19.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.19.1 libvncserver0-0.9.10-4.19.1 libvncserver0-debuginfo-0.9.10-4.19.1 References: https://www.suse.com/security/cve/CVE-2017-18922.html https://bugzilla.suse.com/1173477 From sle-security-updates at lists.suse.com Wed Jul 8 07:13:33 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:13:33 +0200 (CEST) Subject: SUSE-SU-2020:1695-2: moderate: Security update for osc Message-ID: <20200708131333.39E87FDE1@maintenance.suse.de> SUSE Security Update: Security update for osc ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1695-2 Rating: moderate References: #1122675 Cross-References: CVE-2019-3681 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for osc to 0.169.1 fixes the following issues: Security issue fixed: - CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths (bsc#1122675). Non-security issues fixed: - Improved the speed and usability of osc bash completion. - improved some error messages. - osc add: support git@ (private github) or git:// URLs correctly. - Split dependson and whatdependson commands. - Added support for osc build --shell-cmd. - Added pkg-ccache support for osc build. - Added --ccache option to osc getbinaries Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1695=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): osc-0.169.1-3.20.1 References: https://www.suse.com/security/cve/CVE-2019-3681.html https://bugzilla.suse.com/1122675 From sle-security-updates at lists.suse.com Wed Jul 8 07:14:55 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:14:55 +0200 (CEST) Subject: SUSE-SU-2019:3192-2: moderate: Security update for opencv Message-ID: <20200708131455.0C2C0FDE1@maintenance.suse.de> SUSE Security Update: Security update for opencv ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:3192-2 Rating: moderate References: #1144348 #1144352 #1149742 #1154091 Cross-References: CVE-2019-14491 CVE-2019-14492 CVE-2019-15939 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for opencv fixes the following issues: Security issues fixed: - CVE-2019-14491: Fixed an out of bounds read in the function cv:predictOrdered, leading to DOS (bsc#1144352). - CVE-2019-14492: Fixed an out of bounds read/write in the function HaarEvaluator:OptFeature:calc, which leads to denial of service (bsc#1144348). - CVE-2019-15939: Fixed a divide-by-zero error in cv:HOGDescriptor:getDescriptorSize (bsc#1149742). Non-security issue fixed: - Fixed an issue in opencv-devel that broke builds with "No rule to make target opencv_calib3d-NOTFOUND" (bsc#1154091). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1875=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1875=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1875=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libopencv3_3-3.3.1-6.6.1 libopencv3_3-debuginfo-3.3.1-6.6.1 opencv-3.3.1-6.6.1 opencv-debuginfo-3.3.1-6.6.1 opencv-debugsource-3.3.1-6.6.1 opencv-devel-3.3.1-6.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): opencv-debuginfo-3.3.1-6.6.1 opencv-debugsource-3.3.1-6.6.1 python2-opencv-3.3.1-6.6.1 python2-opencv-debuginfo-3.3.1-6.6.1 python3-opencv-3.3.1-6.6.1 python3-opencv-debuginfo-3.3.1-6.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): opencv-debuginfo-3.3.1-6.6.1 opencv-debugsource-3.3.1-6.6.1 python2-opencv-3.3.1-6.6.1 python2-opencv-debuginfo-3.3.1-6.6.1 python3-opencv-3.3.1-6.6.1 python3-opencv-debuginfo-3.3.1-6.6.1 References: https://www.suse.com/security/cve/CVE-2019-14491.html https://www.suse.com/security/cve/CVE-2019-14492.html https://www.suse.com/security/cve/CVE-2019-15939.html https://bugzilla.suse.com/1144348 https://bugzilla.suse.com/1144352 https://bugzilla.suse.com/1149742 https://bugzilla.suse.com/1154091 From sle-security-updates at lists.suse.com Wed Jul 8 07:15:54 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:15:54 +0200 (CEST) Subject: SUSE-SU-2020:14421-1: important: Security update for MozillaFirefox Message-ID: <20200708131554.CA207FDE1@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14421-1 Rating: important References: #1166238 #1167231 #1173576 Cross-References: CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14421=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-78.0.1-78.80.2 MozillaFirefox-branding-SLED-78-21.12.1 MozillaFirefox-translations-common-78.0.1-78.80.2 MozillaFirefox-translations-other-78.0.1-78.80.2 References: https://www.suse.com/security/cve/CVE-2020-12402.html https://www.suse.com/security/cve/CVE-2020-12415.html https://www.suse.com/security/cve/CVE-2020-12416.html https://www.suse.com/security/cve/CVE-2020-12417.html https://www.suse.com/security/cve/CVE-2020-12418.html https://www.suse.com/security/cve/CVE-2020-12419.html https://www.suse.com/security/cve/CVE-2020-12420.html https://www.suse.com/security/cve/CVE-2020-12421.html https://www.suse.com/security/cve/CVE-2020-12422.html https://www.suse.com/security/cve/CVE-2020-12423.html https://www.suse.com/security/cve/CVE-2020-12424.html https://www.suse.com/security/cve/CVE-2020-12425.html https://www.suse.com/security/cve/CVE-2020-12426.html https://bugzilla.suse.com/1166238 https://bugzilla.suse.com/1167231 https://bugzilla.suse.com/1173576 From sle-security-updates at lists.suse.com Wed Jul 8 07:18:23 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:18:23 +0200 (CEST) Subject: SUSE-SU-2019:2891-2: moderate: Security update for python-ecdsa Message-ID: <20200708131823.1BC0DFDE1@maintenance.suse.de> SUSE Security Update: Security update for python-ecdsa ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2891-2 Rating: moderate References: #1153165 #1154217 Cross-References: CVE-2019-14853 CVE-2019-14859 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-ecdsa to version 0.13.3 fixes the following issues: Security issues fixed: - CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165). - CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1877=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1877=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1877=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-ecdsa-0.13.3-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-ecdsa-0.13.3-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-ecdsa-0.13.3-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-14853.html https://www.suse.com/security/cve/CVE-2019-14859.html https://bugzilla.suse.com/1153165 https://bugzilla.suse.com/1154217 From sle-security-updates at lists.suse.com Wed Jul 8 07:19:09 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:19:09 +0200 (CEST) Subject: SUSE-SU-2020:1621-2: important: Security update for libEMF Message-ID: <20200708131909.60A71FDE1@maintenance.suse.de> SUSE Security Update: Security update for libEMF ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1621-2 Rating: important References: #1171496 #1171497 #1171498 #1171499 Cross-References: CVE-2020-11863 CVE-2020-11864 CVE-2020-11865 CVE-2020-11866 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libEMF fixes the following issues: - CVE-2020-11863: Fixed an issue which could have led to denial of service (bsc#1171496). - CVE-2020-11864: Fixed an issue which could have led to denial of service (bsc#1171499). - CVE-2020-11865: Fixed an out of bounds memory access (bsc#1171497). - CVE-2020-11866: Fixed a use after free (bsc#1171498). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1621=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libEMF-debuginfo-1.0.7-3.3.1 libEMF-debugsource-1.0.7-3.3.1 libEMF1-1.0.7-3.3.1 libEMF1-debuginfo-1.0.7-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-11863.html https://www.suse.com/security/cve/CVE-2020-11864.html https://www.suse.com/security/cve/CVE-2020-11865.html https://www.suse.com/security/cve/CVE-2020-11866.html https://bugzilla.suse.com/1171496 https://bugzilla.suse.com/1171497 https://bugzilla.suse.com/1171498 https://bugzilla.suse.com/1171499 From sle-security-updates at lists.suse.com Wed Jul 8 07:20:07 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:20:07 +0200 (CEST) Subject: SUSE-SU-2019:2425-2: important: Security update for nmap Message-ID: <20200708132007.C2F31FDE1@maintenance.suse.de> SUSE Security Update: Security update for nmap ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2425-2 Rating: important References: #1135350 #1148742 Cross-References: CVE-2017-18594 CVE-2018-15173 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nmap fixes the following issues: Security issue fixed: - CVE-2017-18594: Fixed a denial of service condition due to a double free when an SSH connection fails. (bsc#1148742) Non-security issue fixed: - Fixed a regression in the version scanner caused, by the fix for CVE-2018-15173. (bsc#1135350) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1874=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1874=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1874=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): nmap-debuginfo-7.70-3.12.1 nmap-debugsource-7.70-3.12.1 nping-7.70-3.12.1 nping-debuginfo-7.70-3.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): nmap-debuginfo-7.70-3.12.1 nmap-debugsource-7.70-3.12.1 nping-7.70-3.12.1 nping-debuginfo-7.70-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): nmap-7.70-3.12.1 nmap-debuginfo-7.70-3.12.1 nmap-debugsource-7.70-3.12.1 References: https://www.suse.com/security/cve/CVE-2017-18594.html https://www.suse.com/security/cve/CVE-2018-15173.html https://bugzilla.suse.com/1135350 https://bugzilla.suse.com/1148742 From sle-security-updates at lists.suse.com Wed Jul 8 07:20:55 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:20:55 +0200 (CEST) Subject: SUSE-SU-2020:1417-2: moderate: Security update for freetds Message-ID: <20200708132055.DFF80FDE1@maintenance.suse.de> SUSE Security Update: Security update for freetds ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1417-2 Rating: moderate References: #1141132 Cross-References: CVE-2019-13508 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for freetds to 1.1.36 fixes the following issues: Security issue fixed: - CVE-2019-13508: Fixed a heap overflow that could have been caused by malicious servers sending UDT types over protocol version 5.0 (bsc#1141132). Non-security issues fixed: - Enabled Kerberos support - Version update to 1.1.36: * Default TDS protocol version is now "auto" * Improved UTF-8 performances * TDS Pool Server is enabled * MARS support is enabled * NTLMv2 is enabled * See NEWS and ChangeLog for a complete list of changes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1417=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1417=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1417=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): freetds-debuginfo-1.1.36-3.3.1 freetds-debugsource-1.1.36-3.3.1 libct4-1.1.36-3.3.1 libct4-debuginfo-1.1.36-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): freetds-debuginfo-1.1.36-3.3.1 freetds-debugsource-1.1.36-3.3.1 libsybdb5-1.1.36-3.3.1 libsybdb5-debuginfo-1.1.36-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): freetds-debuginfo-1.1.36-3.3.1 freetds-debugsource-1.1.36-3.3.1 libsybdb5-1.1.36-3.3.1 libsybdb5-debuginfo-1.1.36-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-13508.html https://bugzilla.suse.com/1141132 From sle-security-updates at lists.suse.com Wed Jul 8 07:21:36 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:21:36 +0200 (CEST) Subject: SUSE-SU-2020:0819-2: important: Security update for icu Message-ID: <20200708132136.8A905FDE1@maintenance.suse.de> SUSE Security Update: Security update for icu ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0819-2 Rating: important References: #1166844 Cross-References: CVE-2020-10531 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for icu fixes the following issues: - CVE-2020-10531: Fixed a potential integer overflow in UnicodeString:doAppend (bsc#1166844). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-819=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-819=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): icu-debuginfo-60.2-3.9.1 icu-debugsource-60.2-3.9.1 libicu60_2-60.2-3.9.1 libicu60_2-debuginfo-60.2-3.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): libicu60_2-bedata-60.2-3.9.1 libicu60_2-ledata-60.2-3.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): icu-60.2-3.9.1 icu-debuginfo-60.2-3.9.1 icu-debugsource-60.2-3.9.1 References: https://www.suse.com/security/cve/CVE-2020-10531.html https://bugzilla.suse.com/1166844 From sle-security-updates at lists.suse.com Wed Jul 8 07:22:18 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:22:18 +0200 (CEST) Subject: SUSE-SU-2020:1553-2: moderate: Security update for libexif Message-ID: <20200708132218.12768FDE1@maintenance.suse.de> SUSE Security Update: Security update for libexif ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1553-2 Rating: moderate References: #1055857 #1059893 #1120943 #1160770 #1171475 #1171847 #1172105 #1172116 #1172121 Cross-References: CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2019-9278 CVE-2020-0093 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for libexif to 0.6.22 fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: - libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1553=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1553=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1553=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): libexif-debugsource-0.6.22-5.6.1 libexif12-32bit-0.6.22-5.6.1 libexif12-32bit-debuginfo-0.6.22-5.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (x86_64): libexif-debugsource-0.6.22-5.6.1 libexif12-32bit-0.6.22-5.6.1 libexif12-32bit-debuginfo-0.6.22-5.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.22-5.6.1 libexif-devel-0.6.22-5.6.1 libexif12-0.6.22-5.6.1 libexif12-debuginfo-0.6.22-5.6.1 References: https://www.suse.com/security/cve/CVE-2016-6328.html https://www.suse.com/security/cve/CVE-2017-7544.html https://www.suse.com/security/cve/CVE-2018-20030.html https://www.suse.com/security/cve/CVE-2019-9278.html https://www.suse.com/security/cve/CVE-2020-0093.html https://www.suse.com/security/cve/CVE-2020-12767.html https://www.suse.com/security/cve/CVE-2020-13112.html https://www.suse.com/security/cve/CVE-2020-13113.html https://www.suse.com/security/cve/CVE-2020-13114.html https://bugzilla.suse.com/1055857 https://bugzilla.suse.com/1059893 https://bugzilla.suse.com/1120943 https://bugzilla.suse.com/1160770 https://bugzilla.suse.com/1171475 https://bugzilla.suse.com/1171847 https://bugzilla.suse.com/1172105 https://bugzilla.suse.com/1172116 https://bugzilla.suse.com/1172121 From sle-security-updates at lists.suse.com Wed Jul 8 07:25:10 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:25:10 +0200 (CEST) Subject: SUSE-SU-2020:1297-2: moderate: Security update for libvpx Message-ID: <20200708132510.03052FDE1@maintenance.suse.de> SUSE Security Update: Security update for libvpx ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1297-2 Rating: moderate References: #1166066 Cross-References: CVE-2020-0034 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libvpx fixes the following issues: - CVE-2020-0034: Fixed an out-of-bounds read on truncated key frames (bsc#1166066). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1297=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1297=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1297=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1297=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.6.1-6.6.8 vpx-tools-1.6.1-6.6.8 vpx-tools-debuginfo-1.6.1-6.6.8 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.6.1-6.6.8 vpx-tools-1.6.1-6.6.8 vpx-tools-debuginfo-1.6.1-6.6.8 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.6.1-6.6.8 libvpx-devel-1.6.1-6.6.8 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.6.1-6.6.8 libvpx4-1.6.1-6.6.8 libvpx4-debuginfo-1.6.1-6.6.8 References: https://www.suse.com/security/cve/CVE-2020-0034.html https://bugzilla.suse.com/1166066 From sle-security-updates at lists.suse.com Wed Jul 8 07:25:51 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:25:51 +0200 (CEST) Subject: SUSE-SU-2020:1580-2: moderate: Security update for texlive-filesystem Message-ID: <20200708132551.CCC8EFDE1@maintenance.suse.de> SUSE Security Update: Security update for texlive-filesystem ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1580-2 Rating: moderate References: #1158910 #1159740 Cross-References: CVE-2020-8016 CVE-2020-8017 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for texlive-filesystem fixes the following issues: Security issues fixed: - CVE-2020-8016: Fixed a race condition in the spec file (bsc#1159740). - CVE-2020-8017: Fixed a race condition on a cron job (bsc#1158910). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1580=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): texlive-collection-basic-2017.135.svn41616-9.12.1 texlive-collection-bibtexextra-2017.135.svn44385-9.12.1 texlive-collection-binextra-2017.135.svn44515-9.12.1 texlive-collection-context-2017.135.svn42330-9.12.1 texlive-collection-fontsextra-2017.135.svn43356-9.12.1 texlive-collection-fontsrecommended-2017.135.svn35830-9.12.1 texlive-collection-fontutils-2017.135.svn37105-9.12.1 texlive-collection-formatsextra-2017.135.svn44177-9.12.1 texlive-collection-games-2017.135.svn42992-9.12.1 texlive-collection-humanities-2017.135.svn42268-9.12.1 texlive-collection-langarabic-2017.135.svn44496-9.12.1 texlive-collection-langchinese-2017.135.svn42675-9.12.1 texlive-collection-langcjk-2017.135.svn43009-9.12.1 texlive-collection-langcyrillic-2017.135.svn44401-9.12.1 texlive-collection-langczechslovak-2017.135.svn32550-9.12.1 texlive-collection-langenglish-2017.135.svn43650-9.12.1 texlive-collection-langeuropean-2017.135.svn44414-9.12.1 texlive-collection-langfrench-2017.135.svn40375-9.12.1 texlive-collection-langgerman-2017.135.svn42045-9.12.1 texlive-collection-langgreek-2017.135.svn44192-9.12.1 texlive-collection-langitalian-2017.135.svn30372-9.12.1 texlive-collection-langjapanese-2017.135.svn44554-9.12.1 texlive-collection-langkorean-2017.135.svn42106-9.12.1 texlive-collection-langother-2017.135.svn44414-9.12.1 texlive-collection-langpolish-2017.135.svn44371-9.12.1 texlive-collection-langportuguese-2017.135.svn30962-9.12.1 texlive-collection-langspanish-2017.135.svn40587-9.12.1 texlive-collection-latex-2017.135.svn41614-9.12.1 texlive-collection-latexextra-2017.135.svn44544-9.12.1 texlive-collection-latexrecommended-2017.135.svn44177-9.12.1 texlive-collection-luatex-2017.135.svn44500-9.12.1 texlive-collection-mathscience-2017.135.svn44396-9.12.1 texlive-collection-metapost-2017.135.svn44297-9.12.1 texlive-collection-music-2017.135.svn40561-9.12.1 texlive-collection-pictures-2017.135.svn44395-9.12.1 texlive-collection-plaingeneric-2017.135.svn44177-9.12.1 texlive-collection-pstricks-2017.135.svn44460-9.12.1 texlive-collection-publishers-2017.135.svn44485-9.12.1 texlive-collection-xetex-2017.135.svn43059-9.12.1 texlive-devel-2017.135-9.12.1 texlive-extratools-2017.135-9.12.1 texlive-filesystem-2017.135-9.12.1 texlive-scheme-basic-2017.135.svn25923-9.12.1 texlive-scheme-context-2017.135.svn35799-9.12.1 texlive-scheme-full-2017.135.svn44177-9.12.1 texlive-scheme-gust-2017.135.svn44177-9.12.1 texlive-scheme-infraonly-2017.135.svn41515-9.12.1 texlive-scheme-medium-2017.135.svn44177-9.12.1 texlive-scheme-minimal-2017.135.svn13822-9.12.1 texlive-scheme-small-2017.135.svn41825-9.12.1 texlive-scheme-tetex-2017.135.svn44187-9.12.1 References: https://www.suse.com/security/cve/CVE-2020-8016.html https://www.suse.com/security/cve/CVE-2020-8017.html https://bugzilla.suse.com/1158910 https://bugzilla.suse.com/1159740 From sle-security-updates at lists.suse.com Wed Jul 8 07:26:38 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 8 Jul 2020 15:26:38 +0200 (CEST) Subject: SUSE-SU-2020:1591-2: important: Security update for MozillaThunderbird Message-ID: <20200708132638.48B75FDE1@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1591-2 Rating: important References: #1172402 Cross-References: CVE-2020-12398 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 68.9.0 (bsc#1172402) - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410: Fixed multiple memory safety issues - CVE-2020-12398: Fixed a potential information leak due to security downgrade with IMAP STARTTLS - Use a symbolic icon from branding internals Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1591=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): MozillaThunderbird-68.9.0-3.85.2 MozillaThunderbird-debuginfo-68.9.0-3.85.2 MozillaThunderbird-debugsource-68.9.0-3.85.2 MozillaThunderbird-translations-common-68.9.0-3.85.2 MozillaThunderbird-translations-other-68.9.0-3.85.2 References: https://www.suse.com/security/cve/CVE-2020-12398.html https://www.suse.com/security/cve/CVE-2020-12405.html https://www.suse.com/security/cve/CVE-2020-12406.html https://www.suse.com/security/cve/CVE-2020-12410.html https://bugzilla.suse.com/1172402 From sle-security-updates at lists.suse.com Thu Jul 9 11:32:58 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Jul 2020 19:32:58 +0200 (CEST) Subject: SUSE-CU-2020:359-1: Security update of suse/sles12sp3 Message-ID: <20200709173258.785E6FDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:359-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.174 , suse/sles12sp3:latest Container Release : 24.174 Severity : important Type : security References : 1084671 1154256 1157315 1161262 1161436 1162698 1164538 1165633 1167622 1170715 1171145 1172698 1172704 CVE-2019-20386 CVE-2020-8023 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1842-1 Released: Fri Jul 3 22:40:42 2020 Summary: Security update for systemd Type: security Severity: moderate References: 1084671,1154256,1157315,1161262,1161436,1162698,1164538,1165633,1167622,1171145,CVE-2019-20386 This update for systemd fixes the following issues: - CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command (bsc#1161436). - Renamed the persistent link for ATA devices (bsc#1164538) - shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) - tmpfiles: removed unnecessary assert (bsc#1171145) - pid1: by default make user units inherit their umask from the user manager (bsc#1162698) - manager: fixed job mode when signalled to shutdown etc (bsc#1161262) - coredump: fixed bug that loses core dump files when core dumps are compressed and disk space is low. (bsc#1167622) - udev: inform systemd how many workers we can potentially spawn (#4036) (bsc#1165633) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1859-1 Released: Mon Jul 6 17:08:28 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1170715,1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). - Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715). From sle-security-updates at lists.suse.com Thu Jul 9 11:41:27 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Jul 2020 19:41:27 +0200 (CEST) Subject: SUSE-CU-2020:360-1: Security update of suse/sles12sp4 Message-ID: <20200709174127.188EAFDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:360-1 Container Tags : suse/sles12sp4:26.205 , suse/sles12sp4:latest Container Release : 26.205 Severity : important Type : security References : 1084671 1154256 1157315 1161262 1161436 1162698 1164538 1165633 1167622 1170715 1171145 1171883 1172698 1172704 CVE-2019-20386 CVE-2020-8023 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1842-1 Released: Fri Jul 3 22:40:42 2020 Summary: Security update for systemd Type: security Severity: moderate References: 1084671,1154256,1157315,1161262,1161436,1162698,1164538,1165633,1167622,1171145,CVE-2019-20386 This update for systemd fixes the following issues: - CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command (bsc#1161436). - Renamed the persistent link for ATA devices (bsc#1164538) - shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) - tmpfiles: removed unnecessary assert (bsc#1171145) - pid1: by default make user units inherit their umask from the user manager (bsc#1162698) - manager: fixed job mode when signalled to shutdown etc (bsc#1161262) - coredump: fixed bug that loses core dump files when core dumps are compressed and disk space is low. (bsc#1167622) - udev: inform systemd how many workers we can potentially spawn (#4036) (bsc#1165633) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1857-1 Released: Mon Jul 6 17:07:31 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1171883 This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1859-1 Released: Mon Jul 6 17:08:28 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1170715,1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). - Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715). From sle-security-updates at lists.suse.com Thu Jul 9 11:45:18 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Jul 2020 19:45:18 +0200 (CEST) Subject: SUSE-CU-2020:361-1: Security update of suse/sles12sp5 Message-ID: <20200709174518.08673FDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:361-1 Container Tags : suse/sles12sp5:6.5.21 , suse/sles12sp5:latest Container Release : 6.5.21 Severity : important Type : security References : 1084671 1154256 1157315 1161262 1161436 1162698 1164538 1165633 1167622 1170715 1171145 1171883 1172698 1172704 CVE-2019-20386 CVE-2020-8023 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1828-1 Released: Thu Jul 2 13:07:28 2020 Summary: Security update for systemd Type: security Severity: moderate References: 1084671,1154256,1157315,1161262,1161436,1162698,1164538,1165633,1167622,1171145,CVE-2019-20386 This update for systemd fixes the following issues: - CVE-2019-20386: Fixed a memory leak when executing the udevadm trigger command (bsc#1161436). - Renamed the persistent link for ATA devices (bsc#1164538) - shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) - tmpfiles: removed unnecessary assert (bsc#1171145) - pid1: by default make user units inherit their umask from the user manager (bsc#1162698) - manager: fixed job mode when signalled to shutdown etc (bsc#1161262) - coredump: fixed bug that loses core dump files when core dumps are compressed and disk space is low. (bsc#1167622) - udev: inform systemd how many workers we can potentially spawn (#4036) (bsc#1165633) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1857-1 Released: Mon Jul 6 17:07:31 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1171883 This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1859-1 Released: Mon Jul 6 17:08:28 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1170715,1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). - Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715). From sle-security-updates at lists.suse.com Thu Jul 9 11:54:19 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Jul 2020 19:54:19 +0200 (CEST) Subject: SUSE-CU-2020:362-1: Security update of suse/sle15 Message-ID: <20200709175419.BE17CFDE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:362-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.231 Container Release : 4.22.231 Severity : important Type : security References : 1082318 1090047 1103678 1107116 1107121 1111499 1130873 1130873 1133297 1137001 1139959 1154803 1154803 1164543 1164543 1165476 1165476 1165573 1165573 1166610 1166610 1167122 1167122 1168990 1168990 1169947 1170801 1171224 1171883 1172135 1172698 1172704 1172925 CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 CVE-2019-13012 CVE-2020-8023 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2780-1 Released: Mon Nov 26 17:46:10 2018 Summary: Security update for glib2 Type: security Severity: moderate References: 1107116,1107121,1111499,CVE-2018-16428,CVE-2018-16429 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference (crash). Avoid that, at the cost of introducing a new translatable error message (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issue fixed: - various GVariant parsing issues have been resolved (bsc#1111499) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:251-1 Released: Wed Feb 6 11:22:43 2019 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1090047 This update for glib2 provides the following fix: - Enable systemtap. (fate#326393, bsc#1090047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1594-1 Released: Fri Jun 21 10:17:15 2019 Summary: Security update for glib2 Type: security Severity: important References: 1103678,1137001,CVE-2019-12450 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed: - glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1833-1 Released: Fri Jul 12 17:53:51 2019 Summary: Security update for glib2 Type: security Severity: moderate References: 1139959,CVE-2019-13012 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1611-1 Released: Fri Jun 12 09:38:03 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.13 to fix: - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.4 to fix: - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - update translations - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) zypper was updated to version 1.14.36: - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1396-1 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Type: security Severity: moderate References: 1082318,1133297 This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1858-1 Released: Mon Jul 6 17:08:06 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1171883 This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1869-1 Released: Tue Jul 7 15:08:12 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.14: - Enable zstd compression support - Support blacklisted packages in solver_findproblemrule() (bnc#1172135) - Support rules with multiple negative literals in choice rule generation - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.7: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Fix core dump with corrupted history file (bsc#1170801) zypper was updated to 1.14.37: - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) From sle-security-updates at lists.suse.com Thu Jul 9 12:00:35 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Jul 2020 20:00:35 +0200 (CEST) Subject: SUSE-CU-2020:363-1: Security update of suse/sle15 Message-ID: <20200709180035.A7479FDF3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:363-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.264 Container Release : 6.2.264 Severity : important Type : security References : 1130873 1154803 1164543 1165476 1165573 1166610 1167122 1168990 1169947 1170801 1171224 1171883 1172135 1172698 1172704 1172925 CVE-2020-8023 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1860-1 Released: Mon Jul 6 17:09:44 2020 Summary: Security update for permissions Type: security Severity: moderate References: 1171883 This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1869-1 Released: Tue Jul 7 15:08:12 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.14: - Enable zstd compression support - Support blacklisted packages in solver_findproblemrule() (bnc#1172135) - Support rules with multiple negative literals in choice rule generation - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.7: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Fix core dump with corrupted history file (bsc#1170801) zypper was updated to 1.14.37: - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) From sle-security-updates at lists.suse.com Thu Jul 9 12:00:59 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 9 Jul 2020 20:00:59 +0200 (CEST) Subject: SUSE-CU-2020:364-1: Security update of suse/sle15 Message-ID: <20200709180059.E99C1FDF3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:364-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.699 Container Release : 8.2.699 Severity : important Type : security References : 1172698 1172704 CVE-2020-8023 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). From sle-security-updates at lists.suse.com Fri Jul 10 13:12:26 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Jul 2020 21:12:26 +0200 (CEST) Subject: SUSE-SU-2020:1887-1: important: Security update for xen Message-ID: <20200710191226.DF8BEFDE1@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1887-1 Rating: important References: #1027519 #1172205 #1173376 #1173377 #1173378 #1173380 Cross-References: CVE-2020-0543 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). - CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (bsc#1172205). Additional upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1887=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1887=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.3_04-3.18.1 xen-devel-4.12.3_04-3.18.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.3_04-3.18.1 xen-debugsource-4.12.3_04-3.18.1 xen-doc-html-4.12.3_04-3.18.1 xen-libs-32bit-4.12.3_04-3.18.1 xen-libs-4.12.3_04-3.18.1 xen-libs-debuginfo-32bit-4.12.3_04-3.18.1 xen-libs-debuginfo-4.12.3_04-3.18.1 xen-tools-4.12.3_04-3.18.1 xen-tools-debuginfo-4.12.3_04-3.18.1 xen-tools-domU-4.12.3_04-3.18.1 xen-tools-domU-debuginfo-4.12.3_04-3.18.1 References: https://www.suse.com/security/cve/CVE-2020-0543.html https://www.suse.com/security/cve/CVE-2020-15563.html https://www.suse.com/security/cve/CVE-2020-15565.html https://www.suse.com/security/cve/CVE-2020-15566.html https://www.suse.com/security/cve/CVE-2020-15567.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1172205 https://bugzilla.suse.com/1173376 https://bugzilla.suse.com/1173377 https://bugzilla.suse.com/1173378 https://bugzilla.suse.com/1173380 From sle-security-updates at lists.suse.com Fri Jul 10 13:13:37 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Jul 2020 21:13:37 +0200 (CEST) Subject: SUSE-SU-2020:1886-1: important: Security update for xen Message-ID: <20200710191337.9F36FFDE1@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1886-1 Rating: important References: #1173377 #1173378 #1173380 Cross-References: CVE-2020-15563 CVE-2020-15565 CVE-2020-15567 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1886=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1886=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1886=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1886=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1886=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1886=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1886=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_08-3.66.1 xen-debugsource-4.9.4_08-3.66.1 xen-doc-html-4.9.4_08-3.66.1 xen-libs-32bit-4.9.4_08-3.66.1 xen-libs-4.9.4_08-3.66.1 xen-libs-debuginfo-32bit-4.9.4_08-3.66.1 xen-libs-debuginfo-4.9.4_08-3.66.1 xen-tools-4.9.4_08-3.66.1 xen-tools-debuginfo-4.9.4_08-3.66.1 xen-tools-domU-4.9.4_08-3.66.1 xen-tools-domU-debuginfo-4.9.4_08-3.66.1 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_08-3.66.1 xen-debugsource-4.9.4_08-3.66.1 xen-doc-html-4.9.4_08-3.66.1 xen-libs-32bit-4.9.4_08-3.66.1 xen-libs-4.9.4_08-3.66.1 xen-libs-debuginfo-32bit-4.9.4_08-3.66.1 xen-libs-debuginfo-4.9.4_08-3.66.1 xen-tools-4.9.4_08-3.66.1 xen-tools-debuginfo-4.9.4_08-3.66.1 xen-tools-domU-4.9.4_08-3.66.1 xen-tools-domU-debuginfo-4.9.4_08-3.66.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_08-3.66.1 xen-debugsource-4.9.4_08-3.66.1 xen-doc-html-4.9.4_08-3.66.1 xen-libs-32bit-4.9.4_08-3.66.1 xen-libs-4.9.4_08-3.66.1 xen-libs-debuginfo-32bit-4.9.4_08-3.66.1 xen-libs-debuginfo-4.9.4_08-3.66.1 xen-tools-4.9.4_08-3.66.1 xen-tools-debuginfo-4.9.4_08-3.66.1 xen-tools-domU-4.9.4_08-3.66.1 xen-tools-domU-debuginfo-4.9.4_08-3.66.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_08-3.66.1 xen-debugsource-4.9.4_08-3.66.1 xen-doc-html-4.9.4_08-3.66.1 xen-libs-32bit-4.9.4_08-3.66.1 xen-libs-4.9.4_08-3.66.1 xen-libs-debuginfo-32bit-4.9.4_08-3.66.1 xen-libs-debuginfo-4.9.4_08-3.66.1 xen-tools-4.9.4_08-3.66.1 xen-tools-debuginfo-4.9.4_08-3.66.1 xen-tools-domU-4.9.4_08-3.66.1 xen-tools-domU-debuginfo-4.9.4_08-3.66.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_08-3.66.1 xen-debugsource-4.9.4_08-3.66.1 xen-doc-html-4.9.4_08-3.66.1 xen-libs-32bit-4.9.4_08-3.66.1 xen-libs-4.9.4_08-3.66.1 xen-libs-debuginfo-32bit-4.9.4_08-3.66.1 xen-libs-debuginfo-4.9.4_08-3.66.1 xen-tools-4.9.4_08-3.66.1 xen-tools-debuginfo-4.9.4_08-3.66.1 xen-tools-domU-4.9.4_08-3.66.1 xen-tools-domU-debuginfo-4.9.4_08-3.66.1 - SUSE Enterprise Storage 5 (x86_64): xen-4.9.4_08-3.66.1 xen-debugsource-4.9.4_08-3.66.1 xen-doc-html-4.9.4_08-3.66.1 xen-libs-32bit-4.9.4_08-3.66.1 xen-libs-4.9.4_08-3.66.1 xen-libs-debuginfo-32bit-4.9.4_08-3.66.1 xen-libs-debuginfo-4.9.4_08-3.66.1 xen-tools-4.9.4_08-3.66.1 xen-tools-debuginfo-4.9.4_08-3.66.1 xen-tools-domU-4.9.4_08-3.66.1 xen-tools-domU-debuginfo-4.9.4_08-3.66.1 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_08-3.66.1 xen-debugsource-4.9.4_08-3.66.1 xen-doc-html-4.9.4_08-3.66.1 xen-libs-32bit-4.9.4_08-3.66.1 xen-libs-4.9.4_08-3.66.1 xen-libs-debuginfo-32bit-4.9.4_08-3.66.1 xen-libs-debuginfo-4.9.4_08-3.66.1 xen-tools-4.9.4_08-3.66.1 xen-tools-debuginfo-4.9.4_08-3.66.1 xen-tools-domU-4.9.4_08-3.66.1 xen-tools-domU-debuginfo-4.9.4_08-3.66.1 References: https://www.suse.com/security/cve/CVE-2020-15563.html https://www.suse.com/security/cve/CVE-2020-15565.html https://www.suse.com/security/cve/CVE-2020-15567.html https://bugzilla.suse.com/1173377 https://bugzilla.suse.com/1173378 https://bugzilla.suse.com/1173380 From sle-security-updates at lists.suse.com Fri Jul 10 13:14:29 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Jul 2020 21:14:29 +0200 (CEST) Subject: SUSE-SU-2020:1888-1: important: Security update for xen Message-ID: <20200710191429.D8534FDE1@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1888-1 Rating: important References: #1173376 #1173377 #1173378 #1173380 Cross-References: CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1888=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1888=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1888=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): xen-4.10.4_12-3.35.1 xen-debugsource-4.10.4_12-3.35.1 xen-devel-4.10.4_12-3.35.1 xen-libs-4.10.4_12-3.35.1 xen-libs-debuginfo-4.10.4_12-3.35.1 xen-tools-4.10.4_12-3.35.1 xen-tools-debuginfo-4.10.4_12-3.35.1 xen-tools-domU-4.10.4_12-3.35.1 xen-tools-domU-debuginfo-4.10.4_12-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): xen-4.10.4_12-3.35.1 xen-debugsource-4.10.4_12-3.35.1 xen-devel-4.10.4_12-3.35.1 xen-libs-4.10.4_12-3.35.1 xen-libs-debuginfo-4.10.4_12-3.35.1 xen-tools-4.10.4_12-3.35.1 xen-tools-debuginfo-4.10.4_12-3.35.1 xen-tools-domU-4.10.4_12-3.35.1 xen-tools-domU-debuginfo-4.10.4_12-3.35.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): xen-4.10.4_12-3.35.1 xen-debugsource-4.10.4_12-3.35.1 xen-devel-4.10.4_12-3.35.1 xen-libs-4.10.4_12-3.35.1 xen-libs-debuginfo-4.10.4_12-3.35.1 xen-tools-4.10.4_12-3.35.1 xen-tools-debuginfo-4.10.4_12-3.35.1 xen-tools-domU-4.10.4_12-3.35.1 xen-tools-domU-debuginfo-4.10.4_12-3.35.1 References: https://www.suse.com/security/cve/CVE-2020-15563.html https://www.suse.com/security/cve/CVE-2020-15565.html https://www.suse.com/security/cve/CVE-2020-15566.html https://www.suse.com/security/cve/CVE-2020-15567.html https://bugzilla.suse.com/1173376 https://bugzilla.suse.com/1173377 https://bugzilla.suse.com/1173378 https://bugzilla.suse.com/1173380 From sle-security-updates at lists.suse.com Fri Jul 10 13:15:29 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 10 Jul 2020 21:15:29 +0200 (CEST) Subject: SUSE-SU-2020:1889-1: important: Security update for xen Message-ID: <20200710191529.109DAFDE1@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1889-1 Rating: important References: #1027519 #1172205 #1173376 #1173377 #1173378 #1173380 Cross-References: CVE-2020-0543 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). - CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (bsc#1172205). Additional upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-1889=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1889=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (x86_64): xen-4.12.3_04-3.22.1 xen-debugsource-4.12.3_04-3.22.1 xen-devel-4.12.3_04-3.22.1 xen-tools-4.12.3_04-3.22.1 xen-tools-debuginfo-4.12.3_04-3.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): xen-debugsource-4.12.3_04-3.22.1 xen-libs-4.12.3_04-3.22.1 xen-libs-debuginfo-4.12.3_04-3.22.1 xen-tools-domU-4.12.3_04-3.22.1 xen-tools-domU-debuginfo-4.12.3_04-3.22.1 References: https://www.suse.com/security/cve/CVE-2020-0543.html https://www.suse.com/security/cve/CVE-2020-15563.html https://www.suse.com/security/cve/CVE-2020-15565.html https://www.suse.com/security/cve/CVE-2020-15566.html https://www.suse.com/security/cve/CVE-2020-15567.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1172205 https://bugzilla.suse.com/1173376 https://bugzilla.suse.com/1173377 https://bugzilla.suse.com/1173378 https://bugzilla.suse.com/1173380 From sle-security-updates at lists.suse.com Mon Jul 13 07:16:41 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Jul 2020 15:16:41 +0200 (CEST) Subject: SUSE-SU-2019:1267-3: moderate: Security update for graphviz Message-ID: <20200713131641.869EDFDE1@maintenance.suse.de> SUSE Security Update: Security update for graphviz ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1267-3 Rating: moderate References: #1132091 Cross-References: CVE-2019-11023 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for graphviz fixes the following issues: Security issue fixed: - CVE-2019-11023: Fixed a denial of service vulnerability, which was caused by a NULL pointer dereference in agroot() (bsc#1132091). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1892=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1892=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1892=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1892=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1892=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-1892=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-tcl-2.40.1-6.3.2 graphviz-tcl-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-gnome-2.40.1-6.3.2 graphviz-gnome-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-gnome-2.40.1-6.3.2 graphviz-gnome-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-perl-2.40.1-6.3.2 graphviz-perl-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-2.40.1-6.3.2 graphviz-debuginfo-2.40.1-6.3.2 graphviz-debugsource-2.40.1-6.3.2 graphviz-devel-2.40.1-6.3.2 graphviz-plugins-core-2.40.1-6.3.2 graphviz-plugins-core-debuginfo-2.40.1-6.3.2 libgraphviz6-2.40.1-6.3.2 libgraphviz6-debuginfo-2.40.1-6.3.2 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): graphviz-addons-debuginfo-2.40.1-6.3.2 graphviz-addons-debugsource-2.40.1-6.3.2 graphviz-gd-2.40.1-6.3.2 graphviz-gd-debuginfo-2.40.1-6.3.2 graphviz-python-2.40.1-6.3.2 graphviz-python-debuginfo-2.40.1-6.3.2 References: https://www.suse.com/security/cve/CVE-2019-11023.html https://bugzilla.suse.com/1132091 From sle-security-updates at lists.suse.com Mon Jul 13 07:17:23 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Jul 2020 15:17:23 +0200 (CEST) Subject: SUSE-SU-2020:1891-1: important: Security update for xen Message-ID: <20200713131723.BEAEBFDE1@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1891-1 Rating: important References: #1173376 #1173377 #1173378 #1173380 Cross-References: CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1891=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1891=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1891=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1891=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xen-4.11.4_04-2.30.1 xen-debugsource-4.11.4_04-2.30.1 xen-doc-html-4.11.4_04-2.30.1 xen-libs-32bit-4.11.4_04-2.30.1 xen-libs-4.11.4_04-2.30.1 xen-libs-debuginfo-32bit-4.11.4_04-2.30.1 xen-libs-debuginfo-4.11.4_04-2.30.1 xen-tools-4.11.4_04-2.30.1 xen-tools-debuginfo-4.11.4_04-2.30.1 xen-tools-domU-4.11.4_04-2.30.1 xen-tools-domU-debuginfo-4.11.4_04-2.30.1 - SUSE OpenStack Cloud 9 (x86_64): xen-4.11.4_04-2.30.1 xen-debugsource-4.11.4_04-2.30.1 xen-doc-html-4.11.4_04-2.30.1 xen-libs-32bit-4.11.4_04-2.30.1 xen-libs-4.11.4_04-2.30.1 xen-libs-debuginfo-32bit-4.11.4_04-2.30.1 xen-libs-debuginfo-4.11.4_04-2.30.1 xen-tools-4.11.4_04-2.30.1 xen-tools-debuginfo-4.11.4_04-2.30.1 xen-tools-domU-4.11.4_04-2.30.1 xen-tools-domU-debuginfo-4.11.4_04-2.30.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): xen-4.11.4_04-2.30.1 xen-debugsource-4.11.4_04-2.30.1 xen-doc-html-4.11.4_04-2.30.1 xen-libs-32bit-4.11.4_04-2.30.1 xen-libs-4.11.4_04-2.30.1 xen-libs-debuginfo-32bit-4.11.4_04-2.30.1 xen-libs-debuginfo-4.11.4_04-2.30.1 xen-tools-4.11.4_04-2.30.1 xen-tools-debuginfo-4.11.4_04-2.30.1 xen-tools-domU-4.11.4_04-2.30.1 xen-tools-domU-debuginfo-4.11.4_04-2.30.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): xen-4.11.4_04-2.30.1 xen-debugsource-4.11.4_04-2.30.1 xen-doc-html-4.11.4_04-2.30.1 xen-libs-32bit-4.11.4_04-2.30.1 xen-libs-4.11.4_04-2.30.1 xen-libs-debuginfo-32bit-4.11.4_04-2.30.1 xen-libs-debuginfo-4.11.4_04-2.30.1 xen-tools-4.11.4_04-2.30.1 xen-tools-debuginfo-4.11.4_04-2.30.1 xen-tools-domU-4.11.4_04-2.30.1 xen-tools-domU-debuginfo-4.11.4_04-2.30.1 References: https://www.suse.com/security/cve/CVE-2020-15563.html https://www.suse.com/security/cve/CVE-2020-15565.html https://www.suse.com/security/cve/CVE-2020-15566.html https://www.suse.com/security/cve/CVE-2020-15567.html https://bugzilla.suse.com/1173376 https://bugzilla.suse.com/1173377 https://bugzilla.suse.com/1173378 https://bugzilla.suse.com/1173380 From sle-security-updates at lists.suse.com Mon Jul 13 10:13:20 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Jul 2020 18:13:20 +0200 (CEST) Subject: SUSE-SU-2020:1899-1: important: Security update for MozillaFirefox Message-ID: <20200713161320.4F709FC39@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1899-1 Rating: important References: #1167231 #1173576 #1173613 Cross-References: CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1899=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1899=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1899=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1899=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1899=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1899=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1899=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1899=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1899=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1899=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1899=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1899=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1899=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1899=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1899=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1899=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1899=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-78.0.1-112.3.1 MozillaFirefox-branding-SLE-78-35.3.1 MozillaFirefox-debuginfo-78.0.1-112.3.1 MozillaFirefox-debugsource-78.0.1-112.3.1 MozillaFirefox-devel-78.0.1-112.3.1 MozillaFirefox-translations-common-78.0.1-112.3.1 References: https://www.suse.com/security/cve/CVE-2020-12402.html https://www.suse.com/security/cve/CVE-2020-12415.html https://www.suse.com/security/cve/CVE-2020-12416.html https://www.suse.com/security/cve/CVE-2020-12417.html https://www.suse.com/security/cve/CVE-2020-12418.html https://www.suse.com/security/cve/CVE-2020-12419.html https://www.suse.com/security/cve/CVE-2020-12420.html https://www.suse.com/security/cve/CVE-2020-12421.html https://www.suse.com/security/cve/CVE-2020-12422.html https://www.suse.com/security/cve/CVE-2020-12423.html https://www.suse.com/security/cve/CVE-2020-12424.html https://www.suse.com/security/cve/CVE-2020-12425.html https://www.suse.com/security/cve/CVE-2020-12426.html https://bugzilla.suse.com/1167231 https://bugzilla.suse.com/1173576 https://bugzilla.suse.com/1173613 From sle-security-updates at lists.suse.com Mon Jul 13 10:14:17 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Jul 2020 18:14:17 +0200 (CEST) Subject: SUSE-SU-2020:1900-1: important: Security update for MozillaThunderbird Message-ID: <20200713161417.B2CB9FC39@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1900-1 Rating: important References: #1173576 Cross-References: CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for MozillaThunderbird to version 68.10.0 ESR fixes the following issues: - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1900=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-1900=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): MozillaThunderbird-68.10.0-3.88.1 MozillaThunderbird-debuginfo-68.10.0-3.88.1 MozillaThunderbird-debugsource-68.10.0-3.88.1 MozillaThunderbird-translations-common-68.10.0-3.88.1 MozillaThunderbird-translations-other-68.10.0-3.88.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-68.10.0-3.88.1 MozillaThunderbird-debuginfo-68.10.0-3.88.1 MozillaThunderbird-debugsource-68.10.0-3.88.1 MozillaThunderbird-translations-common-68.10.0-3.88.1 MozillaThunderbird-translations-other-68.10.0-3.88.1 References: https://www.suse.com/security/cve/CVE-2020-12417.html https://www.suse.com/security/cve/CVE-2020-12418.html https://www.suse.com/security/cve/CVE-2020-12419.html https://www.suse.com/security/cve/CVE-2020-12420.html https://www.suse.com/security/cve/CVE-2020-12421.html https://bugzilla.suse.com/1173576 From sle-security-updates at lists.suse.com Mon Jul 13 10:14:57 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 13 Jul 2020 18:14:57 +0200 (CEST) Subject: SUSE-SU-2020:1898-1: important: Security update for MozillaFirefox Message-ID: <20200713161457.96910FDE4@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1898-1 Rating: important References: #1166238 #1173576 #1173613 Cross-References: CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1898=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1898=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.0.1-3.94.2 MozillaFirefox-branding-SLE-78-4.14.1 MozillaFirefox-debuginfo-78.0.1-3.94.2 MozillaFirefox-debugsource-78.0.1-3.94.2 MozillaFirefox-translations-common-78.0.1-3.94.2 MozillaFirefox-translations-other-78.0.1-3.94.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.0.1-3.94.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.0.1-3.94.2 MozillaFirefox-branding-SLE-78-4.14.1 MozillaFirefox-debuginfo-78.0.1-3.94.2 MozillaFirefox-debugsource-78.0.1-3.94.2 MozillaFirefox-translations-common-78.0.1-3.94.2 MozillaFirefox-translations-other-78.0.1-3.94.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.0.1-3.94.2 References: https://www.suse.com/security/cve/CVE-2020-12402.html https://www.suse.com/security/cve/CVE-2020-12415.html https://www.suse.com/security/cve/CVE-2020-12416.html https://www.suse.com/security/cve/CVE-2020-12417.html https://www.suse.com/security/cve/CVE-2020-12418.html https://www.suse.com/security/cve/CVE-2020-12419.html https://www.suse.com/security/cve/CVE-2020-12420.html https://www.suse.com/security/cve/CVE-2020-12421.html https://www.suse.com/security/cve/CVE-2020-12422.html https://www.suse.com/security/cve/CVE-2020-12423.html https://www.suse.com/security/cve/CVE-2020-12424.html https://www.suse.com/security/cve/CVE-2020-12425.html https://www.suse.com/security/cve/CVE-2020-12426.html https://bugzilla.suse.com/1166238 https://bugzilla.suse.com/1173576 https://bugzilla.suse.com/1173613 From sle-security-updates at lists.suse.com Tue Jul 14 10:13:59 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Jul 2020 18:13:59 +0200 (CEST) Subject: SUSE-SU-2020:1901-1: important: Security update for ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard, openstack-dashboard-theme-HPE, openstack-heat-templates, openstack-keystone, openstack-monasca-agent, openstack-monasca-installer, openstack-neutron, openstack-octavia-amphora-image, python-Django, python-Flask, python-GitPython, python-Pillow, python-amqp, python-apicapi, python-keystoneauth1, python-oslo.messaging, python-psutil, python-pyroute2, python-pysaml2, python-tooz, python-waitress, storm Message-ID: <20200714161359.CF03EFC39@maintenance.suse.de> SUSE Security Update: Security update for ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard, openstack-dashboard-theme-HPE, openstack-heat-templates, openstack-keystone, openstack-monasca-agent, openstack-monasca-installer, openstack-neutron, openstack-octavia-amphora-image, python-Django, python-Flask, python-GitPython, python-Pillow, python-amqp, python-apicapi, python-keystoneauth1, python-oslo.messaging, python-psutil, python-pyroute2, python-pysaml2, python-tooz, python-waitress, storm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1901-1 Rating: important References: #1068612 #1092420 #1107190 #1108719 #1123872 #1126503 #1141968 #11483483 #1148383 #1153191 #1156525 #1159046 #1160152 #1160153 #1160192 #1160790 #1160851 #1161088 #1161089 #1161670 #1164322 #1167244 #1168593 #1169770 #1170657 #1171273 #1171560 #1171594 #1171661 #1171909 #1172166 #1172167 #1172175 #1172176 #1172409 Cross-References: CVE-2017-1000246 CVE-2019-1010083 CVE-2019-15043 CVE-2019-16785 CVE-2019-16786 CVE-2019-16789 CVE-2019-16792 CVE-2019-16865 CVE-2019-18874 CVE-2019-19911 CVE-2019-3828 CVE-2020-10663 CVE-2020-10743 CVE-2020-11076 CVE-2020-11077 CVE-2020-12052 CVE-2020-13254 CVE-2020-13379 CVE-2020-13596 CVE-2020-5312 CVE-2020-5313 CVE-2020-5390 CVE-2020-8151 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 23 vulnerabilities and has 12 fixes is now available. Description: This update for ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard, openstack-dashboard-theme-HPE, openstack-heat-templates, openstack-keystone, openstack-monasca-agent, openstack-monasca-installer, openstack-neutron, openstack-octavia-amphora-image, python-Django, python-Flask, python-GitPython, python-Pillow, python-amqp, python-apicapi, python-keystoneauth1, python-oslo.messaging, python-psutil, python-pyroute2, python-pysaml2, python-tooz, python-waitress, storm contains the following fixes: The update fixes several security issues: ansible - CVE-2019-3828: Fixed a path traversal in the fetch module (bsc#1126503). grafana - CVE-2020-13379: Fixed an incorrect access control issue which could lead to information leaks or denial of service (bsc#1172409). - CVE-2020-12052: Fixed an cross site scripting vulnerability related to the annotation popup (bsc#1170657). kibana - CVE-2020-10743: Fixed a clickjacking vulnerability (bsc#1171909). python-Django - CVE-2020-13254: Fixed a data leakage via malformed memcached keys. (bsc#1172167) - CVE-2020-13596: Fixed a cross site scripting vulnerability related to the admin parameters of the ForeignKeyRawIdWidget. (bsc#1172166) python-Flask - CVE-2019-1010083: Fixed a denial of service via crafted encoded JSON. (bsc#1141968) python-Pillow - CVE-2019-16865: Fixed a denial of service with specially crafted image files. (bsc#1153191) - CVE-2020-5312: Fixed a buffer overflow in the PCX P mode. (bsc#1160152) - CVE-2020-5313: Fixed a buffer overflow related to FLI. (bsc#1160153) - CVE-2019-19911: Fixed a denial of service in FpxImagePlugin.py. (bsc#1160192) python-psutil - CVE-2019-18874: Fixed a double free caused by refcount mishandling. (bsc#1156525) python-pysaml2 - CVE-2020-5390: Fixed an issue with the verification of signatures in SAML documents. (bsc#1160851) - CVE-2017-1000246: Fixed an issue with weak encryption data, caused by initialization vector reuse. (bsc#1068612) python-waitress (to version 1.4.3) - CVE-2019-16785: Fixed HTTP request smuggling through LF vs CRLF handling. (bsc#1161088) - CVE-2019-16786: Fixed HTTP request smuggling through invalid Transfer-Encoding. (bsc#1161089) - CVE-2019-16789: Fixed HTTP Request Smuggling through Invalid whitespace characters. (bsc#1160790) - CVE-2019-16792: Fixed HTTP Request Smuggling through Content-Length header handling. (bsc#1161670) rubygem-activeresource - CVE-2020-8151: Fixed information disclosure issue via specially crafted requests. (bsc#1171560) rubygem-json-1_7 - CVE-2020-10663: Fixed an unsafe object creation vulnerability. (bsc#1167244) rubygem-puma - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage. (bsc#1172175) - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header. (bsc#1172176) Other non-security fixes in in the update below: Changes in ansible: - Add 0001-Disallow-use-of-remote-home-directories-containing-..patch (bsc#1126503, CVE-2019-3828) Changes in ansible1: - Add 0001-Disallow-use-of-remote-home-directories-containing-..patch (bsc#1126503, CVE-2019-3828) Changes in ardana-ansible: - Update to version 8.0+git.1589740980.6c3bcdc: * Reconfigure rabbitmq user permissions on update (SOC-11082) - Update to version 8.0+git.1588953487.9bfd5cb: * Fix incorrect prefix used to collect supportconfig files (bsc#1171273) - Update to version 8.0+git.1585690828.81d8f45: * Cleanup keystone-ansible (bsc#1108719) Changes in ardana-cluster: - Update to version 8.0+git.1585685203.3e71e49: * Use bool filter to ensure valid boolean evaluation (SOC-11192) Changes in ardana-freezer: - Update to version 8.0+git.1586539529.b7d295f: * Recovering Cloud8 using Freezer or SSH backups if upgrade fails (SOC-10137) Changes in ardana-input-model: - Update to version 8.0+git.1589740934.0e0ad61: * Add default rabbitmq exchange write permissions (SOC-11082) - Update to version 8.0+git.1586174594.2b92ec3: * add port neutron security extension to CI models (SOC-11027) Changes in ardana-logging: - Update to version 8.0+git.1591194866.b7375d0: * kibana: set x-frame-options header (bsc#1171909) - Update to version 8.0+git.1586179244.ae61f62: * Fix YAMLLoadWarning: calling yaml.load() without Loader (bsc#1168593) Changes in ardana-mq: - Update to version 8.0+git.1589715269.62ad6df: * Don't mirror reply queues (SOC-10317) - Update to version 8.0+git.1586784724.586343d: * Actually fail if sync HA queues retries exceeded (SOC-11083) Changes in ardana-neutron: - Update to version 8.0+git.1590756744.ba84abc: * Update L3 rootwrap filters (SOC-11306) - Update to version 8.0+git.1587737509.4e09de3: * Add network.target "After" option (bsc#1169770) - Update to version 8.0+git.1586546152.e7bc07f: * Add neutron-common role dependencies (SOC-10875) - Update to version 8.0+git.1586543712.62bb5a3: * Fix neutron-ovsvapp-agent status (SOC-10637) - Update to version 8.0+git.1586535447.55769df: * Improve neutron service restart limit handling (SOC-8746) - Update to version 8.0+git.1586519528.a28db53: * Correctly setup ardana_notify_... fact (SOC-10902) Changes in ardana-octavia: - Update to version 8.0+git.1590100427.cf4cc8f: * fix octavia to glance communication over internal endpoint (SOC-11294) Changes in ardana-osconfig: - Update to version 8.0+git.1587034587.eac37b8: * Include SLE 12 SP3 LTSS repos in list of managed repos (SOC-11223) Changes in caasp-openstack-heat-templates: - Switch github URL from git@ to git:// to bypass authentication Changes in crowbar-core: - Update to version 5.0+git.1593156248.55bbdb26d: * Ignore CVE-8184 (SOC-11299) * Ignore latest ruby-related CVEs in the CI (SOC-11299) - Update to version 5.0+git.1589804984.44a89be24: * provisioner: Fix ssh key validation (SOC-11126) * assign host to hostless keys (noref) Changes in crowbar-openstack: - Update to version 5.0+git.1593085772.64c4ab43c: * monasca: Prevent deploying monasca-server to the node in pacemaker cluster (SOC-6354) - Update to version 5.0+git.1591171674.1f299cd1c: * Restore undeprecated nova dhcp_domain option (bsc#1171594) - Update to version 5.0+git.1591104265.683d76534: * [5.0] Fix availability zone script (bsc#1171661) - Update to version 5.0+git.1590398068.f5cfacc12: * nova: only create nonexistent cell1 - Update to version 5.0+git.1590150829.e86326d03: * [5.0] Tempest: enable test_volume_boot_pattern test (SOC-10874) - Update to version 5.0+git.1589814633.23fde86ab: * rabbitmq: sync startup definitions.json with recipe (SOC-11077,SOC-11274) - Update to version 5.0+git.1589647291.73c7f1cb6: * [5.0] trove: fix rabbitmq connection URL (SOC-11286) - Update to version 5.0+git.1589214669.8332efff3: * Fix monasca libvirt ping checks (bsc#1107190) - Update to version 5.0+git.1588271874.90adebc7a: * run keystone_register on cluster founder only when HA (SOC-11248) * nova: run keystone_register on cluster founder only (SOC-11243) - Update to version 5.0+git.1588059034.3823515b7: * tempest: retry openstack commands (SOC-11238) - Update to version 5.0+git.1587403360.c43cd9905: * tempest: disable block migration when using RBD (SOC-11176) - Update to version 5.0+git.1586293860.901cb0f55: * monasca: disable postgres backend monitoring by default (SOC-11190) - Update to version 5.0+git.1585659861.c29fac257: * magnum: Populate SSL configuration (SOC-9849) * magnum: Add SSL support (SOC-9849) * nova: Populate cinder SES settings early (SOC-11179) Changes in documentation-suse-openstack-cloud: - Update to version 8.20200527: * Update Travis config: new container name (noref) - Update to version 8.20200417: * Recovering Cloud8 using Freezer or SSH backups if upgrade fails (SOC-10137) - Update to version 8.20200326: * Clarify wipe_disks does not affect non-OS partitions (bsc#1092420) Changes in grafana: - Add CVE-2020-13379.patch * Security: fix unauthorized avatar proxying (bsc#1172409, CVE-2020-13379) - Refresh systemd-notification.patch - Fix declaration for LICENSE - Add 0002-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch * Security: Fix annotation popup XSS vulnerability (bsc#1170657) - Add CVE-2019-15043.patch (SOC-10357, CVE-2019-15043, bsc#11483483) Changes in kibana: - Add 0001-Configurable-custom-response-headers-for-server.patch (bsc#1171909, CVE-2020-10743) Changes in openstack-dashboard: - Update to version horizon-12.0.5.dev3: * Fix typo in publicize\_image policy name Changes in openstack-dashboard-theme-HPE: - Switch github URL from git@ to https:// to bypass authentication Changes in openstack-heat-templates: - Update to version 0.0.0+git.1582270132.8a20477: * Drop use of git.openstack.org * Add sample templates for Blazar Changes in openstack-keystone: - Update to version keystone-12.0.4.dev11: * Fix security issues with EC2 credentials - Update to version keystone-12.0.4.dev10: * Check timestamp of signed EC2 token request * Ensure OAuth1 authorized roles are respected - Update to version keystone-12.0.4.dev6: * Remove neutron-grenade job Changes in openstack-keystone: - Update to version keystone-12.0.4.dev11: * Fix security issues with EC2 credentials - Update to version keystone-12.0.4.dev10: * Check timestamp of signed EC2 token request * Ensure OAuth1 authorized roles are respected - Update to version keystone-12.0.4.dev6: * Remove neutron-grenade job Changes in openstack-monasca-agent: - update to version 2.2.6~dev4 - Add debug output for libvirt ping checks - Lockdown /bin/ip permissions for the monasca-agent (bsc#1107190) - add addtional arguments to /bin/ip in sudoers - Fix missing sudo privleges (bsc#1107190) - add /bin/ip and /usr/bin/ovs-vsctl to monasca-agent sudoers - removed 0001-Avoid-overwriting-sys.path-ip-command.patch - update to version 2.2.6~dev3 - Do not copy /sbin/ip to /usr/bin/monasa-agent-ip - update to version 2.2.6~dev2 - Remove incorrect assignment of ping_cmd to 'True' - update to version 2.2.6~dev1 - Update hacking version to 1.1.x Changes in openstack-monasca-installer: - Add 0001-kibana:-set-x-frame-options-header.patch (bsc#1171909, CVE-2020-10743) Changes in openstack-neutron: - Update to version neutron-11.0.9.dev65: * Revert iptables TCP checksum-fill code - Update to version neutron-11.0.9.dev64: * [Pike-only]: make grenade jobs non-voting Changes in openstack-neutron: - Update to version neutron-11.0.9.dev65: * Revert iptables TCP checksum-fill code - Update to version neutron-11.0.9.dev64: * [Pike-only]: make grenade jobs non-voting Changes in openstack-octavia-amphora-image: - Update image to 0.1.4 to include latest changes Changes in python-Django: - Security fixes (bsc#1172167, bsc#1172166, CVE-2020-13254, CVE-2020-13596) * Added patch CVE-2020-13254-1.8.19.patch * Added patch CVE-2020-13596-1.8.19.patch Changes in python-Flask: - Apply patch to resolve CVE-2019-1010083 (bsc#1141968) - 0001-detect-UTF-encodings-when-loading-json.patch Changes in python-GitPython: - Require git-core instead of git Changes in python-Pillow: - Remove decompression_bomb.gif and relevant test case to avoid ClamAV scan alerts during build - Add 001-Corrected-negative-seeks.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 002-Added-DecompressionBombError.patch * From upstream, backported * Adds DecompressionBombError class * Used by 003-Added-decompression-bomb-checks.patch - Add 003-Added-decompression-bomb-checks.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 004-Raise-error-if-dimension-is-a-string.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 005-Catch-buffer-overruns.patch * From upstream, backported * Fixes part of CVE-2019-16865, bsc#1153191 - Add 006-Catch-PCX-P-mode-buffer-overrun.patch * From upstream, backported * Fixes CVE-2020-5312, bsc#1160152 - Add 007-Test-animated-FLI-file.patch * From upstream, backported * Adds test animated FLI file * Used by 008-Ensure-previous-FLI-frame-is-loaded.patch - Add 008-Ensure-previous-FLI-frame-is-loaded.patch * From upstream, backported * Fixes https://github.com/python-pillow/Pillow/issues/2649 * Uncovers CVE-2020-5313, bsc#1160153 - Add 009-Catch-FLI-buffer-overrun.patch * From upstream, backported * Fixes CVE-2020-5313, bsc#1160153 - Add 010-Invalid-number-of-bands-in-FPX-image.patch * From upstream, backported * Fixes CVE-2019-19911, bsc#1160192 Changes in python-amqp: - Add python-devel as build dependecy * Required when building against python 2.7.17 Changes in python-apicapi: - Add python-devel as build dependecy * Required when building against python 2.7.17 Changes in python-keystoneauth1: - switch to tracking stable/pike tarball - disable renderspec - update to version 3.1.2.dev2 - Make tests pass in 2020 - OpenDev Migration Patch - import zuul job settings from project-config into stable/pike - Remove tox_install.sh - import zuul job settings from project-config - Update UPPER_CONSTRAINTS_FILE for stable/pike into stable/pike - Update .gitreview for stable/pike into stable/pike - Updated from global requirements - Update UPPER_CONSTRAINTS_FILE for stable/pike - Update .gitreview for stable/pike Changes in python-oslo.messaging: - added 0001-Use-default-exchange-for-direct-messaging.patch (SOC-11082, SOC-11274, bsc#1159046) - Add 0001-Retry-to-declare-a-queue-after-internal-error.patch (bsc#1123872) After receiving "AMQP internal error 541", retry to create the queue after a delay. Changes in python-psutil: - Add bsc1156525-CVE-2019-18874.patch (bsc#1156525, CVE-2019-18874)) Changes in python-pyroute2: - netns: fix NetNS resource leakage (#504) (bsc#1164322) Changes in python-pysaml2: - Add 0001-Always-generate-a-random-IV-for-AES-operations.patch (CVE-2017-1000246, bsc#1068612) - Add 0001-Fix-XML-Signature-Wrapping-XSW-vulnerabilities.patch (CVE-2020-5390, bsc#1160851) Changes in python-tooz: - update to version 1.58.1 - Update .gitreview for stable/pike - import zuul job settings from project-config - Add doc/requirements.txt - Fix sphinx-docs job for stable branch Changes in python-waitress: - update to 1.4.3 to include fixes for: * CVE-2019-16785 / bsc#1161088 * CVE-2019-16786 / bsc#1161089 * CVE-2019-16789 / bsc#1160790 * CVE-2019-16792 / bsc#1161670 - make sure UTF8 locale is used when runnning tests * Sometimes functional tests executed in python3 failed if stdout was not set to UTF-8. The error message was: ValueError: underlying buffer has been detached - %python3_only -> %python_alternative - update to 1.4.3 * Waitress did not properly validate that the HTTP headers it received were properly formed, thereby potentially allowing a front-end server to treat a request different from Waitress. This could lead to HTTP request smuggling/splitting. - drop patch local-intersphinx-inventories.patch * it was commented out, anyway - update to 1.4.0: - Waitress used to slam the door shut on HTTP pipelined requests without setting the ``Connection: close`` header as appropriate in the response. This is of course not very friendly. Waitress now explicitly sets the header when responding with an internally generated error such as 400 Bad Request or 500 Internal Server Error to notify the remote client that it will be closing the connection after the response is sent. - Waitress no longer allows any spaces to exist between the header field-name and the colon. While waitress did not strip the space and thereby was not vulnerable to any potential header field-name confusion, it should have sent back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273 - CRLR handling Security fixes - update to 1.3.1 * Waitress won???t accidentally throw away part of the path if it starts with a double slash - version update to 1.3.0 Deprecations ~~~~~~~~~~~~ - The ``send_bytes`` adjustment now defaults to ``1`` and is deprecated pending removal in a future release. and https://github.com/Pylons/waitress/pull/246 Features ~~~~~~~~ - Add a new ``outbuf_high_watermark`` adjustment which is used to apply backpressure on the ``app_iter`` to avoid letting it spin faster than data can be written to the socket. This stabilizes responses that iterate quickly with a lot of data. See https://github.com/Pylons/waitress/pull/242 - Stop early and close the ``app_iter`` when attempting to write to a closed socket due to a client disconnect. This should notify a long-lived streaming response when a client hangs up. See https://github.com/Pylons/waitress/pull/238 and https://github.com/Pylons/waitress/pull/240 and https://github.com/Pylons/waitress/pull/241 - Adjust the flush to output ``SO_SNDBUF`` bytes instead of whatever was set in the ``send_bytes`` adjustment. ``send_bytes`` now only controls how much waitress will buffer internally before flushing to the kernel, whereas previously it used to also throttle how much data was sent to the kernel. This change enables a streaming ``app_iter`` containing small chunks to still be flushed efficiently. See https://github.com/Pylons/waitress/pull/246 Bugfixes ~~~~~~~~ - Upon receiving a request that does not include HTTP/1.0 or HTTP/1.1 we will no longer set the version to the string value "None". See https://github.com/Pylons/waitress/pull/252 and https://github.com/Pylons/waitress/issues/110 - When a client closes a socket unexpectedly there was potential for memory leaks in which data was written to the buffers after they were closed, causing them to reopen. See https://github.com/Pylons/waitress/pull/239 - Fix the queue depth warnings to only show when all threads are busy. See https://github.com/Pylons/waitress/pull/243 and https://github.com/Pylons/waitress/pull/247 - Trigger the ``app_iter`` to close as part of shutdown. This will only be noticeable for users of the internal server api. In more typical operations the server will die before benefiting from these changes. See https://github.com/Pylons/waitress/pull/245 - Fix a bug in which a streaming ``app_iter`` may never cleanup data that has already been sent. This would cause buffers in waitress to grow without bounds. These buffers now properly rotate and release their data. See https://github.com/Pylons/waitress/pull/242 - Fix a bug in which non-seekable subclasses of ``io.IOBase`` would trigger an exception when passed to the ``wsgi.file_wrapper`` callback. See https://github.com/Pylons/waitress/pull/249 - Trim marketing wording and other platform mentions. - Add fetch-intersphinx-inventories.sh to sources - Add local-intersphinx-inventories.patch for generating the docs correctly - update to version 1.2.1: too many changes to list here, see: https://github.com/Pylons/waitress/blob/master/CHANGES.txt or even: https://github.com/Pylons/waitress/commits/master - Remove superfluous devel dependency for noarch package - update to version 1.1.0: * Features + Waitress now has a __main__ and thus may be called with "python -mwaitress" * Bugfixes + Waitress no longer allows lowercase HTTP verbs. This change was made to fall in line with most HTTP servers. See https://github.com/Pylons/waitress/pull/170 + When receiving non-ascii bytes in the request URL, waitress will no longer abruptly close the connection, instead returning a 400 Bad Request. See https://github.com/Pylons/waitress/pull/162 and https://github.com/Pylons/waitress/issues/64 - Update to 1.0.2 * Python 3.6 is now officially supported in Waitress * Add a work-around for libc issue on Linux not following the documented standards. If getnameinfo() fails because of DNS not being available it should return the IP address instead of the reverse DNS entry, however instead getnameinfo() raises. We catch this, and ask getnameinfo() for the same information again, explicitly asking for IP address instead of reverse DNS hostname. - Implement single-spec version. - Fix source URL. - update to 1.0.1: - IPv6 support on Windows was broken due to missing constants in the socket module. This has been resolved by setting the constants on Windows if they are missing. See https://github.com/Pylons/waitress/issues/138 - A ValueError was raised on Windows when passing a string for the port, on Windows in Python 2 using service names instead of port numbers doesn't work with `getaddrinfo`. This has been resolved by attempting to convert the port number to an integer, if that fails a ValueError will be raised. See https://github.com/Pylons/waitress/issues/139 - Removed `AI_ADDRCONFIG` from the call to `getaddrinfo`, this resolves an issue whereby `getaddrinfo` wouldn't return any addresses to `bind` to on hosts where there is no internet connection but localhost is requested to be bound to. See https://github.com/Pylons/waitress/issues/131 for more information. - disable tests. need network access. Changes in storm: - update to 1.1.3: * 1.1.3: * [STORM-3026] - Upgrade ZK instance for security * [STORM-3027] - Make Impersonation Optional * [STORM-3011] - Use default bin path in flight.bash if $JAVA_HOME is undefined * [STORM-3039] - Ports of killed topologies remain in TIME_WAIT state preventing to start new topology * [STORM-2911] - SpoutConfig is serializable but does not declare a serialVersionUID field * [STORM-2978] - The fix for STORM-2706 is broken, and adds a transitive dependency on Zookeeper 3.5.3-beta for projects that depend on e.g. storm-kafka * [STORM-2979] - WorkerHooks EOFException during run_worker_shutdown_hooks * [STORM-2981] - Upgrade Curator to lastest patch version * [STORM-2985] - Add jackson-annotations to dependency management * [STORM-2989] - LogCleaner should preserve current worker.log.metrics * [STORM-2994] - KafkaSpout consumes messages but doesn't commit offsets * [STORM-3043] - NullPointerException thrown in SimpleRecordTranslator.apply() * [STORM-3052] - Let blobs un archive * [STORM-3059] - KafkaSpout throws NPE when hitting a null tuple if the processing guarantee is not AT_LEAST_ONCE * [STORM-2960] - Better to stress importance of setting up proper OS account for Storm processes * [STORM-3060] - Configuration mapping between storm-kafka & storm-kafka-client * [STORM-2952] - Deprecate storm-kafka in 1.x * [STORM-3005] - [DRPC] LinearDRPCTopologyBuilder shouldn't be deprecated * [STORM-2841] - testNoAcksIfFlushFails UT fails with NullPointerException * 1.1.2: * [STORM-2512] - Change KafkaSpoutConfig in storm-kafka-client to make it work with flux * [STORM-2616] - Document the built in metrics (just in time to replace them???) * [STORM-2657] - Update SECURITY.MD * [STORM-2663] - Backport STORM-2558 and deprecate storm.cmd on 1.x-branch * [STORM-2712] - accept arbitrary number of rows per tuple in storm-cassandra * [STORM-2775] - Improve KafkaPartition Metric Names * [STORM-2807] - Integration test should shut down topologies immediately after the test * [STORM-2862] - More flexible logging in multilang (Python, Ruby, JS) * [STORM-2877] - Introduce an option to configure pagination in Storm UI * [STORM-2917] - Check the config(nimbus.host) before using it to connect * [STORM-2231] - NULL in DisruptorQueue while multi-threaded ack * [STORM-2426] - First tuples fail after worker is respawn * [STORM-2500] - waitUntilReady in PacemakerClient cannot be invoked * [STORM-2525] - Fix flaky integration tests * [STORM-2535] - test-reset-timeout is flaky. Replace with a more reliable test. * [STORM-2541] - Manual partition assignment doesn't work * [STORM-2607] - [kafka-client] Consumer group every time with lag 1 * [STORM-2642] - Storm-kafka-client spout cannot be serialized when using manual partition assignment * [STORM-2660] - The Nimbus storm-local directory is relative to the working directory of the shell executing "storm nimbus" * [STORM-2666] - Storm-kafka-client spout can sometimes emit messages that were already committed. * [STORM-2674] - NoNodeException when ZooKeeper tries to delete nodes * [STORM-2677] - consider all sampled tuples which took greater than 0 ms processing time * [STORM-2682] - Supervisor crashes with NullPointerException * [STORM-2690] - resurrect invocation of ISupervisor.assigned() & make Supervisor.launchDaemon() accessible * [STORM-2695] - BlobStore uncompress argument should be Boolean * [STORM-2705] - DRPCSpout sleeps twice when idle * [STORM-2706] - Nimbus stuck in exception and does not fail fast * [STORM-2724] - ExecutorService in WaterMarkEventGenerator never shutdown * [STORM-2736] - o.a.s.b.BlobStoreUtils [ERROR] Could not update the blob with key * [STORM-2750] - fix double_checked locking * [STORM-2751] - Remove AsyncLoggingContext from Supervisor * [STORM-2764] - HDFSBlobStore leaks file system objects * [STORM-2769] - Fast-fail if output stream Id is null * [STORM-2771] - Some tests are being run twice * [STORM-2779] - NPE on shutting down WindowedBoltExecutor * [STORM-2786] - Ackers leak tracking info on failure and lots of other cases. * [STORM-2810] - Storm-hdfs tests are leaking resources * [STORM-2811] - Nimbus may throw NPE if the same topology is killed multiple times, and the integration test kills the same topology multiple times * [STORM-2814] - Logviewer HTTP server should return 403 instead of 200 if the user is unauthorized * [STORM-2815] - UI HTTP server should return 403 if the user is unauthorized * [STORM-2833] - Cached Netty Connections can have different keys for the same thing. * [STORM-2853] - Deactivated topologies cause high cpu utilization * [STORM-2855] - Travis build doesn't work after update of Ubuntu image * [STORM-2856] - Make Storm build work on post 2017Q4 Travis Trusty image * [STORM-2868] - Address handling activate/deactivate in multilang module files * [STORM-2870] - FileBasedEventLogger leaks non-daemon ExecutorService which prevents process to be finished * [STORM-2876] - Some storm-hdfs tests fail with out of memory periodically * [STORM-2879] - Supervisor collapse continuously when there is a expired assignment for overdue storm * [STORM-2892] - Flux test fails to parse valid PATH environment variable * [STORM-2894] - fix some random typos in tests * [STORM-2912] - Tick tuple is being shared without resetting start time and incur side-effect to break metrics * [STORM-2918] - Upgrade Netty version * [STORM-2942] - Remove javadoc and source jars from toollib directory in binary distribution * [STORM-2874] - Minor style improvements to backpressure code * [STORM-2858] - Fix worker-launcher build * 1.1.1: * STORM-2659: Add daemon.name variable to storm.cmd to fix log4j logging * STORM-2652: fix error in open method of JmsSpout * STORM-2645: Update storm.py to be python3 compatible * STORM-2621: add tuple_population metric * STORM-2639: Kafka Spout incorrectly computes numCommittedOffsets due to voids in the topic (topic compaction) * STORM-2544: Fixing issue in acking of tuples that hit retry limit under manual commit mode * STORM-2618: Add TridentKafkaStateUpdater for storm-kafka-client * STORM-2608: Remove any pending offsets that are no longer valid * STORM-2503: Fix lgtm.com alerts on equality and comparison operations * STORM-2478: Fix BlobStoreTest.testDeleteAfterFailedCreate on Windows * STORM-2602: storm.zookeeper.topology.auth.payload doesn't work even you set it * STORM-2597: Don't parse passed in class paths * STORM-2564: We should provide a template for storm-cluster-auth.yaml * STORM-2568: Fix getTopicsString * STORM-2563: Remove the workaround to handle missing UGI.loginUserFromSubject * STORM-2552: KafkaSpoutMessageId should be serializable * STORM-2562: Use stronger key size than default for blow fish key generator and get rid of stack trace * STORM-2557: A bug in DisruptorQueue causing severe underestimation of queue arrival rates * STORM-2449: Ensure same key appears only once in State iterator * STORM-2516: Fix timing issues with testPrepareLateTupleStreamWithoutBuilder * STORM-2489: Overlap and data loss on WindowedBolt based on Duration * STORM-2528: Bump log4j version to 2.8.2 * STORM-2527: Initialize java.sql.DriverManager earlier to avoid deadlock * STORM-2413: Make new Kafka spout respect tuple retry limits * STORM-2518: Handles empty name for "USER type" ACL when normalizing ACLs * STORM-2511: Submitting a topology with name containing unicode getting failed * STORM-2496: Dependency artifacts should be uploaded to blobstore with READ permission for all * STORM-2505: Spout to support topic compaction * STORM-2498: Fix Download Full File link * STORM-2343: New Kafka spout can stop emitting tuples if more than maxUncommittedOffsets tuples fail at once. * STORM-2486: Prevent cd from printing target directory to avoid breaking classpath * STORM-2488: The UI user Must be HTTP. * STORM-2481: Upgrade Aether version to resolve Aether bug BUG-451566 * STORM-2435: Logging in storm.js inconsistent to console.log and does not support log levels * STORM-2315: New kafka spout can't commit offset when ack is disabled * STORM-2467: Use explicit charset when decoding from array backed buffer * STORM-1114: Race condition in trident zookeeper zk-node create/delete * STORM-2448: Add in Storm and JDK versions when submitting a topology * STORM-2343: Fix new Kafka spout stopping processing if more than maxUncommittedOffsets tuples fail at once * STORM-2431: the default blobstore.dir is storm.local.dir/blobs which is different from distcache-blobstore.md * STORM-2429: Properly validate supervisor.scheduler.meta * STORM-2451: windows storm.cmd does not set log4j2 config file correctly by default * STORM-2450: Write resources into correct local director * STORM-2440: Kill process if executor catches java.net.SocketTimeoutException * STORM-2432: Storm-Kafka-Client Trident Spout Seeks Incorrect Offset With UNCOMMITTED_LATEST Strategy * 1.1.0: * STORM-2425: Storm Hive Bolt not closing open transactions * STORM-2409: Storm-Kafka-Client KafkaSpout Support for Failed and NullTuples * STORM-2423: Join Bolt should use explicit instead of default window anchoring for emitted tuples * STORM-2416: Improve Release Packaging to Reduce File Size * STORM-2414: Skip checking meta's ACL when subject has write privileges for any blobs * STORM-2038: Disable symlinks with a config option * STORM-2240: STORM PMML Bolt - Add Support to Load Models from Blob Store * STORM-2412: Nimbus isLeader check while waiting for max replication * STORM-2408: build failed if storm.kafka.client.version = 0.10.2.0 * STORM-2403: Fix KafkaBolt test failure: tick tuple should not be acked * STORM-2361: Kafka spout - after leader change, it stops committing offsets to ZK * STORM-2353: Replace kafka-unit by kafka_2.11 and kafka-clients to test kafka-clients:0.10.1.1 * STORM-2387: Handle tick tuples properly for Bolts in external modules * STORM-2345: Type mismatch in ReadClusterState's ProfileAction processing Map * STORM-2400: Upgraded Curator to 2.12.0 and made respective API changes * STORM-2396: setting interrupted status back before throwing a RuntimeException * STORM-1772: Adding Perf module with topologies for measuring performance * STORM-2395: storm.cmd supervisor calls the wrong class name * STORM-2391: Move HdfsSpoutTopology from storm-starter to storm-hdfs-examples * STORM-2389: Avoid instantiating Event Logger when topology.eventlogger.executors=0 * STORM-2386: Fail-back Blob deletion also fails in BlobSynchronizer.syncBlobs. * STORM-2388: JoinBolt breaks compilation against JDK 7 * STORM-2374: Storm Kafka Client Test Topologies Must be Serializable * STORM-2372: Pacemaker client doesn't clean up heartbeats properly * STORM-2326: Upgrade log4j and slf4j * STORM-2334: Join Bolt implementation * STORM-1363: TridentKafkaState should handle null values from TridentTupleToKafkaMapper.getMessageFromTuple() * STORM-2365: Support for specifying output stream in event hubs spout * STORM-2250: Kafka spout refactoring to increase modularity and testability * STORM-2340: fix AutoCommitMode issue in KafkaSpout * STORM-2344: Flux YAML File Viewer for Nimbus UI * STORM-2350: Storm-HDFS's listFilesByModificationTime is broken * STORM-2270 Kafka spout should consume from latest when ZK partition commit offset bigger than the latest offset * STORM-1464: storm-hdfs support for multiple output files and partitioning * STORM-2320: DRPC client printer class reusable for local and remote DRPC * STORM-2281: Running Multiple Kafka Spouts (Trident) Throws Illegal State Exception * STORM-2296: Kafka spout no dup on leader changes * STORM-2244: Some shaded jars doesn't exclude dependency signature files * STORM-2014: New Kafka spout duplicates checking if failed messages have reached max retries * STORM-1443: [Storm SQL] Support customizing parallelism in StormSQL * STORM-2148: [Storm SQL] Trident mode: back to code generate and compile Trident topology * STORM-2331: Emitting from JavaScript should work when not anchoring. * STORM-2225: change spout config to be simpler. * STORM-2323: Precondition for Leader Nimbus should check all topology blobs and also corresponding dependencies * STORM-2330: Fix storm sql code generation for UDAF with non standard sql types * STORM-2298: Don't kill Nimbus when ClusterMetricsConsumer is failed to initialize * STORM-2301: [storm-cassandra] upgrade cassandra driver to 3.1.2 * STORM-1446: Compile the Calcite logical plan to Storm Trident logical plan * STORM-2303: [storm-opentsdb] Fix list invariant issue for JDK 7 * STORM-2236: storm kafka client should support manual partition management * STORM-2295: KafkaSpoutStreamsNamedTopics should return output fields with predictable ordering * STORM-2300: [Flux] support list of references * STORM-2297: [storm-opentsdb] Support Flux for OpenTSDBBolt * STORM-2294: Send activate and deactivate command to ShellSpout * STORM-2280: Upgrade Calcite version to 1.11.0 * STORM-2278: Allow max number of disruptor queue flusher threads to be configurable * STORM-2277: Add shaded jar for Druid connector * STORM-2274: Support named output streams in Hdfs Spout * STORM-2204: Adding caching capabilities in HBaseLookupBolt * STORM-2267: Use user's local maven repo. directory to local repo. * STORM-2254: Provide Socket time out for nimbus thrift client * STORM-2200: [Storm SQL] Drop Aggregate & Join support on Trident mode * STORM-2266: Close NimbusClient instances appropriately * STORM-2203: Add a getAll method to KeyValueState interface * STORM-1886: Extend KeyValueState iface with delete * STORM-2022: update Fields test to match new behavior * STORM-2020: Stop using sun internal classes * STORM-1228: port fields_test to java * STORM-2104: New Kafka spout crashes if partitions are reassigned while tuples are in-flight * STORM-2257: Add built in support for sum function with different types. * STORM-2082: add sql external module storm-sql-hdfs * STORM-2256: storm-pmml breaks on java 1.7 * STORM-2223: PMML Bolt. * STORM-2222: Repeated NPEs thrown in nimbus if rebalance fails * STORM-2190: reduce contention between submission and scheduling * STORM-2239: Handle InterruptException in new Kafka spout * STORM-2087: Storm-kafka-client: Failed tuples are not always replayed * STORM-2238: Add Timestamp extractor for windowed bolt * STORM-2235: Introduce new option: 'add remote repositories' for dependency resolver * STORM-2215: validate blobs are present before submitting * STORM-2170: [Storm SQL] Add built-in socket datasource to runtime * STORM-2226: Fix kafka spout offset lag ui for kerberized kafka * STORM-2224: Exposed a method to override in computing the field from given tuple in FieldSelector * STORM-2220: Added config support for each bolt in Cassandra bolts, fixed the bolts to be used also as sinks. * STORM-2205: Racecondition in getting nimbus summaries while ZK connectionions are reconnected * STORM-2182: Refactor Storm Kafka Examples Into Own Modules. * STORM-1694: Kafka Spout Trident Implementation Using New Kafka Consumer API * STORM-2173: [SQL] Support CSV as input / output format * STORM-2177: [SQL] Support TSV as input / output format * STORM-2172: [SQL] Support Avro as input / output format * STORM-2185: Storm Supervisor doesn't delete directories properly sometimes * STORM-2103: [SQL] Introduce new sql external module: storm-sql-mongodb * STORM-2175: fix double close of workers * STORM-2109: Under supervisor V2 SUPERVISOR_MEMORY_CAPACITY_MB and SUPERVISOR_CPU_CAPACITY must be Doubles * STORM-2110: in supervisor v2 filter out empty command line args * STORM-2117: Supervisor V2 with local mode extracts resources directory to topology root directory instead of temporary directory * STORM-2131: Add blob command to worker-launcher, make stormdist directory not writeable by topo owner * STORM-2018: Supervisor V2 * STORM-2139: Let ShellBolts and ShellSpouts run with scripts from blobs * STORM-2072: Add map, flatMap with different outputs (T->V) in Trident * STORM-2134: improving the current scheduling strategy for RAS * STORM-2125: Use Calcite's implementation of Rex Compiler * STORM-1546: Adding Read and Write Aggregations for Pacemaker to make it HA compatible * STORM-1444: Support EXPLAIN statement in StormSQL * STORM-2099: Introduce new sql external module: storm-sql-redis * STORM-2097: Improve logging in trident core and examples * STORM-2144: Fix Storm-sql group-by behavior in standalone mode * STORM-2066: make error message in IsolatedPool.java more descriptive * STORM-1870: Allow FluxShellBolt/Spout set custom "componentConfig" via yaml * STORM-2126: fix NPE due to race condition in compute-new-sched-assign??? * STORM-2124: show requested cpu mem for each component * STORM-2089: Replace Consumer of ISqlTridentDataSource with SqlTridentConsumer * STORM-2118: A few fixes for storm-sql standalone mode * STORM-2105: Cluster/Supervisor total and available resources displayed in the UI * STORM-2078: enable paging in worker datatable * STORM-1664: Allow Java users to start a local cluster with a Nimbus Thrift server. * STORM-1872: Release Jedis connection when topology shutdown * STORM-2100: Fix Trident SQL join tests to not rely on ordering * STORM-1837: Fix complete-topology and prevent message loss * STORM-2098: DruidBeamBolt: Pass DruidConfig.Builder as constructor argument * STORM-2092: optimize TridentKafkaState batch sending * STORM-1979: Storm Druid Connector implementation. * STORM-2057: Support JOIN statement in Storm SQL * STORM-1970: external project examples refator * STORM-2074: fix storm-kafka-monitor NPE bug * STORM-1459: Allow not specifying producer properties in read-only Kafka table in StormSQL * STORM-2052: Kafka Spout New Client API - Log Improvements and Parameter Tuning for Better Performance. * STORM-2050: [storm-sql] Support User Defined Aggregate Function for Trident mode * STORM-1434: Support the GROUP BY clause in StormSQL * STORM-2016: Topology submission improvement: support adding local jars and maven artifacts on submission * STORM-1994: Add table with per-topology & worker resource usage and components in (new) supervisor and topology pages * STORM-2042: Nimbus client connections not closed properly causing connection leaks * STORM-1766: A better algorithm server rack selection for RAS * STORM-1913: Additions and Improvements for Trident RAS API * STORM-2037: debug operation should be whitelisted in SimpleAclAuthorizer. * STORM-2023: Add calcite-core to dependency of storm-sql-runtime * STORM-2036: Fix minor bug in RAS Tests * STORM-1979: Storm Druid Connector implementation. * STORM-1839: Storm spout implementation for Amazon Kinesis Streams. * STORM-1876: Option to build storm-kafka and storm-kafka-client with different kafka client version * STORM-2000: Package storm-opentsdb as part of external dir in installation * STORM-1989: X-Frame-Options support for Storm UI * STORM-1962: support python 3 and 2 in multilang * STORM-1964: Unexpected behavior when using count window together with timestamp extraction * STORM-1890: ensure we refetch static resources after package build * STORM-1988: Kafka Offset not showing due to bad classpath. * STORM-1966: Expand metric having Map type as value into multiple metrics based on entries * STORM-1737: storm-kafka-client has compilation errors with Apache Kafka 0.10 * STORM-1968: Storm logviewer does not work for nimbus.log in secure cluster * STORM-1910: One topology cannot use hdfs spout to read from two locations * STORM-1960: Add CORS support to STORM UI Rest api * STORM-1959: Add missing license header to KafkaPartitionOffsetLag * STORM-1950: Change response json of "Topology Lag" REST API to keyed by spoutId, topic, partition. * STORM-1833: Simple equi-join in storm-sql standalone mode * STORM-1866: Update Resource Aware Scheduler Documentation * STORM-1930: Kafka New Client API - Support for Topic Wildcards * STORM-1924: Adding conf options for Persistent Word Count Topology * STORM-1956: Disabling Backpressure by default * STORM-1934: Fix race condition between sync-supervisor and sync-processes * STORM-1919: Introduce FilterBolt on storm-redis * STORM-1945: Fix NPE bugs on topology spout lag for storm-kafka-monitor * STORM-1888: add description for shell command * STORM-1902: add a simple & flexible FileNameFormat for storm-hdfs * STORM-1914: Storm Kafka Field Topic Selector * STORM-1907: PartitionedTridentSpoutExecutor has incompatible types that cause ClassCastException * STORM-1925: Remove Nimbus thrift call from Nimbus itself * STORM-1909: Update HDFS spout documentation * STORM-1136: Command line module to return kafka spout offsets lag and display in storm ui * STORM-1911: IClusterMetricsConsumer should use seconds to timestamp unit * STORM-1893: Support OpenTSDB for storing timeseries data. * STORM-1723: Introduce ClusterMetricsConsumer * STORM-1700: Introduce 'whitelist' / 'blacklist' option to MetricsConsumer * STORM-1698: Asynchronous MetricsConsumerBolt * STORM-1705: Cap number of retries for a failed message * STORM-1884: Prioritize pendingPrepare over pendingCommit * STORM-1575: fix TwitterSampleSpout NPE on close * STORM-1874: Update logger private permissions * STORM-1865: update command line client document * STORM-1771: HiveState should flushAndClose before closing old or idle Hive connections * STORM-1882: Expose TextFileReader public * STORM-1873: Implement alternative behaviour for late tuples * STORM-1719: Introduce REST API: Topology metric stats for stream * STORM-1887: Fixed help message for set_log_level command * STORM-1878: Flux can now handle IStatefulBolts * STORM-1864: StormSubmitter should throw respective exceptions and log respective errors forregistered submitter hook invocation * STORM-1868: Modify TridentKafkaWordCount to run in distributed mode * STORM-1859: Ack late tuples in windowed mode * STORM-1851: Fix default nimbus impersonation authorizer config * STORM-1848: Make KafkaMessageId and Partition serializable to support * STORM-1862: Flux ShellSpout and ShellBolt can't emit to named streams * Storm-1728: TransactionalTridentKafkaSpout error * STORM-1850: State Checkpointing Documentation update * STORM-1674: Idle KafkaSpout consumes more bandwidth than needed * STORM-1842: Forward references in storm.thrift cause tooling issues * STORM-1730: LocalCluster#shutdown() does not terminate all storm threads/thread pools. * STORM-1709: Added group by support in storm sql standalone mode * STORM-1720: Support GEO in storm-redis * 1.0.6: * [STORM-2877] - Introduce an option to configure pagination in Storm UI * [STORM-2917] - Check the config(nimbus.host) before using it to connect * [STORM-2451] - windows storm.cmd does not set log4j2 config file correctly by default * [STORM-2690] - resurrect invocation of ISupervisor.assigned() & make Supervisor.launchDaemon() accessible * [STORM-2751] - Remove AsyncLoggingContext from Supervisor * [STORM-2764] - HDFSBlobStore leaks file system objects * [STORM-2771] - Some tests are being run twice * [STORM-2786] - Ackers leak tracking info on failure and lots of other cases. * [STORM-2853] - Deactivated topologies cause high cpu utilization * [STORM-2856] - Make Storm build work on post 2017Q4 Travis Trusty image * [STORM-2870] - FileBasedEventLogger leaks non-daemon ExecutorService which prevents process to be finished * [STORM-2879] - Supervisor collapse continuously when there is a expired assignment for overdue storm * [STORM-2892] - Flux test fails to parse valid PATH environment variable * [STORM-2894] - fix some random typos in tests * [STORM-2912] - Tick tuple is being shared without resetting start time and incur side-effect to break metrics * [STORM-2918] - Upgrade Netty version * [STORM-2874] - Minor style improvements to backpressure code * [STORM-2937] - Overwrite storm-kafka-client 1.x-branch into 1.0.x-branch * [STORM-2858] - Fix worker-launcher build - Use %license macro * 1.0.5: * [STORM-2657] - Update SECURITY.MD * [STORM-2231] - NULL in DisruptorQueue while multi-threaded ack * [STORM-2660] - The Nimbus storm-local directory is relative to the working directory of the shell executing "storm nimbus" * [STORM-2674] - NoNodeException when ZooKeeper tries to delete nodes * [STORM-2677] - consider all sampled tuples which took greater than 0 ms processing time * [STORM-2682] - Supervisor crashes with NullPointerException * [STORM-2695] - BlobStore uncompress argument should be Boolean * [STORM-2705] - DRPCSpout sleeps twice when idle * 1.0.4: * STORM-2627: Update docs for storm.zookeeper.topology.auth.scheme * STORM-2597: Don't parse passed in class paths * STORM-2524: Set Kafka client.id with storm-kafka * STORM-2448: Add in Storm and JDK versions when submitting a topology * STORM-2511: Submitting a topology with name containing unicode getting failed * STORM-2498: Fix Download Full File link * STORM-2486: Prevent cd from printing target directory to avoid breaking classpath * STORM-1114: Race condition in trident zookeeper zk-node create/delete * STORM-2429: Properly validate supervisor.scheduler.meta * STORM-2194: Stop ignoring socket timeout error from executor * STORM-2450: Write resources into correct local director * STORM-2414: Skip checking meta's ACL when subject has write privileges for any blobs * STORM-2038: Disable symlinks with a config option * STORM-2038: No symlinks for local cluster * STORM-2403: Fix KafkaBolt test failure: tick tuple should not be acked * STORM-2361: Kafka spout - after leader change, it stops committing offsets to ZK * STORM-2296: Kafka spout - no duplicates on leader changes * STORM-2387: Handle tick tuples properly for Bolts in external modules * STORM-2345: Type mismatch in ReadClusterState's ProfileAction processing Map * STORM-2104: New Kafka spout crashes if partitions are reassigned while tuples are in-flight * STORM-2396: setting interrupted status back before throwing a RuntimeException * STORM-2395: storm.cmd supervisor calls the wrong class name * STORM-2385: pacemaker_state_factory.clj does not compile on branch-1.0.x * STORM-2389: Avoid instantiating Event Logger when topology.eventlogger.executors=0 * STORM-2386: Fail-back Blob deletion also fails in BlobSynchronizer.syncBlobs * STORM-2360: Storm-Hive: Thrift version mismatch with storm-core * STORM-2372: Pacemaker client doesn't clean up heartbeats properly * STORM-2326: Upgrade log4j and slf4j * STORM-2350: Storm-HDFS's listFilesByModificationTime is broken * 1.0.3: * STORM-2197: NimbusClient connectins leak due to leakage in ThriftClient * STORM-2321: Handle blobstore zk key deletion in KeySequenceNumber. * STORM-2324: Fix deployment failure if resources directory is missing in topology jar * STORM-2335: Fix broken Topology visualization with empty ':transferred' in executor stats * STORM-2336: Close Localizer and AsyncLocalizer when supervisor is shutting down * STORM-2338: Subprocess exception handling is broken in storm.py on Windows environment * STORM-2337: Broken documentation generation for storm-metrics-profiling-internal-actions.md and windows-users-guide.md * STORM-2325: Logviewer doesn't consider 'storm.local.hostname' * STORM-1742: More accurate 'complete latency' * STORM-2176: Workers do not shutdown cleanly and worker hooks don't run when a topology is killed * STORM-2293: hostname should only refer node's 'storm.local.hostname' * STORM-2246: Logviewer download link has urlencoding on part of the URL * STORM-1906: Window count/length of zero should be disallowed * STORM-1841: Address a few minor issues in windowing and doc * STORM-2268: Fix integration test for Travis CI build * STORM-2283: Fix DefaultStateHandler kryo multithreading issues * STORM-2264: OpaqueTridentKafkaSpout failing after STORM-2216 * STORM-2276: Remove twitter4j usages due to license issue (JSON.org is catalog X) * STORM-2095: remove any remaining files when deleting blobstore directory * STORM-2222: Repeated NPEs thrown in nimbus if rebalance fails * STORM-2251: Integration test refers specific version of Storm which should be project version * STORM-2234: heartBeatExecutorService in shellSpout don't work well with deactivate * STORM-2216: Favor JSONValue.parseWithException * STORM-2208: HDFS State Throws FileNotFoundException in Azure Data Lake Store file system (adl://) * STORM-2213: ShellSpout has race condition when ShellSpout is being inactive longer than heartbeat timeout * STORM-2210: remove array shuffle from ShuffleGrouping * STORM-2052: Kafka Spout - New Client API - Performance Improvements * storm-2205: Racecondition in getting nimbus summaries while ZK connections are reconnected * STORM-2198: perform RotationAction when stopping HdfsBolt * STORM-2196: A typo in RAS_Node::consumeCPU * STORM-2189: RAS_Node::freeCPU outputs incorrect info * STORM-2184: Don't wakeup KafkaConsumer on shutdown * STORM-2185: Storm Supervisor doesn't delete directories properly sometimes * STORM-2175: fix double close of workers * STORM-2018: Supervisor V2 * STORM-2145: Leave leader nimbus's hostname to log when trying to connect leader nimbus * STORM-2127: Storm-eventhubs should use latest amqp and eventhubs-client versions * STORM-2040: Fix bug on assert-can-serialize * STORM-2017: ShellBolt stops reporting task ids * STORM-2119: bug in log message printing to stdout * STORM-2120: Emit to _spoutConfig.outputStreamId * STORM-2101: fixes npe in compute-executors in nimbus * STORM-2090: Add integration test for storm windowing * STORM-2003: Make sure config contains TOPIC before get it * STORM-1567: in defaults.yaml 'topology.disable.loadaware' should be 'topology.disable.loadaware.messaging' * STORM-1987: Fix TridentKafkaWordCount arg handling in distributed mode. * STORM-1969: Modify HiveTopology to show usage of non-partition table. * STORM-1849: HDFSFileTopology should use the 3rd argument as topologyName * STORM-2086: use DefaultTopicSelector instead of creating a new one * STORM-2079: Unneccessary readStormConfig operation * STORM-2081: create external directory for storm-sql various data sources and move storm-sql-kafka to it * STORM-2070: Fix sigar native binary download link * STORM-2056: Bugs in logviewer * STORM-1646: Fix ExponentialBackoffMsgRetryManager test * STORM-2039: Backpressure refactoring in worker and executor * STORM-2064: Add storm name and function, access result and function to log-thrift-access * STORM-2063: Add thread name in worker logs * STORM-2042: Nimbus client connections not closed properly causing connection leaks * STORM-2032: removes warning in case more than one metrics tuple is received * STORM-1594: org.apache.storm.tuple.Fields can throw NPE if given invalid field in selector * STORM-1995: downloadChunk in nimbus.clj should close the input stream Changes in rubygem-activeresource: - Add bsc#1171560-CVE-2020-8151-encode-id-param.patch Prevent possible information disclosure issue that could allow an attacker to create specially crafted requests to access data in an unexpected way (bsc#1171560 CVE-2020-8151))_ Changes in rubygem-crowbar-client: - Update to 3.9.2 - Enable SES commands in Cloud8 (SOC-11122) Changes in rubygem-json-1_7: - Add CVE-2020-10663.patch (CVE-2020-10663, bsc#1167244) Changes in rubygem-puma: - Fix indentation in gem2rpm.yml_ - Add CVE-2020-11077.patch (bsc#1172175, CVE-2020-11077) - Add chunked-request-handling.patch (needed for CVE-2020-11076.patch) - Add CVE-2020-11076.patch (bsc#1172176, CVE-2020-11076) - Add all patches to gem2rpm.yml Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1901=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1901=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1901=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): ansible-2.4.6.0-3.9.1 caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-4.18.1 crowbar-openstack-5.0+git.1593085772.64c4ab43c-4.40.2 documentation-suse-openstack-cloud-deployment-8.20200527-1.26.1 documentation-suse-openstack-cloud-supplement-8.20200527-1.26.1 documentation-suse-openstack-cloud-upstream-admin-8.20200527-1.26.1 documentation-suse-openstack-cloud-upstream-user-8.20200527-1.26.1 openstack-dashboard-12.0.5~dev3-3.26.1 openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.15.1 openstack-keystone-12.0.4~dev11-5.33.2 openstack-keystone-doc-12.0.4~dev11-5.33.2 openstack-monasca-agent-2.2.6~dev4-3.18.1 openstack-monasca-installer-20190923_16.32-3.12.1 openstack-neutron-11.0.9~dev65-3.33.2 openstack-neutron-dhcp-agent-11.0.9~dev65-3.33.2 openstack-neutron-doc-11.0.9~dev65-3.33.2 openstack-neutron-ha-tool-11.0.9~dev65-3.33.2 openstack-neutron-l3-agent-11.0.9~dev65-3.33.2 openstack-neutron-linuxbridge-agent-11.0.9~dev65-3.33.2 openstack-neutron-macvtap-agent-11.0.9~dev65-3.33.2 openstack-neutron-metadata-agent-11.0.9~dev65-3.33.2 openstack-neutron-metering-agent-11.0.9~dev65-3.33.2 openstack-neutron-openvswitch-agent-11.0.9~dev65-3.33.2 openstack-neutron-server-11.0.9~dev65-3.33.2 openstack-octavia-amphora-image-debugsource-0.1.4-3.12.2 openstack-octavia-amphora-image-x86_64-0.1.4-3.12.2 python-Django-1.11.23-3.15.1 python-Flask-0.12.1-3.3.1 python-amqp-2.4.2-3.12.1 python-apicapi-1.6.0-3.6.1 python-horizon-12.0.5~dev3-3.26.1 python-keystone-12.0.4~dev11-5.33.2 python-keystoneauth1-3.1.2~dev2-3.3.1 python-monasca-agent-2.2.6~dev4-3.18.1 python-neutron-11.0.9~dev65-3.33.2 python-oslo.messaging-5.30.8-3.11.1 python-pyroute2-0.4.21-3.3.1 python-pysaml2-4.0.2-5.6.1 python-tooz-1.58.1-3.3.1 python-waitress-1.4.3-3.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): crowbar-core-5.0+git.1593156248.55bbdb26d-3.41.2 crowbar-core-branding-upstream-5.0+git.1593156248.55bbdb26d-3.41.2 grafana-4.6.5-4.9.1 grafana-debuginfo-4.6.5-4.9.1 grafana-debugsource-4.6.5-4.9.1 kibana-4.6.3-3.3.1 kibana-debuginfo-4.6.3-3.3.1 python-Pillow-4.2.1-3.5.1 python-Pillow-debuginfo-4.2.1-3.5.1 python-Pillow-debugsource-4.2.1-3.5.1 python-psutil-5.2.2-3.3.1 python-psutil-debuginfo-5.2.2-3.3.1 python-psutil-debugsource-5.2.2-3.3.1 ruby2.1-rubygem-activeresource-4.0.0-3.3.1 ruby2.1-rubygem-crowbar-client-3.9.2-3.12.1 ruby2.1-rubygem-json-1_7-1.7.7-3.3.1 ruby2.1-rubygem-json-1_7-debuginfo-1.7.7-3.3.1 ruby2.1-rubygem-puma-2.16.0-3.9.1 ruby2.1-rubygem-puma-debuginfo-2.16.0-3.9.1 rubygem-json-1_7-debugsource-1.7.7-3.3.1 rubygem-puma-debugsource-2.16.0-3.9.1 storm-1.1.3-3.3.1 storm-nimbus-1.1.3-3.3.1 storm-supervisor-1.1.3-3.3.1 - SUSE OpenStack Cloud 8 (noarch): ansible-2.4.6.0-3.9.1 ansible1-1.9.6-7.3.1 ardana-ansible-8.0+git.1589740980.6c3bcdc-3.73.1 ardana-cluster-8.0+git.1585685203.3e71e49-3.36.1 ardana-freezer-8.0+git.1586539529.b7d295f-3.21.1 ardana-input-model-8.0+git.1589740934.0e0ad61-3.39.1 ardana-logging-8.0+git.1591194866.b7375d0-3.24.1 ardana-mq-8.0+git.1589715269.62ad6df-3.22.1 ardana-neutron-8.0+git.1590756744.ba84abc-3.42.1 ardana-octavia-8.0+git.1590100427.cf4cc8f-3.29.1 ardana-osconfig-8.0+git.1587034587.eac37b8-3.45.1 caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-4.18.1 documentation-suse-openstack-cloud-installation-8.20200527-1.26.1 documentation-suse-openstack-cloud-operations-8.20200527-1.26.1 documentation-suse-openstack-cloud-opsconsole-8.20200527-1.26.1 documentation-suse-openstack-cloud-planning-8.20200527-1.26.1 documentation-suse-openstack-cloud-security-8.20200527-1.26.1 documentation-suse-openstack-cloud-supplement-8.20200527-1.26.1 documentation-suse-openstack-cloud-upstream-admin-8.20200527-1.26.1 documentation-suse-openstack-cloud-upstream-user-8.20200527-1.26.1 documentation-suse-openstack-cloud-user-8.20200527-1.26.1 openstack-dashboard-12.0.5~dev3-3.26.1 openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.15.1 openstack-keystone-12.0.4~dev11-5.33.2 openstack-keystone-doc-12.0.4~dev11-5.33.2 openstack-monasca-agent-2.2.6~dev4-3.18.1 openstack-monasca-installer-20190923_16.32-3.12.1 openstack-neutron-11.0.9~dev65-3.33.2 openstack-neutron-dhcp-agent-11.0.9~dev65-3.33.2 openstack-neutron-doc-11.0.9~dev65-3.33.2 openstack-neutron-ha-tool-11.0.9~dev65-3.33.2 openstack-neutron-l3-agent-11.0.9~dev65-3.33.2 openstack-neutron-linuxbridge-agent-11.0.9~dev65-3.33.2 openstack-neutron-macvtap-agent-11.0.9~dev65-3.33.2 openstack-neutron-metadata-agent-11.0.9~dev65-3.33.2 openstack-neutron-metering-agent-11.0.9~dev65-3.33.2 openstack-neutron-openvswitch-agent-11.0.9~dev65-3.33.2 openstack-neutron-server-11.0.9~dev65-3.33.2 openstack-octavia-amphora-image-debugsource-0.1.4-3.12.2 openstack-octavia-amphora-image-x86_64-0.1.4-3.12.2 python-Django-1.11.23-3.15.1 python-Flask-0.12.1-3.3.1 python-GitPython-2.1.8-3.3.1 python-amqp-2.4.2-3.12.1 python-apicapi-1.6.0-3.6.1 python-horizon-12.0.5~dev3-3.26.1 python-keystone-12.0.4~dev11-5.33.2 python-keystoneauth1-3.1.2~dev2-3.3.1 python-monasca-agent-2.2.6~dev4-3.18.1 python-neutron-11.0.9~dev65-3.33.2 python-oslo.messaging-5.30.8-3.11.1 python-pyroute2-0.4.21-3.3.1 python-pysaml2-4.0.2-5.6.1 python-tooz-1.58.1-3.3.1 python-waitress-1.4.3-3.3.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.26.2 venv-openstack-barbican-x86_64-5.0.2~dev3-12.27.2 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.24.2 venv-openstack-cinder-x86_64-11.2.3~dev23-14.27.2 venv-openstack-designate-x86_64-5.0.3~dev7-12.25.2 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.22.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.25.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.27.1 venv-openstack-horizon-x86_64-12.0.5~dev3-14.30.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.27.2 venv-openstack-keystone-x86_64-12.0.4~dev11-11.28.2 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.26.2 venv-openstack-manila-x86_64-5.1.1~dev5-12.31.2 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.22.2 venv-openstack-monasca-x86_64-2.2.2~dev1-11.22.3 venv-openstack-murano-x86_64-4.0.2~dev2-12.22.1 venv-openstack-neutron-x86_64-11.0.9~dev65-13.30.2 venv-openstack-nova-x86_64-16.1.9~dev61-11.28.2 venv-openstack-octavia-x86_64-1.0.6~dev3-12.27.2 venv-openstack-sahara-x86_64-7.0.5~dev4-11.26.2 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.18.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.26.1 - SUSE OpenStack Cloud 8 (x86_64): grafana-4.6.5-4.9.1 grafana-debuginfo-4.6.5-4.9.1 grafana-debugsource-4.6.5-4.9.1 kibana-4.6.3-3.3.1 kibana-debuginfo-4.6.3-3.3.1 python-Pillow-4.2.1-3.5.1 python-Pillow-debuginfo-4.2.1-3.5.1 python-Pillow-debugsource-4.2.1-3.5.1 python-psutil-5.2.2-3.3.1 python-psutil-debuginfo-5.2.2-3.3.1 python-psutil-debugsource-5.2.2-3.3.1 storm-1.1.3-3.3.1 storm-nimbus-1.1.3-3.3.1 storm-supervisor-1.1.3-3.3.1 - HPE Helion Openstack 8 (x86_64): grafana-4.6.5-4.9.1 grafana-debuginfo-4.6.5-4.9.1 grafana-debugsource-4.6.5-4.9.1 kibana-4.6.3-3.3.1 kibana-debuginfo-4.6.3-3.3.1 python-Pillow-4.2.1-3.5.1 python-Pillow-debuginfo-4.2.1-3.5.1 python-Pillow-debugsource-4.2.1-3.5.1 python-psutil-5.2.2-3.3.1 python-psutil-debuginfo-5.2.2-3.3.1 python-psutil-debugsource-5.2.2-3.3.1 storm-1.1.3-3.3.1 storm-nimbus-1.1.3-3.3.1 storm-supervisor-1.1.3-3.3.1 - HPE Helion Openstack 8 (noarch): ansible-2.4.6.0-3.9.1 ansible1-1.9.6-7.3.1 ardana-ansible-8.0+git.1589740980.6c3bcdc-3.73.1 ardana-cluster-8.0+git.1585685203.3e71e49-3.36.1 ardana-freezer-8.0+git.1586539529.b7d295f-3.21.1 ardana-input-model-8.0+git.1589740934.0e0ad61-3.39.1 ardana-logging-8.0+git.1591194866.b7375d0-3.24.1 ardana-mq-8.0+git.1589715269.62ad6df-3.22.1 ardana-neutron-8.0+git.1590756744.ba84abc-3.42.1 ardana-octavia-8.0+git.1590100427.cf4cc8f-3.29.1 ardana-osconfig-8.0+git.1587034587.eac37b8-3.45.1 caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-4.18.1 documentation-hpe-helion-openstack-installation-8.20200527-1.26.1 documentation-hpe-helion-openstack-operations-8.20200527-1.26.1 documentation-hpe-helion-openstack-opsconsole-8.20200527-1.26.1 documentation-hpe-helion-openstack-planning-8.20200527-1.26.1 documentation-hpe-helion-openstack-security-8.20200527-1.26.1 documentation-hpe-helion-openstack-user-8.20200527-1.26.1 openstack-dashboard-12.0.5~dev3-3.26.1 openstack-dashboard-theme-HPE-8+git.1523473653.6599ec8-3.3.1 openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.15.1 openstack-keystone-12.0.4~dev11-5.33.2 openstack-keystone-doc-12.0.4~dev11-5.33.2 openstack-monasca-agent-2.2.6~dev4-3.18.1 openstack-monasca-installer-20190923_16.32-3.12.1 openstack-neutron-11.0.9~dev65-3.33.2 openstack-neutron-dhcp-agent-11.0.9~dev65-3.33.2 openstack-neutron-doc-11.0.9~dev65-3.33.2 openstack-neutron-ha-tool-11.0.9~dev65-3.33.2 openstack-neutron-l3-agent-11.0.9~dev65-3.33.2 openstack-neutron-linuxbridge-agent-11.0.9~dev65-3.33.2 openstack-neutron-macvtap-agent-11.0.9~dev65-3.33.2 openstack-neutron-metadata-agent-11.0.9~dev65-3.33.2 openstack-neutron-metering-agent-11.0.9~dev65-3.33.2 openstack-neutron-openvswitch-agent-11.0.9~dev65-3.33.2 openstack-neutron-server-11.0.9~dev65-3.33.2 openstack-octavia-amphora-image-debugsource-0.1.4-3.12.2 openstack-octavia-amphora-image-x86_64-0.1.4-3.12.2 python-Django-1.11.23-3.15.1 python-Flask-0.12.1-3.3.1 python-GitPython-2.1.8-3.3.1 python-amqp-2.4.2-3.12.1 python-apicapi-1.6.0-3.6.1 python-horizon-12.0.5~dev3-3.26.1 python-keystone-12.0.4~dev11-5.33.2 python-keystoneauth1-3.1.2~dev2-3.3.1 python-monasca-agent-2.2.6~dev4-3.18.1 python-neutron-11.0.9~dev65-3.33.2 python-oslo.messaging-5.30.8-3.11.1 python-pyroute2-0.4.21-3.3.1 python-pysaml2-4.0.2-5.6.1 python-tooz-1.58.1-3.3.1 python-waitress-1.4.3-3.3.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.26.2 venv-openstack-barbican-x86_64-5.0.2~dev3-12.27.2 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.24.2 venv-openstack-cinder-x86_64-11.2.3~dev23-14.27.2 venv-openstack-designate-x86_64-5.0.3~dev7-12.25.2 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.22.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.25.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.27.1 venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.30.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.27.2 venv-openstack-keystone-x86_64-12.0.4~dev11-11.28.2 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.26.2 venv-openstack-manila-x86_64-5.1.1~dev5-12.31.2 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.22.2 venv-openstack-monasca-x86_64-2.2.2~dev1-11.22.3 venv-openstack-murano-x86_64-4.0.2~dev2-12.22.1 venv-openstack-neutron-x86_64-11.0.9~dev65-13.30.2 venv-openstack-nova-x86_64-16.1.9~dev61-11.28.2 venv-openstack-octavia-x86_64-1.0.6~dev3-12.27.2 venv-openstack-sahara-x86_64-7.0.5~dev4-11.26.2 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.18.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.26.1 References: https://www.suse.com/security/cve/CVE-2017-1000246.html https://www.suse.com/security/cve/CVE-2019-1010083.html https://www.suse.com/security/cve/CVE-2019-15043.html https://www.suse.com/security/cve/CVE-2019-16785.html https://www.suse.com/security/cve/CVE-2019-16786.html https://www.suse.com/security/cve/CVE-2019-16789.html https://www.suse.com/security/cve/CVE-2019-16792.html https://www.suse.com/security/cve/CVE-2019-16865.html https://www.suse.com/security/cve/CVE-2019-18874.html https://www.suse.com/security/cve/CVE-2019-19911.html https://www.suse.com/security/cve/CVE-2019-3828.html https://www.suse.com/security/cve/CVE-2020-10663.html https://www.suse.com/security/cve/CVE-2020-10743.html https://www.suse.com/security/cve/CVE-2020-11076.html https://www.suse.com/security/cve/CVE-2020-11077.html https://www.suse.com/security/cve/CVE-2020-12052.html https://www.suse.com/security/cve/CVE-2020-13254.html https://www.suse.com/security/cve/CVE-2020-13379.html https://www.suse.com/security/cve/CVE-2020-13596.html https://www.suse.com/security/cve/CVE-2020-5312.html https://www.suse.com/security/cve/CVE-2020-5313.html https://www.suse.com/security/cve/CVE-2020-5390.html https://www.suse.com/security/cve/CVE-2020-8151.html https://bugzilla.suse.com/1068612 https://bugzilla.suse.com/1092420 https://bugzilla.suse.com/1107190 https://bugzilla.suse.com/1108719 https://bugzilla.suse.com/1123872 https://bugzilla.suse.com/1126503 https://bugzilla.suse.com/1141968 https://bugzilla.suse.com/11483483 https://bugzilla.suse.com/1148383 https://bugzilla.suse.com/1153191 https://bugzilla.suse.com/1156525 https://bugzilla.suse.com/1159046 https://bugzilla.suse.com/1160152 https://bugzilla.suse.com/1160153 https://bugzilla.suse.com/1160192 https://bugzilla.suse.com/1160790 https://bugzilla.suse.com/1160851 https://bugzilla.suse.com/1161088 https://bugzilla.suse.com/1161089 https://bugzilla.suse.com/1161670 https://bugzilla.suse.com/1164322 https://bugzilla.suse.com/1167244 https://bugzilla.suse.com/1168593 https://bugzilla.suse.com/1169770 https://bugzilla.suse.com/1170657 https://bugzilla.suse.com/1171273 https://bugzilla.suse.com/1171560 https://bugzilla.suse.com/1171594 https://bugzilla.suse.com/1171661 https://bugzilla.suse.com/1171909 https://bugzilla.suse.com/1172166 https://bugzilla.suse.com/1172167 https://bugzilla.suse.com/1172175 https://bugzilla.suse.com/1172176 https://bugzilla.suse.com/1172409 From sle-security-updates at lists.suse.com Tue Jul 14 10:20:28 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Jul 2020 18:20:28 +0200 (CEST) Subject: SUSE-SU-2020:1569-2: important: Security update for java-1_8_0-openjdk Message-ID: <20200714162028.A06D8FDE4@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1569-2 Rating: important References: #1160398 #1169511 #1171352 Cross-References: CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15-SP2 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk to version jdk8u252 fixes the following issues: - CVE-2020-2754: Forward references to Nashorn (bsc#1169511) - CVE-2020-2755: Improve Nashorn matching (bsc#1169511) - CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511) - CVE-2020-2757: Less Blocking Array Queues (bsc#1169511) - CVE-2020-2773: Better signatures in XML (bsc#1169511) - CVE-2020-2781: Improve TLS session handling (bsc#1169511) - CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511) - CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511) - CVE-2020-2805: Enhance typing of methods (bsc#1169511) - CVE-2020-2830: Better Scanner conversions (bsc#1169511) - Ignore whitespaces after the header or footer in PEM X.509 cert (bsc#1171352) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-1569=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.252-3.35.3 java-1_8_0-openjdk-debuginfo-1.8.0.252-3.35.3 java-1_8_0-openjdk-debugsource-1.8.0.252-3.35.3 java-1_8_0-openjdk-demo-1.8.0.252-3.35.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.252-3.35.3 java-1_8_0-openjdk-devel-1.8.0.252-3.35.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.252-3.35.3 java-1_8_0-openjdk-headless-1.8.0.252-3.35.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.252-3.35.3 References: https://www.suse.com/security/cve/CVE-2020-2754.html https://www.suse.com/security/cve/CVE-2020-2755.html https://www.suse.com/security/cve/CVE-2020-2756.html https://www.suse.com/security/cve/CVE-2020-2757.html https://www.suse.com/security/cve/CVE-2020-2773.html https://www.suse.com/security/cve/CVE-2020-2781.html https://www.suse.com/security/cve/CVE-2020-2800.html https://www.suse.com/security/cve/CVE-2020-2803.html https://www.suse.com/security/cve/CVE-2020-2805.html https://www.suse.com/security/cve/CVE-2020-2830.html https://bugzilla.suse.com/1160398 https://bugzilla.suse.com/1169511 https://bugzilla.suse.com/1171352 From sle-security-updates at lists.suse.com Tue Jul 14 10:21:28 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Jul 2020 18:21:28 +0200 (CEST) Subject: SUSE-SU-2020:1902-1: important: Security update for xen Message-ID: <20200714162128.150B1FDE4@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1902-1 Rating: important References: #1027519 #1172205 #1173376 #1173377 #1173378 #1173380 Cross-References: CVE-2020-0543 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). - CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (bsc#1172205). Additional upstream bug fixes (bsc#1027519) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-1902=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1902=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): xen-4.13.1_04-3.4.1 xen-debugsource-4.13.1_04-3.4.1 xen-devel-4.13.1_04-3.4.1 xen-tools-4.13.1_04-3.4.1 xen-tools-debuginfo-4.13.1_04-3.4.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.1_04-3.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): xen-debugsource-4.13.1_04-3.4.1 xen-libs-4.13.1_04-3.4.1 xen-libs-debuginfo-4.13.1_04-3.4.1 xen-tools-domU-4.13.1_04-3.4.1 xen-tools-domU-debuginfo-4.13.1_04-3.4.1 References: https://www.suse.com/security/cve/CVE-2020-0543.html https://www.suse.com/security/cve/CVE-2020-15563.html https://www.suse.com/security/cve/CVE-2020-15565.html https://www.suse.com/security/cve/CVE-2020-15566.html https://www.suse.com/security/cve/CVE-2020-15567.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1172205 https://bugzilla.suse.com/1173376 https://bugzilla.suse.com/1173377 https://bugzilla.suse.com/1173378 https://bugzilla.suse.com/1173380 From sle-security-updates at lists.suse.com Tue Jul 14 13:18:43 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 14 Jul 2020 21:18:43 +0200 (CEST) Subject: SUSE-SU-2020:1913-1: important: Security update for samba Message-ID: <20200714191843.A62ADFDE1@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1913-1 Rating: important References: #1171437 #1172307 #1173159 #1173160 #1173161 #1173359 Cross-References: CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). - CVE-2020-14303: Fixed an endless loop when receiving at AD DC empty UDP packets (bsc#1173359). - CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159). - CVE-2020-10760: Fixed a use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV (bsc#1173161). - Added libnetapi-devel to baselibs conf, for wine usage (bsc#1172307). - Fixed an installing issue where samba - samba-ad-dc.service did not exist and unit was not found (bsc#1171437). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-1913=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1913=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-1913=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2020-1913=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): libsamba-policy0-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-policy0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-ad-dc-4.9.5+git.343.4bc358522a9-3.38.1 samba-ad-dc-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-debugsource-4.9.5+git.343.4bc358522a9-3.38.1 samba-dsdb-modules-4.9.5+git.343.4bc358522a9-3.38.1 samba-dsdb-modules-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-python-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-python-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-python-4.9.5+git.343.4bc358522a9-3.38.1 samba-python-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc-binding0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc-devel-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc-samr-devel-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc-samr0-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc-samr0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc0-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr-devel-4.9.5+git.343.4bc358522a9-3.38.1 libndr-krb5pac-devel-4.9.5+git.343.4bc358522a9-3.38.1 libndr-krb5pac0-4.9.5+git.343.4bc358522a9-3.38.1 libndr-krb5pac0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr-nbt-devel-4.9.5+git.343.4bc358522a9-3.38.1 libndr-nbt0-4.9.5+git.343.4bc358522a9-3.38.1 libndr-nbt0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr-standard-devel-4.9.5+git.343.4bc358522a9-3.38.1 libndr-standard0-4.9.5+git.343.4bc358522a9-3.38.1 libndr-standard0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr0-4.9.5+git.343.4bc358522a9-3.38.1 libndr0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libnetapi-devel-4.9.5+git.343.4bc358522a9-3.38.1 libnetapi0-4.9.5+git.343.4bc358522a9-3.38.1 libnetapi0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-credentials-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-credentials0-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-credentials0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-errors-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-errors0-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-errors0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-hostconfig-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-hostconfig0-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-hostconfig0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-passdb-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-passdb0-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-passdb0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-policy-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-policy-python3-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-policy0-python3-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-policy0-python3-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-util-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-util0-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-util0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamdb-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsamdb0-4.9.5+git.343.4bc358522a9-3.38.1 libsamdb0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsmbclient-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsmbclient0-4.9.5+git.343.4bc358522a9-3.38.1 libsmbclient0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsmbconf-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsmbconf0-4.9.5+git.343.4bc358522a9-3.38.1 libsmbconf0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsmbldap-devel-4.9.5+git.343.4bc358522a9-3.38.1 libsmbldap2-4.9.5+git.343.4bc358522a9-3.38.1 libsmbldap2-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libtevent-util-devel-4.9.5+git.343.4bc358522a9-3.38.1 libtevent-util0-4.9.5+git.343.4bc358522a9-3.38.1 libtevent-util0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libwbclient-devel-4.9.5+git.343.4bc358522a9-3.38.1 libwbclient0-4.9.5+git.343.4bc358522a9-3.38.1 libwbclient0-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-4.9.5+git.343.4bc358522a9-3.38.1 samba-client-4.9.5+git.343.4bc358522a9-3.38.1 samba-client-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-core-devel-4.9.5+git.343.4bc358522a9-3.38.1 samba-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-debugsource-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-python3-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-python3-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-python3-4.9.5+git.343.4bc358522a9-3.38.1 samba-python3-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-winbind-4.9.5+git.343.4bc358522a9-3.38.1 samba-winbind-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libdcerpc0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr-krb5pac0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr-nbt0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr-standard0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libndr-standard0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libndr0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libndr0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libnetapi0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libnetapi0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-credentials0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-errors0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-hostconfig0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-passdb0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-util0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsamba-util0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsamdb0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsamdb0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsmbconf0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsmbconf0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libsmbldap2-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libsmbldap2-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libtevent-util0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libtevent-util0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 libwbclient0-32bit-4.9.5+git.343.4bc358522a9-3.38.1 libwbclient0-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-32bit-4.9.5+git.343.4bc358522a9-3.38.1 samba-libs-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-winbind-32bit-4.9.5+git.343.4bc358522a9-3.38.1 samba-winbind-32bit-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ctdb-4.9.5+git.343.4bc358522a9-3.38.1 ctdb-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-debugsource-4.9.5+git.343.4bc358522a9-3.38.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): samba-ceph-4.9.5+git.343.4bc358522a9-3.38.1 samba-ceph-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-debuginfo-4.9.5+git.343.4bc358522a9-3.38.1 samba-debugsource-4.9.5+git.343.4bc358522a9-3.38.1 References: https://www.suse.com/security/cve/CVE-2020-10730.html https://www.suse.com/security/cve/CVE-2020-10745.html https://www.suse.com/security/cve/CVE-2020-10760.html https://www.suse.com/security/cve/CVE-2020-14303.html https://bugzilla.suse.com/1171437 https://bugzilla.suse.com/1172307 https://bugzilla.suse.com/1173159 https://bugzilla.suse.com/1173160 https://bugzilla.suse.com/1173161 https://bugzilla.suse.com/1173359 From sle-security-updates at lists.suse.com Wed Jul 15 07:17:13 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:17:13 +0200 (CEST) Subject: SUSE-SU-2020:1582-2: moderate: Security update for rubygem-bundler Message-ID: <20200715131713.12B0EFDE1@maintenance.suse.de> SUSE Security Update: Security update for rubygem-bundler ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1582-2 Rating: moderate References: #1143436 Cross-References: CVE-2019-3881 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-bundler fixes the following issue: - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution (bsc#1143436). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1582=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-bundler-1.16.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-3881.html https://bugzilla.suse.com/1143436 From sle-security-updates at lists.suse.com Wed Jul 15 07:18:02 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:18:02 +0200 (CEST) Subject: SUSE-SU-2020:1920-1: important: Security update for python-ipaddress Message-ID: <20200715131803.0015AFDE1@maintenance.suse.de> SUSE Security Update: Security update for python-ipaddress ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1920-1 Rating: important References: #1173274 Cross-References: CVE-2020-14422 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1920=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1920=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1920=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-1920=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1920=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1920=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): python-ipaddress-1.0.18-3.3.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): python-ipaddress-1.0.18-3.3.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python-ipaddress-1.0.18-3.3.1 - SUSE Linux Enterprise Module for Python2 15-SP1 (noarch): python-ipaddress-1.0.18-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): python-ipaddress-1.0.18-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): python-ipaddress-1.0.18-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-14422.html https://bugzilla.suse.com/1173274 From sle-security-updates at lists.suse.com Wed Jul 15 07:18:49 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:18:49 +0200 (CEST) Subject: SUSE-SU-2020:1915-1: important: Security update for slirp4netns Message-ID: <20200715131849.CB4F0FDE1@maintenance.suse.de> SUSE Security Update: Security update for slirp4netns ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1915-1 Rating: important References: #1172380 Cross-References: CVE-2020-10756 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP2 SUSE Linux Enterprise Module for Containers 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slirp4netns fixes the following issues: - Update to 0.4.7 (bsc#1172380) * libslirp: update to v4.3.1 (Fix CVE-2020-10756) * Fix config_from_options() to correctly enable ipv6 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2020-1915=1 - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-1915=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): slirp4netns-0.4.7-3.12.1 slirp4netns-debuginfo-0.4.7-3.12.1 slirp4netns-debugsource-0.4.7-3.12.1 - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): slirp4netns-0.4.7-3.12.1 slirp4netns-debuginfo-0.4.7-3.12.1 slirp4netns-debugsource-0.4.7-3.12.1 References: https://www.suse.com/security/cve/CVE-2020-10756.html https://bugzilla.suse.com/1172380 From sle-security-updates at lists.suse.com Wed Jul 15 07:19:31 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:19:31 +0200 (CEST) Subject: SUSE-SU-2020:1532-2: moderate: Security update for libxml2 Message-ID: <20200715131931.D79E7FDE1@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1532-2 Rating: moderate References: #1172021 Cross-References: CVE-2019-19956 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxml2 fixes the following issues: - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1532=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1532=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-libxml2-python-debugsource-2.9.7-3.22.1 python2-libxml2-python-2.9.7-3.22.1 python2-libxml2-python-debuginfo-2.9.7-3.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.7-3.22.1 libxml2-2-debuginfo-2.9.7-3.22.1 libxml2-debugsource-2.9.7-3.22.1 libxml2-devel-2.9.7-3.22.1 libxml2-tools-2.9.7-3.22.1 libxml2-tools-debuginfo-2.9.7-3.22.1 python-libxml2-python-debugsource-2.9.7-3.22.1 python3-libxml2-python-2.9.7-3.22.1 python3-libxml2-python-debuginfo-2.9.7-3.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libxml2-2-32bit-2.9.7-3.22.1 libxml2-2-32bit-debuginfo-2.9.7-3.22.1 References: https://www.suse.com/security/cve/CVE-2019-19956.html https://bugzilla.suse.com/1172021 From sle-security-updates at lists.suse.com Wed Jul 15 07:20:15 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:20:15 +0200 (CEST) Subject: SUSE-SU-2020:1919-1: moderate: Security update for rubygem-puma Message-ID: <20200715132015.88015FDE1@maintenance.suse.de> SUSE Security Update: Security update for rubygem-puma ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1919-1 Rating: moderate References: #1172175 #1172176 Cross-References: CVE-2020-11076 CVE-2020-11077 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-puma to version 4.3.5 fixes the following issues: - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage (bsc#1172175). - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header (bsc#1172176). - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-1919=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-1919=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-1919=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.5-3.3.1 ruby2.5-rubygem-puma-debuginfo-4.3.5-3.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.5-3.3.1 ruby2.5-rubygem-puma-debuginfo-4.3.5-3.3.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.5-3.3.1 ruby2.5-rubygem-puma-debuginfo-4.3.5-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-11076.html https://www.suse.com/security/cve/CVE-2020-11077.html https://bugzilla.suse.com/1172175 https://bugzilla.suse.com/1172176 From sle-security-updates at lists.suse.com Wed Jul 15 07:23:10 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:23:10 +0200 (CEST) Subject: SUSE-SU-2020:1420-2: Security update for jasper Message-ID: <20200715132310.EE280FDE1@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1420-2 Rating: low References: #1092115 Cross-References: CVE-2018-9154 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jasper fixes the following issues: - CVE-2018-9154: Fixed a potential denial of service in jpc_dec_process_sot() (bsc#1092115). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1420=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1420=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1420=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): jasper-2.0.14-3.11.8 jasper-debuginfo-2.0.14-3.11.8 jasper-debugsource-2.0.14-3.11.8 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.11.8 jasper-debugsource-2.0.14-3.11.8 libjasper-devel-2.0.14-3.11.8 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-3.11.8 jasper-debugsource-2.0.14-3.11.8 libjasper4-2.0.14-3.11.8 libjasper4-debuginfo-2.0.14-3.11.8 References: https://www.suse.com/security/cve/CVE-2018-9154.html https://bugzilla.suse.com/1092115 From sle-security-updates at lists.suse.com Wed Jul 15 07:24:33 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:24:33 +0200 (CEST) Subject: SUSE-SU-2020:1918-1: important: Security update for xrdp Message-ID: <20200715132433.36997FDE1@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1918-1 Rating: important References: #1173580 Cross-References: CVE-2020-4044 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xrdp fixes the following issues: - Security fixes (bsc#1173580, CVE-2020-4044): + Add patches: * xrdp-cve-2020-4044-fix-0.patch * xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: * xrdp-fate318398-change-expired-password.patch Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1918=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xrdp-0.9.10-3.3.1 xrdp-debuginfo-0.9.10-3.3.1 xrdp-debugsource-0.9.10-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-4044.html https://bugzilla.suse.com/1173580 From sle-security-updates at lists.suse.com Wed Jul 15 07:25:17 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:25:17 +0200 (CEST) Subject: SUSE-SU-2020:1914-1: important: Security update for bind Message-ID: <20200715132517.EED62FDE1@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1914-1 Rating: important References: #1109160 #1118367 #1118368 #1171740 Cross-References: CVE-2018-5741 CVE-2020-8616 CVE-2020-8617 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for bind fixes the following issues: - Amended documentation referring to rule types "krb5-subdomain" and "ms-subdomain". This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. [CVE-2018-5741] - Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server address records are limited to 4 for any domain. [CVE-2020-8616] - Replaying a TSIG BADTIME response as a request could trigger an assertion failure. [CVE-2020-8617] [bsc#1109160, bsc#1171740, CVE-2018-5741, bind-CVE-2018-5741.patch, CVE-2020-8616, bind-CVE-2020-8616.patch, CVE-2020-8617, bind-CVE-2020-8617.patch] - Don't rely on /etc/insserv.conf anymore for proper dependencies against nss-lookup.target in named.service and lwresd.service (bsc#1118367 bsc#1118368) - Using a drop-in file Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1914=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1914=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1914=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1914=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1914=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1914=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1914=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1914=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1914=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1914=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1914=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE OpenStack Cloud 8 (x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE OpenStack Cloud 8 (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE OpenStack Cloud 7 (s390x x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE OpenStack Cloud 7 (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Enterprise Storage 5 (noarch): bind-doc-9.9.9P1-63.17.1 - SUSE Enterprise Storage 5 (x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - HPE Helion Openstack 8 (x86_64): bind-9.9.9P1-63.17.1 bind-chrootenv-9.9.9P1-63.17.1 bind-debuginfo-9.9.9P1-63.17.1 bind-debugsource-9.9.9P1-63.17.1 bind-libs-32bit-9.9.9P1-63.17.1 bind-libs-9.9.9P1-63.17.1 bind-libs-debuginfo-32bit-9.9.9P1-63.17.1 bind-libs-debuginfo-9.9.9P1-63.17.1 bind-utils-9.9.9P1-63.17.1 bind-utils-debuginfo-9.9.9P1-63.17.1 - HPE Helion Openstack 8 (noarch): bind-doc-9.9.9P1-63.17.1 References: https://www.suse.com/security/cve/CVE-2018-5741.html https://www.suse.com/security/cve/CVE-2020-8616.html https://www.suse.com/security/cve/CVE-2020-8617.html https://bugzilla.suse.com/1109160 https://bugzilla.suse.com/1118367 https://bugzilla.suse.com/1118368 https://bugzilla.suse.com/1171740 From sle-security-updates at lists.suse.com Wed Jul 15 07:27:11 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 15:27:11 +0200 (CEST) Subject: SUSE-SU-2020:1922-1: important: Security update for LibVNCServer Message-ID: <20200715132711.73FF3FDE1@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1922-1 Rating: important References: #1173477 #1173691 #1173694 #1173700 #1173701 #1173743 #1173874 #1173875 #1173876 #1173880 Cross-References: CVE-2017-18922 CVE-2018-21247 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1922=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-1922=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1922=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1922=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): LibVNCServer-debugsource-0.9.10-4.22.1 libvncclient0-0.9.10-4.22.1 libvncclient0-debuginfo-0.9.10-4.22.1 libvncserver0-0.9.10-4.22.1 libvncserver0-debuginfo-0.9.10-4.22.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): LibVNCServer-debugsource-0.9.10-4.22.1 libvncclient0-0.9.10-4.22.1 libvncclient0-debuginfo-0.9.10-4.22.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.22.1 libvncserver0-0.9.10-4.22.1 libvncserver0-debuginfo-0.9.10-4.22.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.22.1 libvncserver0-0.9.10-4.22.1 libvncserver0-debuginfo-0.9.10-4.22.1 References: https://www.suse.com/security/cve/CVE-2017-18922.html https://www.suse.com/security/cve/CVE-2018-21247.html https://www.suse.com/security/cve/CVE-2019-20839.html https://www.suse.com/security/cve/CVE-2019-20840.html https://www.suse.com/security/cve/CVE-2020-14397.html https://www.suse.com/security/cve/CVE-2020-14398.html https://www.suse.com/security/cve/CVE-2020-14399.html https://www.suse.com/security/cve/CVE-2020-14400.html https://www.suse.com/security/cve/CVE-2020-14401.html https://www.suse.com/security/cve/CVE-2020-14402.html https://bugzilla.suse.com/1173477 https://bugzilla.suse.com/1173691 https://bugzilla.suse.com/1173694 https://bugzilla.suse.com/1173700 https://bugzilla.suse.com/1173701 https://bugzilla.suse.com/1173743 https://bugzilla.suse.com/1173874 https://bugzilla.suse.com/1173875 https://bugzilla.suse.com/1173876 https://bugzilla.suse.com/1173880 From sle-security-updates at lists.suse.com Wed Jul 15 10:14:08 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:14:08 +0200 (CEST) Subject: SUSE-SU-2020:1931-1: moderate: Security update for openexr Message-ID: <20200715161408.157AFFC39@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1931-1 Rating: moderate References: #1173466 #1173467 #1173469 Cross-References: CVE-2020-15304 CVE-2020-15305 CVE-2020-15306 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openexr fixes the following issues: - CVE-2020-15304: Fixed a NULL pointer dereference in TiledInputFile:TiledInputFile() (bsc#1173466). - CVE-2020-15305: Fixed a use-after-free in DeepScanLineInputFile:DeepScanLineInputFile() (bsc#1173467). - CVE-2020-15306: Fixed a heap buffer overflow in getChunkOffsetTableSize() (bsc#1173469). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1931=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1931=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.18.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.18.1 libIlmImfUtil-2_2-23-2.2.1-3.18.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.18.1 openexr-debuginfo-2.2.1-3.18.1 openexr-debugsource-2.2.1-3.18.1 openexr-devel-2.2.1-3.18.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.18.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.18.1 libIlmImfUtil-2_2-23-2.2.1-3.18.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.18.1 openexr-debuginfo-2.2.1-3.18.1 openexr-debugsource-2.2.1-3.18.1 openexr-devel-2.2.1-3.18.1 References: https://www.suse.com/security/cve/CVE-2020-15304.html https://www.suse.com/security/cve/CVE-2020-15305.html https://www.suse.com/security/cve/CVE-2020-15306.html https://bugzilla.suse.com/1173466 https://bugzilla.suse.com/1173467 https://bugzilla.suse.com/1173469 From sle-security-updates at lists.suse.com Wed Jul 15 10:17:23 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:17:23 +0200 (CEST) Subject: SUSE-SU-2020:14423-1: important: Security update for mailman Message-ID: <20200715161723.26910FC39@maintenance.suse.de> SUSE Security Update: Security update for mailman ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14423-1 Rating: important References: #1173369 Cross-References: CVE-2020-15011 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-mailman-14423=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mailman-14423=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mailman-14423=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mailman-14423=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): mailman-2.1.15-9.6.26.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): mailman-2.1.15-9.6.26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): mailman-debuginfo-2.1.15-9.6.26.1 mailman-debugsource-2.1.15-9.6.26.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mailman-debuginfo-2.1.15-9.6.26.1 mailman-debugsource-2.1.15-9.6.26.1 References: https://www.suse.com/security/cve/CVE-2020-15011.html https://bugzilla.suse.com/1173369 From sle-security-updates at lists.suse.com Wed Jul 15 10:20:14 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:20:14 +0200 (CEST) Subject: SUSE-SU-2020:1934-1: important: Security update for google-compute-engine Message-ID: <20200715162014.A529AFC39@maintenance.suse.de> SUSE Security Update: Security update for google-compute-engine ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1934-1 Rating: important References: #1169978 #1173258 Cross-References: CVE-2020-8903 CVE-2020-8907 CVE-2020-8933 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for google-compute-engine fixes the following issues: - Don't enable and start google-network-daemon.service when it's already installed (bsc#1169978) + Do not add the created user to the adm (CVE-2020-8903), docker (CVE-2020-8907), or lxd (CVE-2020-8933) groups if they exist (bsc#1173258) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-1934=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-1934=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): google-compute-engine-debugsource-20190801-4.38.1 google-compute-engine-oslogin-20190801-4.38.1 google-compute-engine-oslogin-debuginfo-20190801-4.38.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): google-compute-engine-init-20190801-4.38.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): google-compute-engine-debugsource-20190801-4.38.1 google-compute-engine-oslogin-20190801-4.38.1 google-compute-engine-oslogin-debuginfo-20190801-4.38.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): google-compute-engine-init-20190801-4.38.1 References: https://www.suse.com/security/cve/CVE-2020-8903.html https://www.suse.com/security/cve/CVE-2020-8907.html https://www.suse.com/security/cve/CVE-2020-8933.html https://bugzilla.suse.com/1169978 https://bugzilla.suse.com/1173258 From sle-security-updates at lists.suse.com Wed Jul 15 10:24:45 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:24:45 +0200 (CEST) Subject: SUSE-SU-2020:1930-1: moderate: Security update for openconnect Message-ID: <20200715162445.58080FC39@maintenance.suse.de> SUSE Security Update: Security update for openconnect ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1930-1 Rating: moderate References: #1171862 Cross-References: CVE-2020-12823 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openconnect fixes the following issues: - CVE-2020-12823: Fixed a buffer overflow via crafted certificate data which could have led to denial of service (bsc#1171862). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-1930=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-1930=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): openconnect-7.08-6.9.1 openconnect-debuginfo-7.08-6.9.1 openconnect-debugsource-7.08-6.9.1 openconnect-devel-7.08-6.9.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): openconnect-lang-7.08-6.9.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): openconnect-7.08-6.9.1 openconnect-debuginfo-7.08-6.9.1 openconnect-debugsource-7.08-6.9.1 openconnect-devel-7.08-6.9.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): openconnect-lang-7.08-6.9.1 References: https://www.suse.com/security/cve/CVE-2020-12823.html https://bugzilla.suse.com/1171862 From sle-security-updates at lists.suse.com Wed Jul 15 10:31:01 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:31:01 +0200 (CEST) Subject: SUSE-SU-2020:1709-2: Security update for mercurial Message-ID: <20200715163101.7F095FDE4@maintenance.suse.de> SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1709-2 Rating: low References: #1133035 Cross-References: CVE-2019-3902 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mercurial fixes the following issues: Security issue fixed: - CVE-2019-3902: Fixed incorrect patch-checking with symlinks and subrepos (bsc#1133035). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1709=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): mercurial-4.5.2-3.9.44 mercurial-debuginfo-4.5.2-3.9.44 mercurial-debugsource-4.5.2-3.9.44 References: https://www.suse.com/security/cve/CVE-2019-3902.html https://bugzilla.suse.com/1133035 From sle-security-updates at lists.suse.com Wed Jul 15 10:31:49 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:31:49 +0200 (CEST) Subject: SUSE-SU-2020:1933-1: important: Security update for xrdp Message-ID: <20200715163149.54EE4FC39@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1933-1 Rating: important References: #1173580 Cross-References: CVE-2020-4044 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xrdp fixes the following issues: - Security fixes (bsc#1173580, CVE-2020-4044): + Add patches: * xrdp-cve-2020-4044-fix-0.patch * xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: * xrdp-fate318398-change-expired-password.patch Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1933=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1933=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1933=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1933=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1933=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpainter0-0.9.6-4.8.1 libpainter0-debuginfo-0.9.6-4.8.1 librfxencode0-0.9.6-4.8.1 librfxencode0-debuginfo-0.9.6-4.8.1 xrdp-0.9.6-4.8.1 xrdp-debuginfo-0.9.6-4.8.1 xrdp-debugsource-0.9.6-4.8.1 xrdp-devel-0.9.6-4.8.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpainter0-0.9.6-4.8.1 libpainter0-debuginfo-0.9.6-4.8.1 librfxencode0-0.9.6-4.8.1 librfxencode0-debuginfo-0.9.6-4.8.1 xrdp-0.9.6-4.8.1 xrdp-debuginfo-0.9.6-4.8.1 xrdp-debugsource-0.9.6-4.8.1 xrdp-devel-0.9.6-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpainter0-0.9.6-4.8.1 libpainter0-debuginfo-0.9.6-4.8.1 librfxencode0-0.9.6-4.8.1 librfxencode0-debuginfo-0.9.6-4.8.1 xrdp-0.9.6-4.8.1 xrdp-debuginfo-0.9.6-4.8.1 xrdp-debugsource-0.9.6-4.8.1 xrdp-devel-0.9.6-4.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpainter0-0.9.6-4.8.1 libpainter0-debuginfo-0.9.6-4.8.1 librfxencode0-0.9.6-4.8.1 librfxencode0-debuginfo-0.9.6-4.8.1 xrdp-0.9.6-4.8.1 xrdp-debuginfo-0.9.6-4.8.1 xrdp-debugsource-0.9.6-4.8.1 xrdp-devel-0.9.6-4.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpainter0-0.9.6-4.8.1 libpainter0-debuginfo-0.9.6-4.8.1 librfxencode0-0.9.6-4.8.1 librfxencode0-debuginfo-0.9.6-4.8.1 xrdp-0.9.6-4.8.1 xrdp-debuginfo-0.9.6-4.8.1 xrdp-debugsource-0.9.6-4.8.1 xrdp-devel-0.9.6-4.8.1 References: https://www.suse.com/security/cve/CVE-2020-4044.html https://bugzilla.suse.com/1173580 From sle-security-updates at lists.suse.com Wed Jul 15 10:32:34 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 15 Jul 2020 18:32:34 +0200 (CEST) Subject: SUSE-SU-2020:1657-2: moderate: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork Message-ID: <20200715163234.14D9AFC39@maintenance.suse.de> SUSE Security Update: Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1657-2 Rating: moderate References: #1172377 Cross-References: CVE-2020-13401 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Docker was updated to 19.03.11-ce runc was updated to version 1.0.0-rc10 containerd was updated to version 1.2.13 - CVE-2020-13401: Fixed an issue where an attacker with CAP_NET_RAW capability, could have crafted IPv6 router advertisements, and spoof external IPv6 hosts, resulting in obtaining sensitive information or causing denial of service (bsc#1172377). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2020-1657=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): containerd-1.2.13-5.22.2 docker-19.03.11_ce-6.34.2 docker-debuginfo-19.03.11_ce-6.34.2 docker-libnetwork-0.7.0.1+gitr2902_153d0769a118-4.21.2 docker-libnetwork-debuginfo-0.7.0.1+gitr2902_153d0769a118-4.21.2 docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.38.2 docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.38.2 - SUSE Linux Enterprise Module for Containers 15-SP2 (noarch): docker-bash-completion-19.03.11_ce-6.34.2 References: https://www.suse.com/security/cve/CVE-2020-13401.html https://bugzilla.suse.com/1172377 From sle-security-updates at lists.suse.com Wed Jul 15 19:13:13 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 16 Jul 2020 03:13:13 +0200 (CEST) Subject: SUSE-SU-2020:1937-1: moderate: Security update for cairo Message-ID: <20200716011313.C0D13FDE4@maintenance.suse.de> SUSE Security Update: Security update for cairo ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1937-1 Rating: moderate References: #1049092 Cross-References: CVE-2017-9814 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cairo fixes the following issues: - Fix a memory corruption in pango. - Revert "Correctly decode Adobe CMYK JPEGs in PDF export". - Add more FreeeType font color conversions to support COLR/CPAL. - Fix crash when rendering Microsoft's Segoe UI Emoji Regular font. - Fix memory leaks found by Coverity. - Fix assertion failure in the freetype backend. (fdo#105746). - Add cairo-CVE-2017-9814.patch: Replace malloc with _cairo_malloc and check cmap size before allocating (bsc#1049092) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1937=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1937=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (x86_64): cairo-debugsource-1.16.0-4.8.1 libcairo2-32bit-1.16.0-4.8.1 libcairo2-32bit-debuginfo-1.16.0-4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): cairo-debugsource-1.16.0-4.8.1 cairo-devel-1.16.0-4.8.1 libcairo-gobject2-1.16.0-4.8.1 libcairo-gobject2-debuginfo-1.16.0-4.8.1 libcairo-script-interpreter2-1.16.0-4.8.1 libcairo-script-interpreter2-debuginfo-1.16.0-4.8.1 libcairo2-1.16.0-4.8.1 libcairo2-debuginfo-1.16.0-4.8.1 References: https://www.suse.com/security/cve/CVE-2017-9814.html https://bugzilla.suse.com/1049092 From sle-security-updates at lists.suse.com Fri Jul 17 10:13:23 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:13:23 +0200 (CEST) Subject: SUSE-SU-2020:1948-1: important: Security update for ldb, samba Message-ID: <20200717161323.3C648FDF3@maintenance.suse.de> SUSE Security Update: Security update for ldb, samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1948-1 Rating: important References: #1141320 #1162680 #1169095 #1169521 #1169850 #1169851 #1171437 #1172307 #1173159 #1173160 #1173161 #1173359 #1174120 Cross-References: CVE-2020-10700 CVE-2020-10704 CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 7 fixes is now available. Description: This update for ldb, samba fixes the following issues: Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + Malicous SMB1 server can crash libsmbclient; (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237). + Missing check for DMAPI offline status in async DOS attributes; (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316) + smbd mistakenly updates a file's write-time on close; (bso#14320). + RPC handles cannot be differentiated in source3 RPC server; (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327). + Fix fruit:time machine max size on arm; (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294). + ctdb: Fix a memleak; (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295); (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095) + s3:libads: Fix ads_get_upn(); (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294) + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324) - Update to samba 4.11.8 + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850); + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - Update to samba 4.11.7 + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). + s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283) + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270) + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences; (bso#14247). + smbd: Handle EINTR from open(2) properly; (bso#14285) + winbind member (source3) fails local SAM auth with empty domain name; (bso#14247) + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + lib:util: Log mkdir error on correct debug levels; (bso#14253). + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). + ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209). + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216); (bsc#1141320). + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218). + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). + smbd: Fix the build with clang; (bso#14251). + upgradedns: Ensure lmdb lock files linked; (bso#14199). + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101). + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227). - Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307); - Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437); - Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521); Changes in ldb: - Update to version 2.0.12 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159). + ldb_ldap: fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + lib/ldb: add unit test for ldb_ldap internal code. - Update to version 2.0.11 + lib ldb: lmdb init var before calling mdb_reader_check. + lib ldb: lmdb clear stale readers on write txn start; (bso#14330). + ldb tests: Confirm lmdb free list handling Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-1948=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1948=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-1948=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.11.11+git.180.2cf3b203f07-4.5.1 samba-ad-dc-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-debugsource-4.11.11+git.180.2cf3b203f07-4.5.1 samba-dsdb-modules-4.11.11+git.180.2cf3b203f07-4.5.1 samba-dsdb-modules-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ldb-debugsource-2.0.12-3.3.1 ldb-tools-2.0.12-3.3.1 ldb-tools-debuginfo-2.0.12-3.3.1 libdcerpc-binding0-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc-binding0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc-samr-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc-samr0-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc-samr0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc0-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libldb-devel-2.0.12-3.3.1 libldb2-2.0.12-3.3.1 libldb2-debuginfo-2.0.12-3.3.1 libndr-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-krb5pac-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-krb5pac0-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-krb5pac0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-nbt-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-nbt0-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-nbt0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-standard-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-standard0-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-standard0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libndr0-4.11.11+git.180.2cf3b203f07-4.5.1 libndr0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libnetapi-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libnetapi0-4.11.11+git.180.2cf3b203f07-4.5.1 libnetapi0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-credentials-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-credentials0-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-credentials0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-errors-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-errors0-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-errors0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-hostconfig-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-hostconfig0-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-hostconfig0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-passdb-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-passdb0-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-passdb0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-policy-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-policy-python3-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-policy0-python3-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-policy0-python3-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-util-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-util0-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-util0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamdb-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsamdb0-4.11.11+git.180.2cf3b203f07-4.5.1 libsamdb0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbclient-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbclient0-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbclient0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbconf-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbconf0-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbconf0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbldap-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbldap2-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbldap2-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libtevent-util-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libtevent-util0-4.11.11+git.180.2cf3b203f07-4.5.1 libtevent-util0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libwbclient-devel-4.11.11+git.180.2cf3b203f07-4.5.1 libwbclient0-4.11.11+git.180.2cf3b203f07-4.5.1 libwbclient0-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 python3-ldb-2.0.12-3.3.1 python3-ldb-debuginfo-2.0.12-3.3.1 python3-ldb-devel-2.0.12-3.3.1 samba-4.11.11+git.180.2cf3b203f07-4.5.1 samba-client-4.11.11+git.180.2cf3b203f07-4.5.1 samba-client-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-core-devel-4.11.11+git.180.2cf3b203f07-4.5.1 samba-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-debugsource-4.11.11+git.180.2cf3b203f07-4.5.1 samba-libs-4.11.11+git.180.2cf3b203f07-4.5.1 samba-libs-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-libs-python3-4.11.11+git.180.2cf3b203f07-4.5.1 samba-libs-python3-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-python3-4.11.11+git.180.2cf3b203f07-4.5.1 samba-python3-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-winbind-4.11.11+git.180.2cf3b203f07-4.5.1 samba-winbind-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): samba-ceph-4.11.11+git.180.2cf3b203f07-4.5.1 samba-ceph-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libdcerpc-binding0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc-binding0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libdcerpc0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libldb2-32bit-2.0.12-3.3.1 libldb2-32bit-debuginfo-2.0.12-3.3.1 libndr-krb5pac0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-krb5pac0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-nbt0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-nbt0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-standard0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libndr-standard0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libndr0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libndr0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libnetapi0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libnetapi0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-credentials0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-credentials0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-errors0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-errors0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-hostconfig0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-hostconfig0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-passdb0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-passdb0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-util0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsamba-util0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsamdb0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsamdb0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbconf0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbconf0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbldap2-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libsmbldap2-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libtevent-util0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libtevent-util0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 libwbclient0-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 libwbclient0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-libs-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 samba-libs-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-winbind-32bit-4.11.11+git.180.2cf3b203f07-4.5.1 samba-winbind-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ctdb-4.11.11+git.180.2cf3b203f07-4.5.1 ctdb-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-debuginfo-4.11.11+git.180.2cf3b203f07-4.5.1 samba-debugsource-4.11.11+git.180.2cf3b203f07-4.5.1 References: https://www.suse.com/security/cve/CVE-2020-10700.html https://www.suse.com/security/cve/CVE-2020-10704.html https://www.suse.com/security/cve/CVE-2020-10730.html https://www.suse.com/security/cve/CVE-2020-10745.html https://www.suse.com/security/cve/CVE-2020-10760.html https://www.suse.com/security/cve/CVE-2020-14303.html https://bugzilla.suse.com/1141320 https://bugzilla.suse.com/1162680 https://bugzilla.suse.com/1169095 https://bugzilla.suse.com/1169521 https://bugzilla.suse.com/1169850 https://bugzilla.suse.com/1169851 https://bugzilla.suse.com/1171437 https://bugzilla.suse.com/1172307 https://bugzilla.suse.com/1173159 https://bugzilla.suse.com/1173160 https://bugzilla.suse.com/1173161 https://bugzilla.suse.com/1173359 https://bugzilla.suse.com/1174120 From sle-security-updates at lists.suse.com Fri Jul 17 10:16:46 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:16:46 +0200 (CEST) Subject: SUSE-SU-2020:1944-1: moderate: Security update for ant Message-ID: <20200717161646.737B0FC39@maintenance.suse.de> SUSE Security Update: Security update for ant ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1944-1 Rating: moderate References: #1171696 Cross-References: CVE-2020-1945 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ant fixes the following issues: - CVE-2020-1945: Fixed an inseure temorary file vulnerability which could have potentially leaked sensitive information (bsc#1171696). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-1944=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): ant-1.10.7-4.3.1 ant-antlr-1.10.7-4.3.1 ant-apache-bcel-1.10.7-4.3.1 ant-apache-bsf-1.10.7-4.3.1 ant-apache-log4j-1.10.7-4.3.1 ant-apache-oro-1.10.7-4.3.1 ant-apache-regexp-1.10.7-4.3.1 ant-apache-resolver-1.10.7-4.3.1 ant-commons-logging-1.10.7-4.3.1 ant-javamail-1.10.7-4.3.1 ant-jdepend-1.10.7-4.3.1 ant-jmf-1.10.7-4.3.1 ant-junit-1.10.7-4.3.1 ant-manual-1.10.7-4.3.1 ant-scripts-1.10.7-4.3.1 ant-swing-1.10.7-4.3.1 References: https://www.suse.com/security/cve/CVE-2020-1945.html https://bugzilla.suse.com/1171696 From sle-security-updates at lists.suse.com Fri Jul 17 10:19:18 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:19:18 +0200 (CEST) Subject: SUSE-SU-2020:1940-1: important: Security update for python-ipaddress Message-ID: <20200717161918.949D2FC39@maintenance.suse.de> SUSE Security Update: Security update for python-ipaddress ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1940-1 Rating: important References: #1173274 Cross-References: CVE-2020-14422 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1940=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1940=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-ipaddress-1.0.22-3.3.1 - SUSE OpenStack Cloud 9 (noarch): python-ipaddress-1.0.22-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-14422.html https://bugzilla.suse.com/1173274 From sle-security-updates at lists.suse.com Fri Jul 17 10:20:05 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:20:05 +0200 (CEST) Subject: SUSE-SU-2020:1946-1: important: Security update for squid Message-ID: <20200717162005.837FAFC39@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1946-1 Rating: important References: #1173455 Cross-References: CVE-2020-15049 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for squid fixes the following issues: - CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack (CVE-2020-15049, bsc#1173455) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1946=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1946=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1946=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1946=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1946=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1946=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1946=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1946=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1946=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1946=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1946=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1946=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1946=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1946=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1946=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE OpenStack Cloud 9 (x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE OpenStack Cloud 8 (x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE OpenStack Cloud 7 (s390x x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 - HPE Helion Openstack 8 (x86_64): squid-3.5.21-26.29.1 squid-debuginfo-3.5.21-26.29.1 squid-debugsource-3.5.21-26.29.1 References: https://www.suse.com/security/cve/CVE-2020-15049.html https://bugzilla.suse.com/1173455 From sle-security-updates at lists.suse.com Fri Jul 17 10:20:53 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:20:53 +0200 (CEST) Subject: SUSE-SU-2020:1943-1: important: Security update for xrdp Message-ID: <20200717162053.9D0CCFC39@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1943-1 Rating: important References: #1138954 #1144327 #1144379 #1150584 #1152711 #1153471 #1155789 #1155952 #1157860 #1173580 Cross-References: CVE-2017-6967 CVE-2020-4044 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves two vulnerabilities and has 8 fixes is now available. Description: This update for xrdp provides the following fix: - CVE-2020-4044: xrdp-sesman can be crashed remotely over port 3350 (bsc#1173580). - Fixed an issue where xrdp-sesman could not restart (bsc#1155952). - Fixed an issue where xrdp could not start due to an error in the service file use absolute path in ExecStart (bsc#1155789). - Fixed a PAM error after 2nd xrdp session after logout (bsc#1153471). - Fixed a crash in xrdp-sesman, caused by terminating and reconnecting an xrdp session (bsc#1152711). - Fixed a failure in RDP session recovery (bsc#1150584). - Fixed a process leak (bsc#1144379). - Let systemd handle the daemons, fixing daemon start failures. (bsc#1138954, bsc#1144327) - Don't try to create .vnc directory if it already exists. (bsc#1157860) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1943=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1943=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1943=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1943=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): xrdp-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.20.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): xrdp-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.20.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): xrdp-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.20.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xrdp-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.20.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-16.20.1 References: https://www.suse.com/security/cve/CVE-2017-6967.html https://www.suse.com/security/cve/CVE-2020-4044.html https://bugzilla.suse.com/1138954 https://bugzilla.suse.com/1144327 https://bugzilla.suse.com/1144379 https://bugzilla.suse.com/1150584 https://bugzilla.suse.com/1152711 https://bugzilla.suse.com/1153471 https://bugzilla.suse.com/1155789 https://bugzilla.suse.com/1155952 https://bugzilla.suse.com/1157860 https://bugzilla.suse.com/1173580 From sle-security-updates at lists.suse.com Fri Jul 17 10:22:42 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:22:42 +0200 (CEST) Subject: SUSE-SU-2020:14424-1: important: Security update for LibVNCServer Message-ID: <20200717162242.54CB4FC39@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14424-1 Rating: important References: #1173691 #1173694 #1173700 #1173701 #1173743 #1173880 Cross-References: CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-LibVNCServer-14424=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-LibVNCServer-14424=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-LibVNCServer-14424=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-LibVNCServer-14424=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): LibVNCServer-0.9.1-160.19.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): LibVNCServer-0.9.1-160.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): LibVNCServer-debuginfo-0.9.1-160.19.1 LibVNCServer-debugsource-0.9.1-160.19.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): LibVNCServer-debuginfo-0.9.1-160.19.1 LibVNCServer-debugsource-0.9.1-160.19.1 References: https://www.suse.com/security/cve/CVE-2020-14397.html https://www.suse.com/security/cve/CVE-2020-14398.html https://www.suse.com/security/cve/CVE-2020-14399.html https://www.suse.com/security/cve/CVE-2020-14400.html https://www.suse.com/security/cve/CVE-2020-14401.html https://www.suse.com/security/cve/CVE-2020-14402.html https://bugzilla.suse.com/1173691 https://bugzilla.suse.com/1173694 https://bugzilla.suse.com/1173700 https://bugzilla.suse.com/1173701 https://bugzilla.suse.com/1173743 https://bugzilla.suse.com/1173880 From sle-security-updates at lists.suse.com Fri Jul 17 10:24:39 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 17 Jul 2020 18:24:39 +0200 (CEST) Subject: SUSE-SU-2020:1939-1: important: Security update for python-ipaddress Message-ID: <20200717162439.7EC6AFC39@maintenance.suse.de> SUSE Security Update: Security update for python-ipaddress ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1939-1 Rating: important References: #1173274 Cross-References: CVE-2020-14422 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1939=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1939=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1939=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-ipaddress-1.0.18-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-ipaddress-1.0.18-3.3.1 - HPE Helion Openstack 8 (noarch): python-ipaddress-1.0.18-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-14422.html https://bugzilla.suse.com/1173274 From sle-security-updates at lists.suse.com Mon Jul 20 10:13:14 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Jul 2020 18:13:14 +0200 (CEST) Subject: SUSE-SU-2020:1957-1: moderate: Security update for cni-plugins Message-ID: <20200720161314.2B273FC39@maintenance.suse.de> SUSE Security Update: Security update for cni-plugins ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1957-1 Rating: moderate References: #1172410 Cross-References: CVE-2020-10749 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Containers 15-SP2 SUSE Linux Enterprise Module for Containers 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cni-plugins fixes the following issues: cni-plugins updated to version 0.8.6 - CVE-2020-10749: Fixed a potential Man-in-the-Middle attacks in IPv4 clusters by spoofing IPv6 router advertisements (bsc#1172410). Release notes: https://github.com/containernetworking/plugins/releases/tag/v0.8.6 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-1957=1 - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2020-1957=1 - SUSE Linux Enterprise Module for Containers 15-SP1: zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-1957=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): cni-plugins-0.8.6-3.6.1 - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-3.6.1 - SUSE Linux Enterprise Module for Containers 15-SP1 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-10749.html https://bugzilla.suse.com/1172410 From sle-security-updates at lists.suse.com Mon Jul 20 10:13:55 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Jul 2020 18:13:55 +0200 (CEST) Subject: SUSE-SU-2020:1958-1: moderate: Security update for MozillaFirefox Message-ID: <20200720161355.D4407FC39@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1958-1 Rating: moderate References: #1173948 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 78.0.2 MFSA 2020-28 (bsc#1173948) * MFSA-2020-0003 (bmo#1644076) X-Frame-Options bypass using object or embed tags - Firefox Extended Support Release 78.0.2esr ESR * Fixed: Security fix * Fixed: Fixed an accessibility regression in reader mode (bmo#1650922) * Fixed: Made the address bar more resilient to data corruption in the user profile (bmo#1649981) * Fixed: Fixed a regression opening certain external applications (bmo#1650162) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1958=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1958=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.0.2-3.97.1 MozillaFirefox-debuginfo-78.0.2-3.97.1 MozillaFirefox-debugsource-78.0.2-3.97.1 MozillaFirefox-translations-common-78.0.2-3.97.1 MozillaFirefox-translations-other-78.0.2-3.97.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.0.2-3.97.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.0.2-3.97.1 MozillaFirefox-debuginfo-78.0.2-3.97.1 MozillaFirefox-debugsource-78.0.2-3.97.1 MozillaFirefox-translations-common-78.0.2-3.97.1 MozillaFirefox-translations-other-78.0.2-3.97.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le x86_64): MozillaFirefox-devel-78.0.2-3.97.1 References: https://bugzilla.suse.com/1173948 From sle-security-updates at lists.suse.com Mon Jul 20 13:16:12 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Jul 2020 21:16:12 +0200 (CEST) Subject: SUSE-SU-2020:1962-1: important: Security update for tomcat Message-ID: <20200720191612.86141FDE1@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1962-1 Rating: important References: #1173389 Cross-References: CVE-2020-11996 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-1962=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): tomcat-9.0.36-4.38.1 tomcat-admin-webapps-9.0.36-4.38.1 tomcat-el-3_0-api-9.0.36-4.38.1 tomcat-jsp-2_3-api-9.0.36-4.38.1 tomcat-lib-9.0.36-4.38.1 tomcat-servlet-4_0-api-9.0.36-4.38.1 tomcat-webapps-9.0.36-4.38.1 References: https://www.suse.com/security/cve/CVE-2020-11996.html https://bugzilla.suse.com/1173389 From sle-security-updates at lists.suse.com Mon Jul 20 13:17:35 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 20 Jul 2020 21:17:35 +0200 (CEST) Subject: SUSE-SU-2020:1963-1: important: Security update for tomcat Message-ID: <20200720191735.9CF64FDE1@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1963-1 Rating: important References: #1173389 Cross-References: CVE-2020-11996 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1963=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1963=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1963=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1963=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1963=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): tomcat-9.0.36-3.42.2 tomcat-admin-webapps-9.0.36-3.42.2 tomcat-docs-webapp-9.0.36-3.42.2 tomcat-el-3_0-api-9.0.36-3.42.2 tomcat-javadoc-9.0.36-3.42.2 tomcat-jsp-2_3-api-9.0.36-3.42.2 tomcat-lib-9.0.36-3.42.2 tomcat-servlet-4_0-api-9.0.36-3.42.2 tomcat-webapps-9.0.36-3.42.2 - SUSE OpenStack Cloud 9 (noarch): tomcat-9.0.36-3.42.2 tomcat-admin-webapps-9.0.36-3.42.2 tomcat-docs-webapp-9.0.36-3.42.2 tomcat-el-3_0-api-9.0.36-3.42.2 tomcat-javadoc-9.0.36-3.42.2 tomcat-jsp-2_3-api-9.0.36-3.42.2 tomcat-lib-9.0.36-3.42.2 tomcat-servlet-4_0-api-9.0.36-3.42.2 tomcat-webapps-9.0.36-3.42.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): tomcat-9.0.36-3.42.2 tomcat-admin-webapps-9.0.36-3.42.2 tomcat-docs-webapp-9.0.36-3.42.2 tomcat-el-3_0-api-9.0.36-3.42.2 tomcat-javadoc-9.0.36-3.42.2 tomcat-jsp-2_3-api-9.0.36-3.42.2 tomcat-lib-9.0.36-3.42.2 tomcat-servlet-4_0-api-9.0.36-3.42.2 tomcat-webapps-9.0.36-3.42.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): tomcat-9.0.36-3.42.2 tomcat-admin-webapps-9.0.36-3.42.2 tomcat-docs-webapp-9.0.36-3.42.2 tomcat-el-3_0-api-9.0.36-3.42.2 tomcat-javadoc-9.0.36-3.42.2 tomcat-jsp-2_3-api-9.0.36-3.42.2 tomcat-lib-9.0.36-3.42.2 tomcat-servlet-4_0-api-9.0.36-3.42.2 tomcat-webapps-9.0.36-3.42.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): tomcat-9.0.36-3.42.2 tomcat-admin-webapps-9.0.36-3.42.2 tomcat-docs-webapp-9.0.36-3.42.2 tomcat-el-3_0-api-9.0.36-3.42.2 tomcat-javadoc-9.0.36-3.42.2 tomcat-jsp-2_3-api-9.0.36-3.42.2 tomcat-lib-9.0.36-3.42.2 tomcat-servlet-4_0-api-9.0.36-3.42.2 tomcat-webapps-9.0.36-3.42.2 References: https://www.suse.com/security/cve/CVE-2020-11996.html https://bugzilla.suse.com/1173389 From sle-security-updates at lists.suse.com Mon Jul 20 22:13:38 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Jul 2020 06:13:38 +0200 (CEST) Subject: SUSE-SU-2020:1974-1: moderate: Security update for salt Message-ID: <20200721041338.03ED5FEC3@maintenance.suse.de> SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1974-1 Rating: moderate References: #1159284 #1165572 #1167437 #1168340 #1169604 #1170104 #1170288 #1171906 #1172075 #1173072 #1174165 Cross-References: CVE-2018-15750 CVE-2018-15751 CVE-2020-11651 CVE-2020-11652 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has 7 fixes is now available. Description: This update for salt contains the following fixes: - Fix for TypeError in Tornado importer (bsc#1174165) - Require python3-distro only for TW (bsc#1173072) - Update to Salt version 3000: See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Add docker.logout to docker execution module. (bsc#1165572) - Add option to enable/disable force refresh for zypper. - Add publish_batch to ClearFuncs exposed methods. - Adds test for zypper abbreviation fix. - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions. (bsc#1169604) - Avoid traceback on debug logging for swarm module. (bsc#1172075) - Batch mode now also correctly provides return value. (bsc#1168340) - Better import cache handline. - Do not make file.recurse state to fail when msgpack 0.5.4. (bsc#1167437) - Do not require vendored backports-abc. (bsc#1170288) - Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation. - Fix for low rpm_lowpkg unit test. - Fix for temp folder definition in loader unit test. - Fix for unless requisite when pip is not installed. - Fix integration test failure for test_mod_del_repo_multiline_values. - Fix regression in service states with reload argument. - Fix tornado imports and missing _utils after rebasing patches. - Fix status attribute issue in aptpkg test. - Improved storage pool or network handling. - loop: fix variable names for until_no_eval. - Make "salt.ext.tornado.gen" to use "salt.ext.backports_abc" on Python 2. - Make setup.py script not to require setuptools greater than 9.1. - More robust remote port detection. - Prevent sporious "salt-api" stuck processes when managing SSH minions. because of logging deadlock. (bsc#1159284) - Python3.8 compatibility changes. - Removes unresolved merge conflict in yumpkg module. - Returns a the list of IPs filtered by the optional network list. - Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341). (bsc#1170104) - Sanitize grains loaded from roster_grains.json cache during "state.pkg". - Various virt backports from 3000.2. - zypperpkg: filter patterns that start with dot. (bsc#1171906) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-1974=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-1974=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1974=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): salt-api-3000-6.37.1 salt-cloud-3000-6.37.1 salt-master-3000-6.37.1 salt-proxy-3000-6.37.1 salt-ssh-3000-6.37.1 salt-standalone-formulas-configuration-3000-6.37.1 salt-syndic-3000-6.37.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): salt-fish-completion-3000-6.37.1 - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python2-salt-3000-6.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): python3-salt-3000-6.37.1 salt-3000-6.37.1 salt-doc-3000-6.37.1 salt-minion-3000-6.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): salt-bash-completion-3000-6.37.1 salt-zsh-completion-3000-6.37.1 References: https://www.suse.com/security/cve/CVE-2018-15750.html https://www.suse.com/security/cve/CVE-2018-15751.html https://www.suse.com/security/cve/CVE-2020-11651.html https://www.suse.com/security/cve/CVE-2020-11652.html https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1167437 https://bugzilla.suse.com/1168340 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1170104 https://bugzilla.suse.com/1170288 https://bugzilla.suse.com/1171906 https://bugzilla.suse.com/1172075 https://bugzilla.suse.com/1173072 https://bugzilla.suse.com/1174165 From sle-security-updates at lists.suse.com Mon Jul 20 22:17:04 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Jul 2020 06:17:04 +0200 (CEST) Subject: SUSE-SU-2020:14431-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20200721041704.8835DFDE1@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14431-1 Rating: moderate References: #1002529 #1003449 #1004047 #1004260 #1004723 #1008933 #1011304 #1011800 #1012398 #1012999 #1013876 #1013938 #1015882 #1017078 #1019386 #1020831 #1022562 #1022841 #1023535 #1024406 #1025896 #1027044 #1027240 #1027426 #1027722 #1030009 #1030073 #1032213 #1032452 #1032931 #1035914 #1036125 #1038855 #1039370 #1040886 #1041993 #1042749 #1043111 #1044719 #1050003 #1051948 #1052264 #1053376 #1053955 #1057635 #1059291 #1059758 #1060230 #1061407 #1062462 #1062464 #1063419 #1064520 #1065792 #1068446 #1068566 #1070372 #1071322 #1072599 #1075950 #1076578 #1079048 #1080290 #1081151 #1081592 #1083294 #1085667 #1087055 #1087278 #1087581 #1087891 #1088070 #1088888 #1089112 #1089362 #1089526 #1091371 #1092161 #1092373 #1094055 #1094190 #1095507 #1095651 #1095942 #1096514 #1097174 #1097413 #1098394 #1099323 #1099460 #1099887 #1099945 #1100142 #1100225 #1100697 #1101780 #1101812 #1101880 #1102013 #1102218 #1102265 #1102819 #1103090 #1103530 #1103696 #1104034 #1104154 #1104491 #1106164 #1107333 #1108557 #1108834 #1108969 #1108995 #1109023 #1109893 #1110938 #1111542 #1112874 #1113698 #1113699 #1113784 #1114029 #1114197 #1114474 #1114824 #1116343 #1116837 #1117995 #1121091 #1121439 #1122663 #1122680 #1123044 #1123512 #1123865 #1124277 #1125015 #1125610 #1125744 #1127389 #1128061 #1128554 #1129079 #1129243 #1130077 #1130588 #1130784 #1131114 #1132076 #1133523 #1133647 #1134860 #1135360 #1135507 #1135567 #1135656 #1135732 #1135881 #1137642 #1138454 #1138952 #1139761 #1140193 #1140912 #1143301 #1146192 #1146382 #1148311 #1148714 #1150447 #1151650 #1151947 #1152366 #1153090 #1153277 #1153611 #1154620 #1154940 #1155372 #1157465 #1157479 #1158441 #1158940 #1159118 #1159284 #1160931 #1162327 #1162504 #1163871 #1165425 #1165572 #1167437 #1167556 #1168340 #1169604 #1169800 #1170042 #1170104 #1170288 #1170595 #1171687 #1171906 #1172075 #1173072 #1174165 #769106 #769108 #776615 #849184 #849204 #849205 #879904 #887879 #889605 #892707 #902494 #908849 #926318 #932288 #945380 #948245 #955373 #958350 #959572 #963322 #965403 #967803 #969320 #970669 #971372 #972311 #972490 #975093 #975303 #975306 #975733 #975757 #976148 #977264 #978150 #978833 #979448 #979676 #980313 #983017 #983512 #985112 #985661 #986019 #987798 #988506 #989193 #989798 #990029 #990439 #990440 #991048 #993039 #993549 #996455 #999852 Cross-References: CVE-2016-1866 CVE-2016-9639 CVE-2017-12791 CVE-2017-14695 CVE-2017-14696 CVE-2018-15750 CVE-2018-15751 CVE-2019-17361 CVE-2019-18897 CVE-2020-11651 CVE-2020-11652 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 251 fixes is now available. Description: This update fixes the following issues: salt: - Require python3-distro only for TW (bsc#1173072) - Various virt backports from 3000.2 - Avoid traceback on debug logging for swarm module (bsc#1172075) - Add publish_batch to ClearFuncs exposed methods - Fix for TypeError in Tornado importer (bsc#1174165) - Update to salt version 3000 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Testsuite fix - Add option to enable/disable force refresh for zypper - Python3.8 compatibility changes - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341) (bsc#1170104) - Returns a the list of IPs filtered by the optional network list - Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595) - Do not require vendored backports-abc (bsc#1170288) - Fix partition.mkpart to work without fstype (bsc#1169800) - Enable building and installation for Fedora - Disable python2 build on Tumbleweed We are removing the python2 interpreter from openSUSE (SLE16). As such disable salt building for python2 there. - More robust remote port detection - Sanitize grains loaded from roster_grains.json cache during "state.pkg" - Do not make file.recurse state to fail when msgpack 0.5.4 (bsc#1167437) - Build: Buildequire pkgconfig(systemd) instead of systemd pkgconfig(systemd) is provided by systemd, so this is de-facto no change. But inside the Open Build Service (OBS), the same symbol is also provided by systemd-mini, which exists to shorten build-chains by only enabling what other packages need to successfully build - Add new custom SUSE capability for saltutil state module - Fixes status attribute issue in aptpkg test - Make setup.py script not to require setuptools greater than 9.1 - loop: fix variable names for until_no_eval - Drop conflictive module.run state patch (bsc#1167437) - Update patches after rebase with upstream v3000 tag (bsc#1167437) - Fix some requirements issues depending on Python3 versions - Removes obsolete patch - Fix for low rpm_lowpkg unit test - Add python-singledispatch as dependency for python2-salt - virt._get_domain: don't raise an exception if there is no VM - Fix for temp folder definition in loader unit test - Adds test for zypper abbreviation fix - Improved storage pool or network handling - Better import cache handline - Make "salt.ext.tornado.gen" to use "salt.ext.backports_abc" on Python 2 - Fix regression in service states with reload argument - Fix integration test failure for test_mod_del_repo_multiline_values - Fix for unless requisite when pip is not installed - Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation - Fix tornado imports and missing _utils after rebasing patches - Removes unresolved merge conflict in yumpkg module - Use full option name instead of undocumented abbreviation for zypper - Requiring python3-distro only for openSUSE/SLE >= 15 and not for Python 2 builds - Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897) - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327) - RHEL/CentOS 8 uses platform-python instead of python3 - loader: invalidate the import cachefor extra modules - zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Improvements for chroot module - Add option to enable/disable force refresh for zypper - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Fix partition.mkpart to work without fstype (bsc#1169800) - Fix typo in 'minion_runner' for AESFuncs exposed methods. - Avoid "NameError: name '__salt_system_encoding__' is not defined" (bsc#1138952) - Fix load cached grain "osrelease_info" to prevent exceptions on "pkg.info_installed" on Debian and Ubuntu minion (bsc#1170042) - Build: Buildequire pkgconfig(systemd) instead of systemd - Add new custom SUSE capability for saltutil state module - Backport saltutil state module to 2019.2 codebase (bsc#1167556) - virt._get_domain: don't raise an exception if there is no VM - Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595) - Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897) - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327) - RHEL/CentOS 8 uses platform-python instead of python3 - New configuration option for selection of grains in the minion start event. - Fix 'os_family' grain for Astra Linux Common Edition - Fix for salt-api NET API where unauthenticated attacker could run arbitrary code (CVE-2019-17361) (bsc#1162504) - Adds disabled parameter to mod_repo in aptpkg module - Move token with atomic operation - Bad API token files get deleted (bsc#1160931) - Support for Btrfs and XFS in parted and mkfs added - Adds list_downloaded for apt Module to enable pre-downloading support - Adds virt.(pool|network)_get_xml functions - Add virt.pool_capabilities function - virt.pool_running improvements - Add virt.pool_deleted state - virt.network_define allow adding IP configuration - virt: adding kernel boot parameters to libvirt xml - Fix to scheduler when data['run'] does not exist (bsc#1159118) - Fix virt states to not fail on VMs already stopped - Fix applying of attributes for returner rawfile_json (bsc#1158940) - xfs: do not fail if type is not present (bsc#1153611) - Don't use __python indirection macros on spec file %__python is no longer defined in RPM 4.15 (python2 is going EOL in Jan 2020); additionally, python/python3 are just binaries in the path. - Fix errors when running virt.get_hypervisor function - Align virt.full_info fixes with upstream Salt - Fix for log checking in x509 test - Prevent test_mod_del_repo_multiline_values to fail - Read repo info without using interpolation (bsc#1135656) - Replacing pycrypto with M2Crypto as dependency for >= SLE15 (bsc#1165425) - Let salt-ssh use platform-python on RHEL8 (bsc#1158441) - Fix StreamClosedError issue (bsc#1157479) - Remove virt.pool_delete fast parameter (U#54474) - Remove unnecessary yield causing BadYieldError (bsc#1154620) - Prevent 'Already reading' continuous exception message (bsc#1137642) - Fix for aptpkg test with older mock modules - Remove wrong tests for core grain and improve debug logging - Use rich RPM deps to get a compatible version of tornado into the buildroot. - core.py: ignore wrong product_name files - zypperpkg: understand product type - Enable usage of downloadonly parameter for apt module - Add missing 'fun' on events coming from salt-ssh wfunc executions (bsc#1151947) - Fix failing unit tests for batch async - Fix memory consumption problem on BatchAsync (bsc#1137642) - Fix dependencies for RHEL 8 - Prevent systemd-run description issue when running aptpkg (bsc#1152366) - Take checksums arg into account for postgres.datadir_init (bsc#1151650) - Improve batch_async to release consumed memory (bsc#1140912) - Require shadow instead of old pwdutils (bsc#1130588) - Conflict with tornado >= 5; for now we can only cope with Tornado 4.x (bsc#1101780). - Fix virt.full_info (bsc#1146382) - virt.volume_infos: silence libvirt error message - virt.volume_infos needs to ignore inactive pools - Fix for various bugs in virt network and pool states - Implement network.fqdns module function (bsc#1134860) - Strip trailing "/" from repo.uri when comparing repos in apktpkg.mod_repo (bsc#1146192) - Make python3 default for RHEL8 - Use python3 to build package Salt for RHEL8 - Fix aptpkg systemd call (bsc#1143301) - Move server_id deprecation warning to reduce log spamming (bsc#1135567) (bsc#1135732) - Fix memory leak produced by batch async find_jobs mechanism (bsc#1140912) - Files in salt-formulas folder can now be read and excuted by others (bsc#1150447) - Restore default behaviour of pkg list return (bsc#1148714) - Multiple fixes on cmdmod, chroot, freezer and zypperpkg needed for Yomi cmdmod: fix runas and group in run_chroot chroot: add missing sys directory chroot: change variable name to root chroot: fix bug in safe_kwargs iteration freezer: do not fail in cache dir is present freezer: clean freeze YAML profile on restore zypperpkg: fix pkg.list_pkgs cache - Avoid traceback on http.query when there are errors with the requested URL (bsc#1128554) - Salt python client get_full_returns seems return data from incorrect jid (bsc#1131114) - virt.volume_infos: don't raise an error if there is no VM - Prevent ansiblegate unit tests to fail on Ubuntu - Allow passing kwargs to pkg.list_downloaded for Zypper (bsc#1140193) - Do not make "ansiblegate" module to crash on Python3 minions (bsc#1139761) - Provide the missing features required for Yomi (Yet one more installer) - Fix zypper pkg.list_pkgs test expectation and dpkg mocking - Set 'salt' group for files and directories created by salt-standalone-formulas-configuration package - Fix virt.volume_infos raising an exception when there is only virtual machine on the minion. - Fix virt.purge() on all non-KVM hypervisors. For instance on Xen, virt.purge would simply throw an exception about unsupported flag - Building a libvirt pool starts it. When defining a new pool, we need to let build start it or we will get libvirt errors. - Fix handling of Virtual Machines with white space in their name. - avoid batch.py exception when minion does not respond (bsc#1135507) - Preserve already defined DESTRUCTIVE_TESTS and EXPENSIVE_TESTS env variables - Do not break repo files with multiple line values on yumpkg (bsc#1135360) - Fix return status when installing or updating RPM packages with "ppc64le" arch (bsc#1133647) - Add new "salt-standalone-formulas-configuration" package (fate#327791) - Switch firewalld state to use change_interface (bsc#1132076) - Fix async-batch to fire a single done event - Do not make Salt CLI to crash when there are IPv6 established connections (bsc#1130784) - Include aliases in FQDNS grain (bsc#1121439) - Fix issue preventing syndic to start - Update to 2019.2.0 release (FATE#327138, bsc#1133523) See https://docs.saltstack.com/en/latest/topics/releases/2019.2.0.html - Update year on spec copyright notice - Use ThreadPool from multiprocessing.pool to avoid leakings when calculating FQDNs - Do not report patches as installed on RHEL systems when not all the related packages are installed (bsc#1128061) - Incorporate virt.volume_info fixes (PR#131) - Fix for -t parameter in mount module - No longer limiting Python3 version to <3.7 - Add virt.volume_infos and virt.volume_delete functions - Bugfix: properly refresh pillars (bsc#1125015) - Removes version from python3 requirement completely - Adds missing version update to %setup - Add virt.all_capabilities to return all host and domain capabilities at once - Switch to better correct version nomenclature Background: The special character tilde (~) will be available for use in version representing a negative version token. - Fix setup to use the right version tag - Add "id_" and "force" to the whitelist of API check - Add metadata to accepted keyword arguments (bsc#1122680) - Add salt-support script to package - Early feature: Salt support-config (salt-support) - More fixes on the spec file - Fix spaces and indentation - Use Adler32 algorithm to compute string checksums (bsc#1102819) - Update spec file patch ordering after MSI patch removal - Calculate the "FQDNs" grains in parallel to avoid long blocking (bsc#1129079) - Fix batch/batch-async related issues - Fixes typo in depedency: e2fsprogs - Adds missing dependencies to salt-common: python-concurrent.futures - Fix regression in dynamic pillarenv (bsc#1124277) - add parallel support for orchestrations (bsc#1116343) - Implement asynchronous batching - Let dpkg.info expose package status - Make aptpkg.info return only installed packages - Strip trailing / from repo URI when comparing repos in apktpkg.mod_repo - Include aliases in FQDNS grain - Prevents error when there is no job entry in filesystem cache due to race condition in minion onboarding (bsc#1122663) - Don't call zypper with more than one --no-refresh parameter (bsc#1123865) - Remove zypper-add-root-configuration-parameter patch (bsc#1123512) - Remove MSI Azure cloud module authentication patch (bsc#1123044) - Don't encode response string from role API - Add root parameter to Zypper module - Fix integration tests in state compiler (U#2068) - Fix "pkg.list_pkgs" output when using "attr" to take the arch into account (bsc#1114029) - Fix powerpc null server_id_arch (bsc#1117995) - Fix module 'azure.storage' has no attribute '__version__' (bsc#1121091) - Add supportconfig module and states for minions and SaltSSH - Fix FIPS enabled RES clients (bsc#1099887) - Add hold/unhold functions. Fix Debian repo "signed-by". - Strip architecture from debian package names - Fix latin1 encoding problems on file module (bsc#1116837) - Don't error on retcode 0 in libcrypto.OPENSSL_init_crypto - Handle anycast IPv6 addresses on network.routes (bsc#1114474) - Debian info_installed compatibility (U#50453) - Add compatibility with other package modules for "list_repos" function - Crontab module fix: file attributes option missing (bsc#1114824) - Fix git_pillar merging across multiple __env__ repositories (bsc#1112874) - Bugfix: unable to detect os arch when RPM is not installed (bsc#1114197) - Fix LDAP authentication issue when a valid token is generated by the salt-api even when invalid user credentials are passed. (U#48901) - Improved handling of LDAP group id. gid is no longer treated as a string, which could have lead to faulty group creations. (bsc#1113784) - Fix remote command execution and incorrect access control when using salt-api. (bsc#1113699) (CVE-2018-15751) - Fix Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events. (bsc#1113698) (CVE-2018-15750) - Add multi-file support and globbing to the filetree (U#50018) - Bugfix: supportconfig non-root permission issues (U#50095) - Open profiles permissions to everyone for read-only - Preserving signature in "module.run" state (U#50049) - Install default salt-support profiles - Remove unit test, came from a wrong branch. Fix merging failure. - Add CPE_NAME for osversion* grain parsing - Get os_family for RPM distros from the RPM macros - Install support profiles - Fix async call to process manager (bsc#1110938) - Salt-based supportconfig implementation (technology preview) - Bugfix: any unicode string of length 16 will raise TypeError - Fix IPv6 scope (bsc#1108557) - Handle zypper ZYPPER_EXIT_NO_REPOS exit code (bsc#1108834, bsc#1109893) - Bugfix for pkg_resources crash (bsc#1104491) - Fix loosen azure sdk dependencies in azurearm cloud driver (bsc#1107333) - Fix broken "resolve_capabilities" on Python 3 (bsc#1108995) - Allow empty service_account_private_key in GCE driver (bsc#1108969) - Properly handle colons in inline dicts with yamlloader (bsc#1095651) - Fix wrong recurse behavior on for linux_acl.present (bsc#1106164) - Add additional x509 fixes - Fix for StringIO import in Python2 - Integration of MSI authentication for azurearm - Fix for Compound list targeting with "not" - Fixes 509x remote signing - Adds fix for SUSE Expanded Support os grain detection - Prepend current directory when path is just filename (bsc#1095942) - Only do reverse DNS lookup on IPs for salt-ssh (bsc#1104154) - Add support for Python 3.7 and Tornado 5.0 - Fix license macro to build on SLE12SP2 - Decode file contents for python2 (bsc#1102013, bsc#1103530) - Fix mine.get not returning data - workaround for #48020 (bsc#1100142) - Check dmidecoder executable on each "smbios" call to avoid race condition (bsc#1101880) - Add API log rotation on SUSE package (bsc#1102218) - Add missing dateutils import (bsc#1099945) - Backport the new libvirt_events engine from upstream - Fix file.blockreplace to avoid throwing IndexError (bsc#1101812) - Fix pkg.upgrade reports when dealing with multiversion packages (bsc#1102265) - Fix UnicodeDecodeError using is_binary check (bsc#1100225) - Fix corrupt public key with m2crypto python3 (bsc#1099323) - Prevent payload crash on decoding binary data (bsc#1100697) - Accounting for when files in an archive contain non-ascii characters (bsc#1099460) - Handle packages with multiple version properly with zypper (bsc#1096514) - Fix file.get_diff regression on 2018.3 (bsc#1098394) - Provide python version mismatch solutions (bsc#1072599) - Add custom SUSE capabilities as Grains (bsc#1089526) - Fix file.managed binary file utf8 error (bsc#1098394) - Multiversion patch plus upstream fix and patch reordering - Add environment variable to know if yum is invoked from Salt (bsc#1057635) - Prevent deprecation warning with salt-ssh (bsc#1095507) - Fix for sorting of multi-version packages (bsc#1097174 and bsc#1097413) - Align SUSE salt-master.service 'LimitNOFILES' limit with upstream Salt - Add 'other' attribute to GECOS fields to avoid inconsistencies with chfn - Prevent zypper from parsing repo configuration from not .repo files (bsc#1094055) - Collect all versions of installed packages on SUSE and RHEL systems (bsc#1089526) - Documentation refresh to 2018.3.0 - No more AWS EC2 rate limitations in salt-cloud (bsc#1088888) - MySQL returner now also allows to use Unix sockets (bsc#1091371) - Do not override jid on returners, only sending back to master (bsc#1092373) - Fixes for salt-ssh: - Option --extra-filerefs doesn't add all files to the state archive - Pillar completely overwritten (not merged) when doing module.run + state.apply with pillar in kwargs - remove minion/thin/version if exists to force thin regeneration (bsc#1092161) - Fixed Python 3 issue with CIDR addresses. - Fix minion scheduler to return a 'retcode' attribute (bsc#1089112) - Fix for logging during network interface querying (bsc#1087581) - Fix rhel packages requires both net-tools and iproute (bsc#1087055) - Fix patchinstall on yum module. Bad comparison (bsc#1087278) - Strip trailing commas on Linux user's GECOS fields (bsc#1089362) - Fallback to PyMySQL (bsc#1087891) - Improved test for fqdns - Update SaltSSH patch (use code checksum instead version on thin update) - Fix for [Errno 0] Resolver Error 0 (no error) (bsc#1087581) - Update to 2018.3.0 - Add python-2.6 support to salt-ssh - Add iprout/net-tools dependency - salt-ssh: require same major version while minor is allowed to be - Add SaltSSH multi-version support across Python interpeters. - Fix zypper.info_installed 'ascii' issue - Update openscap push patch to include the test fixes - Explore 'module.run' state module output in depth to catch "result" properly - make it possible to use docker login, pull and push from module.run and detect errors - Fix logging with FQDNs - Update cp.push patch - force re-generate a new thin.tgz when an update gets installed - fix salt-ssh with a different patch - Fix unicode decode error with salt-ssh - Fix cp.push empty file (bsc#1075950) - salt-ssh - move log_file option to changeable defaults - Fix grains containing trailing "\n" - Remove salt-minion python2 requirement when python3 is default (bsc#1081592) - Remove-obsolete-unicode-handling-in-pkg.info_installed - Update to salt-2018.1.99 - Fix-epoch-handling-for-Rhel-6-and-7 - Restoring-installation-of-packages-for-Rhel-6-7 - Prevent queryformat pattern from expanding (bsc#1079048) - Fix epoch handling for Rhel 6 and 7 (bsc#1068566) - Reverting to current API for split_input - Fix for wrong version processing during yum pkg install (bsc#1068566) - Feat: add grain for all FQDNs (bsc#1063419) - Fix the usage of custom macros on the spec file. - Fix RES7: different dependency names for python-PyYAML and python-MarkupSafe - Build both python2 and python3 binaries together. - Bugfix: errors in external pillar causes crash instead of report of them (bsc#1068446) - Fix 'user.present' when 'gid_from_name' is set but group does not exist. - Fix "No service execution module loaded" issue (bsc#1065792) - Set SHELL environment variable - Removed unnecessary logging on shutdown (bsc#1050003) - Add fqdns to grains (bsc#1063419) - Fixing cherrypy websocket with python3 - Various-bug-fixes - Python3 bugfix for cherrypy read() - Fix for logging on salt-master exit in rare cases (pid-file removal) - Fix salt-master for old psutil version - Put back accidentally removed patches - Fix for delete_deployment in Kubernetes module (bsc#1059291) - Older logrotate need su directive (bsc#1071322) - Fix bsc#1041993 already included in 2017.7.2 - Fixed beacons failure when pillar-based suppressing config-based. (bsc#1060230) - Escape the usage of %{VERSION} when calling out to rpm. RPM 4.14 has %{VERSION} defined as 'the main packages version'. - Fix wrong version reported by Salt (bsc#1061407) - Fix CVE-2017-14696 (bsc#1062464) already included in 2017.7.2 - Run salt master as dedicated salt user - Run salt-api as user salt (bsc#1064520) - Update to 2017.7.2 See https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html - Re-added previously removed unit-test for bsc#1050003 - Fixes for CVE-2017-14695 and CVE-2017-14696 (bsc#1062462) - Add missing follow-up for CVE-2017-12791 (bsc#1053955) - Fixed salt target-type field returns "String" for existing jids but an empty "Array" for non existing jids. (issue#1711) - Fixed minion resource exhaustion when many functions are being executed in parallel (bsc#1059758) - Remove 'TasksTask' attribute from salt-master.service in older versions of systemd (bsc#985112) - Fix for delete_deployment in Kubernetes module (bsc#1059291) - Catching error when PIDfile cannot be deleted (bsc#1050003) - Use $HOME to get the user home directory instead using '~' char (bsc#1042749) - Fixed patches for Kubernetes and YUM modules - Add patches to salt to support SUSE Manager scalability features (bsc#1052264) - Introducing the kubernetes module (bsc#1051948) - Revert "We don't have python-systemd, so notify can't work" - Notify systemd synchronously via NOTIFY_SOCKET (bsc#1053376) - Add clean_id function to salt.utils.verify.py (CVE-2017-12791, bsc#1053955) - Added bugfix when jobs scheduled to run at a future time stay pending for Salt minions (bsc#1036125) - Adding procps as dependency. This provides "ps" and "pgrep" utils which are called from different Salt modules and also from new salt-minion watchdog. - Adding a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to restart salt-minion in case of crashes during upgrade. - fix format error (bsc#1043111) - fix ownership for whole master cache directory (bsc#1035914) - Bugfix: clean up `change` attribute from interface dict (upstream) Issue: https://github.com/saltstack/salt/issues/41461 PR: 1. https://github.com/saltstack/salt/pull/41487 2. https://github.com/saltstack/salt/pull/41533 - Disable 3rd party runtime packages to be explicitly recommended. (bsc#1040886) - Bugfix: orchestrate and batches returns false failed information https://github.com/saltstack/salt/issues/40635 - speed-up cherrypy by removing sleep call - wrong os_family grains on SUSE - fix unittests (bsc#1038855) - fix setting the language on SUSE systems (bsc#1038855) - Documentation refresh to 2016.11.4 - Update to 2016.11.4 See https://docs.saltstack.com/en/develop/topics/releases/2016.11.4.html See https://docs.saltstack.com/en/develop/topics/releases/2016.11.3.html See https://docs.saltstack.com/en/develop/topics/releases/2016.11.2.html See https://docs.saltstack.com/en/develop/topics/releases/2016.11.1.html for full changelog - Use SUSE specific salt-api.service (bsc#1039370) - Bugfix: wrong os_family grains on SUSE (bsc#1038855) - Bugfix: unable to use hostname for minion ID as '127' (upstream) - Fix core grains constants for timezone (bsc#1032931) - Add unit test for a skip false values from preferred IPs upstream patch - Adding "yum-plugin-security" as required for RHEL 6 - Minor fixes on new pkg.list_downloaded - Listing all type of advisory patches for Yum module - Prevents zero length error on Python 2.6 - Fixes zypper test error after backporting - raet protocol is no longer supported (bsc#1020831) - Fix: move SSH data to the new home (bsc#1027722) - Fix: /var/log/salt/minion fails logrotate (bsc#1030009) - Fix: Result of master_tops extension is mutually overwritten (bsc#1030073) - Allows to set 'timeout' and 'gather_job_timeout' via kwargs - Allows to set custom timeouts for 'manage.up' and 'manage.status' - Use salt's ordereddict for comparison (fixes failing tests) - add special salt-minion.service file for RES7 - fix scripts for salt-proxy - define with systemd for fedora and rhel >= 7 (bsc#1027240) - add openscap module - file.get_managed regression fix (upstream issues #39762) - fix translate variable arguments if they contain hidden keywords (bsc#1025896) - fix service handling for openSUSE - added unit test for dockerng.sls_build dryrun - added dryrun to dockerng.sls_build - update dockerng minimal version requirements - fix format error in error parsing - keep fix for migrating salt home directory (bsc#1022562) - Fix salt pkg.latest raises exception if package is not available (bsc#1012999) - Fix timezone: should be always in UTC (bsc#1017078) - Fix timezone handling for rpm installtime (bsc#1017078) - Increasing timeouts for running integrations tests - Add buildargs option to dockerng.build module - Disable custom rosters for Salt SSH via Salt API (bsc#1011800) More: https://github.com/saltstack/salt/pull/38596 - Fix error when missing ssh-option parameter - readd yum notify plugin - all kwargs to dockerng.create to provide all features to sls_build as well - Bugfix: datetime should be returned always in UTC - Bugfix: scheduled state may cause crash while deserialising data on infinite recursion. (bsc#1036125) - Enable yum to handle errata on RHEL 6: require yum-plugin-security - Minor fixes on new pkg.list_downloaded - Listing all type of advisory patches for Yum module - Prevents zero length error on Python 2.6 - Fixes zypper test error after backporting - Refactoring on Zypper and Yum execution and state modules to allow installation of patches/errata. - Fix log rotation permission issue (bsc#1030009) - Use pkg/suse/salt-api.service by this package - Patch to set SHELL env variable for the salt-api.service. Needed for salt-ssh ProxyCommand to work properly. - Fixes 'timeout' and 'gather_job_timeout' kwargs parameters for 'local_batch' client - Add missing bootstrap script for Salt Cloud (bsc#1032452) - Fix: add missing /var/cache/salt/cloud directory (bsc#1032213) - Added test case for race conditions on cache directory creation - Adding "pkg.install downloadonly=True" support to yum/dnf execution module - Makes sure "gather_job_timeout" is an Integer - Adding "pkg.downloaded" state and support for installing patches/erratas - Fix: merge master_tops output - Fix: race condition on cache directory creation - Cleanup salt user environment preparation (bsc#1027722) - Don't send passwords after shim delimiter is found (bsc#1019386) - Allows to set 'timeout' and 'gather_job_timeout' via kwargs - Allows to set custom timeouts for 'manage.up' and 'manage.status' - Update systemd module unit tests (Update patch 0050) - define with system for fedora and rhel 7 (bsc#1027240) - Fix service state returning stacktrace (bsc#1027044) - OpenSCAP Module - Prevents 'OSError' exception in case certain job cache path doesn't exist (bsc#1023535) - Backport: Fix issue with cp.push (#36136) - Fix salt-minion update on RHEL (bsc#1022841) - Adding new functions to Snapper execution module. - Fix invalid chars allowed for data IDs (bsc#1011304) Fix timezone: should be always in UTC (bsc#1017078) - Fixes wrong "enabled" opts for yumnotify plugin - ssh-option parameter for salt-ssh command. - minion should pre-require salt - do not restart salt-minion in the salt package - add try-restart to sys-v init scripts - Adding "Restart=on-failure" for salt-minion systemd service - Re-introducing "KillMode=process" for salt-minion systemd service - Successfully exit of salt-api child processes when SIGTERM is received - Update to 2015.8.12 - Fix possible information leak due to revoked keys still being used. (bsc#1012398, CVE-2016-9639) - Splitted non-Linux and other external platform modules to 'salt-other' sub-package. - Switch package group from System/Monitoring to System/Management - fix exist codes of sysv init script (bsc#999852) - Including resolution parameters in the Zypper debug-solver call during a dry-run dist-upgrade. - Fix Salt API crash via salt-ssh on empty roster (bsc#1004723) - Adding 'dist-upgrade' support to zypper module (FATE#320559) - Copy .travis.yml from git commit ea63e793567ba777e47dc766a4f88edfb037a02f - Change travis configuration file to use salt-toaster - acl.delfacl: fix position of -X option to setfacl (bsc#1004260) - fix generated shebang in scripts on SLES-ES 7 (bsc#1004047) - add update-documentation.sh to specfile - Setting up OS grains for SLES-ES (SLES Expanded Support platform) - Move salt home directory to /var/lib/salt (bsc#1002529) - Adjust permissions on home directory - Adjust pre-install script to correctly move existing salt users' home directory salt user cannot write in his own home directory (/srv/salt) because it is owned by user `root`. This prevents salt from correctly save ssh known hosts in ~/.ssh/ and breaks salt-ssh bootstrapping. - Updated html.tar.bz2 documentation tarball. - Generate Salt Thin with configured extra modules (bsc#990439) - Unit and integration tests fixes for 2015.8.7 - Prevent pkg.install failure for expired keys (bsc#996455) - Required D-Bus and generating machine ID - add a macro to check if the docs should be build or the static tarball should be used - Fix a couple of failing unittests - Helper script for updating documentation tarball. - Fix python-jinja2 requirements in rhel - Fix pkg.installed refresh repo failure (bsc#993549) - Fix salt.states.pkgrepo.management no change failure (bsc#990440) - Prevent snapper module crash on load if no DBus is available in the system (bsc#993039) - Prevent continuous restart, if a dependency wasn't installed (bsc#991048) - Fix beacon list to include all beacons being process - Run salt-api as user salt like the master (bsc#990029) - Revert patch Minion ID generation (bsc#967803) - Fix broken inspector due to accidentally missed commit (bsc#989798) - Set always build salt-doc package. - Bugfix: lvm.vg_present does not recognize PV with certain LVM filter settings (bsc#988506) - Backport: Snapper module for Salt. - Bugfix: pkg.list_products on "registerrelease" and "productline" returns boolean.False if empty (bsc#989193, bsc#986019) - Rewrite Minion ID generation (bsc#967803) - Bugfix: Fixed behavior for SUSE OS grains (bsc#970669) - Bugfix: Salt os_family does not detect SLES for SAP (bsc#983017) - Move log message from INFO to DEBUG (bsc#985661) - fix salt --summary to count not responding minions correctly (bsc#972311) - Fix memory leak on custom execution module sheduled jobs (bsc#983512) - fix groupadd module for sles11 systems (bsc#978150) - Fix pkgrepo.managed gpgkey argument doesn't work (bsc#979448) - Package checksum validation for zypper pkg.download - Check if a job has executed and returned successfully - Remove option -f from startproc (bsc#975733) - Changed Zypper's plugin. Added Unit test and related to that data (bsc#980313). - Zypper plugin: alter the generated event name on package set change. - Fix file ownership on master keys and cache directories during upgrade (handles upgrading from salt 2014, where the daemon ran as root, to 2015 where it runs as the salt user, bsc#979676). - salt-proxy .service file created (bsc#975306) - Prevent salt-proxy test.ping crash (bsc#975303) - Fix shared directories ownership issues. - Add Zypper plugin to generate an event, once Zypper is used outside the Salt infrastructure demand (bsc#971372). - Restore boolean values from the repo configuration Fix priority attribute (bsc#978833) - Unblock-Zypper. (bsc#976148) Modify-environment. (bsc#971372) - Prevent crash if pygit2 package is requesting re-compilation. - align OS grains from older SLES with current one (bsc#975757) - Bugfix: salt-key crashes if tries to generate keys to the directory w/o write access (bsc#969320) - Check if EOL is available in a particular product (bsc#975093) - fix building with docs on SLE11 - Prevent metadata download when getting installed products - Add statically built docs. - fix sorting by latest package - ensure pkg.info_installed report latest package version (bsc#972490) - Use SHA256 by default in master, minion and proxy (bsc#955373) - Fix state structure compilation - Fix git_pillar race condition - fix detection of base products in SLE11 - fix rpm info for SLE11 - fix init system detection for SLE11 - Make checksum configurable (upstream still wants md5, we suggest sha256). bsc#955373 - Fix the service state / module on SLE11. - Prevent rebuilds in OBS by not generating a date as a comment in a source file - Add better checking for zypper exit codes and simplify evaluation of the zypper error messages. - Adapt unit tests - Add initial pack of Zypper's Unit tests. Use XML output in list_upgrades. Bugfix: upgrade_available crashes when only one package specified Purge is not using "-u" anymore - fix argument handling of pkg.download - unify behavior of zypper refresh in salt - Fix crash with scheduler and runners - Call zypper always with --non-interactive - require rpm-python on SUSE for zypper support - fix state return code - add handling of OEM products to pkg.list_products - improve doc for list_pkgs - implement pkg.version_cmp in zypper.py - Update to 2015.8.7 this is a small update to fix some regressions see https://docs.saltstack.com/en/latest/topics/releases/2015.8.7.html - Booleans should not be strings from XML, add Unix ticks time and format result in a list of maps. - Stop salt-api daemon faster (bsc#963322) - Do not crash on salt-key reject/delete consecutive calls. - Update to 2015.8.5 Security fixes: * CVE-2016-1866: Improper handling of clear messages on the minion remote code execution (bsc#965403) See https://docs.saltstack.com/en/latest/topics/releases/2015.8.5.html - Update to 2015.8.4 See https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html - Fix latest version available comparison and implement epoch support in Zypper module. - Fix dependencies to Salt subpackages requiring release along the version. - Fix pkg.latest crash. - Fix pkg.latest SLS ID bug, when pkgs empty list is passed, but SLS ID still treated as a package name. - Fix zypper module info_available on SLE-11 * https://github.com/saltstack/salt/pull/30384 - zypper/pkg: add package attributes filtering * https://github.com/saltstack/salt/pull/30267 - Remove obsoleted patches and fixes: * Remove require on glibc-locale (bsc#959572) - Add missing return data to scheduled jobs * https://github.com/saltstack/salt/pull/30246 - Update zypper-utf-8 patch for Python 2.6 - require glibc-locale (bsc#959572) - Report epoch and architecture of installed packages - pkg.info_installed exceeds the maximum event size, reduce the information to what's actually needed - Filter out bad UTF-8 strings in package data (bsc#958350) - Updated to salt 2015.8.3 bugfix release more details at: https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html - reimplements pkg.list_products that potentially may be broken in a future releases of SLES. - fixe a regression introduced in 2015.8.2, which was actually holding back the release. Downgrade is not an option as we need the leap fixes. - it shouldnt be >= 1110 but just > 1110 - require pmtools on sle11 to get dmidecode - First step to make the syndic also run as salt user. - Updated to bugfix release 2015.8.2 - fix the "os" grain on SLES11SP4 - fix the priority and humanname pkgrepo args for the zypper backend for more details: https://docs.saltstack.com/en/2015.8/topics/releases/2015.8.2.html - update to 2015.8.1 - Add support for ``spm.d/*.conf`` configuration of SPM (:issue:`27010`) - Fix ``proxy`` grains breakage for non-proxy minions (:issue:`27039`) - Fix global key management for git state - Fix passing http auth to ``util.http`` from ``state.file`` (:issue:`21917`) - Fix ``multiprocessing: True`` in windows (on by default`) - Add ``pkg.info`` to pkg modules - Fix name of ``serial`` grain (this was accidentally renamed in 2015.8.0`) - Merge config values from ``master.d``/``minion.d`` conf files (rather than flat update`) - Clean grains cache on grains sync (:issue:`19853`) - Remove streamed response for fileclient to avoid HTTP redirection problems (:issue:`27093`) - Fixed incorrect warning about ``osrelease`` grain (:issue:`27065`) - Fix authentication via Salt-API with tokens (:issue:`27270`) - Fix winrepo downloads from https locations (:issue:`27081`) - Fix potential error with salt-call as non-root user (:issue:`26889`) - Fix global minion provider overrides (:issue:`27209`) - Fix backward compatibility issues for pecl modules - Fix Windows uninstaller to only remove ``./bin``, ``salt*``, ``nssm.exe``, ``uninst.exe`` (:issue:`27383`) - Fix misc issues with mongo returner. - Add sudo option to cloud config files (:issue:`27398`) - Fix regression in RunnerClient argument handling (:issue:`25107`) - Fix ``dockerng.running`` replacing creation hostconfig with runtime hostconfig (:issue:`27265`) - Fix dockerng.running replacing creation hostconfig with runtime hostconfig (:issue:`27265`) - Increased performance on boto asg/elb states due to ``__states__`` integration - Windows minion no longer requires powershell to restart (:issue:`26629`) - Fix x509 module to support recent versions of OpenSSL (:issue:`27326`) - Some issues with proxy minions were corrected. - guard raet buildrequires with bcond_with raet and comment out the recommends for salt-raet. - remove pygit2 global recommends, it is only needed in the master - remove git-core, pygit2 should pull it as a dependency - add a (currently disabled) %check Returns detailed information about a package - ifdef Recommends to build on RHEL based distros - use _initddir instead of _sysconfdir/init.d as it works on both platforms. - allow to disable docs in preparation for building on other platforms without all dependencies. - python-libnacl, python-ioflo are _not_ required to build the package. They are anyways requires of python-raet, which is also not required to build the package. - merge (build)requires/recommends with requirements/*txt and setup.py - add raet subpackage which will pull all requires for it and provides config snippets to enable it for the minion and master. - add tmpfiles.d file - Remove requires on python-ioflo and python-libnacl they will be pulled by python-raet, which is optional. - python-raet is optional, so make it a Recommends - update backports patch from 2015.8 branch - update use-forking-daemon patch: the original intention was to get rid of the python systemd dependency. for this we do not have daemonize the whole process. just switching to simple mode is enough. - drop fdupes: 1. it broke python byte code handling 2. the only part of the package which would really benefit from it would be the doc package. but given we only install the files via %doc, we can not use it for that either. - reenable completions on distros newer than sle11 - do not use _datarootdir, use _datadir instead. - package all directories in /var/cache/salt and /etc/salt and have permissions set for non root salt master - update use-salt-user-for-master patch: - also patch the logrotate file to include the su option - remove duplicated recommends - never require pygit2 and git. the master can run fine without. always use recommends - cleanup dependencies: - remove a lot of unneeded buildrequires - fdupes not present on SLE10 - python-certifi needed on SLE11 - python-zypp not needed any more - python-pygit2 is not a global requirement - convert python-pysqlite to recommends as it is not available on python <=2.7 - sles_version -> suse_version - %exclude the cloud/deploy/*.sh scripts to fix build issue on SLE11 - Remove python-PyYAML from the dependencies list, as python-yaml is the same - Build the -completion subpackages in SLE11 as well - Add salt-proxy (by dmacvicar at suse.de) - Create salt user/group only in the -master subpkg - Fix typo in use-forking-daemon patch, that prevented daemon loading - Fix typo in Requires - Cleanup requirements - New Major release 2015.8.0 for more details: http://docs.saltstack.com/en/latest/topics/releases/2015.8.0.html - Cleaned the spec file with spec-cleaner - Added the use-salt-user-for-master patch see README.SUSE - Updated the files ownership with salt user - removed m2crypto depency - Removed fish dependency for fish completions. - Added fish completions. - Support SLE11SP{3,4}, where the M2Crypto package is named python-m2crypto - Updated to Bugfix release 2015.5 for more details: https://github.com/saltstack/salt/blob/develop/doc/topics/releases/2015.5.5 .rst - Add prereq, for user creation. - Add creation of salt user in preparation of running the salt-master daemon as non-root user salt. https://bugzilla.opensuse.org/show_bug.cgi?id=939831 - Add README.SUSE with explanation and how to. - only require git-core to not pull in git-web and gitk - New Bugfix release 2015.5.3 for more details: http://docs.saltstack.com/en/latest/topics/releases/2015.5.3.html - New Bugfix release 2015.5.2 for more details: http://docs.saltstack.com/en/latest/topics/releases/2015.5.2.html - New Bugfix release 2015.5.1 salt.runners.cloud.action() has changed the fun keyword argument to func. Please update any calls to this function in the cloud runner. for more details: http://docs.saltstack.com/en/latest/topics/releases/2015.5.1.html - Removed python-pssh depency not needed anymore. - Major release 2015.5.0 Lithium - update to 2015.5.0 The 2015.5.0 feature release of Salt is focused on hardening Salt and mostly on improving existing systems. A few major additions are present, primarily the new Beacon system. Most enhancements have been focused around improving existing features and interfaces. As usual the release notes are not exhaustive and primarily include the most notable additions and improvements. Hundreds of bugs have been fixed and many modules have been substantially updated and added. See especially the warning right on the top regarding python_shell=False. For all details see http://docs.saltstack.com/en/latest/topics/releases/2015.5.0.html - RPM Package changes: - add some versions to the buildrequires to match the 2 requirements files from the tarball - Moved the depencencies to main salt package except where they are specific for the package - Changed python-request dependency,only needed on salt-cloud - Added python-tornado dependency for http.py - Fixed zsh_completion in tarball. - Fixed salt-api requirements to require python-cherrypy - Fixed salt-cloud requiments to require salt-master - New Bugfix release 2014.7.5 Changes: + Fixed a key error bug in salt-cloud + Updated man pages to better match documentation + Fixed bug concerning high CPU usage with salt-ssh + Fixed bugs with remounting cvfs and fuse filesystems + Fixed bug with alowing requisite tracking of entire sls files + Fixed bug with aptpkg.mod_repo returning OK even if apt-add-repository fails + Increased frequency of ssh terminal output checking + Fixed malformed locale string in localmod module + Fixed checking of available version of package when accept_keywords were changed + Fixed bug to make git.latest work with empty repositories + Added **kwargs to service.mod_watch which removes warnings about enable and __reqs__ not being supported by the function + Improved state comments to not grow so quickly on failed requisites + Added force argument to service to trigger force_reload + Fixed bug to andle pkgrepo keyids that have been converted to int + Fixed module.portage_config bug with appending accept_keywords + Fixed bug to correctly report disk usage on windows minion + Added the ability to specify key prefix for S3 ext_pillar + Fixed issues with batch mode operating on the incorrect number of minions + Fixed a bug with the proxmox cloud provider stacktracing on disk definition + Fixed a bug with the changes dictionary in the file state + Fixed the TCP keep alive settings to work better with SREQ caching + Fixed many bugs within the iptables state and module + Fixed bug with states by adding fun, state, and unless to the state runtime internal keywords listing + Added ability to eAuth against Active Directory + Fixed some salt-ssh issues when running on Fedora 21 + Fixed grains.get_or_set_hash to work with multiple entries under same key + Added better explanations and more examples of how the Reactor calls functions to docs + Fixed bug to not pass ex_config_drive to libcloud unless it's explicitly enabled + Fixed bug with pip.install on windows + Fixed bug where puppet.run always returns a 0 retcode + Fixed race condition bug with minion scheduling via pillar + Made efficiency improvements and bug fixes to the windows installer + Updated environment variables to fix bug with pygit2 when running salt as non-root user + Fixed cas behavior on data module -- data.cas was not saving changes + Fixed GPG rendering error + Fixed strace error in virt.query + Fixed stacktrace when running chef-solo command + Fixed possible bug wherein uncaught exceptions seem to make zmq3 tip over when threading is involved + Fixed argument passing to the reactor + Fixed glibc caching to prevent bug where salt-minion getaddrinfo in dns_check() never got updated nameservers Known Issues: + In multimaster mode, a minion may become temporarily unresponsive if modules or pillars are refreshed at the same time that one or more masters are down. This can be worked around by setting 'auth_timeout' and 'auth_tries' down to shorter periods. - New Bugfix Release 2014.7.4 - fix salt-zsh-completion conflicts + Multi-master minions mode no longer route fileclient operations asymetrically. This fixes the source of many multi-master bugs where the minion would become unrepsonsive from one or more masters. + Fix bug wherein network.iface could produce stack traces. + net.arp will no longer be made available unless arp is installed on the system. + Major performance improvements to Saltnado + Allow KVM module to operate under KVM itself or VMWare Fusion + Various fixes to the Windows installation scripts + Fix issue where the syndic would not correctly propogate loads to the master job cache. + Improve error handling on invalid /etc/network/interfaces file in salt networking modules + Fix bug where a reponse status was not checked for in fileclient.get_url + Enable eauth when running salt in batch mode + Increase timeout in Boto Route53 module + Fix bugs with Salt's 'tar' module option parsing + Fix parsing of NTP servers on Windows + Fix issue with blockdev tuning not reporting changes correctly + Update to the latest Salt bootstrap script + Update Linode salt-cloud driver to use either linode-python or apache-libcloud + Fix for s3.query function to return correct headers + Fix for s3.head returning None for files that exist + Fix the disable function in win_service module so that the service is disabled correctly + Fix race condition between master and minion when making a directory when both daemons are on the same host + Fix an issue where file.recurse would fail at the root of an svn repo when the repo has a mountpoint + Fix an issue where file.recurse would fail at the root of an hgfs repo when the repo has a mountpoint + Fix an issue where file.recurse would fail at the root of an gitfs repo when the repo has a mountpoint + Add status.master capability for Windows. + Various fixes to ssh_known_hosts + Various fixes to states.network bonding for Debian + The debian_ip.get_interfaces module no longer removes nameservers. + Better integration between grains.virtual and systemd-detect-virt and virt-what + Fix traceback in sysctl.present state output + Fix for issue where mount.mounted would fail when superopts were not a part of mount.active (extended=True). Also mount.mounted various fixes for Solaris and FreeBSD. + Fix error where datetimes were not correctly safeguarded before being passed into msgpack. + Fix file.replace regressions. If the pattern is not found, and if dry run is False, and if `backup` is False, and if a pre-existing file exists with extension `.bak`, then that backup file will be overwritten. This backup behavior is a result of how `fileinput` works. Fixing it requires either passing through the file twice (the first time only to search for content and set a flag), or rewriting `file.replace` so it doesn't use `fileinput` + VCS filreserver fixes/optimizations + Catch fileserver configuration errors on master start + Raise errors on invalid gitfs configurations + set_locale when locale file does not exist (Redhat family) + Fix to correctly count active devices when created mdadm array with spares + Fix to correctly target minions in batch mode + Support ssh:// urls using the gitfs dulwhich backend + New fileserver runner + Fix various bugs with argument parsing to the publish module. + Fix disk.usage for Synology OS + Fix issue with tags occurring twice with docker.pulled + Fix incorrect key error in SMTP returner + Fix condition which would remount loopback filesystems on every state run + Remove requsites from listens after they are called in the state system + Make system implementation of service.running aware of legacy service calls + Fix issue where publish.publish would not handle duplicate responses gracefully. + Accept Kali Linux for aptpkg salt execution module + Fix bug where cmd.which could not handle a dirname as an argument + Fix issue in ps.pgrep where exceptions were thrown on Windows. - Known Issues: + In multimaster mode, a minion may become temporarily unresponsive if modules or pillars are refreshed at the same time that one or more masters are down. This can be worked around by setting 'auth_timeout' and 'auth_tries' down to shorter periods. - New Bugfix release 2014.7.2: - fix package bug with fdupes. - keep sle 11 sp3 support. + Fix erroneous warnings for systemd service enabled check (issue 19606) + Fix FreeBSD kernel module loading, listing, and persistence kmod (issue 197151, issue 19682) + Allow case-sensitive npm package names in the npm state. This may break behavior for people expecting the state to lowercase their npm package names for them. The npm module was never affected by mandatory lowercasing. (issue 20329) + Deprecate the activate parameter for pip.install for both the module and the state. If bin_env is given and points to a virtualenv, there is no need to activate that virtualenv in a shell for pip to install to the virtualenv. + Fix a file-locking bug in gitfs (issue 18839) - New Bugfix release 2014.7.1: + Fixed gitfs serving symlinks in file.recurse states (issue 17700) + Fixed holding of multiple packages (YUM) when combined with version pinning (issue 18468) + Fixed use of Jinja templates in masterless mode with non-roots fileserver backend (issue 17963) + Re-enabled pillar and compound matching for mine and publish calls. Note that pillar globbing is still disabled for those modes, for security reasons. (issue 17194) + Fix for tty: True in salt-ssh (issue 16847) - Needed to provide zsh completion because of the tarball missing the zsh completion script. - Removed man salt.1.gz file from salt-master because upstream removed it. - Added man salt.7.gz to salt-master package - Updated to Major Release 2014.7.0 - added python-zipp as depency - added recommend python-pygit2, this is the preferred gitfs backend of saltstack - added zsh-completion package - More information at: http://docs.saltstack.com/en/latest/topics/releases/2014.7.0.html - SALT SSH ENHANCEMENTS: + Support for Fileserver Backends + Support for Saltfile + Ext Pillar + No more sshpass needed + Pure Python Shim + Custom Module Delivery + CP module Support + More Thin Directory Options - Salt State System enhancements: + New Imperative State Keyword "Listen" + New Mod Aggregate Runtime Manipulator + New Requisites: onchanges and onfail + New Global onlyif and unless + Use names to expand and override values - Salt Major Features: + Improved Scheduler Additions + Red Hat 7 Support + Fileserver Backends in Salt-call + Amazon Execution Modules in salt-cloud + LXC Runner Enhancements + Next Gen Docker Management + Peer System Performance Improvements + SDB Encryption at rest for configs + GPG Renderer encrypted pillar at rest + OpenStack Expansions + Queues System external queue systems into Salt events + Multi Master Failover Additions + Chef Execution Module - salt-api Project Merge + Synchronous and Asynchronous Execution of Runner and Wheel Modules + rest_cherrypy Additions + Web Hooks - Fileserver Backend Enhancements: + New gitfs Features + Pygit2 and Dulwich support + Mountpoints support + New hgfs Features + mountpoints support + New svnfs Features: + mountpoints + minionfs Featuressupport + mountpoints - New Salt Modules: + Oracle + Random + Redis + Amazon Simple Queue Service + Block Device Management + CoreOS etcd + Genesis + InfluxDB + Server Density + Twilio Notifications + Varnish + ZNC IRC Bouncer + SMTP - NEW RUNNERS: + Map/Reduce Style + Queue - NEW EXTERNAL PILLARS: + CoreOS etcd - NEW SALT-CLOUD PROVIDERS: + Aliyun ECS Cloud + LXC Containers + Proxmox (OpenVZ containers & KVM) - DEPRECATIONS: + Salt.modules.virtualenv_mod - Updated to 2014.1.13 a bugfix release on 2014.1.12 + fix module run exit code (issue 16420) + salt cloud Check the exit status code of scp before assuming it has failed. (issue 16599) - Updated to 2014.1.12 a bugfix release on 2014.1.11 + Fix scp_file always failing (which broke salt-cloud) (issue 16437) + Fix regression in pillar in masterless (issue 16210, issue 16416, issue 16428) - Updated to 2014.1.11 is another bugfix release for 2014.1.0. Changes include: + Fix for minion_id with byte-order mark (BOM) (issue 12296) + Fix runas deprecation in at module + Fix trailing slash befhavior for file.makedirs_ (issue 14019) + Fix chocolatey path (issue 13870) + Fix git_pillar infinite loop issues (issue 14671) + Fix json outputter null case + Fix for minion error if one of multiple masters are down (issue 14099) + Updated the use-forking-daemon patch with the right version - Fix service.py version parsing for SLE 11 - Remove salt-master's hard requirement for git and python-GitPython on SLE 12 - Ensure salt uses systemd for services on SLES - RPM spec update + added service_add_pre function - Updated to 2014.1.10: + Version 2014.1.9 contained a regression which caused inaccurate Salt version detection, and thus was never packaged for general release. This version contains the version detection fix, but is otherwise identical to 2014.1.9. + Version 2014.1.8 contained a regression which caused inaccurate Salt version detection, and thus was never packaged for general release. This version contains the version detection fix, but is otherwise identical to 2014.1.8. - Updated to 2014.1.8: + Ensure salt-ssh will not continue if permissions on a temporary directory are not correct. + Use the bootstrap script distributed with Salt instead of relying on an external resource + Remove unused testing code + Ensure salt states are placed into the .salt directory in salt-ssh + Use a randomized path for temporary files in a salt-cloud deployment + Clean any stale directories to ensure a fresh copy of salt-ssh during a deployment - Allow salt to correctly detect services provided by init scripts - Move systemd service file fix to patch, add PIDFile parameter (this fix is applicable for all SUSE versions, not just 12.3) - Improve systemd service file fix for 12.3 Use forking instead of Simple and daemonize salt-master process - Fixed bug in opensuse 12.3 systemd file systemd 198 doesn't have python-systemd binding. - Disabled testing on SLES - Update to 2014.7 This release was a hotfix release for the regression listed above which was present in the 2014.1.6 - Fix batch mode regression (issue 14046) - Updated to 2014.1.6 - Fix extra iptables --help output (Sorry!) (issue 13648, issue 13507, issue 13527, issue 13607) - Fix mount.active for Solaris - Fix support for allow-hotplug statement in debian_ip network module - Add sqlite3 to esky builds - Fix jobs.active output (issue 9526) - Fix the virtual grain for Xen (issue 13534) - Fix eauth for batch mode (issue 9605) - Fix force-related issues with tomcat support (issue 12889) - Fix KeyError when cloud mapping - Fix salt-minion restart loop in Windows (issue 12086) - Fix detection of service virtual module on Fedora minions - Fix traceback with missing ipv4 grain (issue 13838) - Fix issue in roots backend with invalid data in mtime_map (issue 13836) - Fix traceback in jobs.active (issue 11151) - Updated to 2014.1.5 - Add function for finding cached job on the minion - Fix for minion caching jobs when master is down - Bump default `syndic_wait` to 5 to fix syndic-related problems (issue 12262) - Fix false positive error in logs for `makeconf` state (issue 9762) - Fix for extra blank lines in `file.blockreplace` (issue 12422) - Use system locale for ports package installations - Fix for `cmd_iter`/`cmd_iter_no_block` blocking issues (issue 12617) - Fix traceback when syncing custom types (issue 12883) - Fix cleaning directory symlinks in `file.directory` - Add performance optimizations for `saltutil.sync_all` and `state.highstate` - Fix possible error in `saltutil.running` - Fix for kmod modules with dashes (issue 13239) - Fix possible race condition for Windows minions in state module reloading (issue 12370) - Fix bug with roster for `passwd`s that are loaded as non-string objects (issue 13249) - Keep duplicate version numbers from showing up in `pkg.list_pkgs` output - Fixes for Jinja renderer, timezone mod`module `/mod`state ` (issue 12724) - Fix timedatectl parsing for systemd>=210 (issue 12728) - Removed the deprecated external nodes classifier (originally accessible by setting a value for external_nodes in the master configuration file). Note that this functionality has been marked deprecated for some time and was replaced by the more general doc`master tops ` system. - More robust escaping of ldap filter strings. - Fix trailing slash in conf_master`gitfs_root` causing files not to be available (issue 13185) - added bash completion package - Updated to 2014.1.4 - Fix setup.py dependency issue (issue 12031) - Fix handling for IOErrors under certain circumstances (issue 11783 and issue 11853) - Fix fatal exception when `/proc/1/cgroup` is not readable (issue 11619) - Fix os grains for OpenSolaris (issue 11907) - Fix `lvs.zero` module argument pass-through (issue 9001) - Fix bug in `debian_ip` interaction with `network.system` state (issue 11164) - Remove bad binary package verification code (issue 12177) - Fix traceback in solaris package installation (issue 12237) - Fix `file.directory` state symlink handling (issue 12209) - Remove `external_ip` grain - Fix `file.managed` makedirs issues (issue 10446) - Fix hang on non-existent Windows drive letter for `file` module (issue 9880) - Fix salt minion caching all users on the server (issue 9743) - Updated to 2014.1.3 - Fix username detection when su'ed to root on FreeBSD (issue 11628) - Fix minionfs backend for file.recurse states - Fix 32-bit packages of different arches than the CPU arch, on 32-bit RHEL/CentOS (issue 11822) - Fix bug with specifying alternate home dir on user creation (FreeBSD) (issue 11790) - Don???t reload site module on module refresh for MacOS - Fix regression with running execution functions in Pillar SLS (issue 11453) - Fix some modules missing from Windows installer - Don???t log an error for yum commands that return nonzero exit status on non-failure (issue 11645) - Fix bug in rabbitmq state (issue 8703) - Fix missing ssh config options (issue 10604) - Fix top.sls ordering (issue 10810 and issue 11691) - Fix salt-key --list all (issue 10982) - Fix win_servermanager install/remove function (issue 11038) - Fix interaction with tokens when running commands as root (issue 11223) - Fix overstate bug with find_job and **kwargs (issue 10503) - Fix saltenv for aptpkg.mod_repo from pkgrepo state - Fix environment issue causing file caching problems (issue 11189) - Fix bug in __parse_key in registry state (issue 11408) - Add minion auth retry on rejection (issue 10763) - Fix publish_session updating the encryption key (issue 11493) - Fix for bad AssertionError raised by GitPython (issue 11473) - Fix debian_ip to allow disabling and enabling networking on Ubuntu (issue 11164) - Fix potential memory leak caused by saved (and unused) events (issue 11582) - Fix exception handling in the MySQL module (issue 11616) - Fix environment-related error (issue 11534) - Include psutil on Windows - Add file.replace and file.search to Windows (issue 11471) - Add additional file module helpers to Windows (issue 11235) - Add pid to netstat output on Windows (issue 10782) - Fix Windows not caching new versions of installers in winrepo (issue 10597) - Fix hardcoded md5 hashing - Fix kwargs in salt-ssh (issue 11609) - Fix file backup timestamps (issue 11745) - Fix stacktrace on sys.doc with invalid eauth (issue 11293) - Fix git.latest with test=True (issue 11595) - Fix file.check_perms hardcoded follow_symlinks (issue 11387) - Fix certain pkg states for RHEL5/Cent5 machines (issue 11719) - Packaging: - python-psutil depencies (more functional modules out of the box) - python-yaml depencies (more functional modules out of the box) - python-requests depencies (salt-cloud) - Updated to 2014.1.1 Bug Fix release - temporarily disabled integration check after consult with Upstream - Updated to 2014.1.0 Major Release - features: - 2014.1.0 is the first release to follow the new date-based release naming system. - Salt Cloud Merged into Salt - Google Compute Engine support is added to salt-cloud. - Salt Virt released - Docker Integration - IPv6 Support for iptables State/Module - GitFS Improvements - MinionFS - saltenv - Grains Caching - Improved Command Logging Control - PagerDuty Support - Virtual Terminal - Proxy Minions - bugfixes: - Fix mount.mounted leaving conflicting entries in fstab (:issue:`7079`) - Fix mysql returner serialization to use json (:issue:`9590`) - Fix ZMQError: Operation cannot be accomplished in current state errors (:issue:`6306`) - Rbenv and ruby improvements - Fix quoting issues with mysql port (:issue:`9568`) - Update mount module/state to support multiple swap partitions (:issue:`9520`) - Fix archive state to work with bsdtar - Clarify logs for minion ID caching - Add numeric revision support to git state (:issue:`9718`) - Update master_uri with master_ip (:issue:`9694`) - Add comment to Debian mod_repo (:issue:`9923`) - Fix potential undefined loop variable in rabbitmq state (:issue:`8703`) - Fix for salt-virt runner to delete key on VM deletion - Fix for salt-run -d to limit results to specific runner or function (:issue:`9975`) - Add tracebacks to jinja renderer when applicable (:issue:`10010`) - Fix parsing in monit module (:issue:`10041`) - Fix highstate output from syndic minions (:issue:`9732`) - Quiet logging when dealing with passwords/hashes (:issue:`10000`) - Fix for multiple remotes in git_pillar (:issue:`9932`) - Fix npm installed command (:issue:`10109`) - Add safeguards for utf8 errors in zcbuildout module - Fix compound commands (:issue:`9746`) - Add systemd notification when master is started - Many doc improvements - packaging: - source tarball includes all packaging files in pkg folder. - fixed rpmlint errors about duplicates. - fixed rpmlint errors about non executables scripts. - Updated to 0.17.5 a bugfix release for 0.17.0: - Updated to 0.17.4 which is another bugfix release for 0.17.0: - Fix some jinja render errors (issue 8418) - Fix file.replace state changing file ownership (issue 8399) - Fix state ordering with the PyDSL renderer (issue 8446) - Fix for new npm version (issue 8517) - Fix for pip state requiring name even with requirements file (issue 8519) - Add sane maxrunning defaults for scheduler (issue 8563) - Fix states duplicate key detection (issue 8053) - Fix SUSE patch level reporting (issue 8428) - Fix managed file creation umask (issue 8590) - Fix logstash exception (issue 8635) - Improve argument exception handling for salt command (issue 8016) - Fix pecl success reporting (issue 8750) - Fix launchctl module exceptions (issue 8759) - Fix argument order in pw_user module - Add warnings for failing grains (issue 8690) - Fix hgfs problems caused by connections left open (issue 8811 and issue 8810) - Fix installation of packages with dots in pkg name (issue 8614) - Fix noarch package installation on CentOS 6 (issue 8945) - Fix portage_config.enforce_nice_config (issue 8252) - Fix salt.util.copyfile umask usage (issue 8590) - Fix rescheduling of failed jobs (issue 8941) - Fix conflicting options in postgres module (issue 8717) - Fix ps modules for psutil >= 0.3.0 (issue 7432) - Fix postgres module to return False on failure (issue 8778) - Fix argument passing for args with pound signs (issue 8585) - Fix pid of salt CLi command showing in status.pid output (issue 8720) - Fix rvm to run gem as the correct user (issue 8951) - Fix namespace issue in win_file module (issue 9060) - Fix masterless state paths on windows (issue 9021) - Fix timeout option in master config (issue 9040) - Add bugzilla for solved issues - dropped python-urllib3 depency not in factory yet. only needed with saltstack helium and higher - Updated to salt 0.17.2 Bugfix Release: - Add ability to delete key with grains.delval (issue 7872) - Fix possible state compiler stack trace (issue 5767) - Fix grains targeting for new grains (issue 5737) - Fix bug with merging in git_pillar (issue 6992) - Fix print_jobs duplicate results - Fix possible KeyError from ext_job_cache missing option - Fix auto_order for - names states (issue 7649) - Fix regression in new gitfs installs (directory not found error) - Fix fileclient in case of master restart (issue 7987) - Try to output warning if CLI command malformed (issue 6538) - Fix --out=quiet to actually be quiet (issue 8000) - Fix for state.sls in salt-ssh (issue 7991) - Fix for MySQL grants ordering issue (issue 5817) - Fix traceback for certain missing CLI args (issue 8016) - Add ability to disable lspci queries on master (issue 4906) - Fail if sls defined in topfile does not exist (issue 5998) - Add ability to downgrade MySQL grants (issue 6606) - Fix ssh_auth.absent traceback (issue 8043) - Fix ID-related issues (issue 8052, issue 8050, and others) - Fix for jinja rendering issues (issue 8066 and issue 8079) - Fix argument parsing in salt-ssh (issue 7928) - Fix some GPU detection instances (issue 6945) - Fix bug preventing includes from other environments in SLS files - Fix for kwargs with dashes (issue 8102) - Fix apache.adduser without apachectl (issue 8123) - Fix issue with evaluating test kwarg in states (issue 7788) - Fix regression in salt.client.Caller() (issue 8078) - Fix bug where cmd.script would try to run even if caching failed (issue 7601) - Fix for mine data not being updated (issue 8144) - Fix a Xen detection edge case (issue 7839) - Fix version generation for when it's part of another git repo (issue 8090) - Fix _handle_iorder stacktrace so that the real syntax error is shown (issue 8114 and issue 7905) - Fix git.latest state when a commit SHA is used (issue 8163) - Fix for specifying identify file in git.latest (issue 8094) - Fix for --output-file CLI arg (issue 8205) - Add ability to specify shutdown time for system.shutdown (issue 7833) - Fix for salt version using non-salt git repo info (issue 8266) - Add additional hints at impact of pkgrepo states when test=True (issue 8247) - Fix for salt-ssh files not being owned by root (issue 8216) - Fix retry logic and error handling in fileserver (related to issue 7755) - Fix file.replace with test=True (issue 8279) - Add flag for limiting file traversal in fileserver (issue 6928) - Fix for extra mine processes (issue 5729) - Fix for unloading custom modules (issue 7691) - Fix for salt-ssh opts (issue 8005 and issue 8271) - Fix compound matcher for grains (issue 7944) - Add dir_mode to file.managed (issue 7860) - Improve traceroute support for FreeBSD and OS X (issue 4927) - Fix for matching minions under syndics (issue 7671) - Improve exception handling for missing ID (issue 8259) - Add configuration option for minion_id_caching - Fix open mode auth errors (issue 8402) - In preparation of salt Helium all requirements of salt-cloud absorbed in salt - Added salt-doc package with html documentation of salt - Disabled salt unit test, new test assert value not in 0.17.1 - Updated requirements python-markupsafe required for salt-ssh - Don't support sysvinit and systemd for the same system; add conditionnal macros to use systemd only on systems which support it and sysvinit on other systems - Updated to salt 0.17.1 bugfix release (bsc#849205, bsc#849204, bsc#849184): - Fix symbolic links in thin.tgz (:issue:`7482`) - Pass env through to file patch state (:issue:`7452`) - Service provider fixes and reporting improvements (:issue:`7361`) - Add --priv option for specifying salt-ssh private key - Fix salt-thin's salt-call on setuptools installations (:issue:`7516`) - Fix salt-ssh to support passwords with spaces (:issue:`7480`) - Fix regression in wildcard includes (:issue:`7455`) - Fix salt-call outputter regression (:issue:`7456`) - Fix custom returner support for startup states (:issue:`7540`) - Fix value handling in augeas (:issue:`7605`) - Fix regression in apt (:issue:`7624`) - Fix minion ID guessing to use socket.getfqdn() first (:issue:`7558`) - Add minion ID caching (:issue:`7558`) - Fix salt-key race condition (:issue:`7304`) - Add --include-all flag to salt-key (:issue:`7399`) - Fix custom grains in pillar (part of :issue:`5716`, :issue:`6083`) - Fix race condition in salt-key (:issue:`7304`) - Fix regression in minion ID guessing, prioritize socket.getfqdn() (:issue:`7558`) - Cache minion ID on first guess (:issue:`7558`) - Allow trailing slash in file.directory state - Fix reporting of file_roots in pillar return (:issue:`5449` and :issue:`5951`) - Remove pillar matching for mine.get (:issue:`7197`) - Sanitize args for multiple execution modules - Fix yumpkag mod_repo functions to filter hidden args (:issue:`7656`) - Fix conflicting IDs in state includes (:issue:`7526`) - Fix mysql_grants.absent string formatting issue (:issue:`7827`) - Fix postgres.version so it won't return None (:issue:`7695`) - Fix for trailing slashes in mount.mounted state - Fix rogue AttributErrors in the outputter system (:issue:`7845`) - Fix for incorrect ssh key encodings resulting in incorrect key added (:issue:`7718`) - Fix for pillar/grains naming regression in python renderer (:issue:`7693`) - Fix args/kwargs handling in the scheduler (:issue:`7422`) - Fix logfile handling for file://, tcp:// and udp:// (:issue:`7754`) - Fix error handling in config file parsing (:issue:`6714`) - Fix RVM using sudo when running as non-root user (:issue:`2193`) - Fix client ACL and underlying logging bugs (:issue:`7706`) - Fix scheduler bug with returner (:issue:`7367`) - Fix user management bug related to default groups (:issue:`7690`) - Fix various salt-ssh bugs (:issue:`7528`) - Many various documentation fixes - Updated init files to be inline with fedora/rhel packaging upstream - Cleaned up spec file: - Unit testing can be done on all distributions - Updated package following salt package guidelins: https://github.com/saltstack/salt/blob/develop/doc/topics/conventions/packa ging.rst - activated salt-testing for unit testing salt before releasing rpm - updated docs - added python-xml as dependency - Updated 0.17.0 Feature Release Major features: - halite (web Gui) - salt ssh (remote execution/states over ssh) with its own package - Rosters (list system targets not know to master) - State Auto Order (state evaluation and execute in order of define) - state.sls Runner (system orchestration from within states via master) - Mercurial Fileserver Backend - External Logging Handlers (sentry and logstash support) - Jenkins Testing - Salt Testing Project (testing libraries for salt) - StormPath External Authentication support - LXC Support (lxc support for salt-virt) - Package dependencies reordering: * salt-master requires python-pyzmq, and recommends python-halite * salt-minion requires python-pyzmq * salt-ssh requires sshpass * salt-syndic requires salt-master Minor features: - 0.17.0 release wil be last release for 0.XX.X numbering system Next release will be .. - Update 0.16.4 bugfix release: - Multiple documentation improvements/additions - Added the osfinger and osarch grains - Fix bug in :mod:`hg.latest ` state that would erroneously delete directories (:issue:`6661`) - Fix bug related to pid not existing for :mod:`ps.top ` (:issue:`6679`) - Fix regression in :mod:`MySQL returner ` (:issue:`6695`) - Fix IP addresses grains (ipv4 and ipv6) to include all addresses (:issue:`6656`) - Fix regression preventing authenticated FTP (:issue:`6733`) - Fix :mod:`file.contains ` on values YAML parses as non-string (:issue:`6817`) - Fix :mod:`file.get_gid `, :mod:`file.get_uid `, and :mod:`file.chown ` for broken symlinks (:issue:`6826`) - Fix comment for service reloads in service state (:issue:`6851`) - Update 0.16.3 bugfix release: - Fixed scheduler config in pillar - Fixed default value for file_recv master config option - Fixed missing master configuration file parameters - Fixed regression in binary package installation on 64-bit systems - Fixed stackgrace when commenting a section in top.sls - Fixed state declarations not formed as a list message. - Fixed infinite loop on minion - Fixed stacktrace in watch when state is 'prereq' - Feature: function filter_by to grains module - Feature: add new "osfinger" grain - Fixed regression bug in salt 0.16.2 - Newly installed salt-minion doesn't create /var/cache/salt/minion/proc - fix let package create this directory next version of Salt doesn't need this. - Updated to salt 0.16.2 - gracefully handle lsb_release data when it is enclosed in quotes - fixed pillar load from master config - pillar function pillar.item and pillar.items instead of pillar.data - fixed traceback when pillar sls is malformed - gracefully handle quoted publish commands - publich function publish.item and publish.items instead of publish.data - salt-key usage in minionswarm script fixed - minion random reauth_delay added to stagger re-auth attempts. - improved user and group management - improved file management - improved package management - service management custom initscripts support - module networking hwaddr renamed to be in line with other modules - fixed traceback in bridge.show - fixed ssh know_hosts and auth.present output. for more information: http://docs.saltstack.com/topics/releases/0.16.2.html - removed not needed requirements: Requires(pre): /usr/sbin/groupadd Requires(pre): /usr/sbin/useradd Requires(pre): /usr/sbin/userdel - Updated to salt 0.16.1 - Bugfix release - postgresql module Fixes #6352. - returner fixes Fixes issue #5518 - http authentication issues fixed #6356 - warning of deprecation runas in favor of user - more information at https://github.com/saltstack/salt/commits/v0.16.1 - Updated init files, rc_status instead of rc status. - Update to salt 0.16.0 final - Multi-Master capability - Prereq, the new requisite - Peer system improvement - Relative Includes - More state Output Options - Improved Windows Support - Multi Targets for pkg.removed, pgk.purged States - Random Times in cron states - Confirmation Prompt on Key acceptance on master - full changelog details: http://docs.saltstack.com/topics/releases/0.16.0.html - Updated to salt 0.16.0RC - New Features in 0.16.0: - Multi-Master capability - Prereq, the new requisite - Peer system improvement - Relative Includes - More state Output Options - Improved Windows Support - Multi Targets for pkg.removed, pgk.purged States - Random Times in cron states - Confirmation Prompt on Key acceptance on master - full changelog details: http://docs.saltstack.com/topics/releases/0.16.0.html - Updated init files from upstream, so init files are the same for fedora/redhat/centos/debian/suse - Removed salt user and daemon.conf file, so package is in line with upstream packages fedora/centos/debian. - minor permission fix on salt config files to fix external auth - Service release 0.15.3 showstoppers from 0.15.2: - mine fix cross validity. - redhat package issue - pillar refresh fix - Service release 0.15.2 xinetd service name not appended virt-module uses qemu-img publish.publish returns same info as salt-master updated gitfs module - Fixed salt-master config file not readable by user 'salt' - Updated package spec: security enhancement. added system user salt to run salt-master under privileged user 'salt' added config dirs, master.d/minion.d/syndic.d to add config files. added salt-daemon.conf were salt user is specified under salt-master. - Updated package spec, for systemd unit files according to how systemd files needs to be packaged - added logrotate on salt log files - fixed rpmlint complain about reload function in init files - Updated to salt 0.15.1 - bugfix release. - fixes suse service check - Updated to salt 0.15.0 Major update: - salt mine function - ipv6 support - copy files from minions to master - better template debugging - state event firing - major syndic updates - peer system updates - minion key revokation - function return codes - functions in overstate - Pillar error reporting - Cached State Data - Monitoring states - Read http://docs.saltstack.com/topics/releases/0.15.0.html for more information - improved init files overwrite with /etc/default/salt - Updated init files: - removed probe/reload/force reload this isn't supported - Updated init files - Updated to 0.14.1 bugfix release: - some major fixes for the syndic system, - fixes to file.recurse and external auth and - fixes for windows - Updated salt init files with option -d to really daemonize it - Updated to 0.14.0 MAJOR FEATURES: - Salt - As a Cloud Controller - Libvirt State - New get Functions - Updated to 0.13.3 Last Bugfixes release before 0.14.0 - Updated 0.13.2 Bugfixes release (not specified) - Updated spec file, postun removal of init.d files - Updated to Salt 0.13.1 bugfixes: - Fix #3693 (variable ref'ed before assignment) - Fix stack trace introduced with - Updated limit to be escaped like before and after. - Import install command from setuptools if we use them. - Fix user info not displayed correctly when group doesn't map cleanly - fix bug: Client.cache_dir() - Fix #3717 - Fix #3716 - Fix cmdmod.py daemon error - Updated test to properly determine homebrew user - Fixed whitespace issue - Updated to salt 0.13.0 - Updated Suse Copyright in Spec-file - Cleanup spec file - split syndic from master in separate package - updated to salt 0.12.1 bugfix release - uploaded to salt 1.12.0 spacecmd: - version 4.1.4-1 - only report real error, not result (bsc#1171687) - use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - version 4.1.3-1 - disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - version 4.1.2-1 - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - version 4.1.1-1 - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Fix building and installing on CentOS8/RES8/RHEL8 - Check that a channel doesn't have clones before deleting it (bsc#1138454) - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Fix missing runtime dependencies that made spacecmd return old versions of packages in some cases, even if newer ones were available (bsc#1148311) - version 4.0.12-1 - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group - Bugfix: 'dict' object has no attribute 'iteritems' (bsc#1135881) - Add unit tests for custominfo, snippet, scap, ssm, cryptokey and distribution - version 4.0.11-1 - SPEC cleanup - version 4.0.10-1 - add unit tests for spacecmd.api, spacecmd.activationkey and spacecmd.filepreservation - add unit tests for spacecmd.shell - Save SSM list on system delete and update cache (bsc#1130077, bsc#1125744) - add makefile and pylint configuration - version 4.0.9-1 - Add Pylint setup - Replace iteritems with items for python2/3 compat (bsc#1129243) - version 4.0.8-1 - fix python 3 bytes issue when handling config channels - version 4.0.7-1 - Add '--force', '-f' option to regenerateYumCache (bsc#1127389) - version 4.0.6-1 - Prevent spacecmd crashing when piping the output in Python 3 (bsc#1125610) - version 4.0.5-1 - Fix compatibility with Python 3 - version 4.0.4-1 - Fix importing state channels using configchannel_import - Fix getting file info for latest revision (via configchannel_filedetails) - version 4.0.3-1 - Add function to merge errata and packages through spacecmd (bsc#987798) - show group id on group_details (bsc#1111542) - State channels handling: Existing commands configchannel_create and configchannel_import were updated while system_scheduleapplyconfigchannels and configchannel_updateinitsls were added. - version 4.0.2-1 - add summary to softwarechannel.clone when calling older API versions (bsc#1109023) - New function/Update old functions to handle state channels as well - version 4.0.1-1 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) - Suggest not to use password option for spacecmd (bsc#1103090) - version 2.8.25.4-1 - add option to set cleanup type for system_delete (bsc#1094190) - version 2.8.25.3-1 - Sync with upstream (bsc#1083294) - version 2.8.25.2-1 - Sync with upstream (bsc#1083294) - 1539878 - add save_cache to do_ssm_intersect - Fix softwarechannel_listsyncschedule - version 2.8.21.2-1 - Disable pylint for python2 and RES < 8 (bsc#1088070) - version 2.8.21.1-1 - Sync with upstream (bsc#1083294) - Connect to API using FQDN instead of hostname to avoid SSL validation problems (bsc#1085667) - version 2.8.20.1-1 - 1536484 - Command spacecmd supports utf8 name of systems - 1484056 - updatefile and addfile are basically same calls - 1484056 - make configchannel_addfile fully non-interactive - 1445725 - display all checksum types, not just MD5 - remove clean section from spec (bsc#1083294) - Added function to update software channel. Moreover, some refactoring has been done(bsc#1076578) - version 2.8.17.2-1 - add more python3 compatibility changes - version 2.8.17.1-1 - Compatibility with Python 3 - Fix typo (bsc#1081151) - Configure gpg_flag via spacecmd creating a channel (bsc#1080290) - version 2.8.15.3-1 - Allow scheduling the change of software channels as an action. The previous channels remain accessible to the registered system until the action is executed. to the registered system until the action is executed. - version 2.8.15.2-1 - support multiple FQDNs per system (bsc#1063419) - version 2.8.13.2-1 - Fix bsc number for change 'configchannel export binary flag to json' - version 2.8.13.1-1 - add --config option to spacecmd - Added custom JSON encoder in order to parse date fields correctly (bsc#1070372) - version 2.8.10.1-1 - pylint - fix intendation - version 2.8.9.1-1 - fix build with python 3 - show list of arches for channel - allow softwarechannel_setsyncschedule to disable schedule - add softwarechannel_setsyncschedule --latest - in case of system named by id, let id take precedence - Make spacecmd prompt for password when overriding config file user - show less output of common packages in selected channels - adding softwarechannel_listmanageablechannels - version 2.7.8.7-1 - Switched logging from warning to debug - version 2.7.8.6-1 - configchannel export binary flag to json (bsc#1044719) - version 2.7.8.5-1 - spacecmd report_outofdatesystems: avoid one XMLRPC call per system (bsc#1015882) - version 2.7.8.4-1 - Remove debug logging from softwarechannel_sync function - version 2.7.8.3-1 - Remove get_certificateexpiration support in spacecmd (bsc#1013876) - version 2.7.8.2-1 - Adding softwarechannel_listmanageablechannels - version 2.7.8.1-1 - fix syntax error - version 2.7.7.1-1 - make sure to know if we get into default function and exit accordingly - version 2.7.6.1-1 - exit with 1 with incorrect command, wrong server, etc. - Updated links to github in spec files - print also systemdid with system name - improve output on error for listrepo (bsc#1027426) - print profile_name instead of string we're searching for - Fix: reword spacecmd removal msg (bsc#1024406) - Fix interactive mode - Add a type parameter to repo_create - version 2.7.3.2-1 - Removed obsolete code (bsc#1013938) - version 2.7.3.1-1 - Version 2.7.3-1 - version 2.5.5.3-1 - Make exception class more generic and code fixup (bsc#1003449) - Handle exceptions raised by listChannels (bsc#1003449) - Alert if a non-unique package ID is detected - version 2.5.5.2-1 - make spacecmd createRepo compatible with SUSE Manager 2.1 API (bsc#977264) - version 2.5.5.1-1 - mimetype detection to set the binary flag requires 'file' tool - Text description missing for remote command by Spacecmd - version 2.5.2.1-1 - spacecmd: repo_details show 'None' if repository doesn't have SSL Certtificate - spacecmd: Added functions to add/edit SSL certificates for repositories - version 2.5.1.2-1 - build spacecmd noarch only on new systems - version 2.5.1.1-1 - mimetype detection to set the binary flag requires 'file' tool - fix export/cloning: always base64 - Always base64 encode to avoid trim() bugs in the XML-RPC library. - set binary mode on uploaded files based on content (bsc#948245) - version 2.5.0.1-1 - drop monitoring - replace upstream subscription counting with new subscription matching (FATE#311619) - version 2.1.25.10-1 - Revert "1207606 - do not return one package multiple times" (bsc#945380) - check for existence of device description in spacecmd system_listhardware (bsc#932288) - version 2.1.25.9-1 - do not escape spacecmd command arguments - do not return one package multiple times - add system_setcontactmethod (FATE#314858) - add activationkey_setcontactmethod (FATE#314858) - show contact method with activationkey_details and system_details - clone config files without loosing trailing new lines (bsc#926318) - version 2.1.25.8-1 - sanitize data from export - version 2.1.25.7-1 - fix configchannel export - do not create 'contents' key for directories (bsc#908849) - fix patch summary printing - code cleanup - add new function kickstart_getsoftwaredetails - Added feature to get installed packageversion of a system or systems managed by ssm to spacecmd - version 2.1.25.6-1 - call listAutoinstallableChannels() for listing distributions (bsc#887879) - Fix spacecmd schedule listing (bsc#902494) - Teach spacecmd report_errata to process all-errata in the absence of further args - fix call of setCustomOptions() during kickstart_importjson (bsc#879904) - version 2.1.25.5-1 - spacecmd: fix listupgrades [bsc#892707] - version 2.1.25.4-1 - make print_result a static method of SpacewalkShell (bsc#889605) - version 2.1.25.3-1 - Added option to force deployment of a config channel to all subscribed systems - Added last boot message in system_details command - Updated kickstart_import documentation - Added kickstart_import_raw command - version 2.1.25.2-1 - set output encoding when stdout is not a tty - version 2.1.25.1-1 - make file_needs_b64_enc work for both str and unicode inputs - version 2.1.24.1-1 - Updating the copyright years info - version 2.1.22.1-1 - fix spacecmd, so it does not expect package id within the system.listPackages API call - fix binary file detection - added function package_listdependencies - version 2.1.20.1-1 - don't attempt to write out 'None' - fix system listing when identified by system id - version 2.1.18.1-1 - switch to 2.1 - version 1.7.7.11-1 - fixing spacecmd ssm 'list' has no attribute 'keys' error - version 1.7.7.10-1 - spacecmd errors out when trying to add script to kickstart - Make spacecmd able to specify config channel label - version 1.7.7.9-1 - fix directory export in configchannel_export - use 755 as default permissions for directories in configfile_getinfo - fix directory creation in configchannel_addfile - print the list of systems in system_runscript - print the list of systems in system_reboot - return a unique set from expand_systems - print a clearer error message when duplicate system names are found - standardize the behavior for when a system ID is not returned - add a delay before regenerating the system cache after a delete - handle binary files correctly in configfile_getinfo - print the name in the confirmation message of snippet_create - don't reuse variable names in parse_arguments - print the function's help message when -h in the argument list - print file path in package_details - fixing broken export of configchannels with symlinks - version 1.7.7.8-1 - prevent outputting escape sequences to non-terminals - Fixed small typo in spacecmd/src/lib/kickstart.py - do not quote argument of the help command (bsc#776615) - version 1.7.7.7-1 - Fix kickstart_export with old API versions - command line parameter for "distribution path" was documented wrong in help text (bsc#769106) - "suse" was missing in the helptext of the CLI for distributions (bsc#769108) - version 1.7.7.6-1 - enhancement add configchannel_sync - enhancement add softwarechannel_sync - version 1.7.7.5-1 - fixing chroot option for addscript - version 1.7.7.4-1 - kickstart_getcontents fix character encoding error - activationkey_import don't add empty package/group lists - fix activationkey_import when no base-channel specified - Fix reference to non-existent variable - improve configchannel_export operation on old API versions - *diff functions allow python 2.4 compatibility - changed get_string_diff_dicts to better fitting replacement method - remove reference to stage function - add do_SPACEWALKCOMPONENT_diff functions - system_comparewithchannel filter system packagelist - argument validation needed for configchannel_addfile - configchannel_addfile don't display b64 file contents - version 1.7.7.3-1 - enhancement add system_addconfigfile - Fix usage for configchannel_addfile - enhancement Add system_listconfigfiles - add option to allow templating for spacecmd kickstarting - version 1.7.7.2-1 - softwarechannel_clone avoid ISE on duplicate name - softwarechannel_adderrata mergeErrata should be cloneErrataAsOriginal - Add globbing support to distribution_details - Add globbing support to distribution_delete - Cleanup some typos in comments - custominfo_details add support for globbing key names - custominfo_deletekey add support for globbing key names - Add cryptokey_details globbing support - cryptokey_delete add support for globbing - Workaround missing date key in recent spacewalk listErrata - Add validation to softwarechannel_adderrata channel args - softwarechannel_adderrata add --skip mode - Add --quick mode to softwarechannel_adderrata - Allow config-channel export of b64 encoded files - Update the spacecmd copyright years - version 1.7.7.1-1 - Bumping package version - debranding - backport upstrem fixes - Initial release of spacecmd Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-suse-manager-client-tools-ubuntu2004-202006-14431=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (amd64): libnorm1-1.5.8+dfsg2-2build1 libpgm-5.2-0-5.2.122~dfsg-3ubuntu1 libzmq5-4.3.2-2ubuntu1 prometheus-apache-exporter-0.7.0+ds-1 prometheus-node-exporter-0.18.1+ds-2 prometheus-postgres-exporter-0.8.0+ds-1 python3-zmq-18.1.1-3 - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.7.1 salt-minion-3000+ds-1+2.7.1 spacecmd-4.1.4-2.3.2 References: https://www.suse.com/security/cve/CVE-2016-1866.html https://www.suse.com/security/cve/CVE-2016-9639.html https://www.suse.com/security/cve/CVE-2017-12791.html https://www.suse.com/security/cve/CVE-2017-14695.html https://www.suse.com/security/cve/CVE-2017-14696.html https://www.suse.com/security/cve/CVE-2018-15750.html https://www.suse.com/security/cve/CVE-2018-15751.html https://www.suse.com/security/cve/CVE-2019-17361.html https://www.suse.com/security/cve/CVE-2019-18897.html https://www.suse.com/security/cve/CVE-2020-11651.html https://www.suse.com/security/cve/CVE-2020-11652.html https://bugzilla.suse.com/1002529 https://bugzilla.suse.com/1003449 https://bugzilla.suse.com/1004047 https://bugzilla.suse.com/1004260 https://bugzilla.suse.com/1004723 https://bugzilla.suse.com/1008933 https://bugzilla.suse.com/1011304 https://bugzilla.suse.com/1011800 https://bugzilla.suse.com/1012398 https://bugzilla.suse.com/1012999 https://bugzilla.suse.com/1013876 https://bugzilla.suse.com/1013938 https://bugzilla.suse.com/1015882 https://bugzilla.suse.com/1017078 https://bugzilla.suse.com/1019386 https://bugzilla.suse.com/1020831 https://bugzilla.suse.com/1022562 https://bugzilla.suse.com/1022841 https://bugzilla.suse.com/1023535 https://bugzilla.suse.com/1024406 https://bugzilla.suse.com/1025896 https://bugzilla.suse.com/1027044 https://bugzilla.suse.com/1027240 https://bugzilla.suse.com/1027426 https://bugzilla.suse.com/1027722 https://bugzilla.suse.com/1030009 https://bugzilla.suse.com/1030073 https://bugzilla.suse.com/1032213 https://bugzilla.suse.com/1032452 https://bugzilla.suse.com/1032931 https://bugzilla.suse.com/1035914 https://bugzilla.suse.com/1036125 https://bugzilla.suse.com/1038855 https://bugzilla.suse.com/1039370 https://bugzilla.suse.com/1040886 https://bugzilla.suse.com/1041993 https://bugzilla.suse.com/1042749 https://bugzilla.suse.com/1043111 https://bugzilla.suse.com/1044719 https://bugzilla.suse.com/1050003 https://bugzilla.suse.com/1051948 https://bugzilla.suse.com/1052264 https://bugzilla.suse.com/1053376 https://bugzilla.suse.com/1053955 https://bugzilla.suse.com/1057635 https://bugzilla.suse.com/1059291 https://bugzilla.suse.com/1059758 https://bugzilla.suse.com/1060230 https://bugzilla.suse.com/1061407 https://bugzilla.suse.com/1062462 https://bugzilla.suse.com/1062464 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1064520 https://bugzilla.suse.com/1065792 https://bugzilla.suse.com/1068446 https://bugzilla.suse.com/1068566 https://bugzilla.suse.com/1070372 https://bugzilla.suse.com/1071322 https://bugzilla.suse.com/1072599 https://bugzilla.suse.com/1075950 https://bugzilla.suse.com/1076578 https://bugzilla.suse.com/1079048 https://bugzilla.suse.com/1080290 https://bugzilla.suse.com/1081151 https://bugzilla.suse.com/1081592 https://bugzilla.suse.com/1083294 https://bugzilla.suse.com/1085667 https://bugzilla.suse.com/1087055 https://bugzilla.suse.com/1087278 https://bugzilla.suse.com/1087581 https://bugzilla.suse.com/1087891 https://bugzilla.suse.com/1088070 https://bugzilla.suse.com/1088888 https://bugzilla.suse.com/1089112 https://bugzilla.suse.com/1089362 https://bugzilla.suse.com/1089526 https://bugzilla.suse.com/1091371 https://bugzilla.suse.com/1092161 https://bugzilla.suse.com/1092373 https://bugzilla.suse.com/1094055 https://bugzilla.suse.com/1094190 https://bugzilla.suse.com/1095507 https://bugzilla.suse.com/1095651 https://bugzilla.suse.com/1095942 https://bugzilla.suse.com/1096514 https://bugzilla.suse.com/1097174 https://bugzilla.suse.com/1097413 https://bugzilla.suse.com/1098394 https://bugzilla.suse.com/1099323 https://bugzilla.suse.com/1099460 https://bugzilla.suse.com/1099887 https://bugzilla.suse.com/1099945 https://bugzilla.suse.com/1100142 https://bugzilla.suse.com/1100225 https://bugzilla.suse.com/1100697 https://bugzilla.suse.com/1101780 https://bugzilla.suse.com/1101812 https://bugzilla.suse.com/1101880 https://bugzilla.suse.com/1102013 https://bugzilla.suse.com/1102218 https://bugzilla.suse.com/1102265 https://bugzilla.suse.com/1102819 https://bugzilla.suse.com/1103090 https://bugzilla.suse.com/1103530 https://bugzilla.suse.com/1103696 https://bugzilla.suse.com/1104034 https://bugzilla.suse.com/1104154 https://bugzilla.suse.com/1104491 https://bugzilla.suse.com/1106164 https://bugzilla.suse.com/1107333 https://bugzilla.suse.com/1108557 https://bugzilla.suse.com/1108834 https://bugzilla.suse.com/1108969 https://bugzilla.suse.com/1108995 https://bugzilla.suse.com/1109023 https://bugzilla.suse.com/1109893 https://bugzilla.suse.com/1110938 https://bugzilla.suse.com/1111542 https://bugzilla.suse.com/1112874 https://bugzilla.suse.com/1113698 https://bugzilla.suse.com/1113699 https://bugzilla.suse.com/1113784 https://bugzilla.suse.com/1114029 https://bugzilla.suse.com/1114197 https://bugzilla.suse.com/1114474 https://bugzilla.suse.com/1114824 https://bugzilla.suse.com/1116343 https://bugzilla.suse.com/1116837 https://bugzilla.suse.com/1117995 https://bugzilla.suse.com/1121091 https://bugzilla.suse.com/1121439 https://bugzilla.suse.com/1122663 https://bugzilla.suse.com/1122680 https://bugzilla.suse.com/1123044 https://bugzilla.suse.com/1123512 https://bugzilla.suse.com/1123865 https://bugzilla.suse.com/1124277 https://bugzilla.suse.com/1125015 https://bugzilla.suse.com/1125610 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1127389 https://bugzilla.suse.com/1128061 https://bugzilla.suse.com/1128554 https://bugzilla.suse.com/1129079 https://bugzilla.suse.com/1129243 https://bugzilla.suse.com/1130077 https://bugzilla.suse.com/1130588 https://bugzilla.suse.com/1130784 https://bugzilla.suse.com/1131114 https://bugzilla.suse.com/1132076 https://bugzilla.suse.com/1133523 https://bugzilla.suse.com/1133647 https://bugzilla.suse.com/1134860 https://bugzilla.suse.com/1135360 https://bugzilla.suse.com/1135507 https://bugzilla.suse.com/1135567 https://bugzilla.suse.com/1135656 https://bugzilla.suse.com/1135732 https://bugzilla.suse.com/1135881 https://bugzilla.suse.com/1137642 https://bugzilla.suse.com/1138454 https://bugzilla.suse.com/1138952 https://bugzilla.suse.com/1139761 https://bugzilla.suse.com/1140193 https://bugzilla.suse.com/1140912 https://bugzilla.suse.com/1143301 https://bugzilla.suse.com/1146192 https://bugzilla.suse.com/1146382 https://bugzilla.suse.com/1148311 https://bugzilla.suse.com/1148714 https://bugzilla.suse.com/1150447 https://bugzilla.suse.com/1151650 https://bugzilla.suse.com/1151947 https://bugzilla.suse.com/1152366 https://bugzilla.suse.com/1153090 https://bugzilla.suse.com/1153277 https://bugzilla.suse.com/1153611 https://bugzilla.suse.com/1154620 https://bugzilla.suse.com/1154940 https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1157465 https://bugzilla.suse.com/1157479 https://bugzilla.suse.com/1158441 https://bugzilla.suse.com/1158940 https://bugzilla.suse.com/1159118 https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1160931 https://bugzilla.suse.com/1162327 https://bugzilla.suse.com/1162504 https://bugzilla.suse.com/1163871 https://bugzilla.suse.com/1165425 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1167437 https://bugzilla.suse.com/1167556 https://bugzilla.suse.com/1168340 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1169800 https://bugzilla.suse.com/1170042 https://bugzilla.suse.com/1170104 https://bugzilla.suse.com/1170288 https://bugzilla.suse.com/1170595 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1171906 https://bugzilla.suse.com/1172075 https://bugzilla.suse.com/1173072 https://bugzilla.suse.com/1174165 https://bugzilla.suse.com/769106 https://bugzilla.suse.com/769108 https://bugzilla.suse.com/776615 https://bugzilla.suse.com/849184 https://bugzilla.suse.com/849204 https://bugzilla.suse.com/849205 https://bugzilla.suse.com/879904 https://bugzilla.suse.com/887879 https://bugzilla.suse.com/889605 https://bugzilla.suse.com/892707 https://bugzilla.suse.com/902494 https://bugzilla.suse.com/908849 https://bugzilla.suse.com/926318 https://bugzilla.suse.com/932288 https://bugzilla.suse.com/945380 https://bugzilla.suse.com/948245 https://bugzilla.suse.com/955373 https://bugzilla.suse.com/958350 https://bugzilla.suse.com/959572 https://bugzilla.suse.com/963322 https://bugzilla.suse.com/965403 https://bugzilla.suse.com/967803 https://bugzilla.suse.com/969320 https://bugzilla.suse.com/970669 https://bugzilla.suse.com/971372 https://bugzilla.suse.com/972311 https://bugzilla.suse.com/972490 https://bugzilla.suse.com/975093 https://bugzilla.suse.com/975303 https://bugzilla.suse.com/975306 https://bugzilla.suse.com/975733 https://bugzilla.suse.com/975757 https://bugzilla.suse.com/976148 https://bugzilla.suse.com/977264 https://bugzilla.suse.com/978150 https://bugzilla.suse.com/978833 https://bugzilla.suse.com/979448 https://bugzilla.suse.com/979676 https://bugzilla.suse.com/980313 https://bugzilla.suse.com/983017 https://bugzilla.suse.com/983512 https://bugzilla.suse.com/985112 https://bugzilla.suse.com/985661 https://bugzilla.suse.com/986019 https://bugzilla.suse.com/987798 https://bugzilla.suse.com/988506 https://bugzilla.suse.com/989193 https://bugzilla.suse.com/989798 https://bugzilla.suse.com/990029 https://bugzilla.suse.com/990439 https://bugzilla.suse.com/990440 https://bugzilla.suse.com/991048 https://bugzilla.suse.com/993039 https://bugzilla.suse.com/993549 https://bugzilla.suse.com/996455 https://bugzilla.suse.com/999852 From sle-security-updates at lists.suse.com Mon Jul 20 22:48:07 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Jul 2020 06:48:07 +0200 (CEST) Subject: SUSE-SU-2020:1971-1: moderate: Security update for Salt Message-ID: <20200721044807.516B6FDE4@maintenance.suse.de> SUSE Security Update: Security update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1971-1 Rating: moderate References: #1157465 #1159284 #1162327 #1165572 #1167437 #1168340 #1169604 #1169800 #1170104 #1170288 #1170595 #1171906 #1172075 #1173072 #1174165 Cross-References: CVE-2019-18897 CVE-2020-11651 CVE-2020-11652 Affected Products: SUSE Manager Tools 12 SUSE Manager Server 3.2 SUSE Manager Proxy 3.2 SUSE Linux Enterprise Point of Sale 12-SP2 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that solves three vulnerabilities and has 12 fixes is now available. Description: This update fixes the following issues: salt: - Fix for TypeError in Tornado importer (bsc#1174165) - Require python3-distro only for TW (bsc#1173072) - Various virt backports from 3000.2 - Avoid traceback on debug logging for swarm module (bsc#1172075) - Add publish_batch to ClearFuncs exposed methods - Update to salt version 3000 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Testsuite fix - Add option to enable/disable force refresh for zypper - Python3.8 compatibility changes - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341) (bsc#1170104) - Returns a the list of IPs filtered by the optional network list - Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595) - Do not require vendored backports-abc (bsc#1170288) - Fix partition.mkpart to work without fstype (bsc#1169800) - Enable building and installation for Fedora - Disable python2 build on Tumbleweed We are removing the python2 interpreter from openSUSE (SLE16). As such disable salt building for python2 there. - More robust remote port detection - Sanitize grains loaded from roster_grains.json cache during "state.pkg" - Do not make file.recurse state to fail when msgpack 0.5.4 (bsc#1167437) - Build: Buildequire pkgconfig(systemd) instead of systemd pkgconfig(systemd) is provided by systemd, so this is de-facto no change. But inside the Open Build Service (OBS), the same symbol is also provided by systemd-mini, which exists to shorten build-chains by only enabling what other packages need to successfully build - Add new custom SUSE capability for saltutil state module - Fixes status attribute issue in aptpkg test - Make setup.py script not to require setuptools greater than 9.1 - Loop: fix variable names for until_no_eval - Drop conflictive module.run state patch (bsc#1167437) - Update patches after rebase with upstream v3000 tag (bsc#1167437) - Fix some requirements issues depending on Python3 versions - Removes obsolete patch - Fix for low rpm_lowpkg unit test - Add python-singledispatch as dependency for python2-salt - Virt._get_domain: don't raise an exception if there is no VM - Fix for temp folder definition in loader unit test - Adds test for zypper abbreviation fix - Improved storage pool or network handling - Better import cache handline - Make "salt.ext.tornado.gen" to use "salt.ext.backports_abc" on Python 2 - Fix regression in service states with reload argument - Fix integration test failure for test_mod_del_repo_multiline_values - Fix for unless requisite when pip is not installed - Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation - Fix tornado imports and missing _utils after rebasing patches - Removes unresolved merge conflict in yumpkg module - Use full option name instead of undocumented abbreviation for zypper - Requiring python3-distro only for openSUSE/SLE >= 15 and not for Python 2 builds - Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897) - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327) - RHEL/CentOS 8 uses platform-python instead of python3 - Loader: invalidate the import cachefor extra modules - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Improvements for chroot module - Add option to enable/disable force refresh for zypper - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2020-1971=1 - SUSE Manager Server 3.2: zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2020-1971=1 - SUSE Manager Proxy 3.2: zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2020-1971=1 - SUSE Linux Enterprise Point of Sale 12-SP2: zypper in -t patch SUSE-SLE-POS-12-SP2-2020-1971=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2020-1971=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-3000-46.101.1 python3-salt-3000-46.101.1 salt-3000-46.101.1 salt-doc-3000-46.101.1 salt-minion-3000-46.101.1 - SUSE Manager Tools 12 (noarch): python-singledispatch-3.4.0.3-1.5.1 - SUSE Manager Server 3.2 (ppc64le s390x x86_64): python2-salt-3000-46.101.1 python3-salt-3000-46.101.1 salt-3000-46.101.1 salt-api-3000-46.101.1 salt-cloud-3000-46.101.1 salt-doc-3000-46.101.1 salt-master-3000-46.101.1 salt-minion-3000-46.101.1 salt-proxy-3000-46.101.1 salt-ssh-3000-46.101.1 salt-standalone-formulas-configuration-3000-46.101.1 salt-syndic-3000-46.101.1 - SUSE Manager Server 3.2 (noarch): python-singledispatch-3.4.0.3-1.5.1 salt-bash-completion-3000-46.101.1 salt-zsh-completion-3000-46.101.1 - SUSE Manager Proxy 3.2 (noarch): python-singledispatch-3.4.0.3-1.5.1 - SUSE Manager Proxy 3.2 (x86_64): python2-salt-3000-46.101.1 python3-salt-3000-46.101.1 salt-3000-46.101.1 salt-minion-3000-46.101.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (noarch): python-singledispatch-3.4.0.3-1.5.1 - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64): python2-salt-3000-46.101.1 salt-3000-46.101.1 salt-minion-3000-46.101.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-3000-46.101.1 salt-3000-46.101.1 salt-api-3000-46.101.1 salt-cloud-3000-46.101.1 salt-doc-3000-46.101.1 salt-master-3000-46.101.1 salt-minion-3000-46.101.1 salt-proxy-3000-46.101.1 salt-ssh-3000-46.101.1 salt-standalone-formulas-configuration-3000-46.101.1 salt-syndic-3000-46.101.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): python-singledispatch-3.4.0.3-1.5.1 salt-bash-completion-3000-46.101.1 salt-zsh-completion-3000-46.101.1 References: https://www.suse.com/security/cve/CVE-2019-18897.html https://www.suse.com/security/cve/CVE-2020-11651.html https://www.suse.com/security/cve/CVE-2020-11652.html https://bugzilla.suse.com/1157465 https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1162327 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1167437 https://bugzilla.suse.com/1168340 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1169800 https://bugzilla.suse.com/1170104 https://bugzilla.suse.com/1170288 https://bugzilla.suse.com/1170595 https://bugzilla.suse.com/1171906 https://bugzilla.suse.com/1172075 https://bugzilla.suse.com/1173072 https://bugzilla.suse.com/1174165 From sle-security-updates at lists.suse.com Mon Jul 20 22:50:31 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Jul 2020 06:50:31 +0200 (CEST) Subject: SUSE-SU-2020:1970-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20200721045031.325C4FDE4@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1970-1 Rating: moderate References: #1113160 #1134195 #1138822 #1141661 #1142038 #1143913 #1148177 #1153090 #1153277 #1154940 #1154968 #1155372 #1163871 #1165921 #1168310 #1170231 #1170557 #1171687 #1172462 Cross-References: CVE-2019-10215 CVE-2019-15043 CVE-2020-12245 CVE-2020-13379 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Manager Tools 12 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves four vulnerabilities and has 15 fixes is now available. Description: This update fixes the following issues: cobbler: - Calculate relative path for kernel and inited when generating grub entry (bsc#1170231) Added: fix-grub2-entry-paths.diff - Fix os-release version detection for SUSE Modified: sles15.patch - Jinja2 template library fix (bsc#1141661) - Removes string replace for textmode fix (bsc#1134195) golang-github-prometheus-node_exporter: - Update to 0.18.1 * [BUGFIX] Fix incorrect sysctl call in BSD meminfo collector, resulting in broken swap metrics on FreeBSD #1345 * [BUGFIX] Fix rollover bug in mountstats collector #1364 * Renamed interface label to device in netclass collector for consistency with * other network metrics #1224 * The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides. #1248 * The labels for the network_up metric have changed, see issue #1236 * Bonding collector now uses mii_status instead of operstatus #1124 * Several systemd metrics have been turned off by default to improve performance #1254 * These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds * The systemd collector blacklist now includes automount, device, mount, and slice units by default. #1255 * [CHANGE] Bonding state uses mii_status #1124 * [CHANGE] Add a limit to the number of in-flight requests #1166 * [CHANGE] Renamed interface label to device in netclass collector #1224 * [CHANGE] Add separate cpufreq and scaling metrics #1248 * [CHANGE] Several systemd metrics have been turned off by default to improve performance #1254 * [CHANGE] Expand systemd collector blacklist #1255 * [CHANGE] Split cpufreq metrics into a separate collector #1253 * [FEATURE] Add a flag to disable exporter metrics #1148 * [FEATURE] Add kstat-based Solaris metrics for boottime, cpu and zfs collectors #1197 * [FEATURE] Add uname collector for FreeBSD #1239 * [FEATURE] Add diskstats collector for OpenBSD #1250 * [FEATURE] Add pressure collector exposing pressure stall information for Linux #1174 * [FEATURE] Add perf exporter for Linux #1274 * [ENHANCEMENT] Add Infiniband counters #1120 * [ENHANCEMENT] Add TCPSynRetrans to netstat default filter #1143 * [ENHANCEMENT] Move network_up labels into new metric network_info #1236 * [ENHANCEMENT] Use 64-bit counters for Darwin netstat * [BUGFIX] Add fallback for missing /proc/1/mounts #1172 * [BUGFIX] Fix node_textfile_mtime_seconds to work properly on symlinks #1326 - Add network-online (Wants and After) dependency to systemd unit bsc#1143913 golang-github-prometheus-prometheus: - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid "have choice" build issues in OBS. + Rebase and update patches for version 2.18.0 + Changed: * 0002-Default-settings.patch Changed - Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073 - Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136 - Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051 - Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011 - Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and "Xs ago" duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693 - Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547 - Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512 - Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303 - Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071 - Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145 - Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-102 15). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014 - Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845 - Update Uyuni/SUSE Manager service discovery patch + Modified 0003-Add-Uyuni-service-discovery.patch: + Adapt service discovery to the new Uyuni API endpoints + Modified spec file: force golang 1.12 to fix build issues in SLE15SP2 - Update to Prometheus 2.11.2 grafana: - Update to version 7.0.3 * Features / Enhancements - Stats: include all fields. #24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff * Bug fixes - Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian - Configuration: Fix env var override of sections containing hyphen. #25178, @marefr - Dashboard: Get panels in collapsed rows. #25079, @peterholmberg - Do not show alerts tab when alerting is disabled. #25285, @dprokop - Jaeger: fixes cascader option label duration value. #25129, @Estrax - Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo - Update to version 7.0.2 * Bug fixes - Security: Urgent security patch release to fix CVE-2020-13379 - Update to version 7.0.1 * Features / Enhancements - Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney - Download CSV: Add date and time formatting. #24992, @ryantxu - Table: Make last cell value visible when right aligned. #24921, @peterholmberg - TablePanel: Adding sort order persistance. #24705, @torkelo - Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg - Transformations: Allow custom number input for binary operations. #24752, @ryantxu * Bug fixes - Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani - Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani - Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark - DataLinks: Bring back variables interpolation in title. #24970, @dprokop - Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney - Explore/Table: Keep existing field types if possible. #24944, @kaydelaney - Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova - Explore: fix undo in query editor. #24797, @zoltanbedi - Explore: fix word break in type head info. #25014, @zoltanbedi - Graph: Legend decimals now work as expected. #24931, @torkelo - LoginPage: Fix hover color for service buttons. #25009, @tskarhed - LogsPanel: Fix scrollbar. #24850, @ivanahuckova - MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo - Organize transformer: Use display name in field order comparer. #24984, @dprokop - Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark - PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop - PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo - PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark - PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark - PanelMenu: Make menu disappear on button press. #25015, @tskarhed - Postgres: Fix add button. #25087, @phemmer - Prometheus: Fix recording rules expansion. #24977, @ivanahuckova - Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian - Update to version 7.0.0 * Breaking changes - Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin. - Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds. - Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10. - Datasource/Loki: Support for deprecated Loki endpoints has been removed. - Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information. - @grafana/ui: Forms migration notice, see @grafana/ui changelog - @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog + Deprecation warnings - Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059 - The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins. * Features / Enhancements - Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr - Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal - Loki: Allow multiple derived fields with the same name. #24437, @aocenas - Orgs: Add future deprecation notice. #24502, @torkelo * Bug Fixes - @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi - Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark - Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop - Dashboard: Fix for strange "dashboard not found" errors when opening links in dashboard settings. #24416, @torkelo - Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn - Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo - Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg - Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop - Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet - Data source: Fixes async mount errors. #24579, @Estrax - Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1 - Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova - Explore: Fix rendering of react query editors. #24593, @ivanahuckova - Explore: Fixes loading more logs in logs context view. #24135, @Estrax - Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo - Graphite: Makes query annotations work again. #24556, @hugohaggmark - Logs: Clicking "Load more" from context overlay doesn't expand log row. #24299, @kaydelaney - Logs: Fix total bytes process calculation. #24691, @davkal - Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet - Plugins: Fix manifest validation. #24573, @aknuds1 - Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist - Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed - Search: Save folder expanded state. #24496, @Clarity-89 - Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss - Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo - Table: Fixed persisting column resize for time series fields. #24505, @torkelo - Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark - Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn - Transformations: Make transform dropdowns not cropped. #24615, @dprokop - Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark - Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark - Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark - Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark - Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas - SAML: Switch from email to login for user login attribute mapping (Enterprise) - Update Makefile and spec file * Remove phantomJS patch from Makefile * Fix multiline strings in Makefile * Exclude s390 from SLE12 builds, golang 1.14 is not built for s390 - Add instructions for patching the Grafana javascript frontend. - BuildRequires golang(API) instead of go metapackage version range * BuildRequires: golang(API) >= 1.14 from BuildRequires: ( go >= 1.14 with go < 1.15 ) - Update to version 6.7.3 - This version fixes bsc#1170557 and its corresponding CVE-2020-12245 - Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin - Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark - AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken - Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg - Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan - DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo - Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh - Security: Fix annotation popup XSS vulnerability. #23813, @torkelo - Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1 - TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo - Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark - Update to version 6.7.2: (see installed changelog for the full list of changes) - BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo - Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop - DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn - Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn - Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo - Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo - Plugins: Expose promiseToDigest. #23249, @torkelo - Reporting (Enterprise): Fixes issue updating a report created by someone else - Update to 6.7.1: (see installed changelog for the full list of changes) Bug Fixes - Azure: Fixed dropdowns not showing current value. #22914, @torkelo - BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark - Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo - Reporting: fixes migrations compatibility with mysql (Enterprise) - Reporting: Reduce default concurrency limit to 4 (Enterprise) - Update to 6.7.0: (see installed changelog for the full list of changes) Bug Fixes - AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo - BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark - Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo - Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo - Rich History: UX adjustments and fixes. #22729, @ivanahuckova - Update to 6.7.0-beta1: Breaking changes - Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked. - Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338 - Notice about changes in backendSrv for plugin authors In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv. Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI. To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv. Bug Fixes API: Fix redirect issues. #22285, @papagian Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1 Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek BackendSrv: Fixes POST body for form data. gmark CloudWatch: Credentials cache invalidation fix. #22473, @sunker CloudWatch: Expand alias variables when query yields no result. #22695, @sunker Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo StatPanel: Fixes base color is being used for null values . #22646, @torkelo - Update to version 6.6.2: (see installed changelog for the full list of changes) - Update to version 6.6.1: (see installed changelog for the full list of changes) - Update to version 6.6.0: (see installed changelog for the full list of changes) - Update to version 6.5.3: (see installed changelog for the full list of changes) - Update to version 6.5.2: (see installed changelog for the full list of changes) - Update to version 6.5.1: (see installed changelog for the full list of changes) - Update to version 6.5.0 (see installed changelog for the full list of changes) - Update to version 6.4.5: * Create version 6.4.5 * CloudWatch: Fix high CPU load (#20579) - Add obs-service-go_modules to download required modules into vendor.tar.gz - Adjusted spec file to use vendor.tar.gz - Adjusted Makefile to work with new filenames - BuildRequire go1.14 - Update to version 6.4.4: * DataLinks: Fix blur issues. #19883, @aocenas * Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson * LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen * LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson * Singlestat: Fix no data / null value mapping . #19951, @ryantxu - Revert the spec file and make script - Remove PhantomJS dependency - Update to 6.4.3 * Bug Fixes - Alerting: All notification channels should send even if one fails to send. #19807, @jan25 - AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas - ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal - DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop - DataLinks: Fix url field not releasing focus. #19804, @aocenas - Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas - Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark - Singlestat: Fixed issue with mapping null to text. #19689, @torkelo - @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop - @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang - Update to 6.4.2 * Bug Fixes - CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron - Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark - Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo - Graph: Switching to series mode should re-render graph. #19623, @torkelo - Loki: Fix autocomplete on label values. #19579, @aocenas - Loki: Removes live option for logs panel. #19533, @davkal - Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha - Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark - sted keys in YAML provisioning caused a server crash, #19547 - ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise) - Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise). - Changes from 6.4.0 * Features / Enhancements - Build: Upgrade go to 1.12.10. #19499, @marefr - DataLinks: Suggestions menu improvements. #19396, @dprokop - Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova - Explore: Update broken link to logql docs. #19510, @ivanahuckova - Logs: Adds Logs Panel as a visualization. #19504, @davkal * Bug Fixes - CLI: Fix version selection for plugin install. #19498, @aocenas - Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo - Changes from 6.4.0 Beta 2 * Features / Enhancements - Azure Monitor: Remove support for cross resource queries (#19115)". #19346, @sunker - Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr - Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo - grafana/toolkit: Add plugin creation task. #19207, @dprokop * Bug Fixes - Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark - Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm - Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz - Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo - Database: Rewrite system statistics query to perform better. #19178, @papagian - Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu - MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr - Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh - MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr - MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr - MySQL: Limit datasource error details returned from the backend. #19373, @marefr - Changes from 6.4.0 Beta 1 * Features / Enhancements - API: Readonly datasources should not be created via the API. #19006, @papagian - Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar - Annotations: Add annotations support to Loki. #18949, @aocenas - Annotations: Use a single row to represent a region. #17673, @ryantxu - Auth: Allow inviting existing users when login form is disabled. #19048, @548017 - Azure Monitor: Add support for cross resource queries. #19115, @sunker - CLI: Allow installing custom binary plugins. #17551, @aocenas - Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark - Dashboard: Reuse query results between panels . #16660, @ryantxu - Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod - DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu - DataLinks: Enable access to labels & field names. #18918, @torkelo - DataLinks: Enable multiple data links per panel. #18434, @dprokop - Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech - Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery - Explore: Add throttling when doing live queries. #19085, @aocenas - Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney - Explore: Reduce default time range to last hour. #18212, @davkal - Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu - Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal - Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian - InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code - LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh - Ldap: Add ldap debug page. #18759, @peterholmberg - Loki: Remove prefetching of default label values. #18213, @davkal - Metrics: Add failed alert notifications metric. #18089, @koorgoo - OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon - OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin - Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh - Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati - Plugins: better warning when plugins fail to load. #18671, @ryantxu - Postgres: Add support for scram sha 256 authentication. #18397, @nonamef - RemoteCache: Support SSL with Redis. #18511, @kylebrandt - SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu - Stackdriver: Add extra alignment period options. #18909, @sunker - Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon - Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar * Bug Fixes - Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian - Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt - Alerting: fix response popover prompt when add notification channels. #18967, @lzdw - CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger - Explore: Fix auto completion on label values for Loki. #18988, @aocenas - Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark - Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark - MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold - MSSQL: Fix memory leak when debug enabled. #19049, @briangann - Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt - TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark * Breaking changes + Annotations There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details. + Docker Grafana is now using Alpine 3.10 as docker base image. + HTTP API - GET /api/alert-notifications now requires at least editor access. New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user. - GET /api/alert-notifiers now requires at least editor access - GET /api/org/users now requires org admin role. New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins, admin in any folder or admin of any team. - GET /api/annotations no longer returns regionId property. - POST /api/annotations no longer supports isRegion property. - PUT /api/annotations/:id no longer supports isRegion property. - PATCH /api/annotations/:id no longer supports isRegion property. - DELETE /api/annotations/region/:id has been removed. * Deprecation notes + PhantomJS - PhantomJS, which is used for rendering images of dashboards and panels, is deprecated and will be removed in a future Grafana release. A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use. Please consider migrating from PhantomJS to the Grafana Image Renderer plugin. - Changes from 6.3.6 * Features / Enhancements - Metrics: Adds setting for turning off total stats metrics. #19142, @marefr * Bug Fixes - Database: Rewrite system statistics query to perform better. #19178, @papagian - Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney - Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors. - Add missing directories provisioning/datasources and provisioning/notifiers and sample.yaml as described in packaging/rpm/control from upstream. Missing directories are shown in logfiles. - Version 6.3.5 * Upgrades + Build: Upgrade to go 1.12.9. * Bug Fixes + Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties. + Editor: Fixes issue where only entire lines were being copied. + Explore: Fixes query field layout in splitted view for Safari browsers. + LDAP: multildap + ldap integration. + Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds. + Prometheus: Prevents panel editor crash when switching to Prometheus datasource. + Prometheus: Changes brace-insertion behavior to be less annoying. - Version 6.3.4 * Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use. - Version 6.3.3 * Bug Fixes + Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1 + Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3 + DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1 + DataLinks: Respect timezone when displaying datapoint???s timestamp in graph context menu. #18461 2, @dprokop 1 + DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1 + Explore: Fix loading error for empty queries. #18488 1, @davkal + Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2 + Graphite: Avoid glob of single-value array variables . #18420, @gotjosh + Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3 + Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2 + TimeSeries: Assume values are all numbers. #18540 4, @ryantxu - Version 6.3.2 * Bug Fixes + Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12 - Version 6.3.1 * Bug Fixes + PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2 - Version 6.3.0 * Features / Enhancements + OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3 + Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh + Build grafana images consistently. #18224 12, @hassanfarid + Docs: SAML. #18069 11, @gotjosh + Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas + TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2 + Alerting: Add tags to alert rules. #10989 13, @Thib17 1 + Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng + Alerting: Improve alert rule testing. #16286 2, @marefr + Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25 + Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1 + Auth: Allow expiration of API keys. #17678, @papagian 3 + Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1 + Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1 + AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1 + CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu + Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu + Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax + Data links. #17267 11, @torkelo 2 + Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues??? #17066 5, @bergquist 1 + Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr + Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3 + Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2 + Explore: Adds support for new loki ???start??? and ???end??? params for labels endpoint. #17512, @kaydelaney 2 + Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2 + Explore: Allow switching between metrics and logs . #16959 2, @marefr + Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3 + Explore: Display log lines context . #17097, @dprokop 1 + Explore: Don???t parse log levels if provided by field or label. #17180 1, @marefr + Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2 + Explore: Support for new LogQL filtering syntax. #16674 4, @davkal + Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3 + Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1 + Graph: Added new fill gradient option. #17528 3, @torkelo 2 + GraphPanel: Don???t sort series when legend table & sort column is not visible . #17095, @shavonn 1 + InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3 + Logging: Login and Logout actions (#17760). #17883 1, @ATTron + Logging: Move log package to pkg/infra. #17023, @zhulongcheng + Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1 + MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd + MySQL: Add support for periodically reloading client certs. #14892, @tpetr + Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu + Prometheus: Take timezone into account for step alignment. #17477, @fxmiii + Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246 + Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA + Provisioning: Support folder that doesn???t exist yet in dashboard provisioning. #17407 1, @Nexucis + Refresh picker: Handle empty intervals. #17585 1, @dehrax + Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr + Snapshot: use given key and deleteKey. #16876, @zhulongcheng + Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev + Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad + Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway + Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin * Bug Fixes + PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax + OAuth: Fix ???missing saved state??? OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3 + cli: fix for recognizing when in dev mode??? #18334, @xlson + DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2 + Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2 + PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson + TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2 + Timerange: Fixes a bug where custom time ranges didn???t respect UTC. #18248 1, @kaydelaney 2 + remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke + AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax + CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr + Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr + Explore: Fix browsing back to dashboard panel. #17061, @jschill + Explore: Fix filter by series level in logs graph. #17798, @marefr + Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr + Explore: Fix selection/copy of log lines. #17121, @marefr + Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas + Frontend: Fix for Json tree component not working. #17608, @srid12 + Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2 + Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2 + Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3 + HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25 + InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki + Prometheus: Correctly escape ???|??? literals in interpolated PromQL variables. #16932, @Limess + Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi + SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri - Make phantomjs dependency configurable - Create plugin directory and clean up (create in %install, add to %files) handling of /var/lib/grafana/* and mgr-cfg: - Remove commented code in test files - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Add mgr manpage links mgr-custom-info: - Bump version to 4.1.0 (bsc#1154940) mgr-daemon: - Bump version to 4.1.0 (bsc#1154940) - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Separate osa-dispatcher and jabberd so it can be disabled independently - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Move /usr/share/rhn/config-defaults to uyuni-base-common - Require uyuni-base-common for /etc/rhn (for osa-dispatcher) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-push: - Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) mgr-virtualization: - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Fix mgr-virtualization timer rhnlib: - Fix building - Fix malformed XML response when data contains non-ASCII chars (bsc#1154968) - Bump version to 4.1.0 (bsc#1154940) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group spacewalk-client-tools: - Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921) - Spell correctly "successful" and "successfully" - Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160) - Replace spacewalk-usix with uyuni-common-libs - Return a non-zero exit status on errors in rhn_check - Bump version to 4.1.0 (bsc#1154940) - Make a explicit requirement to systemd for spacewalk-client-tools when rhnsd timer is installed spacewalk-koan: - Bump version to 4.1.0 (bsc#1154940) - Require commands we use in merge-rd.sh spacewalk-oscap: - Bump version to 4.1.0 (bsc#1154940) spacewalk-remote-utils: - Update spacewalk-create-channel with RHEL 7.7 channel definitions - Bump version to 4.1.0 (bsc#1154940) supportutils-plugin-susemanager-client: - Bump version to 4.1.0 (bsc#1154940) suseRegisterInfo: - SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310) - Bump version to 4.1.0 (bsc#1154940) zypp-plugin-spacewalk: - Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1970=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1970=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1970=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1970=1 - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2020-1970=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1970=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1970=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1970=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1970=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1970=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1970=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1970=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1970=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE OpenStack Cloud 9 (x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE OpenStack Cloud 9 (noarch): cobbler-2.6.6-49.26.3 - SUSE OpenStack Cloud 8 (x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE OpenStack Cloud 8 (noarch): cobbler-2.6.6-49.26.3 - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 golang-github-prometheus-prometheus-2.18.0-1.12.2 grafana-7.0.3-1.9.3 grafana-debuginfo-7.0.3-1.9.3 python2-uyuni-common-libs-4.1.5-1.3.2 uyuni-base-common-4.1.1-1.3.1 - SUSE Manager Tools 12 (noarch): koan-2.6.6-49.26.3 mgr-cfg-4.1.2-1.12.3 mgr-cfg-actions-4.1.2-1.12.3 mgr-cfg-client-4.1.2-1.12.3 mgr-cfg-management-4.1.2-1.12.3 mgr-custom-info-4.1.1-1.6.1 mgr-daemon-4.1.1-1.14.2 mgr-osad-4.1.2-1.15.2 mgr-push-4.1.1-1.6.3 mgr-virtualization-host-4.1.1-1.14.3 python2-mgr-cfg-4.1.2-1.12.3 python2-mgr-cfg-actions-4.1.2-1.12.3 python2-mgr-cfg-client-4.1.2-1.12.3 python2-mgr-cfg-management-4.1.2-1.12.3 python2-mgr-osa-common-4.1.2-1.15.2 python2-mgr-osad-4.1.2-1.15.2 python2-mgr-push-4.1.1-1.6.3 python2-mgr-virtualization-common-4.1.1-1.14.3 python2-mgr-virtualization-host-4.1.1-1.14.3 python2-rhnlib-4.1.2-21.22.2 python2-spacewalk-check-4.1.5-52.32.2 python2-spacewalk-client-setup-4.1.5-52.32.2 python2-spacewalk-client-tools-4.1.5-52.32.2 python2-spacewalk-koan-4.1.1-24.12.2 python2-spacewalk-oscap-4.1.1-19.12.1 python2-suseRegisterInfo-4.1.2-25.9.2 python2-zypp-plugin-spacewalk-1.0.7-30.21.2 spacecmd-4.1.4-38.61.2 spacewalk-check-4.1.5-52.32.2 spacewalk-client-setup-4.1.5-52.32.2 spacewalk-client-tools-4.1.5-52.32.2 spacewalk-koan-4.1.1-24.12.2 spacewalk-oscap-4.1.1-19.12.1 spacewalk-remote-utils-4.1.1-24.15.3 supportutils-plugin-susemanager-client-4.1.2-6.15.1 suseRegisterInfo-4.1.2-25.9.2 zypp-plugin-spacewalk-1.0.7-30.21.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - SUSE Enterprise Storage 5 (aarch64 x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 - HPE Helion Openstack 8 (noarch): cobbler-2.6.6-49.26.3 - HPE Helion Openstack 8 (x86_64): golang-github-prometheus-node_exporter-0.18.1-1.6.2 References: https://www.suse.com/security/cve/CVE-2019-10215.html https://www.suse.com/security/cve/CVE-2019-15043.html https://www.suse.com/security/cve/CVE-2020-12245.html https://www.suse.com/security/cve/CVE-2020-13379.html https://bugzilla.suse.com/1113160 https://bugzilla.suse.com/1134195 https://bugzilla.suse.com/1138822 https://bugzilla.suse.com/1141661 https://bugzilla.suse.com/1142038 https://bugzilla.suse.com/1143913 https://bugzilla.suse.com/1148177 https://bugzilla.suse.com/1153090 https://bugzilla.suse.com/1153277 https://bugzilla.suse.com/1154940 https://bugzilla.suse.com/1154968 https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1163871 https://bugzilla.suse.com/1165921 https://bugzilla.suse.com/1168310 https://bugzilla.suse.com/1170231 https://bugzilla.suse.com/1170557 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1172462 From sle-security-updates at lists.suse.com Mon Jul 20 22:58:27 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Jul 2020 06:58:27 +0200 (CEST) Subject: SUSE-SU-2020:1972-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20200721045827.42001FDE4@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1972-1 Rating: moderate References: #1113160 #1138822 #1142038 #1148177 #1153090 #1153277 #1154940 #1154968 #1155372 #1163871 #1165921 #1168310 #1170231 #1170557 #1170824 #1171687 #1172462 Cross-References: CVE-2019-10215 CVE-2019-15043 CVE-2020-12245 CVE-2020-13379 Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has 13 fixes is now available. Description: This update fixes the following issues: dracut-saltboot: - Print a list of available disk devices (bsc#1170824) - Install wipefs to initrd - Force install crypt modules golang-github-prometheus-prometheus: - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid "have choice" build issues in OBS. + Rebase and update patches for version 2.18.0 - Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073 - Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136 - Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051 - Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011 - Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and "Xs ago" duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693 - Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547 - Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512 - Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303 - Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071 - Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145 - Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-102 15). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014 - Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845 - Update Uyuni/SUSE Manager service discovery patch + Adapt service discovery to the new Uyuni API endpoints + Modified spec file: force golang 1.12 to fix build issues in SLE15SP2 - Update to Prometheus 2.11.2 grafana: - Update to version 7.0.3 * Features / Enhancements - Stats: include all fields. #24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff * Bug fixes - Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian - Configuration: Fix env var override of sections containing hyphen. #25178, @marefr - Dashboard: Get panels in collapsed rows. #25079, @peterholmberg - Do not show alerts tab when alerting is disabled. #25285, @dprokop - Jaeger: fixes cascader option label duration value. #25129, @Estrax - Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo - Update to version 7.0.2 * Bug fixes - Security: Urgent security patch release to fix CVE-2020-13379 - Update to version 7.0.1 * Features / Enhancements - Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney - Download CSV: Add date and time formatting. #24992, @ryantxu - Table: Make last cell value visible when right aligned. #24921, @peterholmberg - TablePanel: Adding sort order persistance. #24705, @torkelo - Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg - Transformations: Allow custom number input for binary operations. #24752, @ryantxu * Bug fixes - Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani - Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani - Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark - DataLinks: Bring back variables interpolation in title. #24970, @dprokop - Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney - Explore/Table: Keep existing field types if possible. #24944, @kaydelaney - Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova - Explore: fix undo in query editor. #24797, @zoltanbedi - Explore: fix word break in type head info. #25014, @zoltanbedi - Graph: Legend decimals now work as expected. #24931, @torkelo - LoginPage: Fix hover color for service buttons. #25009, @tskarhed - LogsPanel: Fix scrollbar. #24850, @ivanahuckova - MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo - Organize transformer: Use display name in field order comparer. #24984, @dprokop - Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark - PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop - PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo - PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark - PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark - PanelMenu: Make menu disappear on button press. #25015, @tskarhed - Postgres: Fix add button. #25087, @phemmer - Prometheus: Fix recording rules expansion. #24977, @ivanahuckova - Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian - Update to version 7.0.0 * Breaking changes - Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin. - Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds. - Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10. - Datasource/Loki: Support for deprecated Loki endpoints has been removed. - Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information. - @grafana/ui: Forms migration notice, see @grafana/ui changelog - @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog + Deprecation warnings - Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059 - The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins. * Features / Enhancements - Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr - Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal - Loki: Allow multiple derived fields with the same name. #24437, @aocenas - Orgs: Add future deprecation notice. #24502, @torkelo * Bug Fixes - @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi - Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark - Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop - Dashboard: Fix for strange "dashboard not found" errors when opening links in dashboard settings. #24416, @torkelo - Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn - Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo - Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg - Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop - Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet - Data source: Fixes async mount errors. #24579, @Estrax - Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1 - Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova - Explore: Fix rendering of react query editors. #24593, @ivanahuckova - Explore: Fixes loading more logs in logs context view. #24135, @Estrax - Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo - Graphite: Makes query annotations work again. #24556, @hugohaggmark - Logs: Clicking "Load more" from context overlay doesn't expand log row. #24299, @kaydelaney - Logs: Fix total bytes process calculation. #24691, @davkal - Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet - Plugins: Fix manifest validation. #24573, @aknuds1 - Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist - Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed - Search: Save folder expanded state. #24496, @Clarity-89 - Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss - Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo - Table: Fixed persisting column resize for time series fields. #24505, @torkelo - Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark - Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn - Transformations: Make transform dropdowns not cropped. #24615, @dprokop - Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark - Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark - Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark - Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark - Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas - SAML: Switch from email to login for user login attribute mapping (Enterprise) - Update Makefile and spec file * Remove phantomJS patch from Makefile * Fix multiline strings in Makefile * Exclude s390 from SLE12 builds, golang 1.14 is not built for s390 - Add instructions for patching the Grafana javascript frontend. - BuildRequires golang(API) instead of go metapackage version range * BuildRequires: golang(API) >= 1.14 from BuildRequires: ( go >= 1.14 with go < 1.15 ) - Update to version 6.7.3 - This version fixes bsc#1170557 and its corresponding CVE-2020-12245 - Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin - Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark - AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken - Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg - Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan - DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo - Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh - Security: Fix annotation popup XSS vulnerability. #23813, @torkelo - Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1 - TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo - Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark - Update to version 6.7.2: (see installed changelog for the full list of changes) - BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo - Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop - DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn - Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn - Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo - Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo - Plugins: Expose promiseToDigest. #23249, @torkelo - Reporting (Enterprise): Fixes issue updating a report created by someone else - Update to 6.7.1: (see installed changelog for the full list of changes) Bug Fixes - Azure: Fixed dropdowns not showing current value. #22914, @torkelo - BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark - Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo - Reporting: fixes migrations compatibility with mysql (Enterprise) - Reporting: Reduce default concurrency limit to 4 (Enterprise) - Update to 6.7.0: (see installed changelog for the full list of changes) Bug Fixes - AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo - BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark - Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo - Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo - Rich History: UX adjustments and fixes. #22729, @ivanahuckova - Update to 6.7.0-beta1: Breaking changes - Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked. - Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338 - Notice about changes in backendSrv for plugin authors In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv. Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI. To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv. Bug Fixes API: Fix redirect issues. #22285, @papagian Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1 Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek BackendSrv: Fixes POST body for form data. #21714, @hugohaggmark CloudWatch: Credentials cache invalidation fix. #22473, @sunker CloudWatch: Expand alias variables when query yields no result. #22695, @sunker Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo StatPanel: Fixes base color is being used for null values . #22646, @torkelo - Update to version 6.6.2: (see installed changelog for the full list of changes) - Update to version 6.6.1: (see installed changelog for the full list of changes) - Update to version 6.6.0: (see installed changelog for the full list of changes) - Update to version 6.5.3: (see installed changelog for the full list of changes) - Update to version 6.5.2: (see installed changelog for the full list of changes) - Update to version 6.5.1: (see installed changelog for the full list of changes) - Update to version 6.5.0 (see installed changelog for the full list of changes) - Update to version 6.4.5: * Create version 6.4.5 * CloudWatch: Fix high CPU load (#20579) - Add obs-service-go_modules to download required modules into vendor.tar.gz - Adjusted spec file to use vendor.tar.gz - Adjusted Makefile to work with new filenames - BuildRequire go1.14 - Update to version 6.4.4: * DataLinks: Fix blur issues. #19883, @aocenas * Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson * LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen * LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson * Singlestat: Fix no data / null value mapping . #19951, @ryantxu - Revert the spec file and make script - Remove PhantomJS dependency - Update to 6.4.3 * Bug Fixes - Alerting: All notification channels should send even if one fails to send. #19807, @jan25 - AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas - ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal - DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop - DataLinks: Fix url field not releasing focus. #19804, @aocenas - Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas - Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark - Singlestat: Fixed issue with mapping null to text. #19689, @torkelo - @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop - @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang - Update to 6.4.2 * Bug Fixes - CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron - Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark - Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo - Graph: Switching to series mode should re-render graph. #19623, @torkelo - Loki: Fix autocomplete on label values. #19579, @aocenas - Loki: Removes live option for logs panel. #19533, @davkal - Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha - Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark - ShareQuery: Fixed issue when using -- Dashboard -- datasource (to share query result) when dashboard had rows. #19610, @torkelo - Show SAML login button if SAML is enabled. #19591, @papagian - SingleStat: Fixes postfix/prefix usage. #19687, @hugohaggmark - Table: Proper handling of json data with dataframes. #19596, @marefr - Units: Fixed wrong id for Terabits/sec. #19611, @andreaslangnevyjel - Changes from 6.4.1 * Bug Fixes - Provisioning: Fixed issue where empty nested keys in YAML provisioning caused a server crash, #19547 - ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise) - Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise). - Changes from 6.4.0 * Features / Enhancements - Build: Upgrade go to 1.12.10. #19499, @marefr - DataLinks: Suggestions menu improvements. #19396, @dprokop - Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova - Explore: Update broken link to logql docs. #19510, @ivanahuckova - Logs: Adds Logs Panel as a visualization. #19504, @davkal * Bug Fixes - CLI: Fix version selection for plugin install. #19498, @aocenas - Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo - Changes from 6.4.0 Beta 2 * Features / Enhancements - Azure Monitor: Remove support for cross resource queries (#19115)". #19346, @sunker - Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr - Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo - grafana/toolkit: Add plugin creation task. #19207, @dprokop * Bug Fixes - Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark - Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm - Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz - Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo - Database: Rewrite system statistics query to perform better. #19178, @papagian - Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu - MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr - Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh - MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr - MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr - MySQL: Limit datasource error details returned from the backend. #19373, @marefr - Changes from 6.4.0 Beta 1 * Features / Enhancements - API: Readonly datasources should not be created via the API. #19006, @papagian - Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar - Annotations: Add annotations support to Loki. #18949, @aocenas - Annotations: Use a single row to represent a region. #17673, @ryantxu - Auth: Allow inviting existing users when login form is disabled. #19048, @548017 - Azure Monitor: Add support for cross resource queries. #19115, @sunker - CLI: Allow installing custom binary plugins. #17551, @aocenas - Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark - Dashboard: Reuse query results between panels . #16660, @ryantxu - Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod - DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu - DataLinks: Enable access to labels & field names. #18918, @torkelo - DataLinks: Enable multiple data links per panel. #18434, @dprokop - Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech - Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery - Explore: Add throttling when doing live queries. #19085, @aocenas - Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney - Explore: Reduce default time range to last hour. #18212, @davkal - Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu - Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal - Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian - InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code - LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh - Ldap: Add ldap debug page. #18759, @peterholmberg - Loki: Remove prefetching of default label values. #18213, @davkal - Metrics: Add failed alert notifications metric. #18089, @koorgoo - OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon - OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin - Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh - Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati - Plugins: better warning when plugins fail to load. #18671, @ryantxu - Postgres: Add support for scram sha 256 authentication. #18397, @nonamef - RemoteCache: Support SSL with Redis. #18511, @kylebrandt - SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu - Stackdriver: Add extra alignment period options. #18909, @sunker - Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon - Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar * Bug Fixes - Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian - Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt - Alerting: fix response popover prompt when add notification channels. #18967, @lzdw - CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger - Explore: Fix auto completion on label values for Loki. #18988, @aocenas - Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark - Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark - MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold - MSSQL: Fix memory leak when debug enabled. #19049, @briangann - Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt - TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark * Breaking changes + Annotations There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details. + Docker Grafana is now using Alpine 3.10 as docker base image. + HTTP API - GET /api/alert-notifications now requires at least editor access. New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user. - GET /api/alert-notifiers now requires at least editor access - GET /api/org/users now requires org admin role. New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins, admin in any folder or admin of any team. - GET /api/annotations no longer returns regionId property. - POST /api/annotations no longer supports isRegion property. - PUT /api/annotations/:id no longer supports isRegion property. - PATCH /api/annotations/:id no longer supports isRegion property. - DELETE /api/annotations/region/:id has been removed. * Deprecation notes + PhantomJS - PhantomJS, which is used for rendering images of dashboards and panels, is deprecated and will be removed in a future Grafana release. A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use. Please consider migrating from PhantomJS to the Grafana Image Renderer plugin. - Changes from 6.3.6 * Features / Enhancements - Metrics: Adds setting for turning off total stats metrics. #19142, @marefr * Bug Fixes - Database: Rewrite system statistics query to perform better. #19178, @papagian - Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney - Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors. - Add missing directories provisioning/datasources and provisioning/notifiers and sample.yaml as described in packaging/rpm/control from upstream. Missing directories are shown in logfiles. - Version 6.3.5 * Upgrades + Build: Upgrade to go 1.12.9. * Bug Fixes + Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties. + Editor: Fixes issue where only entire lines were being copied. + Explore: Fixes query field layout in splitted view for Safari browsers. + LDAP: multildap + ldap integration. + Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds. + Prometheus: Prevents panel editor crash when switching to Prometheus datasource. + Prometheus: Changes brace-insertion behavior to be less annoying. - Version 6.3.4 * Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use. - Version 6.3.3 * Bug Fixes + Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1 + Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3 + DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1 + DataLinks: Respect timezone when displaying datapoint???s timestamp in graph context menu. #18461 2, @dprokop 1 + DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1 + Explore: Fix loading error for empty queries. #18488 1, @davkal + Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2 + Graphite: Avoid glob of single-value array variables . #18420, @gotjosh + Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3 + Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2 + TimeSeries: Assume values are all numbers. #18540 4, @ryantxu - Version 6.3.2 * Bug Fixes + Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12 - Version 6.3.1 * Bug Fixes + PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2 - Version 6.3.0 * Features / Enhancements + OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3 + Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh + Build grafana images consistently. #18224 12, @hassanfarid + Docs: SAML. #18069 11, @gotjosh + Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas + TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2 + Alerting: Add tags to alert rules. #10989 13, @Thib17 1 + Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng + Alerting: Improve alert rule testing. #16286 2, @marefr + Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25 + Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1 + Auth: Allow expiration of API keys. #17678, @papagian 3 + Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1 + Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1 + AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1 + CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu + Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu + Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax + Data links. #17267 11, @torkelo 2 + Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues??? #17066 5, @bergquist 1 + Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr + Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3 + Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2 + Explore: Adds support for new loki ???start??? and ???end??? params for labels endpoint. #17512, @kaydelaney 2 + Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2 + Explore: Allow switching between metrics and logs . #16959 2, @marefr + Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3 + Explore: Display log lines context . #17097, @dprokop 1 + Explore: Don???t parse log levels if provided by field or label. #17180 1, @marefr + Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2 + Explore: Support for new LogQL filtering syntax. #16674 4, @davkal + Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3 + Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1 + Graph: Added new fill gradient option. #17528 3, @torkelo 2 + GraphPanel: Don???t sort series when legend table & sort column is not visible . #17095, @shavonn 1 + InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3 + Logging: Login and Logout actions (#17760). #17883 1, @ATTron + Logging: Move log package to pkg/infra. #17023, @zhulongcheng + Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1 + MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd + MySQL: Add support for periodically reloading client certs. #14892, @tpetr + Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu + Prometheus: Take timezone into account for step alignment. #17477, @fxmiii + Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246 + Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA + Provisioning: Support folder that doesn???t exist yet in dashboard provisioning. #17407 1, @Nexucis + Refresh picker: Handle empty intervals. #17585 1, @dehrax + Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr + Snapshot: use given key and deleteKey. #16876, @zhulongcheng + Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev + Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad + Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway + Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin * Bug Fixes + PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax + OAuth: Fix ???missing saved state??? OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3 + cli: fix for recognizing when in dev mode??? #18334, @xlson + DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2 + Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2 + PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson + TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2 + Timerange: Fixes a bug where custom time ranges didn???t respect UTC. #18248 1, @kaydelaney 2 + remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke + AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax + CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr + Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr + Explore: Fix browsing back to dashboard panel. #17061, @jschill + Explore: Fix filter by series level in logs graph. #17798, @marefr + Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr + Explore: Fix selection/copy of log lines. #17121, @marefr + Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas + Frontend: Fix for Json tree component not working. #17608, @srid12 + Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2 + Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2 + Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3 + HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25 + InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki + Prometheus: Correctly escape ???|??? literals in interpolated PromQL variables. #16932, @Limess + Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi + SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri - Make phantomjs dependency configurable - Create plugin directory and clean up (create in %install, add to %files) handling of /var/lib/grafana/* and koan: - Calculate relative path for kernel and inited when generating grub entry (bsc#1170231) - Fix os-release version detection for SUSE mgr-cfg: - Remove commented code in test files - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Add mgr manpage links mgr-custom-info: - Bump version to 4.1.0 (bsc#1154940) mgr-daemon: - Bump version to 4.1.0 (bsc#1154940) - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Separate osa-dispatcher and jabberd so it can be disabled independently - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Move /usr/share/rhn/config-defaults to uyuni-base-common - Require uyuni-base-common for /etc/rhn (for osa-dispatcher) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-push: - Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) mgr-virtualization: - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Fix mgr-virtualization timer rhnlib: - Fix building - Fix malformed XML response when data contains non-ASCII chars (bsc#1154968) - Bump version to 4.1.0 (bsc#1154940) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group spacewalk-client-tools: - Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921) - Spell correctly "successful" and "successfully" - Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160) - Replace spacewalk-usix with uyuni-common-libs - Return a non-zero exit status on errors in rhn_check - Bump version to 4.1.0 (bsc#1154940) - Make a explicit requirement to systemd for spacewalk-client-tools when rhnsd timer is installed spacewalk-koan: - Bump version to 4.1.0 (bsc#1154940) - Require commands we use in merge-rd.sh spacewalk-oscap: - Bump version to 4.1.0 (bsc#1154940) spacewalk-remote-utils: - Update spacewalk-create-channel with RHEL 7.7 channel definitions - Bump version to 4.1.0 (bsc#1154940) supportutils-plugin-susemanager-client: - Bump version to 4.1.0 (bsc#1154940) suseRegisterInfo: - SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310) - Bump version to 4.1.0 (bsc#1154940) zypp-plugin-spacewalk: - 1.0.7 - Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2020-1972=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.18.0-3.12.2 grafana-7.0.3-1.9.2 grafana-debuginfo-7.0.3-1.9.2 python3-uyuni-common-libs-4.1.5-1.3.2 uyuni-base-common-4.1.1-1.3.2 - SUSE Manager Tools 15 (noarch): dracut-saltboot-0.1.1590413773.a959db7-1.12.2 koan-2.9.0-4.15.2 mgr-cfg-4.1.2-1.12.4 mgr-cfg-actions-4.1.2-1.12.4 mgr-cfg-client-4.1.2-1.12.4 mgr-cfg-management-4.1.2-1.12.4 mgr-custom-info-4.1.1-1.6.2 mgr-daemon-4.1.1-1.14.2 mgr-osad-4.1.2-1.15.2 mgr-push-4.1.1-1.6.4 mgr-virtualization-host-4.1.1-1.14.2 python3-mgr-cfg-4.1.2-1.12.4 python3-mgr-cfg-actions-4.1.2-1.12.4 python3-mgr-cfg-client-4.1.2-1.12.4 python3-mgr-cfg-management-4.1.2-1.12.4 python3-mgr-osa-common-4.1.2-1.15.2 python3-mgr-osad-4.1.2-1.15.2 python3-mgr-push-4.1.1-1.6.4 python3-mgr-virtualization-common-4.1.1-1.14.2 python3-mgr-virtualization-host-4.1.1-1.14.2 python3-rhnlib-4.1.2-3.16.2 python3-spacewalk-check-4.1.5-3.23.2 python3-spacewalk-client-setup-4.1.5-3.23.2 python3-spacewalk-client-tools-4.1.5-3.23.2 python3-spacewalk-koan-4.1.1-3.9.2 python3-spacewalk-oscap-4.1.1-3.6.3 python3-suseRegisterInfo-4.1.2-3.6.2 python3-zypp-plugin-spacewalk-1.0.7-3.12.2 spacecmd-4.1.4-3.38.2 spacewalk-check-4.1.5-3.23.2 spacewalk-client-setup-4.1.5-3.23.2 spacewalk-client-tools-4.1.5-3.23.2 spacewalk-koan-4.1.1-3.9.2 spacewalk-oscap-4.1.1-3.6.3 spacewalk-remote-utils-4.1.1-3.12.4 supportutils-plugin-susemanager-client-4.1.2-3.9.2 suseRegisterInfo-4.1.2-3.6.2 zypp-plugin-spacewalk-1.0.7-3.12.2 References: https://www.suse.com/security/cve/CVE-2019-10215.html https://www.suse.com/security/cve/CVE-2019-15043.html https://www.suse.com/security/cve/CVE-2020-12245.html https://www.suse.com/security/cve/CVE-2020-13379.html https://bugzilla.suse.com/1113160 https://bugzilla.suse.com/1138822 https://bugzilla.suse.com/1142038 https://bugzilla.suse.com/1148177 https://bugzilla.suse.com/1153090 https://bugzilla.suse.com/1153277 https://bugzilla.suse.com/1154940 https://bugzilla.suse.com/1154968 https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1163871 https://bugzilla.suse.com/1165921 https://bugzilla.suse.com/1168310 https://bugzilla.suse.com/1170231 https://bugzilla.suse.com/1170557 https://bugzilla.suse.com/1170824 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1172462 From sle-security-updates at lists.suse.com Mon Jul 20 23:01:56 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Jul 2020 07:01:56 +0200 (CEST) Subject: SUSE-SU-2020:14430-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20200721050156.EC80DFDE4@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14430-1 Rating: moderate References: #1153090 #1153277 #1154940 #1155372 #1157465 #1159284 #1162327 #1163871 #1165572 #1167437 #1168340 #1169604 #1169800 #1170104 #1170288 #1170595 #1171687 #1171906 #1172075 #1173072 #1174165 Cross-References: CVE-2019-18897 CVE-2020-11651 CVE-2020-11652 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that solves three vulnerabilities and has 18 fixes is now available. Description: This update fixes the following issues: salt: - Require python3-distro only for TW (bsc#1173072) - Various virt backports from 3000.2 - Avoid traceback on debug logging for swarm module (bsc#1172075) - Add publish_batch to ClearFuncs exposed methods - Update to salt version 3000 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Testsuite fix - Add option to enable/disable force refresh for zypper - Python3.8 compatibility changes - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341) (bsc#1170104) - Returns a the list of IPs filtered by the optional network list - Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595) - Do not require vendored backports-abc (bsc#1170288) - Fix partition.mkpart to work without fstype (bsc#1169800) - Enable building and installation for Fedora - Disable python2 build on Tumbleweed We are removing the python2 interpreter from openSUSE (SLE16). As such disable salt building for python2 there. - More robust remote port detection - Sanitize grains loaded from roster_grains.json cache during "state.pkg" - Do not make file.recurse state to fail when msgpack 0.5.4 (bsc#1167437) - Build: Buildequire pkgconfig(systemd) instead of systemd pkgconfig(systemd) is provided by systemd, so this is de-facto no change. But inside the Open Build Service (OBS), the same symbol is also provided by systemd-mini, which exists to shorten build-chains by only enabling what other packages need to successfully build - Add new custom SUSE capability for saltutil state module - Fixes status attribute issue in aptpkg test - Make setup.py script not to require setuptools greater than 9.1 - Loop: fix variable names for until_no_eval - Drop conflictive module.run state patch (bsc#1167437) - Update patches after rebase with upstream v3000 tag (bsc#1167437) - Fix some requirements issues depending on Python3 versions - Removes obsolete patch - Fix for low rpm_lowpkg unit test - Add python-singledispatch as dependency for python2-salt - Virt._get_domain: don't raise an exception if there is no VM - Fix for temp folder definition in loader unit test - Adds test for zypper abbreviation fix - Improved storage pool or network handling - Better import cache handline - Make "salt.ext.tornado.gen" to use "salt.ext.backports_abc" on Python 2 - Fix regression in service states with reload argument - Fix integration test failure for test_mod_del_repo_multiline_values - Fix for unless requisite when pip is not installed - Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation - Fix tornado imports and missing _utils after rebasing patches - Removes unresolved merge conflict in yumpkg module - Use full option name instead of undocumented abbreviation for zypper - Requiring python3-distro only for openSUSE/SLE >= 15 and not for Python 2 builds - Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897) - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327) - RHEL/CentOS 8 uses platform-python instead of python3 - Loader: invalidate the import cachefor extra modules - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Improvements for chroot module - Add option to enable/disable force refresh for zypper - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Fix for TypeError in Tornado importer (bsc#1174165) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202006-14430=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (amd64): python3-systemd-234-2build2 python3-tornado-4.5.3-1ubuntu0.1 python3-zmq-16.0.2-2build2 - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-3000+ds-1+48.1 salt-minion-3000+ds-1+48.1 spacecmd-4.1.4-5.2 References: https://www.suse.com/security/cve/CVE-2019-18897.html https://www.suse.com/security/cve/CVE-2020-11651.html https://www.suse.com/security/cve/CVE-2020-11652.html https://bugzilla.suse.com/1153090 https://bugzilla.suse.com/1153277 https://bugzilla.suse.com/1154940 https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1157465 https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1162327 https://bugzilla.suse.com/1163871 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1167437 https://bugzilla.suse.com/1168340 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1169800 https://bugzilla.suse.com/1170104 https://bugzilla.suse.com/1170288 https://bugzilla.suse.com/1170595 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1171906 https://bugzilla.suse.com/1172075 https://bugzilla.suse.com/1173072 https://bugzilla.suse.com/1174165 From sle-security-updates at lists.suse.com Mon Jul 20 23:21:45 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Jul 2020 07:21:45 +0200 (CEST) Subject: SUSE-SU-2020:14429-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20200721052145.350FAFDE4@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14429-1 Rating: moderate References: #1153090 #1153277 #1154940 #1155372 #1157465 #1159284 #1162327 #1163871 #1165572 #1167437 #1168340 #1169604 #1169800 #1170104 #1170288 #1170595 #1171687 #1171906 #1172075 #1173072 #1174165 Cross-References: CVE-2019-18897 CVE-2020-11651 CVE-2020-11652 Affected Products: SUSE Manager Ubuntu 16.04-CLIENT-TOOLS ______________________________________________________________________________ An update that solves three vulnerabilities and has 18 fixes is now available. Description: This update fixes the following issues: salt: - Require python3-distro only for TW (bsc#1173072) - Various virt backports from 3000.2 - Avoid traceback on debug logging for swarm module (bsc#1172075) - Add publish_batch to ClearFuncs exposed methods - Update to salt version 3000 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Testsuite fix - Add option to enable/disable force refresh for zypper - Python3.8 compatibility changes - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341) (bsc#1170104) - Returns a the list of IPs filtered by the optional network list - Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595) - Do not require vendored backports-abc (bsc#1170288) - Fix partition.mkpart to work without fstype (bsc#1169800) - Enable building and installation for Fedora - Disable python2 build on Tumbleweed We are removing the python2 interpreter from openSUSE (SLE16). As such disable salt building for python2 there. - More robust remote port detection - Sanitize grains loaded from roster_grains.json cache during "state.pkg" - Do not make file.recurse state to fail when msgpack 0.5.4 (bsc#1167437) - Build: Buildequire pkgconfig(systemd) instead of systemd pkgconfig(systemd) is provided by systemd, so this is de-facto no change. But inside the Open Build Service (OBS), the same symbol is also provided by systemd-mini, which exists to shorten build-chains by only enabling what other packages need to successfully build - Add new custom SUSE capability for saltutil state module - Fixes status attribute issue in aptpkg test - Make setup.py script not to require setuptools greater than 9.1 - Loop: fix variable names for until_no_eval - Drop conflictive module.run state patch (bsc#1167437) - Update patches after rebase with upstream v3000 tag (bsc#1167437) - Fix some requirements issues depending on Python3 versions - Removes obsolete patch - Fix for low rpm_lowpkg unit test - Add python-singledispatch as dependency for python2-salt - Virt._get_domain: don't raise an exception if there is no VM - Fix for temp folder definition in loader unit test - Adds test for zypper abbreviation fix - Improved storage pool or network handling - Better import cache handline - Make "salt.ext.tornado.gen" to use "salt.ext.backports_abc" on Python 2 - Fix regression in service states with reload argument - Fix integration test failure for test_mod_del_repo_multiline_values - Fix for unless requisite when pip is not installed - Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation - Fix tornado imports and missing _utils after rebasing patches - Removes unresolved merge conflict in yumpkg module - Use full option name instead of undocumented abbreviation for zypper - Requiring python3-distro only for openSUSE/SLE >= 15 and not for Python 2 builds - Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897) - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327) - RHEL/CentOS 8 uses platform-python instead of python3 - Loader: invalidate the import cachefor extra modules - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Improvements for chroot module - Add option to enable/disable force refresh for zypper - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Fix for TypeError in Tornado importer (bsc#1174165) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS: zypper in -t patch suse-ubu164ct-client-tools-202006-14429=1 Package List: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS (all): salt-common-3000+ds-1+47.1 salt-minion-3000+ds-1+47.1 spacecmd-4.1.4-5.2 References: https://www.suse.com/security/cve/CVE-2019-18897.html https://www.suse.com/security/cve/CVE-2020-11651.html https://www.suse.com/security/cve/CVE-2020-11652.html https://bugzilla.suse.com/1153090 https://bugzilla.suse.com/1153277 https://bugzilla.suse.com/1154940 https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1157465 https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1162327 https://bugzilla.suse.com/1163871 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1167437 https://bugzilla.suse.com/1168340 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1169800 https://bugzilla.suse.com/1170104 https://bugzilla.suse.com/1170288 https://bugzilla.suse.com/1170595 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1171906 https://bugzilla.suse.com/1172075 https://bugzilla.suse.com/1173072 https://bugzilla.suse.com/1174165 From sle-security-updates at lists.suse.com Mon Jul 20 23:24:46 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Jul 2020 07:24:46 +0200 (CEST) Subject: SUSE-SU-2020:1973-1: moderate: Security update for Salt Message-ID: <20200721052446.C15F5FDE4@maintenance.suse.de> SUSE Security Update: Security update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1973-1 Rating: moderate References: #1157465 #1159284 #1162327 #1165572 #1167437 #1168340 #1169604 #1169800 #1170104 #1170288 #1170595 #1171906 #1172075 #1173072 #1174165 Cross-References: CVE-2019-18897 CVE-2020-11651 CVE-2020-11652 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves three vulnerabilities and has 12 fixes is now available. Description: This update fixes the following issues: salt: - Fix for TypeError in Tornado importer (bsc#1174165) - Require python3-distro only for TW (bsc#1173072) - Various virt backports from 3000.2 - Avoid traceback on debug logging for swarm module (bsc#1172075) - Add publish_batch to ClearFuncs exposed methods - Update to salt version 3000 See release notes: https://docs.saltstack.com/en/latest/topics/releases/3000.html - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Testsuite fix - Add option to enable/disable force refresh for zypper - Python3.8 compatibility changes - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341) (bsc#1170104) - Returns a the list of IPs filtered by the optional network list - Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595) - Do not require vendored backports-abc (bsc#1170288) - Fix partition.mkpart to work without fstype (bsc#1169800) - Enable building and installation for Fedora - Disable python2 build on Tumbleweed We are removing the python2 interpreter from openSUSE (SLE16). As such disable salt building for python2 there. - More robust remote port detection - Sanitize grains loaded from roster_grains.json cache during "state.pkg" - Do not make file.recurse state to fail when msgpack 0.5.4 (bsc#1167437) - Build: Buildequire pkgconfig(systemd) instead of systemd pkgconfig(systemd) is provided by systemd, so this is de-facto no change. But inside the Open Build Service (OBS), the same symbol is also provided by systemd-mini, which exists to shorten build-chains by only enabling what other packages need to successfully build - Add new custom SUSE capability for saltutil state module - Fixes status attribute issue in aptpkg test - Make setup.py script not to require setuptools greater than 9.1 - Loop: fix variable names for until_no_eval - Drop conflictive module.run state patch (bsc#1167437) - Update patches after rebase with upstream v3000 tag (bsc#1167437) - Fix some requirements issues depending on Python3 versions - Removes obsolete patch - Fix for low rpm_lowpkg unit test - Add python-singledispatch as dependency for python2-salt - Virt._get_domain: don't raise an exception if there is no VM - Fix for temp folder definition in loader unit test - Adds test for zypper abbreviation fix - Improved storage pool or network handling - Better import cache handline - Make "salt.ext.tornado.gen" to use "salt.ext.backports_abc" on Python 2 - Fix regression in service states with reload argument - Fix integration test failure for test_mod_del_repo_multiline_values - Fix for unless requisite when pip is not installed - Fix errors from unit tests due NO_MOCK and NO_MOCK_REASON deprecation - Fix tornado imports and missing _utils after rebasing patches - Removes unresolved merge conflict in yumpkg module - Use full option name instead of undocumented abbreviation for zypper - Requiring python3-distro only for openSUSE/SLE >= 15 and not for Python 2 builds - Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897) - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327) - RHEL/CentOS 8 uses platform-python instead of python3 - Loader: invalidate the import cachefor extra modules - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Improvements for chroot module - Add option to enable/disable force refresh for zypper - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1973=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1973=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1973=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1973=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python2-salt-3000-5.78.1 python3-salt-3000-5.78.1 salt-3000-5.78.1 salt-api-3000-5.78.1 salt-cloud-3000-5.78.1 salt-doc-3000-5.78.1 salt-master-3000-5.78.1 salt-minion-3000-5.78.1 salt-proxy-3000-5.78.1 salt-ssh-3000-5.78.1 salt-standalone-formulas-configuration-3000-5.78.1 salt-syndic-3000-5.78.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): salt-bash-completion-3000-5.78.1 salt-fish-completion-3000-5.78.1 salt-zsh-completion-3000-5.78.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python2-salt-3000-5.78.1 python3-salt-3000-5.78.1 salt-3000-5.78.1 salt-api-3000-5.78.1 salt-cloud-3000-5.78.1 salt-doc-3000-5.78.1 salt-master-3000-5.78.1 salt-minion-3000-5.78.1 salt-proxy-3000-5.78.1 salt-ssh-3000-5.78.1 salt-standalone-formulas-configuration-3000-5.78.1 salt-syndic-3000-5.78.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): salt-bash-completion-3000-5.78.1 salt-fish-completion-3000-5.78.1 salt-zsh-completion-3000-5.78.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python2-salt-3000-5.78.1 python3-salt-3000-5.78.1 salt-3000-5.78.1 salt-api-3000-5.78.1 salt-cloud-3000-5.78.1 salt-doc-3000-5.78.1 salt-master-3000-5.78.1 salt-minion-3000-5.78.1 salt-proxy-3000-5.78.1 salt-ssh-3000-5.78.1 salt-standalone-formulas-configuration-3000-5.78.1 salt-syndic-3000-5.78.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): salt-bash-completion-3000-5.78.1 salt-fish-completion-3000-5.78.1 salt-zsh-completion-3000-5.78.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python2-salt-3000-5.78.1 python3-salt-3000-5.78.1 salt-3000-5.78.1 salt-api-3000-5.78.1 salt-cloud-3000-5.78.1 salt-doc-3000-5.78.1 salt-master-3000-5.78.1 salt-minion-3000-5.78.1 salt-proxy-3000-5.78.1 salt-ssh-3000-5.78.1 salt-standalone-formulas-configuration-3000-5.78.1 salt-syndic-3000-5.78.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): salt-bash-completion-3000-5.78.1 salt-fish-completion-3000-5.78.1 salt-zsh-completion-3000-5.78.1 References: https://www.suse.com/security/cve/CVE-2019-18897.html https://www.suse.com/security/cve/CVE-2020-11651.html https://www.suse.com/security/cve/CVE-2020-11652.html https://bugzilla.suse.com/1157465 https://bugzilla.suse.com/1159284 https://bugzilla.suse.com/1162327 https://bugzilla.suse.com/1165572 https://bugzilla.suse.com/1167437 https://bugzilla.suse.com/1168340 https://bugzilla.suse.com/1169604 https://bugzilla.suse.com/1169800 https://bugzilla.suse.com/1170104 https://bugzilla.suse.com/1170288 https://bugzilla.suse.com/1170595 https://bugzilla.suse.com/1171906 https://bugzilla.suse.com/1172075 https://bugzilla.suse.com/1173072 https://bugzilla.suse.com/1174165 From sle-security-updates at lists.suse.com Tue Jul 21 04:13:08 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Jul 2020 12:13:08 +0200 (CEST) Subject: SUSE-SU-2020:1984-1: moderate: Security update for openexr Message-ID: <20200721101308.2E9A0FC39@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1984-1 Rating: moderate References: #1173466 #1173467 #1173469 Cross-References: CVE-2020-15304 CVE-2020-15305 CVE-2020-15306 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openexr fixes the following issues: - CVE-2020-15304: Fixed a NULL pointer dereference in TiledInputFile:TiledInputFile() (bsc#1173466). - CVE-2020-15305: Fixed a use-after-free in DeepScanLineInputFile:DeepScanLineInputFile() (bsc#1173467). - CVE-2020-15306: Fixed a heap buffer overflow in getChunkOffsetTableSize() (bsc#1173469). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-1984=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1984=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1984=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libIlmImf-Imf_2_1-21-32bit-2.1.0-6.23.1 libIlmImf-Imf_2_1-21-debuginfo-32bit-2.1.0-6.23.1 openexr-debugsource-2.1.0-6.23.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openexr-debuginfo-2.1.0-6.23.1 openexr-debugsource-2.1.0-6.23.1 openexr-devel-2.1.0-6.23.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.23.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.23.1 openexr-2.1.0-6.23.1 openexr-debuginfo-2.1.0-6.23.1 openexr-debugsource-2.1.0-6.23.1 References: https://www.suse.com/security/cve/CVE-2020-15304.html https://www.suse.com/security/cve/CVE-2020-15305.html https://www.suse.com/security/cve/CVE-2020-15306.html https://bugzilla.suse.com/1173466 https://bugzilla.suse.com/1173467 https://bugzilla.suse.com/1173469 From sle-security-updates at lists.suse.com Tue Jul 21 04:14:03 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 21 Jul 2020 12:14:03 +0200 (CEST) Subject: SUSE-SU-2020:1983-1: important: Security update for tomcat Message-ID: <20200721101403.63F60FC39@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1983-1 Rating: important References: #1173389 Cross-References: CVE-2020-11996 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: Tomcat was updated to 9.0.36 See changelog at - CVE-2020-11996: Fixed an issue which by sending a specially crafted sequence of HTTP/2 requests could have triggered high CPU usage for several seconds making potentially the server unresponsive (bsc#1173389). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-1983=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): tomcat-9.0.36-3.3.1 tomcat-admin-webapps-9.0.36-3.3.1 tomcat-el-3_0-api-9.0.36-3.3.1 tomcat-jsp-2_3-api-9.0.36-3.3.1 tomcat-lib-9.0.36-3.3.1 tomcat-servlet-4_0-api-9.0.36-3.3.1 tomcat-webapps-9.0.36-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-11996.html https://bugzilla.suse.com/1173389 From sle-security-updates at lists.suse.com Tue Jul 21 16:13:58 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Jul 2020 00:13:58 +0200 (CEST) Subject: SUSE-SU-2020:1991-1: important: Security update for xrdp Message-ID: <20200721221358.40B3BFC39@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1991-1 Rating: important References: #1173580 Cross-References: CVE-2020-4044 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xrdp fixes the following issues: - Security fixes (bsc#1173580, CVE-2020-4044): + Add patches: * xrdp-cve-2020-4044-fix-0.patch * xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: * xrdp-fate318398-change-expired-password.patch - Update patch: + xrdp-Allow-sessions-with-32-bpp.patch.patch Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1991=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1991=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1991=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1991=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1991=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1991=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1991=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1991=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1991=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-1991=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1991=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE OpenStack Cloud 9 (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE OpenStack Cloud 8 (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 - HPE Helion Openstack 8 (x86_64): xrdp-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.27.1 xrdp-debugsource-0.9.0~git.1456906198.f422461-21.27.1 References: https://www.suse.com/security/cve/CVE-2020-4044.html https://bugzilla.suse.com/1173580 From sle-security-updates at lists.suse.com Tue Jul 21 16:16:49 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Jul 2020 00:16:49 +0200 (CEST) Subject: SUSE-SU-2020:1990-1: important: Security update for webkit2gtk3 Message-ID: <20200721221649.B4B0BFC39@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1990-1 Rating: important References: #1173998 Cross-References: CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 (bsc#1173998): + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1990=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1990=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-1990=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1990=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1990=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1990=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.28.3-3.57.2 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2 libwebkit2gtk-4_0-37-2.28.3-3.57.2 libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2 webkit2gtk3-debugsource-2.28.3-3.57.2 webkit2gtk3-devel-2.28.3-3.57.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): libwebkit2gtk3-lang-2.28.3-3.57.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libjavascriptcoregtk-4_0-18-2.28.3-3.57.2 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2 libwebkit2gtk-4_0-37-2.28.3-3.57.2 libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2 webkit2gtk3-debugsource-2.28.3-3.57.2 webkit2gtk3-devel-2.28.3-3.57.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): libwebkit2gtk3-lang-2.28.3-3.57.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.28.3-3.57.2 typelib-1_0-WebKit2-4_0-2.28.3-3.57.2 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-3.57.2 webkit2gtk3-debugsource-2.28.3-3.57.2 webkit2gtk3-devel-2.28.3-3.57.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.3-3.57.2 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2 libwebkit2gtk-4_0-37-2.28.3-3.57.2 libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2 webkit2gtk3-debugsource-2.28.3-3.57.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libwebkit2gtk3-lang-2.28.3-3.57.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.28.3-3.57.2 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2 libwebkit2gtk-4_0-37-2.28.3-3.57.2 libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2 webkit2gtk3-debugsource-2.28.3-3.57.2 webkit2gtk3-devel-2.28.3-3.57.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libwebkit2gtk3-lang-2.28.3-3.57.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.28.3-3.57.2 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.57.2 libwebkit2gtk-4_0-37-2.28.3-3.57.2 libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-2.28.3-3.57.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.57.2 webkit2gtk3-debugsource-2.28.3-3.57.2 webkit2gtk3-devel-2.28.3-3.57.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libwebkit2gtk3-lang-2.28.3-3.57.2 References: https://www.suse.com/security/cve/CVE-2020-13753.html https://www.suse.com/security/cve/CVE-2020-9802.html https://www.suse.com/security/cve/CVE-2020-9803.html https://www.suse.com/security/cve/CVE-2020-9805.html https://www.suse.com/security/cve/CVE-2020-9806.html https://www.suse.com/security/cve/CVE-2020-9807.html https://www.suse.com/security/cve/CVE-2020-9843.html https://www.suse.com/security/cve/CVE-2020-9850.html https://bugzilla.suse.com/1173998 From sle-security-updates at lists.suse.com Tue Jul 21 19:12:50 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Jul 2020 03:12:50 +0200 (CEST) Subject: SUSE-SU-2020:1992-1: important: Security update for webkit2gtk3 Message-ID: <20200722011250.6CC39FC39@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1992-1 Rating: important References: #1173998 Cross-References: CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 (bsc#1173998): + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-1992=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-1992=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.28.3-3.3.1 typelib-1_0-WebKit2-4_0-2.28.3-3.3.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-3.3.1 webkit2gtk3-debugsource-2.28.3-3.3.1 webkit2gtk3-devel-2.28.3-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.3-3.3.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-3.3.1 libwebkit2gtk-4_0-37-2.28.3-3.3.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-3.3.1 webkit2gtk-4_0-injected-bundles-2.28.3-3.3.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-3.3.1 webkit2gtk3-debugsource-2.28.3-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libwebkit2gtk3-lang-2.28.3-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-13753.html https://www.suse.com/security/cve/CVE-2020-9802.html https://www.suse.com/security/cve/CVE-2020-9803.html https://www.suse.com/security/cve/CVE-2020-9805.html https://www.suse.com/security/cve/CVE-2020-9806.html https://www.suse.com/security/cve/CVE-2020-9807.html https://www.suse.com/security/cve/CVE-2020-9843.html https://www.suse.com/security/cve/CVE-2020-9850.html https://bugzilla.suse.com/1173998 From sle-security-updates at lists.suse.com Wed Jul 22 13:12:50 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Jul 2020 21:12:50 +0200 (CEST) Subject: SUSE-SU-2020:2009-1: moderate: Security update for vino Message-ID: <20200722191250.17244FDE4@maintenance.suse.de> SUSE Security Update: Security update for vino ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2009-1 Rating: moderate References: #1155419 Cross-References: CVE-2019-15681 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for vino fixes the following issues: - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2009=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): vino-3.22.0-3.6.76 vino-debuginfo-3.22.0-3.6.76 vino-debugsource-3.22.0-3.6.76 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): vino-lang-3.22.0-3.6.76 References: https://www.suse.com/security/cve/CVE-2019-15681.html https://bugzilla.suse.com/1155419 From sle-security-updates at lists.suse.com Wed Jul 22 13:13:33 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 22 Jul 2020 21:13:33 +0200 (CEST) Subject: SUSE-SU-2020:2008-1: important: Security update for java-11-openjdk Message-ID: <20200722191333.15C0DFDE4@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2008-1 Rating: important References: #1174157 Cross-References: CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.8+10 (July 2020 CPU, bsc#1174157) * Security fixes: + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming + JDK-8233239, CVE-2020-14562: Enhance TIFF support + JDK-8233255: Better Swing Buttons + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236867, CVE-2020-14573: Enhance Graal interface handling + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238013: Enhance String writing + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240482: Improved WAV file playback + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling * Other changes: + JDK-6933331: (d3d/ogl) java.lang.IllegalStateException: Buffers have not been created + JDK-7124307: JSpinner and changing value by mouse + JDK-8022574: remove HaltNode code after uncommon trap calls + JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails + JDK-8040630: Popup menus and tooltips flicker with previous popup contents when first shown + JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9) + JDK-8048215: [TESTBUG] java/lang/management/ManagementFactory/ThreadMXBeanProxy.java Expected non-null LockInfo + JDK-8051349: nsk/jvmti/scenarios/sampling/SP06/sp06t003 fails in nightly + JDK-8080353: JShell: Better error message on attempting to add default method + JDK-8139876: Exclude hanging nsk/stress/stack from execution with deoptimization enabled + JDK-8146090: java/lang/ref/ReachabilityFenceTest.java fails with -XX:+DeoptimizeALot + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8156207: Resource allocated BitMaps are often cleared unnecessarily + JDK-8159740: JShell: corralled declarations do not have correct source to wrapper mapping + JDK-8175984: ICC_Profile has un-needed, not-empty finalize method + JDK-8176359: Frame#setMaximizedbounds not working properly in multi screen environments + JDK-8183369: RFC unconformity of HttpURLConnection with proxy + JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT + JDK-8189861: Refactor CacheFind + JDK-8191169: java/net/Authenticator/B4769350.java failed intermittently + JDK-8191930: [Graal] emits unparseable XML into compile log + JDK-8193879: Java debugger hangs on method invocation + JDK-8196019: java/awt/Window/Grab/GrabTest.java fails on Windows + JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails + JDK-8198000: java/awt/List/EmptyListEventTest/EmptyListEventTest.java debug assert on Windows + JDK-8198001: java/awt/Menu/WrongParentAfterRemoveMenu/ /WrongParentAfterRemoveMenu.java debug assert on Windows + JDK-8198339: Test javax/swing/border/Test6981576.java is unstable + JDK-8200701: jdk/jshell/ExceptionsTest.java fails on Windows, after JDK-8198801 + JDK-8203264: JNI exception pending in PlainDatagramSocketImpl.c:740 + JDK-8203672: JNI exception pending in PlainSocketImpl.c + JDK-8203673: JNI exception pending in DualStackPlainDatagramSocketImpl.c:398 + JDK-8204834: Fix confusing "allocate" naming in OopStorage + JDK-8205399: Set node color on pinned HashMap.TreeNode deletion + JDK-8205653: test/jdk/sun/management/jmxremote/bootstrap/ /RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with handshake_failure + JDK-8206179: com/sun/management/OperatingSystemMXBean/ /GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value + JDK-8207334: VM times out in VM_HandshakeAllThreads::doit() with RunThese30M + JDK-8208277: Code cache heap (-XX:ReservedCodeCacheSize) doesn't work with 1GB LargePages Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2008=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.8.0-3.12.1 java-11-openjdk-debuginfo-11.0.8.0-3.12.1 java-11-openjdk-debugsource-11.0.8.0-3.12.1 java-11-openjdk-demo-11.0.8.0-3.12.1 java-11-openjdk-devel-11.0.8.0-3.12.1 java-11-openjdk-headless-11.0.8.0-3.12.1 References: https://www.suse.com/security/cve/CVE-2020-14556.html https://www.suse.com/security/cve/CVE-2020-14562.html https://www.suse.com/security/cve/CVE-2020-14573.html https://www.suse.com/security/cve/CVE-2020-14577.html https://www.suse.com/security/cve/CVE-2020-14581.html https://www.suse.com/security/cve/CVE-2020-14583.html https://www.suse.com/security/cve/CVE-2020-14593.html https://www.suse.com/security/cve/CVE-2020-14621.html https://bugzilla.suse.com/1174157 From sle-security-updates at lists.suse.com Thu Jul 23 04:21:53 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Jul 2020 12:21:53 +0200 (CEST) Subject: SUSE-SU-2020:2015-1: important: Security update for qemu Message-ID: <20200723102153.3F14DFF0B@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2015-1 Rating: important References: #1172383 #1172384 #1172386 #1172495 #1172710 Cross-References: CVE-2020-10761 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13800 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for qemu to version 4.2.1 fixes the following issues: - CVE-2020-10761: Fixed a denial of service in Network Block Device (nbd) support infrastructure (bsc#1172710). - CVE-2020-13800: Fixed a denial of service possibility in ati-vga emulation (bsc#1172495). - CVE-2020-13659: Fixed a null pointer dereference possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172386). - CVE-2020-13362: Fixed an OOB access possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172383). - CVE-2020-13361: Fixed an OOB access possibility in ES1370 audio device emulation (bsc#1172384). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2015=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2015=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): qemu-4.2.1-11.4.4 qemu-block-curl-4.2.1-11.4.4 qemu-block-curl-debuginfo-4.2.1-11.4.4 qemu-block-iscsi-4.2.1-11.4.4 qemu-block-iscsi-debuginfo-4.2.1-11.4.4 qemu-block-rbd-4.2.1-11.4.4 qemu-block-rbd-debuginfo-4.2.1-11.4.4 qemu-block-ssh-4.2.1-11.4.4 qemu-block-ssh-debuginfo-4.2.1-11.4.4 qemu-debuginfo-4.2.1-11.4.4 qemu-debugsource-4.2.1-11.4.4 qemu-guest-agent-4.2.1-11.4.4 qemu-guest-agent-debuginfo-4.2.1-11.4.4 qemu-lang-4.2.1-11.4.4 qemu-ui-spice-app-4.2.1-11.4.4 qemu-ui-spice-app-debuginfo-4.2.1-11.4.4 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x x86_64): qemu-kvm-4.2.1-11.4.4 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64): qemu-arm-4.2.1-11.4.4 qemu-arm-debuginfo-4.2.1-11.4.4 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (ppc64le): qemu-ppc-4.2.1-11.4.4 qemu-ppc-debuginfo-4.2.1-11.4.4 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): qemu-ipxe-1.0.0+-11.4.4 qemu-microvm-4.2.1-11.4.4 qemu-seabios-1.12.1+-11.4.4 qemu-sgabios-8-11.4.4 qemu-vgabios-1.12.1+-11.4.4 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): qemu-audio-alsa-4.2.1-11.4.4 qemu-audio-alsa-debuginfo-4.2.1-11.4.4 qemu-audio-pa-4.2.1-11.4.4 qemu-audio-pa-debuginfo-4.2.1-11.4.4 qemu-ui-curses-4.2.1-11.4.4 qemu-ui-curses-debuginfo-4.2.1-11.4.4 qemu-ui-gtk-4.2.1-11.4.4 qemu-ui-gtk-debuginfo-4.2.1-11.4.4 qemu-x86-4.2.1-11.4.4 qemu-x86-debuginfo-4.2.1-11.4.4 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (s390x): qemu-s390-4.2.1-11.4.4 qemu-s390-debuginfo-4.2.1-11.4.4 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-4.2.1-11.4.4 qemu-debugsource-4.2.1-11.4.4 qemu-tools-4.2.1-11.4.4 qemu-tools-debuginfo-4.2.1-11.4.4 References: https://www.suse.com/security/cve/CVE-2020-10761.html https://www.suse.com/security/cve/CVE-2020-13361.html https://www.suse.com/security/cve/CVE-2020-13362.html https://www.suse.com/security/cve/CVE-2020-13659.html https://www.suse.com/security/cve/CVE-2020-13800.html https://bugzilla.suse.com/1172383 https://bugzilla.suse.com/1172384 https://bugzilla.suse.com/1172386 https://bugzilla.suse.com/1172495 https://bugzilla.suse.com/1172710 From sle-security-updates at lists.suse.com Thu Jul 23 10:14:20 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Jul 2020 18:14:20 +0200 (CEST) Subject: SUSE-SU-2020:2027-1: important: Security update for the Linux Kernel Message-ID: <20200723161420.84C34FC39@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2027-1 Rating: important References: #1058115 #1065729 #1071995 #1085030 #1148868 #1152472 #1152489 #1153274 #1154353 #1154492 #1155518 #1155798 #1156395 #1157169 #1158050 #1158242 #1158265 #1158748 #1158765 #1158983 #1159781 #1159867 #1160947 #1161495 #1162002 #1162063 #1162400 #1162702 #1164648 #1164777 #1164780 #1165211 #1165975 #1166985 #1167104 #1167651 #1167773 #1168230 #1168779 #1168838 #1169021 #1169094 #1169194 #1169514 #1169681 #1170011 #1170284 #1170442 #1170617 #1170774 #1170879 #1170891 #1170895 #1171150 #1171189 #1171191 #1171219 #1171220 #1171246 #1171417 #1171513 #1171529 #1171530 #1171662 #1171688 #1171699 #1171732 #1171739 #1171743 #1171759 #1171828 #1171868 #1171904 #1171915 #1171982 #1171983 #1172017 #1172046 #1172061 #1172062 #1172063 #1172064 #1172065 #1172066 #1172067 #1172068 #1172069 #1172073 #1172086 #1172095 #1172169 #1172170 #1172208 #1172223 #1172342 #1172343 #1172344 #1172365 #1172366 #1172374 #1172391 #1172393 #1172394 #1172453 #1172458 #1172467 #1172484 #1172537 #1172543 #1172687 #1172719 #1172739 #1172751 #1172759 #1172775 #1172781 #1172782 #1172783 #1172814 #1172823 #1172841 #1172871 #1172938 #1172939 #1172940 #1172956 #1172983 #1172984 #1172985 #1172986 #1172987 #1172988 #1172989 #1172990 #1172999 #1173060 #1173068 #1173085 #1173139 #1173206 #1173271 #1173280 #1173284 #1173428 #1173438 #1173461 #1173514 #1173552 #1173573 #1173625 #1173746 #1173776 #1173817 #1173818 #1173820 #1173822 #1173823 #1173824 #1173825 #1173826 #1173827 #1173828 #1173830 #1173831 #1173832 #1173833 #1173834 #1173836 #1173837 #1173838 #1173839 #1173841 #1173843 #1173844 #1173845 #1173847 #1173860 #1173894 #1174018 #1174244 #1174345 Cross-References: CVE-2019-19462 CVE-2019-20810 CVE-2019-20812 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-12656 CVE-2020-12769 CVE-2020-12771 CVE-2020-12888 CVE-2020-13143 CVE-2020-13974 CVE-2020-14416 CVE-2020-15393 CVE-2020-15780 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves 19 vulnerabilities and has 162 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15780: A lockdown bypass for loading unsigned modules using ACPI table injection was fixed. (bsc#1173573) - CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-12771: An issue was discovered in btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868). - CVE-2020-10773: Fixed a memory leak on s390/s390x, in the cmm_timeout_hander in file arch/s390/mm/cmm.c (bnc#1172999). - CVE-2020-14416: Fixed a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783). - CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781). - CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782). - CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775). - CVE-2019-20810: Fixed a memory leak in go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c because it did not call snd_card_free for a failure path (bnc#1172458). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c could result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3 (bnc#1172453). - CVE-2019-19462: relay_open in kernel/relay.c in the Linux kernel allowed local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result (bnc#1158265). - CVE-2020-10732: A flaw was found in the implementation of Userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-12656: Fixed a memory leak in gss_mech_free in the rpcsec_gss_krb5 implementation, caused by a lack of certain domain_release calls (bnc#1171219). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem in versions This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-12769: An issue was discovered in drivers/spi/spi-dw.c allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bnc#1171983). - CVE-2020-13143: gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c relies on kstrdup without considering the possibility of an internal '\0' value, which allowed attackers to trigger an out-of-bounds read (bnc#1171982). The following non-security bugs were fixed: - ACPICA: Fixes for acpiExec namespace init file (git-fixes). - ACPI: configfs: Disallow loading ACPI tables when locked down (git-fixes). - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() (git-fixes). - ACPI: GED: add support for _Exx / _Lxx handler methods (git-fixes). - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling (git-fixes). - ACPI: PM: Avoid using power resources if there are none for D0 (git-fixes). - ACPI: sysfs: Fix pm_profile_attr type (git-fixes). - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() (git-fixes). - Add a GIT commit ID of already cherry-picked x86/platform patch - Add cherry-picked ID to the already applied pinctrl patch - af_unix: add compat_ioctl support (git-fixes). - agp/intel: Reinforce the barrier after GTT updates (git-fixes). - aio: fix async fsync creds (bsc#1173828). - ALSA: emu10k1: delete an unnecessary condition (git-fixes). - ALSA: es1688: Add the missed snd_card_free() (git-fixes). - ALSA: fireface: fix configuration error for nominal sampling transfer frequency (git-fixes). - ALSA: firewire-lib: fix invalid assignment to union data for directional parameter (git-fixes). - ALSA: hda: Add ElkhartLake HDMI codec vid (git-fixes). - ALSA: hda: add member to store ratio for stripe control (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: add sienna_cichlid audio asic id for sienna_cichlid up (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later (git-fixes). - ALSA: hda/hdmi: improve debug traces for stream lookups (git-fixes). - ALSA: hda - let hs_mic be picked ahead of hp_mic (git-fixes). - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround (bsc#1172017). - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines (git-fixes). - ALSA: hda/realtek - Add LED class support for micmute LED (git-fixes). - ALSA: hda/realtek - Add more fixup entries for Clevo machines (git-fixes). - ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC287 (git-fixes). - ALSA: hda/realtek - Add quirk for MSI GE63 laptop (git-fixes). - ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC (git-fixes). - ALSA: hda/realtek - Enable micmute LED on and HP system (git-fixes). - ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id (git-fixes). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme (git-fixes). - ALSA: hda/realtek - Fix unused variable warning w/o CONFIG_LEDS_TRIGGER_AUDIO (git-fixes). - ALSA: hda/realtek - Introduce polarity for micmute LED GPIO (git-fixes). - ALSA: hda/tegra: correct number of SDO lines for Tegra194 (git-fixes). - ALSA: hda/tegra: workaround playback failure on Tegra194 (git-fixes). - ALSA: hwdep: fix a left shifting 1 by 31 UB bug (git-fixes). - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: opl3: fix infoleak in opl3 (git-fixes). - ALSA: pcm: disallow linking stream to itself (git-fixes). - ALSA: pcm: fix incorrect hw_base increase (git-fixes). - ALSA: pcm: fix snd_pcm_link() lockdep splat (git-fixes). - ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RTX6001 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for SSL2+ (git-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-900NXS2 support (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for MacroSilicon MS2109 (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock (git-fixes). - ALSA: usb-audio: Clean up quirk entries with macros (git-fixes). - ALSA: usb-audio: Fix a limit check in proc_dump_substream_formats() (git-fixes). - ALSA: usb-audio: Fix inconsistent card PM state after resume (git-fixes). - ALSA: usb-audio: fixing upper volume limit for RME Babyface Pro routing crosspoints (git-fixes). - ALSA: usb-audio: Fixing usage of plain int instead of NULL (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix packet size calculation (bsc#1173847). - ALSA: usb-audio: Fix potential use-after-free of streams (git-fixes). - ALSA: usb-audio: Fix racy list management in output queue (git-fixes). - ALSA: usb-audio: Improve frames size computation (git-fixes). - ALSA: usb-audio: Manage auto-pm of all bundled interfaces (git-fixes). - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC (git-fixes). - ALSA: usb-audio: Print more information in stream proc files (git-fixes). - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio (git-fixes). - ALSA: usb-audio: Remove async workaround for Scarlett 2nd gen (git-fixes). - ALSA: usb-audio: Replace s/frame/packet/ where appropriate (git-fixes). - ALSA: usb-audio: RME Babyface Pro mixer patch (git-fixes). - ALSA: usb-audio: Use the new macro for HP Dock rename quirks (git-fixes). - amdgpu: a NULL ->mm does not mean a thread is a kthread (git-fixes). - amd-xgbe: Use __napi_schedule() in BH context (networking-stable-20_04_17). - arm64: map FDT as RW for early_init_dt_scan() (jsc#SLE-12424). - ARM: oxnas: make ox820_boot_secondary static (git-fixes). - asm-gemeric/tlb: remove stray function declarations (bsc#1156395). - ASoC: core: only convert non DPCM link to DPCM link (git-fixes). - ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type (git-fixes). - ASoC: fix incomplete error-handling in img_i2s_in_probe (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: fsl_ssi: Fix bclk calculation for mono channel (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet (git-fixes). - ASoC: intel: cht_bsw_max98090_ti: Add all Chromebooks that need pmc_plt_clk_0 quirk (bsc#1171246). - ASoC: intel - fix the card names (git-fixes). - ASoC: max98373: reorder max98373_reset() in resume (git-fixes). - ASoC: max9867: fix volume controls (git-fixes). - ASoC: meson: add missing free_irq() in error path (git-fixes). - ASoc: q6afe: add support to get port direction (git-fixes). - ASoC: q6asm: handle EOS correctly (git-fixes). - ASoC: qcom: q6asm-dai: kCFI fix (git-fixes). - ASoC: rockchip: Fix a reference count leak (git-fixes). - ASoC: rt5645: Add platform-data for Asus T101HA (git-fixes). - ASoC: SOF: core: fix error return code in sof_probe_continue() (git-fixes). - ASoC: SOF: Do nothing when DSP PM callbacks are not set (git-fixes). - ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags (git-fixes). - ASoC: tegra: tegra_wm8903: Support nvidia, headset property (git-fixes). - ASoC: ti: omap-mcbsp: Fix an error handling path in 'asoc_mcbsp_probe()' (git-fixes). - ASoC: ux500: mop500: Fix some refcounted resources issues (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: fix kernel null pointer dereference (git-fixes). - ath10k: Fix the race condition in firmware dump work queue (git-fixes). - ath10k: Remove ath10k_qmi_register_service_notifier() declaration (git-fixes). - ath10k: remove the max_sched_scan_reqs value (git-fixes). - ath10k: Skip handling del_server during driver exit (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx (git-fixes). - ath9k: Fix use-after-free Read in htc_connect_service (git-fixes). - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb (git-fixes). - ax25: fix setsockopt(SO_BINDTODEVICE) (git-fixes). - b43: Fix connection problem with WPA3 (git-fixes). - b43legacy: Fix case where channel status is corrupted (git-fixes). - b43_legacy: Fix connection problem with WPA3 (git-fixes). - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - batman-adv: Revert "disable ethtool link speed detection when auto negotiation off" (git-fixes). - bfq: Avoid false bfq queue merging (bsc#1171513). - bfq: Fix check detecting whether waker queue should be selected (bsc#1168838). - bfq: Use only idle IO periods for think time calculations (bsc#1171513). - bfq: Use 'ttime' local variable (bsc#1171513). - blk-iocost: Fix error on iocost_ioc_vrate_adj (bsc#1173206). - blk-iocost: fix incorrect vtime comparison in iocg_is_idle() (bsc#1173206). - block/bio-integrity: do not free 'buf' if bio_integrity_add_page() failed (bsc#1173817). - block: Fix use-after-free in blkdev_get() (bsc#1173834). - block: nr_sects_write(): Disable preemption on seqcount write (bsc#1173818). - Bluetooth: Add SCO fallback for invalid LMP parameters error (git-fixes). - Bluetooth: btbcm: Add 2 missing models to subver tables (git-fixes). - Bluetooth: btmtkuart: Improve exception handling in btmtuart_probe() (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bnxt_en: Fix AER reset logic on 57500 chips (bsc#1171150). - bnxt_en: fix firmware message length endianness (bsc#1173894). - bnxt_en: Fix return code to "flash_device" (bsc#1173894). - bnxt_en: Improve TQM ring context memory sizing formulas (jsc#SLE-8371 bsc#1153274). - bnxt_en: Re-enable SRIOV during resume (jsc#SLE-8371 bsc#1153274). - bnxt_en: Return from timer if interface is not in open state (jsc#SLE-8371 bsc#1153274). - bnxt_en: Simplify bnxt_resume() (jsc#SLE-8371 bsc#1153274). - bpf: Document optval > PAGE_SIZE behavior for sockopt hooks (bsc#1155518). - bpf: Do not return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE (bsc#1155518). - bpf: Fix an error code in check_btf_func() (bsc#1154353). - bpf: Fix map permissions check (bsc#1155518). - bpf: Prevent mmap()'ing read-only maps as writable (bsc#1155518). - bpf: Restrict bpf_probe_read{, str}() only to archs where they work (bsc#1172344). - bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier (bsc#1172344). - bpf, sockhash: Synchronize_rcu before free'ing map (git-fixes). - bpf, sockmap: Check update requirements after locking (git-fixes). - bpf: Undo internal BPF_PROBE_MEM in BPF insns dump (bsc#1155518). - bpf, xdp, samples: Fix null pointer dereference in *_user code (bsc#1155518). - brcmfmac: expose RPi firmware config files through modinfo (bsc#1169094). - brcmfmac: fix wrong location to get firmware feature (git-fixes). - btrfs: fix log context list corruption after rename whiteout error (bsc#1172342). - btrfs: fix partial loss of prealloc extent past i_size after fsync (bsc#1172343). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1171417 bsc#1160947 bsc#1172366). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1171417 bsc#1160947 bsc#1172366). - bus: ti-sysc: Ignore clockactivity unless specified as a quirk (git-fixes). - carl9170: remove P2P_GO support (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - CDC-ACM: heed quirk also in error handling (git-fixes). - ceph: add comments for handle_cap_flush_ack logic (bsc#1172940). - ceph: allow rename operation under different quota realms (bsc#1172988). - ceph: ceph_kick_flushing_caps needs the s_mutex (bsc#1172986). - ceph: convert mdsc->cap_dirty to a per-session list (bsc#1172984 bsc#1167104). - ceph: document what protects i_dirty_item and i_flushing_item (bsc#1172940). - ceph: do not release i_ceph_lock in handle_cap_trunc (bsc#1172940). - ceph: do not return -ESTALE if there's still an open file (bsc#1171915). - ceph: do not take i_ceph_lock in handle_cap_import (bsc#1172940). - ceph: fix potential race in ceph_check_caps (bsc#1172940). - ceph: flush release queue when handling caps for unknown inode (bsc#1172939). - ceph: make sure mdsc->mutex is nested in s->s_mutex to fix dead lock (bsc#1172989). - ceph: normalize 'delta' parameter usage in check_quota_exceeded (bsc#1172987). - ceph: reorganize __send_cap for less spinlock abuse (bsc#1172940). - ceph: request expedited service on session's last cap flush (bsc#1172985 bsc#1167104). - ceph: reset i_requested_max_size if file write is not wanted (bsc#1172983). - ceph: skip checking caps when session reconnecting and releasing reqs (bsc#1172990). - ceph: split up __finish_cap_flush (bsc#1172940). - ceph: throw a warning if we destroy session with mutex still locked (bsc#1172940). - char/random: Add a newline at the end of the file (jsc#SLE-12424). - clk: bcm2835: Fix return type of bcm2835_register_gate (git-fixes). - clk: bcm2835: Remove casting to bcm2835_clk_register (git-fixes). - clk: clk-flexgen: fix clock-critical handling (git-fixes). - clk: mediatek: assign the initial value to clk_init_data of mtk_mux (git-fixes). - clk: meson: meson8b: Do not rely on u-boot to init all GP_PLL registers (git-fixes). - clk: meson: meson8b: Fix the polarity of the RESET_N lines (git-fixes). - clk: meson: meson8b: Fix the vclk_div{1, 2, 4, 6, 12}_en gate bits (git-fixes). - clk: qcom: Add missing msm8998 ufs_unipro_core_clk_src (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: renesas: cpg-mssr: Fix STBCR suspend/resume handling (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical (git-fixes). - clk: sifive: allocate sufficient memory for struct __prci_data (git-fixes). - clk: sprd: return correct type of value for _sprd_pll_recalc_rate (git-fixes). - clk: sunxi: Fix incorrect usage of round_down() (git-fixes). - clk: ti: am33xx: fix RTC clock parent (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: zynqmp: fix memory leak in zynqmp_register_clocks (git-fixes). - clocksource: dw_apb_timer: Make CPU-affiliation being optional (git-fixes). - clocksource: dw_apb_timer_of: Fix missing clockevent timers (git-fixes). - component: Silence bind error on -EPROBE_DEFER (git-fixes). - config: arm64: enable CONFIG_IOMMU_DEFAULT_PASSTHROUGH References: bsc#1172739 - coredump: fix crash when umh is disabled (git-fixes). - coredump: fix null pointer dereference on coredump (git-fixes). - cpufreq: Fix up cpufreq_boost_set_sw() (git-fixes). - cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once (git-fixes). - cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn (git-fixes). - cpuidle: Fix three reference count leaks (git-fixes). - crypto: algapi - Avoid spurious modprobe on LOADED (git-fixes). - crypto: algboss - do not wait during notifier callback (git-fixes). - crypto: algif_skcipher - Cap recv SG list at ctx->used (git-fixes). - crypto - Avoid free() namespace collision (git-fixes). - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated (git-fixes). - crypto: ccp -- do not "select" CONFIG_DMADEVICES (git-fixes). - Crypto/chcr: fix for ccm(aes) failed test (git-fixes). - crypto: chelsio/chtls: properly set tp->lsndtime (git-fixes). - crypto: drbg - fix error return code in drbg_alloc_state() (git-fixes). - crypto: omap-sham - add proper load balancing support for multicore (git-fixes). - crypto: stm32/crc32 - fix ext4 chksum BUG_ON() (git-fixes). - crypto: stm32/crc32 - fix multi-instance (git-fixes). - crypto: stm32/crc32 - fix run-time self test issue (git-fixes). - cxgb4: fix adapter crash due to wrong MC size (networking-stable-20_04_27). - cxgb4: fix large delays in PTP synchronization (networking-stable-20_04_27). - debugfs: Check module state before warning in {full/open}_proxy_open() (bsc#1173746). - devlink: fix return value after hitting end in region read (networking-stable-20_05_12). - devmap: Use bpf_map_area_alloc() for allocating hash buckets (bsc#1154353). - Disable PINCTRL_TIGERLAKE - dma-coherent: fix integer overflow in the reserved-memory dma allocation (git-fixes). - dma-debug: fix displaying of dma allocation type (git-fixes). - dma-direct: fix data truncation in dma_direct_get_required_mask() (git-fixes). - dmaengine: dmatest: Fix process hang when reading 'wait' parameter (git-fixes). - dmaengine: dmatest: Restore default for channel (git-fixes). - dmaengine: mmp_tdma: Do not ignore slave config validation errors (git-fixes). - dmaengine: mmp_tdma: Reset channel error on release (git-fixes). - dmaengine: owl: Use correct lock in owl_dma_get_pchan() (git-fixes). - dmaengine: pch_dma.c: Avoid data race between probe and irq handler (git-fixes). - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' (git-fixes). - dm verity fec: fix hash block number in verity_fec_decode (git fixes (block drivers)). - dm writecache: fix data corruption when reloading the target (git fixes (block drivers)). - dm writecache: reject asynchronous pmem devices (bsc#1156395). - dpaa2-eth: prevent array underflow in update_cls_rule() (networking-stable-20_05_16). - dpaa2-eth: properly handle buffer size restrictions (networking-stable-20_05_16). - dpaa_eth: fix usage as DSA master, try 3 (networking-stable-20_05_27). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - Drivers: hv: Change flag to write log level in panic msg to false (bsc#1170617). - drivers/net/ibmvnic: Update VNIC protocol version reporting (bsc#1065729). - drivers: phy: sr-usb: do not use internal fsm for USB2 phy init (git-fixes). - drivers: soc: ti: knav_qmss_queue: Make knav_gp_range_ops static (git-fixes). - drm/amd/display: add basic atomic check for cursor plane (git-fixes). - drm/amd/display: drop cursor position check in atomic test (git-fixes). - drm: amd/display: fix Kconfig help text (bsc#1152489) * context changes - drm/amd/display: Only revalidate bandwidth on medium and fast updates (git-fixes). - drm/amd/display: Prevent dpcd reads with passive dongles (git-fixes). - drm/amd/display: Revalidate bandwidth before commiting DC updates (git-fixes). - drm/amd: fix potential memleak in err branch (git-fixes). - drm/amdgpu: add fw release for sdma v5_0 (git-fixes). - drm/amdgpu: drop redundant cg/pg ungate on runpm enter (git-fixes). - drm/amdgpu: fix gfx hang during suspend with video playback (v2) (git-fixes). - drm/amdgpu: fix the hw hang during perform system reboot and reset (git-fixes). - drm/amdgpu: force fbdev into vram (bsc#1152472) * context changes - drm/amdgpu: Init data to avoid oops while reading pp_num_states (git-fixes). - drm/amdgpu: invalidate L2 before SDMA IBs (v2) (git-fixes). - drm/amdgpu: move kfd suspend after ip_suspend_phase1 (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1152472) - drm/amdgpu: simplify padding calculations (v2) (git-fixes). - drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and raven (git-fixes). - drm/amd/powerplay: avoid using pm_en before it is initialized revised (git-fixes). - drm/amd/powerplay: perform PG ungate prior to CG ungate (git-fixes). - drm: bridge: adv7511: Extend list of audio sample rates (git-fixes). - drm/connector: notify userspace on hotplug after register complete (bsc#1152489) * context changes - drm/dp_mst: Increase ACT retry timeout to 3s (bsc#1152472) * context changes - drm/dp_mst: Reformat drm_dp_check_act_status() a bit (git-fixes). - drm/edid: Add Oculus Rift S to non-desktop list (git-fixes). - drm: encoder_slave: fix refcouting error for modules (git-fixes). - drm/etnaviv: fix perfmon domain interation (git-fixes). - drm/etnaviv: rework perfmon query infrastructure (git-fixes). - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is (bsc#1152489) - drm/i915: Do not enable WaIncreaseLatencyIPCEnabled when IPC is disabled (git-fixes). - drm/i915: extend audio CDCLK>=2*BCLK constraint to more platforms (git-fixes). - drm/i915: Extend WaDisableDARBFClkGating to icl,ehl,tgl (bsc#1152489) - drm/i915: fix port checks for MST support on gen >= 11 (git-fixes). - drm/i915/gem: Avoid iterating an empty list (git-fixes). - drm/i915/gt: Do not schedule normal requests immediately along (bsc#1152489) - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (bsc#1152489) - drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest (git-fixes). - drm/i915/gvt: Fix two CFL MMIO handling caused by regression. (bsc#1152489) - drm/i915/gvt: Fix two CFL MMIO handling caused by regression (git-fixes). - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of (bsc#1152489) - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance (git-fixes). - drm/i915: HDCP: fix Ri prime check done during link check (bsc#1152489) * context changes - drm/i915: HDCP: fix Ri prime check done during link check (git-fixes). - drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (bsc#1152489) - drm/i915: Limit audio CDCLK>=2*BCLK constraint back to GLK only (git-fixes). - drm/i915: Propagate error from completed fences (git-fixes). - drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (git-fixes). - drm/i915: work around false-positive maybe-uninitialized warning (git-fixes). - drm/mcde: dsi: Fix return value check in mcde_dsi_bind() (git-fixes). - drm/msm: Check for powered down HW in the devfreq callbacks (bsc#1152489) - drm/msm/dpu: fix error return code in dpu_encoder_init (bsc#1152489) - drm/msm/dpu: fix error return code in dpu_encoder_init (git-fixes). - drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation (git-fixes). - drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection (git-fixes). - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() (git-fixes). - drm/qxl: Use correct notify port address when creating cursor ring (bsc#1152472) - drm/radeon: fix fb_div check in ni_init_smc_spll_table() (bsc#1152472) - drm: rcar-du: Fix build error (bsc#1152472) - drm/sun4i: hdmi ddc clk: Fix size of m divider (git-fixes). - drm: sun4i: hdmi: Remove extra HPD polling (bsc#1152489) - drm: sun4i: hdmi: Remove extra HPD polling (git-fixes). - drm/vkms: Hold gem object while still in-use (git-fixes). - Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139) - dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg() (git-fixes). - e1000: Distribute switch variables for initialization (git-fixes). - e1000e: Disable TSO for buffer overrun workaround (git-fixes). - e1000e: Do not wake up the system via WOL if device wakeup is disabled (git-fixes). - e1000e: Relax condition to trigger reset for ME workaround (git-fixes). - EDAC/amd64: Add PCI device IDs for family 17h, model 70h (bsc#1165975). - EDAC/ghes: Setup DIMM label from DMI and use it in error reports (bsc#1168779). - EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable (bsc#1152489). - EDAC/synopsys: Do not dump uninitialized pinf->col (bsc#1152489). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness (jsc#SLE-12424). - efi: READ_ONCE rng seed size before munmap (jsc#SLE-12424). - efi/tpm: Verify event log header before parsing (bsc#1173461). - eventpoll: fix missing wakeup for ovflist in ep_poll_callback (bsc#1159867). - evm: Check also if *tfm is an error pointer in init_desc() (git-fixes). - evm: Fix a small race in init_desc() (git-fixes). - evm: Fix possible memory leak in evm_calc_hmac_or_hash() (git-fixes). - evm: Fix RCU list related warnings (git-fixes). - ext4: avoid utf8_strncasecmp() with unstable name (bsc#1173843). - ext4: fix error pointer dereference (bsc#1173837). - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max (bsc#1173836). - ext4: fix partial cluster initialization when splitting extent (bsc#1173839). - ext4: fix race between ext4_sync_parent() and rename() (bsc#1173838). - ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers (bsc#1173833). - ext4: stop overwrite the errcode in ext4_setup_super (bsc#1173841). - extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' (git-fixes). - fanotify: fix ignore mask logic for events on child and on dir (bsc#1172719). - fat: do not allow to mount if the FAT length == 0 (bsc#1173831). - fdt: add support for rng-seed (jsc#SLE-12424). - fdt: Update CRC check for rng-seed (jsc#SLE-12424). - firmware: imx: scu: Fix corruption of header (git-fixes). - firmware: imx: scu: Fix possible memory leak in imx_scu_probe() (git-fixes). - firmware: imx-scu: Support one TX and one RX (git-fixes). - firmware: imx: warn on unexpected RX (git-fixes). - firmware: qcom_scm: fix bogous abuse of dma-direct internals (git-fixes). - firmware: xilinx: Fix an error handling path in 'zynqmp_firmware_probe()' (git-fixes). - Fix a regression of AF_ALG crypto interface hang with aes_s390 (bsc#1167651) - Fix boot crash with MD (bsc#1173860) - fix multiplication overflow in copy_fdtable() (bsc#1173825). - fork: prevent accidental access to clone3 features (bsc#1174018). - fpga: dfl: afu: Corrected error handling levels (git-fixes). - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks (networking-stable-20_05_12). - fs: Do not check if there is a fsnotify watcher on pseudo inodes (bsc#1158765). - fsnotify: Rearrange fast path to minimise overhead when there is no watcher (bsc#1158765). - genetlink: clean up family attributes allocations (git-fixes). - genetlink: fix memory leaks in genl_family_rcv_msg_dumpit() (bsc#1154353). - geneve: allow changing DF behavior after creation (git-fixes). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - gfs2: fix glock reference problem in gfs2_trans_remove_revoke (bsc#1173823). - gfs2: Multi-block allocations in gfs2_page_mkwrite (bsc#1173822). - gpio: bcm-kona: Fix return value of bcm_kona_gpio_probe() (git-fixes). - gpio: dwapb: Append MODULE_ALIAS for platform driver (git-fixes). - gpio: dwapb: Call acpi_gpiochip_free_interrupts() on GPIO chip de-registration (git-fixes). - gpio: exar: Fix bad handling for ida_simple_get error path (git-fixes). - gpiolib: Document that GPIO line names are not globally unique (git-fixes). - gpio: pca953x: fix handling of automatic address incrementing (git-fixes). - gpio: pca953x: Fix pca953x_gpio_set_config (git-fixes). - gpio: pxa: Fix return value of pxa_gpio_probe() (git-fixes). - gpio: tegra: mask GPIO IRQs during IRQ shutdown (git-fixes). - gpu/drm: Ingenic: Fix opaque pointer casted to wrong type (git-fixes). - habanalabs: Align protection bits configuration of all TPCs (git-fixes). - HID: Add quirks for Trust Panora Graphic Tablet (git-fixes). - HID: alps: Add AUI1657 device ID (git-fixes). - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead (git-fixes). - HID: i2c-hid: add Schneider SCL142ALM to descriptor override (git-fixes). - HID: i2c-hid: reset Synaptics SYNA2393 on resume (git-fixes). - HID: intel-ish-hid: avoid bogus uninitialized-variable warning (git-fixes). - HID: multitouch: add eGalaxTouch P80H84 support (git-fixes). - HID: multitouch: enable multi-input as a quirk for some devices (git-fixes). - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock (git-fixes). - HID: sony: Fix for broken buttons on DS3 USB dongles (git-fixes). - hinic: fix a bug of ndo_stop (networking-stable-20_05_16). - hinic: fix wrong para of wait_for_completion_timeout (networking-stable-20_05_16). - hsr: check protocol version in hsr_newlink() (networking-stable-20_04_17). - hv_netvsc: Fix netvsc_start_xmit's return type (git-fixes). - hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() (git-fixes). - hwmon: (k10temp) Add AMD family 17h model 60h PCI match (git-fixes). - hwmon: (max6697) Make sure the OVERT mask is set correctly (git-fixes). - hwmon: (pmbus) fix a typo in Kconfig SENSORS_IR35221 option (git-fixes). - i2c: acpi: put device when verifying client fails (git-fixes). - i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 (git-fixes). - i2c: altera: Fix race between xfer_msg and isr thread (git-fixes). - i2c: core: check returned size of emulated smbus block read (git-fixes). - i2c: designware-pci: Add support for Elkhart Lake PSE I2C (jsc#SLE-12734). - i2c: designware-pci: Fix BUG_ON during device removal (jsc#SLE-12734). - i2c: designware-pci: Switch over to MSI interrupts (jsc#SLE-12734). - i2c: dev: Fix the race between the release of i2c_dev and cdev (git-fixes). - i2c: fix missing pm_runtime_put_sync in i2c_device_probe (git-fixes). - i2c: fsi: Fix the port number field in status register (git-fixes). - i2c: mlxcpld: check correct size of maximum RECV_LEN packet (git-fixes). - i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - ibmveth: Fix max MTU limit (bsc#1173428 ltc#186397). - ibmvnic: continue to init in CRQ reset returns H_CLOSED (bsc#1173280 ltc#185369). - ibmvnic: Flush existing work items before device removal (bsc#1065729). - ibmvnic: Harden device login requests (bsc#1170011 ltc#183538). - IB/rdmavt: Free kernel completion queue when done (bsc#1173625). - ice: Fix error return code in ice_add_prof() (jsc#SLE-7926). - ice: Fix inability to set channels when down (jsc#SLE-7926). - ieee80211: Fix incorrect mask for default PE duration (git-fixes). - iio: adc: stm32-adc: fix device used to request dma (git-fixes). - iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: stm32-dfsdm: fix device used to request dma (git-fixes). - iio: adc: stm32-dfsdm: Use dma_request_chan() instead dma_request_slave_channel() (git-fixes). - iio: adc: ti-ads8344: Fix channel selection (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Do not allow buffers without any channels enabled to be activated (git-fixes). - iio:chemical:pms7003: Fix timestamp alignment and prevent data leak (git-fixes). - iio:chemical:sps30: Fix timestamp alignment (git-fixes). - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' (git-fixes). - iio: pressure: bmp280: Tolerate IRQ before registering (git-fixes). - iio: sca3000: Remove an erroneous 'get_device()' (git-fixes). - iio: vcnl4000: Fix i2c swapped word reading (git-fixes). - ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() (bsc#1172223). - ima: Directly assign the ima_default_policy pointer to ima_rules (bsc#1172223) Delete obsoleted downstream fix - ima: Directly free *entry in ima_alloc_init_template() if digests is NULL (bsc#1172223). - ima: Remove __init annotation from ima_pcrread() (git-fixes). - include/asm-generic/topology.h: guard cpumask_of_node() macro argument (bsc#1148868). - Input: dlink-dir685-touchkeys - fix a typo in driver name (git-fixes). - Input: edt-ft5x06 - fix get_default register write access (git-fixes). - Input: evdev - call input_flush_device() on release(), not flush() (git-fixes). - Input: i8042 - add ThinkPad S230u to i8042 reset list (git-fixes). - input: i8042 - Remove special PowerPC handling (git-fixes). - Input: mms114 - fix handling of mms345l (git-fixes). - Input: synaptics - add a second working PNP_ID for Lenovo T470s (git-fixes). - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() (git-fixes). - Input: synaptics-rmi4 - really fix attn_data use-after-free (git-fixes). - Input: usbtouchscreen - add support for BonXeon TP (git-fixes). - Input: xpad - add custom init packet for Xbox One S controllers (git-fixes). - iocost: check active_list of all the ancestors in iocg_activate() (bsc#1173206). - iocost: do not let vrate run wild while there's no saturation signal (bsc1173206). - iocost: over-budget forced IOs should schedule async delay (bsc#1173206). - iommu/amd: Call domain_flush_complete() in update_domain() (bsc#1172061). - iommu/amd: Do not flush Device Table in iommu_map_page() (bsc#1172062). - iommu/amd: Do not loop forever when trying to increase address space (bsc#1172063). - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system (bsc#1172393). - iommu/amd: Fix over-read of ACPI UID from IVRS table (bsc#1172064). - iommu/amd: Fix race in increase_address_space()/fetch_pte() (bsc#1172065). - iommu/amd: Update Device Table in increase_address_space() (bsc#1172066). - iommu: Fix reference count leak in iommu_group_alloc (bsc#1172394). - iommu/qcom: Fix local_base status check (bsc#1172067). - iommu/virtio: Reverse arguments to list_add (bsc#1172068). - ionic: add pcie_print_link_status (bsc#1167773). - ionic: export features for vlans to use (bsc#1167773). - ionic: no link check while resetting queues (bsc#1167773). - ionic: remove support for mgmt device (bsc#1167773). - ionic: tame the watchdog timer on reconfig (bsc#1167773). - ionic: wait on queue start until after IFF_UP (bsc#1167773). - io_uring: use kvfree() in io_sqe_buffer_register() (bsc#1173832). - ipmi: use vzalloc instead of kmalloc for user creation (git-fixes). - ipv4: Update fib_select_default to handle nexthop objects (networking-stable-20_04_27). - ipv6: fix IPV6_ADDRFORM operation logic (bsc#1171662). - ipvs: Improve robustness to the ipvs sysctl (git-fixes). - irqchip/al-fic: Add support for irq retrigger (jsc#SLE-10505). - irqchip/ti-sci-inta: Fix processing of masked irqs (git-fixes). - irqchip/versatile-fpga: Apply clear-mask earlier (git-fixes). - irqchip/versatile-fpga: Handle chained IRQs properly (git-fixes). - iwlwifi: avoid debug max amsdu config overwriting itself (git-fixes). - iwlwifi: mvm: fix aux station leak (git-fixes). - iwlwifi: mvm: limit maximum queue appropriately (git-fixes). - iwlwifi: pcie: handle QuZ configs with killer NICs as well (bsc#1172374). - ixgbe: do not check firmware errors (bsc#1170284). - jbd2: avoid leaking transaction credits when unreserving handle (bsc#1173845). - jbd2: fix data races at struct journal_head (bsc#1173438). - jbd2: Preserve kABI when adding j_abort_mutex (bsc#1173833). - kABI fixup mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - kabi: hv: prevent struct device_node to become defined (bsc#1172871). - kabi: ppc64le: prevent struct dma_map_ops to become defined (jsc#SLE-12424). - kABI: protect struct fib_dump_filter (kabi). - kABI: protect struct mlx5_cmd_work_ent (kabi). - kabi/severities: Ingnore get_dev_data() The function is internal to the AMD IOMMU driver and must not be called by any third party. - kABI workaround for struct hdac_bus changes (git-fixes). - ktest: Add timeout for ssh sync testing (git-fixes). - KVM: Check validity of resolved slot when searching memslots (bsc#1172069). - KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated (bsc#1171904). - KVM: x86: only do L1TF workaround on affected processors (bsc#1171904). - l2tp: Allow management of tunnels and session in user namespace (networking-stable-20_04_17). - libbpf: Fix perf_buffer__free() API for sparse allocs (bsc#1155518). - libceph: do not omit recovery_deletes in target_copy() (git-fixes). - libceph: ignore pool overlay and cache logic on redirects (bsc#1172938). - lib: devres: add a helper function for ioremap_uc (git-fixes). - libertas_tf: avoid a null dereference in pointer priv (git-fixes). - lib/lzo: fix ambiguous encoding bug in lzo-rle (git-fixes). - libnvdimm/btt: fix variable 'rc' set but not used (bsc#1162400). - libnvdimm: cover up nd_pfn_sb changes (bsc#1171759). - libnvdimm: cover up nd_region changes (bsc#1162400). - libnvdimm/dax: Pick the right alignment default when creating dax devices (bsc#1171759). - libnvdimm/label: Remove the dpa align check (bsc#1171759). - libnvdimm/namespace: Enforce memremap_compat_align() (bsc#1162400). - libnvdimm/namsepace: Do not set claim_class on error (bsc#1162400). - libnvdimm/of_pmem: Provide a unique name for bus provider (bsc#1171739). - libnvdimm: Out of bounds read in __nd_ioctl() (bsc#1065729). - libnvdimm/pfn_dev: Add a build check to make sure we notice when struct page size change (bsc#1171743). - libnvdimm/pfn_dev: Add page size and struct page size to pfn superblock (bsc#1171759). - libnvdimm/pfn: Prevent raw mode fallback if pfn-infoblock valid (bsc#1171743). - libnvdimm/pmem: Advance namespace seed for specific probe errors (bsc#1171743). - libnvdimm/region: Fix build error (bsc#1162400). - libnvdimm/region: Introduce an 'align' attribute (bsc#1162400). - libnvdimm/region: Introduce NDD_LABELING (bsc#1162400). - libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (bsc#1171743). - libnvdimm: Use PAGE_SIZE instead of SZ_4K for align check (bsc#1171759). - lib: Uplevel the pmem "region" ida to a global allocator (bc#1162400). - list: Add hlist_unhashed_lockless() (bsc#1173438). - livepatch: Apply vmlinux-specific KLP relocations early (bsc#1071995). - livepatch: Disallow vmlinux.ko (bsc#1071995). - livepatch: Make klp_apply_object_relocs static (bsc#1071995). - livepatch: Prevent module-specific KLP rela sections from referencing vmlinux symbols (bsc#1071995). - livepatch: Remove .klp.arch (bsc#1071995). - locktorture: Allow CPU-hotplug to be disabled via --bootargs (bsc#1173068). - loop: replace kill_bdev with invalidate_bdev (bsc#1173820). - lpfc_debugfs: get rid of pointless access_ok() (bsc#1171530). - lpfc: fix axchg pointer reference after free and double frees (bsc#1171530). - lpfc: Fix pointer checks and comments in LS receive refactoring (bsc#1171530). - lpfc: Fix return value in __lpfc_nvme_ls_abort (bsc#1171530). - lpfc: Synchronize NVME transport and lpfc driver devloss_tmo (bcs#1173060). - mac80211: mesh: fix discovery timer re-arming issue / crash (git-fixes). - mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe() (git-fixes). - Make the "Reducing compressed framebufer size" message be DRM_INFO_ONCE() (git-fixes). - mdraid: fix read/write bytes accounting (bsc#1172537). - media: cedrus: Program output format during each run (git-fixes). - media: dvbdev: Fix tuner->demod media controller link (git-fixes). - media: dvb: return -EREMOTEIO on i2c transfer failure (git-fixes). - media: dvbsky: add support for eyeTV Geniatech T2 lite (bsc#1173776). - media: dvbsky: add support for Mygica T230C v2 (bsc#1173776). - media: imx: imx7-mipi-csis: Cleanup and fix subdev pad format handling (git-fixes). - media: mtk-vpu: avoid unaligned access to DTCM buffer (git-fixes). - media: ov5640: fix use of destroyed mutex (git-fixes). - media: platform: fcp: Set appropriate DMA parameters (git-fixes). - media: Revert "staging: imgu: Address a compiler warning on alignment" (git-fixes). - media: si2157: Better check for running tuner in init (git-fixes). - media: si2168: add support for Mygica T230C v2 (bsc#1173776). - media: staging: imgu: do not hold spinlock during freeing mmu page table (git-fixes). - media: staging/intel-ipu3: Implement lock for stream on/off operations (git-fixes). - media: staging: ipu3: Fix stale list entries on parameter queue failure (git-fixes). - media: staging: ipu3-imgu: Move alignment attribute to field (git-fixes). - media: vicodec: Fix error codes in probe function (git-fixes). - mei: release me_cl object reference (git-fixes). - mfd: intel-lpss: Add Intel Tiger Lake PCI IDs (jsc#SLE-12737). - mfd: intel-lpss: Use devm_ioremap_uc for MMIO (git-fixes). - mfd: stmfx: Fix stmfx_irq_init error path (git-fixes). - mfd: stmfx: Reset chip on resume as supply was disabled (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - misc: fastrpc: fix potential fastrpc_invoke_ctx leak (git-fixes). - misc: rtsx: Add short delay after exit from ASPM (git-fixes). - mlxsw: Fix some IS_ERR() vs NULL bugs (networking-stable-20_04_27). - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly (networking-stable-20_05_12). - mm: adjust vm_committed_as_batch according to vm overcommit policy (bnc#1173271). - mmc: block: Fix use-after-free issue for rpmb (git-fixes). - mmc: core: Use DEFINE_DEBUGFS_ATTRIBUTE instead of DEFINE_SIMPLE_ATTRIBUTE (git-fixes). - mmc: fix compilation of user API (git-fixes). - mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error (git-fixes). - mmc: mmci_sdmmc: fix DMA API warning overlapping mappings (git-fixes). - mmc: sdhci-esdhc-imx: fix the mask for tuning start point (git-fixes). - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning (git-fixes). - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk (git-fixes). - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() (git-fixes). - mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() (git-fixes). - mmc: tmio: Further fixup runtime PM management at remove (git-fixes). - mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() (git-fixes). - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core (git-fixes). - mm: do not prepare anon_vma if vma has VM_WIPEONFORK (bsc#1169681). - mm: fix NUMA node file count error in replace_page_cache() (bsc#1173844). - mm: memcontrol: fix memory.low proportional distribution (bsc#1168230). - mm/memory_hotplug: refrain from adding memory into an impossible node (bsc#1173552). - mm/memremap: drop unused SECTION_SIZE and SECTION_MASK (bsc#1162400 bsc#1170895 ltc#184375 ltc#185686). - mm/memremap_pages: Introduce memremap_compat_align() (bsc#1162400). - mm/memremap_pages: Kill unused __devm_memremap_pages() (bsc#1162400). - mm/util.c: make vm_memory_committed() more accurate (bnc#1173271). - Move an upstreamed sound patch into sorted section - Move upstreamed IMA patches into sorted section - mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter (git-fixes). - mtd: Fix mtd not registered due to nvmem name collision (git-fixes). - mtd: rawnand: brcmnand: correctly verify erased pages (git-fixes). - mtd: rawnand: brcmnand: fix CS0 layout (git-fixes). - mtd: rawnand: brcmnand: fix hamming oob layout (git-fixes). - mtd: rawnand: diskonchip: Fix the probe error path (git-fixes). - mtd: rawnand: Fix nand_gpio_waitrdy() (git-fixes). - mtd: rawnand: ingenic: Fix the probe error path (git-fixes). - mtd: rawnand: marvell: Fix probe error path (git-fixes). - mtd: rawnand: marvell: Fix the condition on a return code (git-fixes). - mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered (git-fixes). - mtd: rawnand: mtk: Fix the probe error path (git-fixes). - mtd: rawnand: onfi: Fix redundancy detection check (git-fixes). - mtd: rawnand: orion: Fix the probe error path (git-fixes). - mtd: rawnand: oxnas: Keep track of registered devices (git-fixes). - mtd: rawnand: oxnas: Release all devices in the _remove() path (git-fixes). - mtd: rawnand: pasemi: Fix the probe error path (git-fixes). - mtd: rawnand: plat_nand: Fix the probe error path (git-fixes). - mtd: rawnand: sharpsl: Fix the probe error path (git-fixes). - mtd: rawnand: socrates: Fix the probe error path (git-fixes). - mtd: rawnand: sunxi: Fix the probe error path (git-fixes). - mtd: rawnand: timings: Fix default tR_max and tCCS_min timings (git-fixes). - mtd: rawnand: tmio: Fix the probe error path (git-fixes). - mtd: rawnand: xway: Fix the probe error path (git-fixes). - mtd: spinand: Propagate ECC information to the MTD structure (git-fixes). - mtd: spi-nor: intel-spi: Add support for Intel Tiger Lake SPI serial flash (jsc#SLE-12737). - mvpp2: remove module bugfix (bsc#1154353). - mwifiex: avoid -Wstringop-overflow warning (git-fixes). - mwifiex: Fix memory corruption in dump_station (git-fixes). - namei: only return -ECHILD from follow_dotdot_rcu() (bsc#1173824). - neigh: send protocol value in neighbor create notification (networking-stable-20_05_12). - net: bcmgenet: correct per TX/RX ring statistics (networking-stable-20_04_27). - net: core: device_rename: Use rwsem instead of a seqcount (bsc#1162702). - net: do not return invalid table id error when we fall back to PF_UNSPEC (networking-stable-20_05_27). - net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (networking-stable-20_04_27). - net: dsa: b53: Fix ARL register definitions (networking-stable-20_04_27). - net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled (networking-stable-20_04_27). - net: dsa: b53: Rework ARL bin logic (networking-stable-20_04_27). - net: dsa: declare lockless TX feature for slave ports (bsc#1154353). - net: dsa: Do not leave DSA master with NULL netdev_ops (networking-stable-20_05_12). - net: dsa: loop: Add module soft dependency (networking-stable-20_05_16). - net: dsa: mt7530: fix roaming from DSA user ports (networking-stable-20_05_27). - net: dsa: mt7530: fix tagged frames pass-through in VLAN-unaware mode (networking-stable-20_04_17). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1154492). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1154492). - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend (networking-stable-20_05_27). - netfilter: connlabels: prefer static lock initialiser (git-fixes). - netfilter: nf_queue: enqueue skbs with NULL dst (git-fixes). - netfilter: nf_tables_offload: return EOPNOTSUPP if rule specifies no actions (git-fixes). - netfilter: nft_tproxy: Fix port selector on Big Endian (git-fixes). - netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy (git-fixes). - netfilter: not mark a spinlock as __read_mostly (git-fixes). - net: fix a potential recursive NETDEV_FEAT_CHANGE (networking-stable-20_05_16). - __netif_receive_skb_core: pass skb by reference (networking-stable-20_05_27). - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* (networking-stable-20_05_27). - net: ipip: fix wrong address family in init error path (networking-stable-20_05_27). - net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin (networking-stable-20_04_17). - net: ipv6: do not consider routes via gateways for anycast address check (networking-stable-20_04_17). - net: macb: fix an issue about leak related system resources (networking-stable-20_05_12). - net: macsec: preserve ingress frame ordering (networking-stable-20_05_12). - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() (networking-stable-20_05_12). - net/mlx4_en: avoid indirect call in TX completion (networking-stable-20_04_27). - net/mlx5: Add command entry handling completion (networking-stable-20_05_27). - net/mlx5: Disable reload while removing the device (jsc#SLE-8464). - net/mlx5: DR, Fix freeing in dr_create_rc_qp() (jsc#SLE-8464). - net/mlx5e: Add missing release firmware call (networking-stable-20_04_17). - net/mlx5e: Fix inner tirs handling (networking-stable-20_05_27). - net/mlx5e: Fix pfnum in devlink port attribute (networking-stable-20_04_17). - net/mlx5e: Fix stats update for matchall classifier (jsc#SLE-8464). - net/mlx5e: kTLS, Destroy key object after destroying the TIS (networking-stable-20_05_27). - net/mlx5e: replace EINVAL in mlx5e_flower_parse_meta() (jsc#SLE-8464). - net/mlx5e: Update netdev txq on completions during closure (networking-stable-20_05_27). - net/mlx5: Fix cleaning unmanaged flow tables (jsc#SLE-8464). - net/mlx5: Fix command entry leak in Internal Error State (networking-stable-20_05_12). - net/mlx5: Fix crash upon suspend/resume (bsc#1172365). - net/mlx5: Fix error flow in case of function_setup failure (networking-stable-20_05_27). - net/mlx5: Fix forced completion access non initialized command entry (networking-stable-20_05_12). - net/mlx5: Fix frequent ioread PCI access during recovery (networking-stable-20_04_17). - net/mlx5: Fix memory leak in mlx5_events_init (networking-stable-20_05_27). - net: mvpp2: cls: Prevent buffer overflow in mvpp2_ethtool_cls_rule_del() (networking-stable-20_05_12). - net: mvpp2: fix RX hashing for non-10G ports (networking-stable-20_05_27). - net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx() (networking-stable-20_05_12). - net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node (networking-stable-20_04_27). - net: nlmsg_cancel() if put fails for nhmsg (networking-stable-20_05_27). - net: openvswitch: ovs_ct_exit to be done under ovs_lock (networking-stable-20_04_27). - net: phy: fix aneg restart in phy_ethtool_set_eee (networking-stable-20_05_16). - net: phy: propagate an error back to the callers of phy_sfp_probe (bsc#1154353). - netprio_cgroup: Fix unlimited memory leak of v2 cgroups (networking-stable-20_05_16). - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() (networking-stable-20_05_27). - net: qrtr: send msgs from local of same id as broadcast (networking-stable-20_04_17). - net: revert default NAPI poll timeout to 2 jiffies (networking-stable-20_04_17). - net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" (bnc#1158748 (network regression)). - net sched: fix reporting the first-time use timestamp (networking-stable-20_05_27). - net_sched: sch_skbprio: add message validation to skbprio_change() (networking-stable-20_05_12). - net/smc: tolerate future SMCD versions (bsc#1172543 LTC#186069). - net: stmmac: fix num_por initialization (networking-stable-20_05_16). - net: stricter validation of untrusted gso packets (networking-stable-20_05_12). - net: tc35815: Fix phydev supported/advertising mask (networking-stable-20_05_12). - net: tcp: fix rx timestamp behavior for tcp_recvmsg (networking-stable-20_05_16). - net/tls: fix race condition causing kernel panic (networking-stable-20_05_27). - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict() (networking-stable-20_05_12). - net/tls: Fix sk_psock refcnt leak when in tls_data_ready() (networking-stable-20_05_12). - net: tun: record RX queue in skb before do_xdp_generic() (networking-stable-20_04_17). - net: usb: qmi_wwan: add support for DW5816e (networking-stable-20_05_12). - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() (bsc#1172484). - net/x25: Fix x25_neigh refcnt leak when receiving frame (networking-stable-20_04_27). - nexthop: Fix attribute checking for groups (networking-stable-20_05_27). - NFC: st21nfca: add missed kfree_skb() in an error path (git-fixes). - nfp: abm: fix a memory leak bug (networking-stable-20_05_12). - nfp: abm: fix error return code in nfp_abm_vnic_alloc() (networking-stable-20_05_16). - nfs: add minor version to nfs_server_key for fscache (bsc#1172467). - nfsd4: fix nfsdfs reference count loop (git-fixes). - nfsd4: make drc_slab global, not per-net (git-fixes). - nfsd: always check return value of find_any_file (bsc#1172208). - nfsd: apply umask on fs without ACL support (git-fixes). - nfsd: fix nfsdfs inode reference count leak (git-fixes). - NFS: Fix fscache super_cookie index_key from changing after umount (git-fixes). - nfs: fix NULL deference in nfs4_get_valid_delegation. - nfs: fscache: use timespec64 in inode auxdata (git-fixes). - nfs: set invalid blocks after NFSv4 writes (git-fixes). - NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION (git-fixes). - NFSv4 fix CLOSE not waiting for direct IO compeletion (git-fixes). - NFSv4: Fix fscache cookie aux_data to ensure change_attr is included (git-fixes). - ntb: intel: add hw workaround for NTB BAR alignment (jsc#SLE-12710). - ntb: intel: Add Icelake (gen4) support for Intel NTB (jsc#SLE-12710). - ntb: intel: fix static declaration (jsc#SLE-12710). - nvdimm: Avoid race between probe and reading device attributes (bsc#1170442). - nvme-fc: avoid gcc-10 zero-length-bounds warning (bsc#1173206). - nvme-fc: do not call nvme_cleanup_cmd() for AENs (bsc#1171688). - nvme-fc: print proper nvme-fc devloss_tmo value (bsc#1172391). - objtool: Allow no-op CFI ops in alternatives (bsc#1169514). - objtool: Clean instruction state before each function validation (bsc#1169514). - objtool: Fix !CFI insn_state propagation (bsc#1169514). - objtool: Fix ORC vs alternatives (bsc#1169514). - objtool: Ignore empty alternatives (bsc#1169514). - objtool: Remove check preventing branches within alternative (bsc#1169514). - objtool: Rename struct cfi_state (bsc#1169514). - objtool: Uniquely identify alternative instruction groups (bsc#1169514). - p54usb: add AirVasT USB stick device-id (git-fixes). - panic: do not print uninitialized taint_flags (bsc#1172814). - PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register (git-fixes). - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes). - PCI: Add Loongson vendor ID (git-fixes). - PCI: Allow pci_resize_resource() for devices on root bus (git-fixes). - PCI: amlogic: meson: Do not use FAST_LINK_MODE to set up link (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes). - PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Assert fundamental reset on initialization (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: brcmstb: Fix window register offset from 4 to 8 (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: dwc: Fix inner MSI IRQ domain registration (git-fixes). - pcie: mobiveil: remove patchset v9 Prepare to backport upstream version. - PCI: Fix pci_register_host_bridge() device_register() error handling (git-fixes). - PCI: hv: Change pci_protocol_version to per-hbus (bsc#1172871). - PCI: hv: Decouple the func definition in hv_dr_state from VSP message (bsc#1172871). - PCI: hv: Fix the PCI HyperV probe failure path to release resource properly (bsc#1172871). - PCI: hv: Introduce hv_msi_entry (bsc#1172871). - PCI: hv: Move hypercall related definitions into tlfs header (bsc#1172871). - PCI: hv: Move retarget related structures into tlfs header (bsc#1172871). - PCI: hv: Reorganize the code in preparation of hibernation (bsc#1172871). - PCI: hv: Retry PCI bus D0 entry on invalid device state (bsc#1172871). - PCI: mobiveil: Add 8-bit and 16-bit CSR register accessors (bsc#1161495). - PCI: mobiveil: Add callback function for interrupt initialization (bsc#1161495). - PCI: mobiveil: Add callback function for link up check (bsc#1161495). - PCI: mobiveil: Add Header Type field check (bsc#1161495). - PCI: mobiveil: Add PCIe Gen4 RC driver for Layerscape SoCs (bsc#1161495). - PCI: mobiveil: Allow mobiveil_host_init() to be used to re-init host (bsc#1161495). - PCI: mobiveil: Collect the interrupt related operations into a function (bsc#1161495). - PCI: mobiveil: Fix sparse different address space warnings (bsc#1161495). - PCI: mobiveil: Fix unmet dependency warning for PCIE_MOBIVEIL_PLAT (bsc#1161495). - PCI: mobiveil: Introduce a new structure mobiveil_root_port (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011451 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: add Workaround for A-011577 (bsc#1161495). - PCI: mobiveil: ls_pcie_g4: fix SError when accessing config space (bsc#1161495). - PCI: mobiveil: Modularize the Mobiveil PCIe Host Bridge IP driver (bsc#1161495). - PCI: mobiveil: Move the host initialization into a function (bsc#1161495). - PCI: pci-bridge-emul: Fix PCIe bit conflicts (git-fixes). - PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay (git-fixes). - PCI/PM: Call .bridge_d3() hook only if non-NULL (git-fixes). - PCI: Program MPS for RCiEP devices (git-fixes). - PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - PCI: v3-semi: Fix a memory leak in v3_pci_probe() error handling paths (git-fixes). - PCI: vmd: Add device id for VMD device 8086:9A0B (git-fixes). - PCI: vmd: Filter resource type bits from shadow register (git-fixes). - pcm_native: result of put_user() needs to be checked (git-fixes). - perf/core: Fix endless multiplex timer (git-fixes). - perf/core: fix parent pid/tid in task exit events (git-fixes). - pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()' (git-fixes). - pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' (git-fixes). - pinctrl: intel: Add Intel Tiger Lake pin controller support (jsc#SLE-12737). - pinctrl: ocelot: Fix GPIO interrupt decoding on Jaguar2 (git-fixes). - pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map (git-fixes). - pinctrl: rza1: Fix wrong array assignment of rza1l_swio_entries (git-fixes). - pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210 (git-fixes). - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs (git-fixes). - pinctrl: sprd: Fix the incorrect pull-up definition (git-fixes). - pinctrl: stmfx: stmfx_pinconf_set does not require to get direction anymore (git-fixes). - pinctrl: tegra: Use noirq suspend/resume callbacks (git-fixes). - pinctrl: tigerlake: Tiger Lake uses _HID enumeration (jsc#SLE-12737). - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA (git-fixes). - platform/x86: asus_wmi: Reserve more space for struct bias_args (git-fixes). - platform/x86: dell-laptop: do not register micmute LED if there is no token (git-fixes). - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() (git-fixes). - platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015) (git-fixes). - platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and "Portable" chassis-types (git-fixes). - platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there (git-fixes). - platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type (git-fixes). - platform/x86: intel-vbtn: Split keymap into buttons and switches parts (git-fixes). - platform/x86: intel-vbtn: Use acpi_evaluate_integer() (git-fixes). - PM: runtime: clk: Fix clk_pm_runtime_get() error path (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - pnp: Use list_for_each_entry() instead of open coding (git-fixes). - powerpc/64s: Do not let DT CPU features set FSCR_DSCR (bsc#1065729). - powerpc/64s/exception: Fix machine check no-loss idle wakeup (bsc#1156395). - powerpc/64s/kuap: Restore AMR in system reset exception (bsc#1156395). - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init (bsc#1065729). - powerpc/book3s64: Export has_transparent_hugepage() related functions (bsc#1171759). - powerpc/bpf: Enable bpf_probe_read{, str}() on powerpc again (bsc#1172344). - powerpc/fadump: Account for memory_limit while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: consider reserved ranges while reserving memory (jsc#SLE-9099 git-fixes). - powerpc/fadump: use static allocation for reserved memory ranges (jsc#SLE-9099 git-fixes). - powerpc/kuap: PPC_KUAP_DEBUG should depend on PPC_KUAP (bsc#1156395). - powerpc/powernv: Fix a warning message (bsc#1156395). - powerpc/setup_64: Set cache-line-size based on cache-block-size (bsc#1065729). - powerpc/xive: Clear the page tables for the ESB IO mapping (bsc#1085030). - power: reset: qcom-pon: reg write mask depends on pon generation (git-fixes). - power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select (git-fixes). - power: supply: core: fix HWMON temperature labels (git-fixes). - power: supply: core: fix memory leak in HWMON error path (git-fixes). - power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' (git-fixes). - power: supply: smb347-charger: IRQSTAT_D is volatile (git-fixes). - pppoe: only process PADT targeted at local interfaces (networking-stable-20_05_16). - printk: queue wake_up_klogd irq_work only if per-CPU areas are ready (bsc#1172095). - proc/meminfo: avoid open coded reading of vm_committed_as (bnc#1173271). - proc: Use new_inode not new_inode_pseudo (bsc#1173830). - pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case (git-fixes). - pwm: sun4i: Move pwm_calculate() out of spin_lock() (git-fixes). - r8152: support additional Microsoft Surface Ethernet Adapter variant (git-fixes). - r8169: Revive default chip version for r8168 (bsc#1173085). - raid5: remove gfp flags from scribble_alloc() (bsc#1166985). - random: fix data races at timer_rand_state (bsc#1173438). - rcu: Avoid data-race in rcu_gp_fqs_check_wake() (bsc#1171828). - rcu: Fix data-race due to atomic_t copy-by-value (bsc#1171828). - rcu: Make rcu_read_unlock_special() checks match raise_softirq_irqoff() (bsc#1172046). - rcu: Simplify rcu_read_unlock_special() deferred wakeups (bsc#1172046). - rcutorture: Add 100-CPU configuration (bsc#1173068). - rcutorture: Add worst-case call_rcu() forward-progress results (bsc#1173068). - rcutorture: Dispense with Dracut for initrd creation (bsc#1173068). - rcutorture: Make kvm-find-errors.sh abort on bad directory (bsc#1173068). - rcutorture: Remove CONFIG_HOTPLUG_CPU=n from scenarios (bsc#1173068). - rcutorture: Summarize summary of build and run results (bsc#1173068). - rcutorture: Test TREE03 with the threadirqs kernel boot parameter (bsc#1173068). - rcu: Use *_ONCE() to protect lockless ->expmask accesses (bsc#1171828). - rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls (bsc#1173438). - RDMA/bnxt_re: Remove dead code from rcfw (bsc#1170774). - RDMA/core: Check that type_attrs is not NULL prior access (jsc#SLE-8449). - RDMA/core: Move and rename trace_cm_id_create() (jsc#SLE-8449). - RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work (jsc#SLE-8446). - RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET (bsc#1172841). - RDMA/srpt: Fix disabling device management (jsc#SLE-8449). - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (jsc#SLE-8449). - regualtor: pfuze100: correct sw1a/sw2 on pfuze3000 (git-fixes). - remoteproc: Add missing '\n' in log messages (git-fixes). - remoteproc: Fall back to using parent memory pool if no dedicated available (git-fixes). - remoteproc: Fix and restore the parenting hierarchy for vdev (git-fixes). - remoteproc: Fix IDR initialisation in rproc_alloc() (git-fixes). - remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use (git-fixes). - Revert commit e918e570415c ("tpm_tis: Remove the HID IFX0102") (git-fixes). - Revert "drm/amd/display: disable dcn20 abm feature for bring up" (git-fixes). - Revert "fs/seq_file.c: seq_read(): add info message about buggy .next functions" (bsc#1172751) - Revert "i2c: tegra: Fix suspending in active runtime PM state" (git-fixes). - Revert "pinctrl: freescale: imx: Use 'devm_of_iomap()' to avoid a resource leak in case of error in 'imx_pinctrl_probe()'" (git-fixes). - ring-buffer: Zero out time extend if it is nested and not absolute (git-fixes). - rpm/modules.fips: * add aes-ce-ccm, des3_ede-x86_64, aes_ti and aes_neon_bsk - rtc: mc13xxx: fix a double-unlock issue (git-fixes). - rtc: rv3028: Add missed check for devm_regmap_init_i2c() (git-fixes). - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() (git-fixes). - rtw88: fix an issue about leak system resources (git-fixes). - rxrpc: Fix call RCU cleanup using non-bh-safe locks (git-fixes). - s390/bpf: Maintain 8-byte stack alignment (bsc#1169194, LTC#185911). - s390/pci: Log new handle in clp_disable_fh() (git-fixes). - sata_rcar: handle pm_runtime_get_sync failure cases (git-fixes). - sch_choke: avoid potential panic in choke_reset() (networking-stable-20_05_12). - sched/cfs: change initial value of runnable_avg (bsc#1158765). - sched/core: Check cpus_mask, not cpus_ptr in __set_cpus_allowed_ptr(), to fix mask corruption (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1172823). - sched/core: Fix ttwu() race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/core: s/WF_ON_RQ/WQ_ON_CPU/ (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/cpuacct: Fix charge cpuacct.usage_sys (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/deadline: Initialize ->dl_boosted (bsc#1172823). - sched/deadline: Initialize ->dl_boosted (git fixes (sched)). - sched: etf: do not assume all sockets are full blown (networking-stable-20_04_27). - sched/fair: find_idlest_group(): Remove unused sd_flag parameter (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Fix enqueue_task_fair() warning some more (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: fix nohz next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize dequeue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Optimize enqueue_task_fair() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched/fair: Simplify the code of should_we_balance() (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Fix loadavg accounting race (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Make newidle_balance() static again (bnc#1155798 (CPU scheduler functional and performance backports)). - sched: Offload wakee task activation if it the wakee is descheduling (bnc#1158748, bnc#1159781). - sched: Optimize ttwu() spinning on p->on_cpu (bnc#1158748, bnc#1159781). - sched/pelt: Sync util/runnable_sum with PELT window when propagating (bnc#1155798 (CPU scheduler functional and performance backports)). - sch_sfq: validate silly quantum values (networking-stable-20_05_12). - scripts/decodecode: fix trapping instruction formatting (bsc#1065729). - scsi: ibmvscsi: Do not send host info in adapter info MAD after LPM (bsc#1172759 ltc#184814). - scsi: lpfc: Add an internal trace log buffer (bsc#1172687 bsc#1171530). - scsi: lpfc: Add blk_io_poll support for latency improvment (bsc#1172687 bsc#1171530). - scsi: lpfc: Add support to display if adapter dumps are available (bsc#1172687 bsc#1171530). - scsi: lpfc: Allow applications to issue Common Set Features mailbox command (bsc#1172687 bsc#1171530). - scsi: lpfc: Change default queue allocation for reduced memory consumption (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: fix build failure with DEBUGFS disabled (bsc#1171530). - scsi: lpfc: Fix incomplete NVME discovery when target (bsc#1171530). - scsi: lpfc: Fix inconsistent indenting (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix interrupt assignments when multiple vectors are supported on same CPU (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix kdump hang on PPC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix language in 0373 message to reflect non-error message (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix less-than-zero comparison of unsigned value (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix MDS Diagnostic Enablement definition (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func (bsc#1171530). - scsi: lpfc: Fix missing MDS functionality (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix noderef and address space warnings (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix oops due to overrun when reading SLI3 data (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix shost refcount mismatch when deleting vport (bsc#1172687 bsc#1171530). - scsi: lpfc: fix spelling mistakes of asynchronous (bsc#1171530). - scsi: lpfc: Fix stack trace seen while setting rrq active (bsc#1172687 bsc#1171530). - scsi: lpfc: Fix unused assignment in lpfc_sli4_bsg_link_diag_test (bsc#1172687 bsc#1171530). - scsi: lpfc: Maintain atomic consistency of queue_claimed flag (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Make lpfc_defer_acc_rsp static (bsc#1171530). - scsi: lpfc: remove duplicate unloading checks (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove re-binding of nvme rport during registration (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove redundant initialization to variable rc (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Remove unnecessary lockdep_assert_held calls (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.1 (bsc#1164777 bsc#1164780 bsc#1165211 jsc#SLE-8654). - scsi: lpfc: Update lpfc version to 12.8.0.2 (bsc#1172687 bsc#1171530). - scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (bsc#1173206). - scsi: qla2xxx: Delete all sessions before unregister local nvme port (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Do not log message when reading port speed via sysfs (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334 bsc#1157169). - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (bsc#1158983). - scsi: sd_zbc: Fix sd_zbc_complete() (bsc#1173206). - scsi: smartpqi: Update attribute name to `driver_version` (bsc#1173206). - scsi: zfcp: add diagnostics buffer for exchange config data (bsc#1158050). - scsi: zfcp: auto variables for dereferenced structs in open port handler (bsc#1158050). - scsi: zfcp: diagnostics buffer caching and use for exchange port data (bsc#1158050). - scsi: zfcp: enhance handling of FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: expose fabric name as common fc_host sysfs attribute (bsc#1158050). - scsi: zfcp: Fence adapter status propagation for common statuses (bsc#1158050). - scsi: zfcp: Fence early sysfs interfaces for accesses of shost objects (bsc#1158050). - scsi: zfcp: Fence fc_host updates during link-down handling (bsc#1158050). - scsi: zfcp: fix fc_host attributes that should be unknown on local link down (bsc#1158050). - scsi: zfcp: fix wrong data and display format of SFP+ temperature (bsc#1158050). - scsi: zfcp: implicitly refresh config-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: implicitly refresh port-data diagnostics when reading sysfs (bsc#1158050). - scsi: zfcp: introduce sysfs interface for diagnostics of local SFP transceiver (bsc#1158050). - scsi: zfcp: introduce sysfs interface to read the local B2B-Credit (bsc#1158050). - scsi: zfcp: log FC Endpoint Security errors (bsc#1158050). - scsi: zfcp: log FC Endpoint Security of connections (bsc#1158050). - scsi: zfcp: Move allocation of the shost object to after xconf- and xport-data (bsc#1158050). - scsi: zfcp: Move fc_host updates during xport data handling into fenced function (bsc#1158050). - scsi: zfcp: move maximum age of diagnostic buffers into a per-adapter variable (bsc#1158050). - scsi: zfcp: Move p-t-p port allocation to after xport data (bsc#1158050). - scsi: zfcp: Move shost modification after QDIO (re-)open into fenced function (bsc#1158050). - scsi: zfcp: Move shost updates during xconfig data handling into fenced function (bsc#1158050). - scsi: zfcp: proper indentation to reduce confusion in zfcp_erp_required_act (bsc#1158050). - scsi: zfcp: report FC Endpoint Security in sysfs (bsc#1158050). - scsi: zfcp: signal incomplete or error for sync exchange config/port data (bsc#1158050). - scsi: zfcp: support retrieval of SFP Data via Exchange Port Data (bsc#1158050). - scsi: zfcp: trace FC Endpoint Security of FCP devices and connections (bsc#1158050). - scsi: zfcp: wire previously driver-specific sysfs attributes also to fc_host (bsc#1158050). - sctp: Do not add the shutdown timer if its already been added (networking-stable-20_05_27). - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (networking-stable-20_05_27). - selftests/bpf: CONFIG_IPV6_SEG6_BPF required for test_seg6_loop.o (bsc#1155518). - selftests/bpf: CONFIG_LIRC required for test_lirc_mode2.sh (bsc#1155518). - selftests/bpf: Fix invalid memory reads in core_relo selftest (bsc#1155518). - selftests/bpf: Fix memory leak in extract_build_id() (bsc#1155518). - selftests/bpf, flow_dissector: Close TAP device FD after the test (bsc#1155518). - selftests/bpf: Make sure optvals > PAGE_SIZE are bypassed (bsc#1155518). - selftests/timens: handle a case when alarm clocks are not supported (bsc#1164648,jsc#SLE-11493). - serial: 8250: Fix max baud limit in generic 8250 port (git-fixes). - signal: Avoid corrupting si_pid and si_uid in do_notify_parent (bsc#1171529). - slimbus: core: Fix mismatch in of_node_get/put (git-fixes). - slimbus: ngd: get drvdata from correct device (git-fixes). - socionext: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - soc: mediatek: cmdq: return send msg error code (git-fixes). - soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner (git-fixes). - soc: qcom: rpmh: Invalidate SLEEP and WAKE TCSes before flushing new data (git-fixes). - soc: qcom: rpmh-rsc: Allow using free WAKE TCS for active request (git-fixes). - soc: qcom: rpmh-rsc: Clear active mode configuration for wake TCS (git-fixes). - soc: qcom: rpmh: Update dirty flag only when data changes (git-fixes). - soc/tegra: pmc: Select GENERIC_PINCONF (git-fixes). - spi: bcm2835aux: Fix controller unregister order (git-fixes). - spi: bcm2835: Fix controller unregister order (git-fixes). - spi: bcm-qspi: Handle clock probe deferral (git-fixes). - spi: bcm-qspi: when tx/rx buffer is NULL set to 0 (git-fixes). - SPI: designware: pci: Switch over to MSI interrupts (jsc#SLE-12735). - spi: dt-bindings: spi-controller: Fix #address-cells for slave mode (git-fixes). - spi: dw: Add SPI Rx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Add SPI Tx-done wait method to DMA-based transfer (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix controller unregister order (git-fixes). - spi: dw: Fix native CS being unset (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw-pci: Add MODULE_DEVICE_TABLE (jsc#SLE-12735). - spi: dw-pci: Add runtime power management support (jsc#SLE-12735). - spi: dw-pci: Add support for Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw-pci: Fix Chip Select amount on Intel Elkhart Lake PSE SPI (jsc#SLE-12735). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: dw: use "smp_mb()" to avoid sending spi data error (git-fixes). - spi: dw: Zero DMA Tx and Rx configurations on stack (git-fixes). - spi: Fix controller unregister order (git-fixes). - spi: fsl: do not map irq during probe (git-fixes). - spi: fsl: use platform_get_irq() instead of of_irq_to_resource() (git-fixes). - spi: pxa2xx: Apply CS clk quirk to BXT (git-fixes). - spi: pxa2xx: Fix controller unregister order (git-fixes). - spi: pxa2xx: Fix runtime PM ref imbalance on probe error (git-fixes). - spi: Respect DataBitLength field of SpiSerialBusV2() ACPI resource (git-fixes). - spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (git-fixes). - spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (git-fixes). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (git-fixes). - spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (git-fixes). - spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices (git-fixes). - spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH (git-fixes). - staging: iio: ad2s1210: Fix SPI reading (git-fixes). - staging: kpc2000: fix error return code in kp2000_pcie_probe() (git-fixes). - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK (git-fixes). - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() (git-fixes). - staging: sm750fb: add missing case while setting FB_VISUAL (git-fixes). - sun6i: dsi: fix gcc-4.8 (bsc#1152489) - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - SUNRPC: Signalled ASYNC tasks need to exit (git-fixes). - supported.conf: Add pinctrl-tigerlake as supported - supported.conf: Mark two hwtracing helper modules as externally supported (bsc#1170879) - svcrdma: Fix leak of svc_rdma_recv_ctxt objects (git-fixes). - tcp: cache line align MAX_TCP_HEADER (networking-stable-20_04_27). - tcp: fix error recovery in tcp_zerocopy_receive() (networking-stable-20_05_16). - tcp: fix SO_RCVLOWAT hangs with fat skbs (networking-stable-20_05_16). - team: fix hang in team_mode_get() (networking-stable-20_04_27). - tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes (bsc#1173284). - thermal/drivers/mediatek: Fix bank number settings on mt8183 (git-fixes). - thermal/drivers/rcar_gen3: Fix undefined temperature if negative (git-fixes). - thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR (git-fixes). - thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (jsc#SLE-12668). - tick/sched: Annotate lockless access to last_jiffies_update (bsc#1173438). - timer: Use hlist_unhashed_lockless() in timer_pending() (bsc#1173438). - tipc: block BH before using dst_cache (networking-stable-20_05_27). - tipc: fix partial topology connection closure (networking-stable-20_05_12). - torture: Allow "CFLIST" to specify default list of scenarios (bsc#1173068). - torture: Expand last_ts variable in kvm-test-1-run.sh (bsc#1173068). - torture: Handle jitter for CPUs that cannot be offlined (bsc#1173068). - torture: Handle systems lacking the mpstat command (bsc#1173068). - torture: Hoist calls to lscpu to higher-level kvm.sh script (bsc#1173068). - torture: Make results-directory date format completion-friendly (bsc#1173068). - torture: Use gawk instead of awk for systime() function (bsc#1173068). - tpm: Fix TIS locality timeout problems (git-fixes). - tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (bsc#1065729). - tpm_tis: Remove the HID IFX0102 (git-fixes). - tracing: Fix event trigger to accept redundant spaces (git-fixes). - tty: n_gsm: Fix bogus i++ in gsm_data_kick (git-fixes). - tty: n_gsm: Fix SOF skipping (git-fixes). - tty: n_gsm: Fix waking up upper tty layer when room available (git-fixes). - tty: serial: add missing spin_lock_init for SiFive serial console (git-fixes). - tun: correct header offsets in napi frags mode (git-fixes). - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040 (networking-stable-20_05_12). - ubifs: fix wrong use of crypto_shash_descsize() (bsc#1173827). - ubifs: remove broken lazytime support (bsc#1173826). - Update patch reference for intel_th patch (jsc#SLE-12705) - Update patch reference tag for ACPI lockdown fix (bsc#1173573) - Update the patch reference for ish-hid fix (jsc#SLE-12683) - usb: add USB_QUIRK_DELAY_INIT for Logitech C922 (git-fixes). - USB: core: Fix misleading driver bug report (git-fixes). - usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B (git-fixes). - usb: dwc2: gadget: move gadget resume after the core is in L0 state (git-fixes). - usb: dwc3: gadget: Properly handle ClearFeature(halt) (git-fixes). - usb: dwc3: gadget: Properly handle failed kick_transfer (git-fixes). - usb: dwc3: pci: Enable extcon driver for Intel Merrifield (git-fixes). - usb/ehci-platform: Set PM runtime as active on resume (git-fixes). - USB: ehci: reopen solution for Synopsys HC bug (git-fixes). - usb: gadget: audio: Fix a missing error return value in audio_bind() (git-fixes). - USB: gadget: fix illegal array access in binding with UDC (git-fixes). - usb: gadget: fix potential double-free in m66592_probe (git-fixes). - usb: gadget: legacy: fix error return code in cdc_bind() (git-fixes). - usb: gadget: legacy: fix error return code in gncm_bind() (git-fixes). - usb: gadget: legacy: fix redundant initialization warnings (git-fixes). - usb: gadget: lpc32xx_udc: do not dereference ep pointer before null check (git-fixes). - usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' (git-fixes). - usb: gadget: udc: atmel: Make some symbols static (git-fixes). - usb: gadget: udc: Potential Oops in error handling code (git-fixes). - USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke (git-fixes). - usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() (git-fixes). - USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() (git-fixes). - usb: host: ehci-platform: add a quirk to avoid stuck (git-fixes). - usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - usb: host: xhci-plat: keep runtime active when removing host (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usb: musb: Fix runtime PM imbalance on error (git-fixes). - usb: musb: start session in resume for host port (git-fixes). - usb/ohci-platform: Fix a warning when hibernating (git-fixes). - USB: ohci-sm501: Add missed iounmap() in remove (git-fixes). - USB: ohci-sm501: fix error return code in ohci_hcd_sm501_drv_probe() (git-fixes). - usb: renesas_usbhs: getting residue from callback_result (git-fixes). - USB: serial: ch341: add basis for quirk detection (git-fixes). - USB: serial: option: add Telit LE910C1-EUX compositions (git-fixes). - USB: serial: qcserial: add DW5816e QDL support (git-fixes). - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors (git-fixes). - usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs (git-fixes). - usb: usbfs: correct kernel->user page attribute mismatch (git-fixes). - USB: usbfs: fix mmap dma mismatch (git-fixes). - usb/xhci-plat: Set PM runtime as active on resume (git-fixes). - vfio: avoid possible overflow in vfio_iommu_type1_pin_pages (git-fixes). - vfio: Ignore -ENODEV when getting MSI cookie (git-fixes). - vfio/mdev: Fix reference count leak in add_mdev_supported_type (git-fixes). - vfio/pci: fix memory leaks in alloc_perm_bits() (git-fixes). - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (git-fixes). - video: fbdev: w100fb: Fix a potential double free (git-fixes). - video: vt8500lcdfb: fix fallthrough warning (bsc#1152489) - virtio-blk: handle block_device_operations callbacks after hot unplug (git fixes (block drivers)). - virtio_net: fix lockdep warning on 32 bit (networking-stable-20_05_16). - vmxnet3: add geneve and vxlan tunnel offload support (bsc#1172484). - vmxnet3: add support to get/set rx flow hash (bsc#1172484). - vmxnet3: allow rx flow hash ops only when rss is enabled (bsc#1172484). - vmxnet3: prepare for version 4 changes (bsc#1172484). - vmxnet3: update to version 4 (bsc#1172484). - vmxnet3: use correct hdr reference when packet is encapsulated (bsc#1172484). - vrf: Check skb for XFRM_TRANSFORMED flag (networking-stable-20_04_27). - vrf: Fix IPv6 with qdisc and xfrm (networking-stable-20_04_27). - vsprintf: do not obfuscate NULL and error pointers (bsc#1172086). - vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (git-fixes). - vt: vt_ioctl: remove unnecessary console allocation checks (git-fixes). - vxlan: use the correct nlattr array in NL_SET_ERR_MSG_ATTR (networking-stable-20_04_27). - w1: omap-hdq: cleanup to add missing newline for some dev_dbg (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: imx_sc_wdt: Fix reboot on crash (git-fixes). - wcn36xx: Fix error handling path in 'wcn36xx_probe()' (git-fixes). - wil6210: account for napi_gro_receive never returning GRO_DROP (bsc#1154353). - wil6210: add wil_netif_rx() helper function (bsc#1154353). - wil6210: use after free in wil_netif_rx_any() (bsc#1154353). - wireguard: device: avoid circular netns references (git-fixes). - wireguard: noise: do not assign initiation time in if condition (git-fixes). - wireguard: noise: read preshared key while taking lock (bsc#1169021 jsc#SLE-12250). - wireguard: noise: separate receive counter from send counter (bsc#1169021 jsc#SLE-12250). - wireguard: queueing: preserve flow hash across packet scrubbing (bsc#1169021 jsc#SLE-12250). - wireguard: receive: account for napi_gro_receive never returning GRO_DROP (git-fixes). - wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning (git-fixes). - wireguard: selftests: use newer iproute2 for gcc-10 (bsc#1169021 jsc#SLE-12250). - work around mvfs bug (bsc#1162063). - workqueue: do not use wq_select_unbound_cpu() for bound works (git-fixes). - workqueue: Remove the warning in wq_worker_sleeping() (git-fixes). - x86/amd_nb: Add AMD family 17h model 60h PCI IDs (git-fixes). - x86/cpu/amd: Make erratum #1054 a legacy erratum (bsc#1152489). - x86: Fix early boot crash on gcc-10, third try (bsc#1152489). - x86/mm/cpa: Flush direct map alias during cpa (bsc#1152489). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/reboot/quirks: Add MacBook6,1 reboot quirk (git-fixes). - x86/resctrl: Fix invalid attempt at removing the default resource group (bsc#1152489). - x86/resctrl: Preserve CDP enable over CPU hotplug (bsc#1152489). - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks (bsc#1058115). - xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish (networking-stable-20_04_27). - xfrm: fix error in comment (git fixes (block drivers)). - xfs: clean up the error handling in xfs_swap_extents (git-fixes). - xfs: do not commit sunit/swidth updates to disk if that would cause repair failures (bsc#1172169). - xfs: do not fail unwritten extent conversion on writeback due to edquot (bsc#1158242). - xfs: fix duplicate verification from xfs_qm_dqflush() (git-fixes). - xfs: force writes to delalloc regions to unwritten (bsc#1158242). - xfs: measure all contiguous previous extents for prealloc size (bsc#1158242). - xfs: preserve default grace interval during quotacheck (bsc#1172170). - xfs: refactor agfl length computation function (bsc#1172169). - xfs: split the sunit parameter update into two parts (bsc#1172169). - xhci: Fix enumeration issue when setting max packet size for FS devices (git-fixes). - xhci: Fix incorrect EP_STATE_MASK (git-fixes). - xhci: Poll for U0 after disabling USB2 LPM (git-fixes). - xhci: Return if xHCI does not support LPM (git-fixes). - xprtrdma: Fix handling of RDMA_ERROR replies (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2027=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.5.1 kernel-azure-debuginfo-5.3.18-18.5.1 kernel-azure-debugsource-5.3.18-18.5.1 kernel-azure-devel-5.3.18-18.5.1 kernel-azure-devel-debuginfo-5.3.18-18.5.1 kernel-syms-azure-5.3.18-18.5.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.5.1 kernel-source-azure-5.3.18-18.5.1 References: https://www.suse.com/security/cve/CVE-2019-19462.html https://www.suse.com/security/cve/CVE-2019-20810.html https://www.suse.com/security/cve/CVE-2019-20812.html https://www.suse.com/security/cve/CVE-2020-10711.html https://www.suse.com/security/cve/CVE-2020-10732.html https://www.suse.com/security/cve/CVE-2020-10751.html https://www.suse.com/security/cve/CVE-2020-10766.html https://www.suse.com/security/cve/CVE-2020-10767.html https://www.suse.com/security/cve/CVE-2020-10768.html https://www.suse.com/security/cve/CVE-2020-10773.html https://www.suse.com/security/cve/CVE-2020-12656.html https://www.suse.com/security/cve/CVE-2020-12769.html https://www.suse.com/security/cve/CVE-2020-12771.html https://www.suse.com/security/cve/CVE-2020-12888.html https://www.suse.com/security/cve/CVE-2020-13143.html https://www.suse.com/security/cve/CVE-2020-13974.html https://www.suse.com/security/cve/CVE-2020-14416.html https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-15780.html https://bugzilla.suse.com/1058115 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1148868 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154492 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1155798 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1157169 https://bugzilla.suse.com/1158050 https://bugzilla.suse.com/1158242 https://bugzilla.suse.com/1158265 https://bugzilla.suse.com/1158748 https://bugzilla.suse.com/1158765 https://bugzilla.suse.com/1158983 https://bugzilla.suse.com/1159781 https://bugzilla.suse.com/1159867 https://bugzilla.suse.com/1160947 https://bugzilla.suse.com/1161495 https://bugzilla.suse.com/1162002 https://bugzilla.suse.com/1162063 https://bugzilla.suse.com/1162400 https://bugzilla.suse.com/1162702 https://bugzilla.suse.com/1164648 https://bugzilla.suse.com/1164777 https://bugzilla.suse.com/1164780 https://bugzilla.suse.com/1165211 https://bugzilla.suse.com/1165975 https://bugzilla.suse.com/1166985 https://bugzilla.suse.com/1167104 https://bugzilla.suse.com/1167651 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1168230 https://bugzilla.suse.com/1168779 https://bugzilla.suse.com/1168838 https://bugzilla.suse.com/1169021 https://bugzilla.suse.com/1169094 https://bugzilla.suse.com/1169194 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1169681 https://bugzilla.suse.com/1170011 https://bugzilla.suse.com/1170284 https://bugzilla.suse.com/1170442 https://bugzilla.suse.com/1170617 https://bugzilla.suse.com/1170774 https://bugzilla.suse.com/1170879 https://bugzilla.suse.com/1170891 https://bugzilla.suse.com/1170895 https://bugzilla.suse.com/1171150 https://bugzilla.suse.com/1171189 https://bugzilla.suse.com/1171191 https://bugzilla.suse.com/1171219 https://bugzilla.suse.com/1171220 https://bugzilla.suse.com/1171246 https://bugzilla.suse.com/1171417 https://bugzilla.suse.com/1171513 https://bugzilla.suse.com/1171529 https://bugzilla.suse.com/1171530 https://bugzilla.suse.com/1171662 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171699 https://bugzilla.suse.com/1171732 https://bugzilla.suse.com/1171739 https://bugzilla.suse.com/1171743 https://bugzilla.suse.com/1171759 https://bugzilla.suse.com/1171828 https://bugzilla.suse.com/1171868 https://bugzilla.suse.com/1171904 https://bugzilla.suse.com/1171915 https://bugzilla.suse.com/1171982 https://bugzilla.suse.com/1171983 https://bugzilla.suse.com/1172017 https://bugzilla.suse.com/1172046 https://bugzilla.suse.com/1172061 https://bugzilla.suse.com/1172062 https://bugzilla.suse.com/1172063 https://bugzilla.suse.com/1172064 https://bugzilla.suse.com/1172065 https://bugzilla.suse.com/1172066 https://bugzilla.suse.com/1172067 https://bugzilla.suse.com/1172068 https://bugzilla.suse.com/1172069 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1172086 https://bugzilla.suse.com/1172095 https://bugzilla.suse.com/1172169 https://bugzilla.suse.com/1172170 https://bugzilla.suse.com/1172208 https://bugzilla.suse.com/1172223 https://bugzilla.suse.com/1172342 https://bugzilla.suse.com/1172343 https://bugzilla.suse.com/1172344 https://bugzilla.suse.com/1172365 https://bugzilla.suse.com/1172366 https://bugzilla.suse.com/1172374 https://bugzilla.suse.com/1172391 https://bugzilla.suse.com/1172393 https://bugzilla.suse.com/1172394 https://bugzilla.suse.com/1172453 https://bugzilla.suse.com/1172458 https://bugzilla.suse.com/1172467 https://bugzilla.suse.com/1172484 https://bugzilla.suse.com/1172537 https://bugzilla.suse.com/1172543 https://bugzilla.suse.com/1172687 https://bugzilla.suse.com/1172719 https://bugzilla.suse.com/1172739 https://bugzilla.suse.com/1172751 https://bugzilla.suse.com/1172759 https://bugzilla.suse.com/1172775 https://bugzilla.suse.com/1172781 https://bugzilla.suse.com/1172782 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172814 https://bugzilla.suse.com/1172823 https://bugzilla.suse.com/1172841 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172938 https://bugzilla.suse.com/1172939 https://bugzilla.suse.com/1172940 https://bugzilla.suse.com/1172956 https://bugzilla.suse.com/1172983 https://bugzilla.suse.com/1172984 https://bugzilla.suse.com/1172985 https://bugzilla.suse.com/1172986 https://bugzilla.suse.com/1172987 https://bugzilla.suse.com/1172988 https://bugzilla.suse.com/1172989 https://bugzilla.suse.com/1172990 https://bugzilla.suse.com/1172999 https://bugzilla.suse.com/1173060 https://bugzilla.suse.com/1173068 https://bugzilla.suse.com/1173085 https://bugzilla.suse.com/1173139 https://bugzilla.suse.com/1173206 https://bugzilla.suse.com/1173271 https://bugzilla.suse.com/1173280 https://bugzilla.suse.com/1173284 https://bugzilla.suse.com/1173428 https://bugzilla.suse.com/1173438 https://bugzilla.suse.com/1173461 https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1173552 https://bugzilla.suse.com/1173573 https://bugzilla.suse.com/1173625 https://bugzilla.suse.com/1173746 https://bugzilla.suse.com/1173776 https://bugzilla.suse.com/1173817 https://bugzilla.suse.com/1173818 https://bugzilla.suse.com/1173820 https://bugzilla.suse.com/1173822 https://bugzilla.suse.com/1173823 https://bugzilla.suse.com/1173824 https://bugzilla.suse.com/1173825 https://bugzilla.suse.com/1173826 https://bugzilla.suse.com/1173827 https://bugzilla.suse.com/1173828 https://bugzilla.suse.com/1173830 https://bugzilla.suse.com/1173831 https://bugzilla.suse.com/1173832 https://bugzilla.suse.com/1173833 https://bugzilla.suse.com/1173834 https://bugzilla.suse.com/1173836 https://bugzilla.suse.com/1173837 https://bugzilla.suse.com/1173838 https://bugzilla.suse.com/1173839 https://bugzilla.suse.com/1173841 https://bugzilla.suse.com/1173843 https://bugzilla.suse.com/1173844 https://bugzilla.suse.com/1173845 https://bugzilla.suse.com/1173847 https://bugzilla.suse.com/1173860 https://bugzilla.suse.com/1173894 https://bugzilla.suse.com/1174018 https://bugzilla.suse.com/1174244 https://bugzilla.suse.com/1174345 From sle-security-updates at lists.suse.com Thu Jul 23 10:37:31 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Jul 2020 18:37:31 +0200 (CEST) Subject: SUSE-SU-2020:2029-1: moderate: Security update for libraw Message-ID: <20200723163731.BC865FC39@maintenance.suse.de> SUSE Security Update: Security update for libraw ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2029-1 Rating: moderate References: #1173674 Cross-References: CVE-2020-15503 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libraw fixes the following issues: - security update - added patches fix CVE-2020-15503 [bsc#1173674], lack of thumbnail size range check can lead to buffer overflow + libraw-CVE-2020-15503.patch Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2029=1 - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2029=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libraw-debuginfo-0.18.9-3.11.1 libraw-debugsource-0.18.9-3.11.1 libraw-devel-0.18.9-3.11.1 libraw16-0.18.9-3.11.1 libraw16-debuginfo-0.18.9-3.11.1 - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): libraw-debuginfo-0.18.9-3.11.1 libraw-debugsource-0.18.9-3.11.1 libraw-devel-0.18.9-3.11.1 libraw16-0.18.9-3.11.1 libraw16-debuginfo-0.18.9-3.11.1 References: https://www.suse.com/security/cve/CVE-2020-15503.html https://bugzilla.suse.com/1173674 From sle-security-updates at lists.suse.com Thu Jul 23 10:38:12 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Jul 2020 18:38:12 +0200 (CEST) Subject: SUSE-SU-2020:2028-1: moderate: Security update for libraw Message-ID: <20200723163812.33FB1FC39@maintenance.suse.de> SUSE Security Update: Security update for libraw ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2028-1 Rating: moderate References: #1173674 Cross-References: CVE-2020-15503 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libraw fixes the following issues: - security update - added patches fix CVE-2020-15503 [bsc#1173674], lack of thumbnail size range check can lead to buffer overflow + libraw-CVE-2020-15503.patch Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2028=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2028=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libraw-debugsource-0.15.4-33.1 libraw9-0.15.4-33.1 libraw9-debuginfo-0.15.4-33.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libraw-debugsource-0.15.4-33.1 libraw-devel-0.15.4-33.1 libraw-devel-static-0.15.4-33.1 libraw9-0.15.4-33.1 libraw9-debuginfo-0.15.4-33.1 References: https://www.suse.com/security/cve/CVE-2020-15503.html https://bugzilla.suse.com/1173674 From sle-security-updates at lists.suse.com Thu Jul 23 10:38:54 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Jul 2020 18:38:54 +0200 (CEST) Subject: SUSE-SU-2020:14437-1: moderate: Security update for samba Message-ID: <20200723163854.47A94FC39@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14437-1 Rating: moderate References: #1173160 Cross-References: CVE-2020-10745 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-samba-14437=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-samba-14437=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-samba-14437=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-samba-14437=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): ldapsmb-1.34b-94.26.1 libldb1-3.6.3-94.26.1 libsmbclient0-3.6.3-94.26.1 libtalloc2-3.6.3-94.26.1 libtdb1-3.6.3-94.26.1 libtevent0-3.6.3-94.26.1 libwbclient0-3.6.3-94.26.1 samba-3.6.3-94.26.1 samba-client-3.6.3-94.26.1 samba-krb-printing-3.6.3-94.26.1 samba-winbind-3.6.3-94.26.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-94.26.1 libtalloc2-32bit-3.6.3-94.26.1 libtdb1-32bit-3.6.3-94.26.1 libtevent0-32bit-3.6.3-94.26.1 libwbclient0-32bit-3.6.3-94.26.1 samba-32bit-3.6.3-94.26.1 samba-client-32bit-3.6.3-94.26.1 samba-winbind-32bit-3.6.3-94.26.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): samba-doc-3.6.3-94.26.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): samba-doc-3.6.3-94.26.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): ldapsmb-1.34b-94.26.1 libldb1-3.6.3-94.26.1 libsmbclient0-3.6.3-94.26.1 libtalloc2-3.6.3-94.26.1 libtdb1-3.6.3-94.26.1 libtevent0-3.6.3-94.26.1 libwbclient0-3.6.3-94.26.1 samba-3.6.3-94.26.1 samba-client-3.6.3-94.26.1 samba-krb-printing-3.6.3-94.26.1 samba-winbind-3.6.3-94.26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): samba-debuginfo-3.6.3-94.26.1 samba-debugsource-3.6.3-94.26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): samba-debuginfo-32bit-3.6.3-94.26.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): samba-debuginfo-3.6.3-94.26.1 samba-debugsource-3.6.3-94.26.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x): samba-debuginfo-32bit-3.6.3-94.26.1 References: https://www.suse.com/security/cve/CVE-2020-10745.html https://bugzilla.suse.com/1173160 From sle-security-updates at lists.suse.com Thu Jul 23 10:39:38 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Jul 2020 18:39:38 +0200 (CEST) Subject: SUSE-SU-2020:2025-1: moderate: Security update for perl-YAML-LibYAML Message-ID: <20200723163938.B4D3AFC39@maintenance.suse.de> SUSE Security Update: Security update for perl-YAML-LibYAML ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2025-1 Rating: moderate References: #1173703 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for perl-YAML-LibYAML fixes the following issues: perl-YAML-LibYAML was updated to 0.69: [bsc#1173703] * Security fix: Add $LoadBlessed option to turn on/off loading objects: Default is set to true. Note that, the behavior is unchanged. * Clarify documentation about exported functions * Dump() was modifying original data, adding a PV to numbers * Support standard tags !!str, !!map and !!seq instead of dying. * Support JSON::PP::Boolean and boolean.pm via $YAML::XS::Boolean. * Fix regex roundtrip. Fix loading of many regexes. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2025=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2025=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): perl-YAML-LibYAML-0.69-3.3.1 perl-YAML-LibYAML-debuginfo-0.69-3.3.1 perl-YAML-LibYAML-debugsource-0.69-3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): perl-YAML-LibYAML-0.69-3.3.1 perl-YAML-LibYAML-debuginfo-0.69-3.3.1 perl-YAML-LibYAML-debugsource-0.69-3.3.1 References: https://bugzilla.suse.com/1173703 From sle-security-updates at lists.suse.com Thu Jul 23 13:13:29 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 23 Jul 2020 21:13:29 +0200 (CEST) Subject: SUSE-SU-2020:2032-1: important: Security update for freerdp Message-ID: <20200723191329.2E0D6FDE4@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2032-1 Rating: important References: #1169679 #1169748 #1171441 #1171443 #1171444 #1171445 #1171446 #1171447 #1171474 #1173247 #1173605 #1174200 Cross-References: CVE-2020-11017 CVE-2020-11018 CVE-2020-11019 CVE-2020-11038 CVE-2020-11039 CVE-2020-11040 CVE-2020-11041 CVE-2020-11043 CVE-2020-11085 CVE-2020-11086 CVE-2020-11087 CVE-2020-11088 CVE-2020-11089 CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398 CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes 31 vulnerabilities is now available. Description: This update for freerdp fixes the following issues: frerdp was updated to version 2.1.2 (bsc#1171441,bsc#1173247 and jsc#ECO-2006): - CVE-2020-11017: Fixed a double free which could have denied the server's service. - CVE-2020-11018: Fixed an out of bounds read which a malicious clients could have triggered. - CVE-2020-11019: Fixed an issue which could have led to denial of service if logger was set to "WLOG_TRACE". - CVE-2020-11038: Fixed a buffer overflow when /video redirection was used. - CVE-2020-11039: Fixed an issue which could have allowed arbitrary memory read and write when USB redirection was enabled. - CVE-2020-11040: Fixed an out of bounds data read in clear_decompress_subcode_rlex. - CVE-2020-11041: Fixed an issue with the configuration for sound backend which could have led to server's denial of service. - CVE-2020-11043: Fixed an out of bounds read in rfx_process_message_tileset. - CVE-2020-11085: Fixed an out of bounds read in cliprdr_read_format_list. - CVE-2020-11086: Fixed an out of bounds read in ntlm_read_ntlm_v2_client_challenge. - CVE-2020-11087: Fixed an out of bounds read in ntlm_read_AuthenticateMessage. - CVE-2020-11088: Fixed an out of bounds read in ntlm_read_NegotiateMessage. - CVE-2020-11089: Fixed an out of bounds read in irp function family. - CVE-2020-11095: Fixed a global out of bounds read in update_recv_primary_order. - CVE-2020-11096: Fixed a global out of bounds read in update_read_cache_bitmap_v3_order. - CVE-2020-11097: Fixed an out of bounds read in ntlm_av_pair_get. - CVE-2020-11098: Fixed an out of bounds read in glyph_cache_put. - CVE-2020-11099: Fixed an out of bounds Read in license_read_new_or_upgrade_license_packet. - CVE-2020-11521: Fixed an out of bounds write in planar.c (bsc#1171443). - CVE-2020-11522: Fixed an out of bounds read in gdi.c (bsc#1171444). - CVE-2020-11523: Fixed an integer overflow in region.c (bsc#1171445). - CVE-2020-11524: Fixed an out of bounds write in interleaved.c (bsc#1171446). - CVE-2020-11525: Fixed an out of bounds read in bitmap.c (bsc#1171447). - CVE-2020-11526: Fixed an out of bounds read in update_recv_secondary_order (bsc#1171674). - CVE-2020-13396: Fixed an Read in ntlm_read_ChallengeMessage. - CVE-2020-13397: Fixed an out of bounds read in security_fips_decrypt due to uninitialized value. - CVE-2020-13398: Fixed an out of bounds write in crypto_rsa_common. - CVE-2020-4030: Fixed an out of bounds read in `TrioParse`. - CVE-2020-4031: Fixed a use after free in gdi_SelectObject. - CVE-2020-4032: Fixed an integer casting in `update_recv_secondary_order`. - CVE-2020-4033: Fixed an out of bound read in RLEDECOMPRESS. - Fixed an issue where freerdp failed with -fno-common (bsc#1169748). - Fixed an issue where USB redirection with FreeRDP was not working (bsc#1169679). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2032=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): freerdp-2.1.2-10.15.1 freerdp-debuginfo-2.1.2-10.15.1 freerdp-debugsource-2.1.2-10.15.1 freerdp-devel-2.1.2-10.15.1 libfreerdp2-2.1.2-10.15.1 libfreerdp2-debuginfo-2.1.2-10.15.1 libwinpr2-2.1.2-10.15.1 libwinpr2-debuginfo-2.1.2-10.15.1 winpr2-devel-2.1.2-10.15.1 References: https://www.suse.com/security/cve/CVE-2020-11017.html https://www.suse.com/security/cve/CVE-2020-11018.html https://www.suse.com/security/cve/CVE-2020-11019.html https://www.suse.com/security/cve/CVE-2020-11038.html https://www.suse.com/security/cve/CVE-2020-11039.html https://www.suse.com/security/cve/CVE-2020-11040.html https://www.suse.com/security/cve/CVE-2020-11041.html https://www.suse.com/security/cve/CVE-2020-11043.html https://www.suse.com/security/cve/CVE-2020-11085.html https://www.suse.com/security/cve/CVE-2020-11086.html https://www.suse.com/security/cve/CVE-2020-11087.html https://www.suse.com/security/cve/CVE-2020-11088.html https://www.suse.com/security/cve/CVE-2020-11089.html https://www.suse.com/security/cve/CVE-2020-11095.html https://www.suse.com/security/cve/CVE-2020-11096.html https://www.suse.com/security/cve/CVE-2020-11097.html https://www.suse.com/security/cve/CVE-2020-11098.html https://www.suse.com/security/cve/CVE-2020-11099.html https://www.suse.com/security/cve/CVE-2020-11521.html https://www.suse.com/security/cve/CVE-2020-11522.html https://www.suse.com/security/cve/CVE-2020-11523.html https://www.suse.com/security/cve/CVE-2020-11524.html https://www.suse.com/security/cve/CVE-2020-11525.html https://www.suse.com/security/cve/CVE-2020-11526.html https://www.suse.com/security/cve/CVE-2020-13396.html https://www.suse.com/security/cve/CVE-2020-13397.html https://www.suse.com/security/cve/CVE-2020-13398.html https://www.suse.com/security/cve/CVE-2020-4030.html https://www.suse.com/security/cve/CVE-2020-4031.html https://www.suse.com/security/cve/CVE-2020-4032.html https://www.suse.com/security/cve/CVE-2020-4033.html https://bugzilla.suse.com/1169679 https://bugzilla.suse.com/1169748 https://bugzilla.suse.com/1171441 https://bugzilla.suse.com/1171443 https://bugzilla.suse.com/1171444 https://bugzilla.suse.com/1171445 https://bugzilla.suse.com/1171446 https://bugzilla.suse.com/1171447 https://bugzilla.suse.com/1171474 https://bugzilla.suse.com/1173247 https://bugzilla.suse.com/1173605 https://bugzilla.suse.com/1174200 From sle-security-updates at lists.suse.com Fri Jul 24 10:12:53 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:12:53 +0200 (CEST) Subject: SUSE-SU-2020:2045-1: important: Security update for tomcat Message-ID: <20200724161253.39AECFC39@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2045-1 Rating: important References: #1174117 #1174121 Cross-References: CVE-2020-13934 CVE-2020-13935 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tomcat fixes the following issues: - Fixed CVEs: CVE-2020-13934 (bsc#1174121) CVE-2020-13935 (bsc#1174117) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2045=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2045=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2045=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2045=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): tomcat-9.0.36-3.65.2 tomcat-admin-webapps-9.0.36-3.65.2 tomcat-el-3_0-api-9.0.36-3.65.2 tomcat-jsp-2_3-api-9.0.36-3.65.2 tomcat-lib-9.0.36-3.65.2 tomcat-servlet-4_0-api-9.0.36-3.65.2 tomcat-webapps-9.0.36-3.65.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): tomcat-9.0.36-3.65.2 tomcat-admin-webapps-9.0.36-3.65.2 tomcat-el-3_0-api-9.0.36-3.65.2 tomcat-jsp-2_3-api-9.0.36-3.65.2 tomcat-lib-9.0.36-3.65.2 tomcat-servlet-4_0-api-9.0.36-3.65.2 tomcat-webapps-9.0.36-3.65.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): tomcat-9.0.36-3.65.2 tomcat-admin-webapps-9.0.36-3.65.2 tomcat-el-3_0-api-9.0.36-3.65.2 tomcat-jsp-2_3-api-9.0.36-3.65.2 tomcat-lib-9.0.36-3.65.2 tomcat-servlet-4_0-api-9.0.36-3.65.2 tomcat-webapps-9.0.36-3.65.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): tomcat-9.0.36-3.65.2 tomcat-admin-webapps-9.0.36-3.65.2 tomcat-el-3_0-api-9.0.36-3.65.2 tomcat-jsp-2_3-api-9.0.36-3.65.2 tomcat-lib-9.0.36-3.65.2 tomcat-servlet-4_0-api-9.0.36-3.65.2 tomcat-webapps-9.0.36-3.65.2 References: https://www.suse.com/security/cve/CVE-2020-13934.html https://www.suse.com/security/cve/CVE-2020-13935.html https://bugzilla.suse.com/1174117 https://bugzilla.suse.com/1174121 From sle-security-updates at lists.suse.com Fri Jul 24 10:13:44 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:13:44 +0200 (CEST) Subject: SUSE-SU-2020:2037-1: important: Security update for tomcat Message-ID: <20200724161344.217FAFC39@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2037-1 Rating: important References: #1174117 #1174121 Cross-References: CVE-2020-13934 CVE-2020-13935 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tomcat fixes the following issues: - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2037=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2037=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2037=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2037=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2037=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): tomcat-9.0.36-3.45.1 tomcat-admin-webapps-9.0.36-3.45.1 tomcat-docs-webapp-9.0.36-3.45.1 tomcat-el-3_0-api-9.0.36-3.45.1 tomcat-javadoc-9.0.36-3.45.1 tomcat-jsp-2_3-api-9.0.36-3.45.1 tomcat-lib-9.0.36-3.45.1 tomcat-servlet-4_0-api-9.0.36-3.45.1 tomcat-webapps-9.0.36-3.45.1 - SUSE OpenStack Cloud 9 (noarch): tomcat-9.0.36-3.45.1 tomcat-admin-webapps-9.0.36-3.45.1 tomcat-docs-webapp-9.0.36-3.45.1 tomcat-el-3_0-api-9.0.36-3.45.1 tomcat-javadoc-9.0.36-3.45.1 tomcat-jsp-2_3-api-9.0.36-3.45.1 tomcat-lib-9.0.36-3.45.1 tomcat-servlet-4_0-api-9.0.36-3.45.1 tomcat-webapps-9.0.36-3.45.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): tomcat-9.0.36-3.45.1 tomcat-admin-webapps-9.0.36-3.45.1 tomcat-docs-webapp-9.0.36-3.45.1 tomcat-el-3_0-api-9.0.36-3.45.1 tomcat-javadoc-9.0.36-3.45.1 tomcat-jsp-2_3-api-9.0.36-3.45.1 tomcat-lib-9.0.36-3.45.1 tomcat-servlet-4_0-api-9.0.36-3.45.1 tomcat-webapps-9.0.36-3.45.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): tomcat-9.0.36-3.45.1 tomcat-admin-webapps-9.0.36-3.45.1 tomcat-docs-webapp-9.0.36-3.45.1 tomcat-el-3_0-api-9.0.36-3.45.1 tomcat-javadoc-9.0.36-3.45.1 tomcat-jsp-2_3-api-9.0.36-3.45.1 tomcat-lib-9.0.36-3.45.1 tomcat-servlet-4_0-api-9.0.36-3.45.1 tomcat-webapps-9.0.36-3.45.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): tomcat-9.0.36-3.45.1 tomcat-admin-webapps-9.0.36-3.45.1 tomcat-docs-webapp-9.0.36-3.45.1 tomcat-el-3_0-api-9.0.36-3.45.1 tomcat-javadoc-9.0.36-3.45.1 tomcat-jsp-2_3-api-9.0.36-3.45.1 tomcat-lib-9.0.36-3.45.1 tomcat-servlet-4_0-api-9.0.36-3.45.1 tomcat-webapps-9.0.36-3.45.1 References: https://www.suse.com/security/cve/CVE-2020-13934.html https://www.suse.com/security/cve/CVE-2020-13935.html https://bugzilla.suse.com/1174117 https://bugzilla.suse.com/1174121 From sle-security-updates at lists.suse.com Fri Jul 24 10:15:16 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:15:16 +0200 (CEST) Subject: SUSE-SU-2020:2036-1: moderate: Security update for samba Message-ID: <20200724161516.B2A24FC39@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2036-1 Rating: moderate References: #1169473 #1169521 #1172810 #1173160 #1173429 Cross-References: CVE-2020-10745 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). - Fixed a packaging issue where samba_winbind package was installing python3-base without python3 (bsc#1169521). - Fixed an issue with spnego fallback from kerberos to ntlmssp in smbd server (bsc#1169473). - Fixed ntlm authentications with "winbind use default domain = yes" (bsc#1173429). - Added solution for upgrade problem with libsmbldap2 package (bsc#1172810). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2036=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2036=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2036=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libndr-devel-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-krb5pac-devel-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-nbt-devel-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-standard-devel-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-util-devel-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbclient-devel-4.10.5+git.192.26ffbcd7231-3.11.1 libwbclient-devel-4.10.5+git.192.26ffbcd7231-3.11.1 samba-core-devel-4.10.5+git.192.26ffbcd7231-3.11.1 samba-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-debugsource-4.10.5+git.192.26ffbcd7231-3.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.10.5+git.192.26ffbcd7231-3.11.1 libdcerpc-binding0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libdcerpc0-4.10.5+git.192.26ffbcd7231-3.11.1 libdcerpc0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-krb5pac0-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-krb5pac0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-nbt0-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-nbt0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-standard0-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-standard0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libndr0-4.10.5+git.192.26ffbcd7231-3.11.1 libndr0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libnetapi0-4.10.5+git.192.26ffbcd7231-3.11.1 libnetapi0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-credentials0-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-credentials0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-errors0-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-errors0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-hostconfig0-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-hostconfig0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-passdb0-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-passdb0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-util0-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-util0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsamdb0-4.10.5+git.192.26ffbcd7231-3.11.1 libsamdb0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbclient0-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbclient0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbconf0-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbconf0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbldap2-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbldap2-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libtevent-util0-4.10.5+git.192.26ffbcd7231-3.11.1 libtevent-util0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 libwbclient0-4.10.5+git.192.26ffbcd7231-3.11.1 libwbclient0-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-4.10.5+git.192.26ffbcd7231-3.11.1 samba-client-4.10.5+git.192.26ffbcd7231-3.11.1 samba-client-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-debugsource-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-python3-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-python3-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-winbind-4.10.5+git.192.26ffbcd7231-3.11.1 samba-winbind-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libdcerpc-binding0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libdcerpc-binding0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libdcerpc0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libdcerpc0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-krb5pac0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-krb5pac0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-nbt0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-nbt0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-standard0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr-standard0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libndr0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libnetapi0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libnetapi0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-credentials0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-credentials0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-errors0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-errors0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-hostconfig0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-hostconfig0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-passdb0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-passdb0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-util0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamba-util0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamdb0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsamdb0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbclient0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbclient0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbconf0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbconf0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbldap2-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libsmbldap2-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libtevent-util0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libtevent-util0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libwbclient0-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 libwbclient0-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-client-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-client-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-python3-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-libs-python3-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-winbind-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 samba-winbind-debuginfo-32bit-4.10.5+git.192.26ffbcd7231-3.11.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): samba-doc-4.10.5+git.192.26ffbcd7231-3.11.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.10.5+git.192.26ffbcd7231-3.11.1 ctdb-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-debuginfo-4.10.5+git.192.26ffbcd7231-3.11.1 samba-debugsource-4.10.5+git.192.26ffbcd7231-3.11.1 References: https://www.suse.com/security/cve/CVE-2020-10745.html https://bugzilla.suse.com/1169473 https://bugzilla.suse.com/1169521 https://bugzilla.suse.com/1172810 https://bugzilla.suse.com/1173160 https://bugzilla.suse.com/1173429 From sle-security-updates at lists.suse.com Fri Jul 24 10:19:00 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:19:00 +0200 (CEST) Subject: SUSE-SU-2020:2048-1: important: Security update for mailman Message-ID: <20200724161900.104FEFC39@maintenance.suse.de> SUSE Security Update: Security update for mailman ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2048-1 Rating: important References: #1173369 Cross-References: CVE-2020-15011 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2048=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2048=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2048=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2048=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2048=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2048=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2048=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2048=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2048=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2048=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2048=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2048=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2048=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2048=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2048=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2048=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE OpenStack Cloud 9 (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE OpenStack Cloud 8 (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE OpenStack Cloud 7 (s390x x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - SUSE Enterprise Storage 5 (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 - HPE Helion Openstack 8 (x86_64): mailman-2.1.17-3.23.1 mailman-debuginfo-2.1.17-3.23.1 mailman-debugsource-2.1.17-3.23.1 References: https://www.suse.com/security/cve/CVE-2020-15011.html https://bugzilla.suse.com/1173369 From sle-security-updates at lists.suse.com Fri Jul 24 10:19:44 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:19:44 +0200 (CEST) Subject: SUSE-SU-2020:2047-1: important: Security update for tomcat Message-ID: <20200724161944.36BB1FC39@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2047-1 Rating: important References: #1174117 #1174121 Cross-References: CVE-2020-13934 CVE-2020-13935 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tomcat fixes the following issues: - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-2047=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): tomcat-9.0.36-3.6.1 tomcat-admin-webapps-9.0.36-3.6.1 tomcat-el-3_0-api-9.0.36-3.6.1 tomcat-jsp-2_3-api-9.0.36-3.6.1 tomcat-lib-9.0.36-3.6.1 tomcat-servlet-4_0-api-9.0.36-3.6.1 tomcat-webapps-9.0.36-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-13934.html https://www.suse.com/security/cve/CVE-2020-13935.html https://bugzilla.suse.com/1174117 https://bugzilla.suse.com/1174121 From sle-security-updates at lists.suse.com Fri Jul 24 10:20:29 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:20:29 +0200 (CEST) Subject: SUSE-SU-2020:2041-1: moderate: Security update for rust, rust-cbindgen Message-ID: <20200724162029.E76FFFC39@maintenance.suse.de> SUSE Security Update: Security update for rust, rust-cbindgen ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2041-1 Rating: moderate References: #1115645 #1154817 #1173202 Cross-References: CVE-2020-1967 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for rust, rust-cbindgen fixes the following issues: rust was updated for use by Firefox 76ESR. - Fixed miscompilations with rustc 1.43 that lead to LTO failures (bsc#1173202) Update to version 1.43.1 - Updated openssl-src to 1.1.1g for CVE-2020-1967. - Fixed the stabilization of AVX-512 features. - Fixed `cargo package --list` not working with unpublished dependencies. Update to version 1.43.0 + Language: - Fixed using binary operations with `&{number}` (e.g. `&1.0`) not having the type inferred correctly. - Attributes such as `#[cfg()]` can now be used on `if` expressions. - Syntax only changes: * Allow `type Foo: Ord` syntactically. * Fuse associated and extern items up to defaultness. * Syntactically allow `self` in all `fn` contexts. * Merge `fn` syntax + cleanup item parsing. * `item` macro fragments can be interpolated into `trait`s, `impl`s, and `extern` blocks. For example, you may now write: ```rust macro_rules! mac_trait { ($i:item) => { trait T { $i } } } mac_trait! { fn foo() {} } ``` * These are still rejected *semantically*, so you will likely receive an error but these changes can be seen and parsed by macros and conditional compilation. + Compiler - You can now pass multiple lint flags to rustc to override the previous flags. For example; `rustc -D unused -A unused-variables` denies everything in the `unused` lint group except `unused-variables` which is explicitly allowed. However, passing `rustc -A unused-variables -D unused` denies everything in the `unused` lint group **including** `unused-variables` since the allow flag is specified before the deny flag (and therefore overridden). - rustc will now prefer your system MinGW libraries over its bundled libraries if they are available on `windows-gnu`. - rustc now buffers errors/warnings printed in JSON. Libraries: - `Arc<[T; N]>`, `Box<[T; N]>`, and `Rc<[T; N]>`, now implement `TryFrom>`,`TryFrom>`, and `TryFrom>` respectively. **Note** These conversions are only available when `N` is `0..=32`. - You can now use associated constants on floats and integers directly, rather than having to import the module. e.g. You can now write `u32::MAX` or `f32::NAN` with no imports. - `u8::is_ascii` is now `const`. - `String` now implements `AsMut`. - Added the `primitive` module to `std` and `core`. This module reexports Rust's primitive types. This is mainly useful in macros where you want avoid these types being shadowed. - Relaxed some of the trait bounds on `HashMap` and `HashSet`. - `string::FromUtf8Error` now implements `Clone + Eq`. + Stabilized APIs - `Once::is_completed` - `f32::LOG10_2` - `f32::LOG2_10` - `f64::LOG10_2` - `f64::LOG2_10` - `iter::once_with` + Cargo - You can now set config `[profile]`s in your `.cargo/config`, or through your environment. - Cargo will now set `CARGO_BIN_EXE_` pointing to a binary's executable path when running integration tests or benchmarks. `` is the name of your binary as-is e.g. If you wanted the executable path for a binary named `my-program`you would use `env!("CARGO_BIN_EXE_my-program")`. + Misc - Certain checks in the `const_err` lint were deemed unrelated to const evaluation, and have been moved to the `unconditional_panic` and `arithmetic_overflow` lints. + Compatibility Notes - Having trailing syntax in the `assert!` macro is now a hard error. This has been a warning since 1.36.0. - Fixed `Self` not having the correctly inferred type. This incorrectly led to some instances being accepted, and now correctly emits a hard error. Update to version 1.42.0: + Language - You can now use the slice pattern syntax with subslices. - You can now use #[repr(transparent)] on univariant enums. Meaning that you can create an enum that has the exact layout and ABI of the type it contains. - There are some syntax-only changes: * default is syntactically allowed before items in trait definitions. * Items in impls (i.e. consts, types, and fns) may syntactically leave out their bodies in favor of ;. * Bounds on associated types in impls are now syntactically allowed (e.g. type Foo: Ord;). * ... (the C-variadic type) may occur syntactically directly as the type of any function parameter. These are still rejected semantically, so you will likely receive an error but these changes can be seen and parsed by procedural macros and conditional compilation. + Compiler - Added tier 2 support for armv7a-none-eabi. - Added tier 2 support for riscv64gc-unknown-linux-gnu. - Option::{expect,unwrap} and Result::{expect, expect_err, unwrap, unwrap_err} now produce panic messages pointing to the location where they were called, rather than core's internals. Refer to Rust's platform support page for more information on Rust's tiered platform support. + Libraries - iter::Empty now implements Send and Sync for any T. - Pin::{map_unchecked, map_unchecked_mut} no longer require the return type to implement Sized. - io::Cursor now derives PartialEq and Eq. - Layout::new is now const. - Added Standard Library support for riscv64gc-unknown-linux-gnu. + Stabilized APIs - CondVar::wait_while - CondVar::wait_timeout_while - DebugMap::key - DebugMap::value - ManuallyDrop::take - matches! - ptr::slice_from_raw_parts_mut - ptr::slice_from_raw_parts + Cargo - You no longer need to include extern crate proc_macro; to be able to use proc_macro; in the 2018 edition. + Compatibility Notes - Error::description has been deprecated, and its use will now produce a warning. It's recommended to use Display/to_string instead. Update to version 1.41.1: - Always check types of static items - Always check lifetime bounds of `Copy` impls - Fix miscompilation in callers of `Layout::repeat` Update to version 1.41.0: + Language - You can now pass type parameters to foreign items when implementing traits. E.g. You can now write `impl From for Vec {}`. - You can now arbitrarily nest receiver types in the `self` position. E.g. you can now write `fn foo(self: Box>) {}`. Previously only `Self`, `&Self`, `&mut Self`, `Arc`, `Rc`, and `Box` were allowed. - You can now use any valid identifier in a `format_args` macro. Previously identifiers starting with an underscore were not allowed. - Visibility modifiers (e.g. `pub`) are now syntactically allowed on trait items and enum variants. These are still rejected semantically, but can be seen and parsed by procedural macros and conditional compilation. + Compiler - Rustc will now warn if you have unused loop `'label`s. - Removed support for the `i686-unknown-dragonfly` target. - Added tier 3 support\* for the `riscv64gc-unknown-linux-gnu` target. - You can now pass an arguments file passing the `@path` syntax to rustc. Note that the format differs somewhat from what is found in other tooling; please see the documentation for more information. - You can now provide `--extern` flag without a path, indicating that it is available from the search path or specified with an `-L` flag. Refer to Rust's [platform support page][forge-platform-support] for more information on Rust's tiered platform support. + Libraries - The `core::panic` module is now stable. It was already stable through `std`. - `NonZero*` numerics now implement `From` if it's a smaller integer width. E.g. `NonZeroU16` now implements `From`. - `MaybeUninit` now implements `fmt::Debug`. + Stabilized APIs - `Result::map_or` - `Result::map_or_else` - `std::rc::Weak::weak_count` - `std::rc::Weak::strong_count` - `std::sync::Weak::weak_count` - `std::sync::Weak::strong_count` + Cargo - Cargo will now document all the private items for binary crates by default. - `cargo-install` will now reinstall the package if it detects that it is out of date. - Cargo.lock now uses a more git friendly format that should help to reduce merge conflicts. - You can now override specific dependencies's build settings. E.g. `[profile.dev.package.image] opt-level = 2` sets the `image` crate's optimisation level to `2` for debug builds. You can also use `[profile..build-override]` to override build scripts and their dependencies. + Misc - You can now specify `edition` in documentation code blocks to compile the block for that edition. E.g. `edition2018` tells rustdoc that the code sample should be compiled the 2018 edition of Rust. - You can now provide custom themes to rustdoc with `--theme`, and check the current theme with `--check-theme`. - You can use `#[cfg(doc)]` to compile an item when building documentation. + Compatibility Notes - As previously announced 1.41.0 will be the last tier 1 release for 32-bit Apple targets. This means that the source code is still available to build, but the targets are no longer being tested and release binaries for those platforms will no longer be distributed by the Rust project. Please refer to the linked blog post for more information. - Bump version of libssh2 for SLE15; we now need a version with libssh2_userauth_publickey_frommemory(), which appeared in libssh2 1.6.0. Update to version 1.40.0 + Language - You can now use tuple `struct`s and tuple `enum` variant's constructors in `const` contexts. e.g. pub struct Point(i32, i32); const ORIGIN: Point = { let constructor = Point; constructor(0, 0) }; - You can now mark `struct`s, `enum`s, and `enum` variants with the `#[non_exhaustive]` attribute to indicate that there may be variants or fields added in the future. For example this requires adding a wild-card branch (`_ => {}`) to any match statements on a non-exhaustive `enum`. - You can now use function-like procedural macros in `extern` blocks and in type positions. e.g. `type Generated = macro!();` - Function-like and attribute procedural macros can now emit `macro_rules!` items, so you can now have your macros generate macros. - The `meta` pattern matcher in `macro_rules!` now correctly matches the modern attribute syntax. For example `(#[$m:meta])` now matches `#[attr]`, `#[attr{tokens}]`, `#[attr[tokens]]`, and `#[attr(tokens)]`. + Compiler - Added tier 3 support\* for the `thumbv7neon-unknown-linux-musleabihf` target. - Added tier 3 support for the `aarch64-unknown-none-softfloat` target. - Added tier 3 support for the `mips64-unknown-linux-muslabi64`, and `mips64el-unknown-linux-muslabi64` targets. + Libraries - The `is_power_of_two` method on unsigned numeric types is now a `const` function. + Stabilized APIs - BTreeMap::get_key_value - HashMap::get_key_value - Option::as_deref_mut - Option::as_deref - Option::flatten - UdpSocket::peer_addr - f32::to_be_bytes - f32::to_le_bytes - f32::to_ne_bytes - f64::to_be_bytes - f64::to_le_bytes - f64::to_ne_bytes - f32::from_be_bytes - f32::from_le_bytes - f32::from_ne_bytes - f64::from_be_bytes - f64::from_le_bytes - f64::from_ne_bytes - mem::take - slice::repeat - todo! + Cargo - Cargo will now always display warnings, rather than only on fresh builds. - Feature flags (except `--all-features`) passed to a virtual workspace will now produce an error. Previously these flags were ignored. - You can now publish `dev-dependencies` without including a `version`. + Misc - You can now specify the `#[cfg(doctest)]` attribute to include an item only when running documentation tests with `rustdoc`. + Compatibility Notes - As previously announced, any previous NLL warnings in the 2015 edition are now hard errors. - The `include!` macro will now warn if it failed to include the entire file. The `include!` macro unintentionally only includes the first _expression_ in a file, and this can be unintuitive. This will become either a hard error in a future release, or the behavior may be fixed to include all expressions as expected. - Using `#[inline]` on function prototypes and consts now emits a warning under `unused_attribute` lint. Using `#[inline]` anywhere else inside traits or `extern` blocks now correctly emits a hard error. Update to version 1.39.0 + Language - You can now create async functions and blocks with async fn, async move {}, and async {} respectively, and you can now call .await on async expressions. - You can now use certain attributes on function, closure, and function pointer parameters. - You can now take shared references to bind-by-move patterns in the if guards of match arms. + Compiler - Added tier 3 support for the i686-unknown-uefi target. - Added tier 3 support for the sparc64-unknown-openbsd target. - rustc will now trim code snippets in diagnostics to fit in your terminal. - You can now pass --show-output argument to test binaries to print the output of successful tests. + For more details: https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1390-2019 -11-07 - Switch to bundled version of libgit2 for now. libgit2-sys seems to expect using the bundled variant, which just seems to point to a snapshot of the master branch and doesn't match any released libgit2 (bsc#1154817). See: https://github.com/rust-lang/rust/issues/63476 and https://github.com/rust-lang/git2-rs/issues/458 for details. Update to version 1.38.0 + Language - The `#[global_allocator]` attribute can now be used in submodules. - The `#[deprecated]` attribute can now be used on macros. + Compiler - Added pipelined compilation support to `rustc`. This will improve compilation times in some cases. + Libraries - `ascii::EscapeDefault` now implements `Clone` and `Display`. - Derive macros for prelude traits (e.g. `Clone`, `Debug`, `Hash`) are now available at the same path as the trait. (e.g. The `Clone` derive macro is available at `std::clone::Clone`). This also makes all built-in macros available in `std`/`core` root. e.g. `std::include_bytes!`. - `str::Chars` now implements `Debug`. - `slice::{concat, connect, join}` now accepts `&[T]` in addition to `&T`. - `*const T` and `*mut T` now implement `marker::Unpin`. - `Arc<[T]>` and `Rc<[T]>` now implement `FromIterator`. - Added euclidean remainder and division operations (`div_euclid`, `rem_euclid`) to all numeric primitives. Additionally `checked`, `overflowing`, and `wrapping` versions are available for all integer primitives. - `thread::AccessError` now implements `Clone`, `Copy`, `Eq`, `Error`, and `PartialEq`. - `iter::{StepBy, Peekable, Take}` now implement `DoubleEndedIterator`. + Stabilized APIs - `<*const T>::cast` - `<*mut T>::cast` - `Duration::as_secs_f32` - `Duration::as_secs_f64` - `Duration::div_f32` - `Duration::div_f64` - `Duration::from_secs_f32` - `Duration::from_secs_f64` - `Duration::mul_f32` - `Duration::mul_f64` - `any::type_name` + Cargo - Added pipelined compilation support to `cargo`. - You can now pass the `--features` option multiple times to enable multiple features. + Misc - `rustc` will now warn about some incorrect uses of `mem::{uninitialized, zeroed}` that are known to cause undefined behaviour. Update to version 1.37.0 + Language - #[must_use] will now warn if the type is contained in a tuple, Box, or an array and unused. - You can now use the `cfg` and `cfg_attr` attributes on generic parameters. - You can now use enum variants through type alias. e.g. You can write the following: ``` type MyOption = Option; fn increment_or_zero(x: MyOption) -> u8 { match x { MyOption::Some(y) => y + 1, MyOption::None => 0, } } ``` - You can now use `_` as an identifier for consts. e.g. You can write `const _: u32 = 5;`. - You can now use `#[repr(align(X)]` on enums. - The `?` Kleene macro operator is now available in the 2015 edition. + Compiler - You can now enable Profile-Guided Optimization with the `-C profile-generate` and `-C profile-use` flags. For more information on how to use profile guided optimization, please refer to the rustc book. - The `rust-lldb` wrapper script should now work again. + Libraries - `mem::MaybeUninit` is now ABI-compatible with `T`. + Stabilized APIs - BufReader::buffer - BufWriter::buffer - Cell::from_mut - Cell<[T]>::as_slice_of_cells - Cell::as_slice_of_cells - DoubleEndedIterator::nth_back - Option::xor - Wrapping::reverse_bits - i128::reverse_bits - i16::reverse_bits - i32::reverse_bits - i64::reverse_bits - i8::reverse_bits - isize::reverse_bits - slice::copy_within - u128::reverse_bits - u16::reverse_bits - u32::reverse_bits - u64::reverse_bits - u8::reverse_bits - usize::reverse_bits + Cargo - Cargo.lock files are now included by default when publishing executable crates with executables. - You can now specify `default-run="foo"` in `[package]` to specify the default executable to use for `cargo run`. - cargo-vendor is now provided as a sub-command of cargo + Compatibility Notes - Using `...` for inclusive range patterns will now warn by default. Please transition your code to using the `..=` syntax for inclusive ranges instead. - Using a trait object without the `dyn` will now warn by default. Please transition your code to use `dyn Trait` for trait objects instead. Crab(String), Lobster(String), Person(String), let state = Creature::Crab("Ferris"); if let Creature::Crab(name) | Creature::Person(name) = state { println!("This creature's name is: {}", name); } unsafe { foo() } pub fn new(x: i32, y: i32) -> Self { Self(x, y) } pub fn is_origin(&self) -> bool { match self { Self(0, 0) => true, _ => false, } } Self: PartialOrd // can write `Self` instead of `List` Nil, Cons(T, Box) // likewise here fn test(&self) { println!("one"); } //~ ERROR duplicate definitions with name `test` fn test(&self) { println!("two"); } * Basic procedural macros allowing custom `#[derive]`, aka "macros 1.1", are stable. This allows popular code-generating crates like Serde and Diesel to work ergonomically. [RFC 1681]. * [Tuple structs may be empty. Unary and empty tuple structs may be instantiated with curly braces][36868]. Part of [RFC 1506]. * [A number of minor changes to name resolution have been activated][37127]. They add up to more consistent semantics, allowing for future evolution of Rust macros. Specified in [RFC 1560], see its section on ["changes"] for details of what is different. The breaking changes here have been transitioned through the [`legacy_imports`] lint since 1.14, with no known regressions. * [In `macro_rules`, `path` fragments can now be parsed as type parameter bounds][38279] * [`?Sized` can be used in `where` clauses][37791] * [There is now a limit on the size of monomorphized types and it can be modified with the `#![type_size_limit]` crate attribute, similarly to the `#![recursion_limit]` attribute][37789] * [On Windows, the compiler will apply dllimport attributes when linking to extern functions][37973]. Additional attributes and flags can control which library kind is linked and its name. [RFC 1717]. * [Rust-ABI symbols are no longer exported from cdylibs][38117] * [The `--test` flag works with procedural macro crates][38107] * [Fix `extern "aapcs" fn` ABI][37814] * [The `-C no-stack-check` flag is deprecated][37636]. It does nothing. * [The `format!` expander recognizes incorrect `printf` and shell-style formatting directives and suggests the correct format][37613]. * [Only report one error for all unused imports in an import list][37456] * [Avoid unnecessary `mk_ty` calls in `Ty::super_fold_with`][37705] * [Avoid more unnecessary `mk_ty` calls in `Ty::super_fold_with`][37979] * [Don't clone in `UnificationTable::probe`][37848] * [Remove `scope_auxiliary` to cut RSS by 10%][37764] * [Use small vectors in type walker][37760] * [Macro expansion performance was improved][37701] * [Change `HirVec>` to `HirVec` in `hir::Expr`][37642] * [Replace FNV with a faster hash function][37229] https://raw.githubusercontent.com/rust-lang/rust/master/RELEASES.md rust-cbindgen is shipped in version 0.14.1. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2041=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2041=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): cargo-1.43.1-12.1 cargo-debuginfo-1.43.1-12.1 clippy-1.43.1-12.1 clippy-debuginfo-1.43.1-12.1 rls-1.43.1-12.1 rls-debuginfo-1.43.1-12.1 rust-1.43.1-12.1 rust-analysis-1.43.1-12.1 rust-debuginfo-1.43.1-12.1 rust-debugsource-1.43.1-12.1 rust-std-static-1.43.1-12.1 rustfmt-1.43.1-12.1 rustfmt-debuginfo-1.43.1-12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): rust-src-1.43.1-12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): cargo-1.43.1-12.1 cargo-debuginfo-1.43.1-12.1 clippy-1.43.1-12.1 clippy-debuginfo-1.43.1-12.1 rls-1.43.1-12.1 rls-debuginfo-1.43.1-12.1 rust-1.43.1-12.1 rust-analysis-1.43.1-12.1 rust-debuginfo-1.43.1-12.1 rust-debugsource-1.43.1-12.1 rust-std-static-1.43.1-12.1 rustfmt-1.43.1-12.1 rustfmt-debuginfo-1.43.1-12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): rust-src-1.43.1-12.1 References: https://www.suse.com/security/cve/CVE-2020-1967.html https://bugzilla.suse.com/1115645 https://bugzilla.suse.com/1154817 https://bugzilla.suse.com/1173202 From sle-security-updates at lists.suse.com Fri Jul 24 10:26:26 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 24 Jul 2020 18:26:26 +0200 (CEST) Subject: SUSE-SU-2020:2046-1: important: Security update for tomcat Message-ID: <20200724162626.0F5B0FC39@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2046-1 Rating: important References: #1174117 #1174121 Cross-References: CVE-2020-13934 CVE-2020-13935 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tomcat fixes the following issues: - Fixed CVEs: * CVE-2020-13934 (bsc#1174121) * CVE-2020-13935 (bsc#1174117) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-2046=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): tomcat-9.0.36-4.41.2 tomcat-admin-webapps-9.0.36-4.41.2 tomcat-el-3_0-api-9.0.36-4.41.2 tomcat-jsp-2_3-api-9.0.36-4.41.2 tomcat-lib-9.0.36-4.41.2 tomcat-servlet-4_0-api-9.0.36-4.41.2 tomcat-webapps-9.0.36-4.41.2 References: https://www.suse.com/security/cve/CVE-2020-13934.html https://www.suse.com/security/cve/CVE-2020-13935.html https://bugzilla.suse.com/1174117 https://bugzilla.suse.com/1174121 From sle-security-updates at lists.suse.com Sat Jul 25 11:58:35 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 25 Jul 2020 19:58:35 +0200 (CEST) Subject: SUSE-CU-2020:368-1: Security update of suse/sle15 Message-ID: <20200725175835.13E18FEC3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:368-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.271 Container Release : 6.2.271 Severity : moderate Type : security References : 1082318 1133297 1170801 1171224 1172135 1173106 1174011 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1396-1 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Type: security Severity: moderate References: 1082318,1133297 This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2040-1 Released: Fri Jul 24 13:58:53 2020 Summary: Recommended update for libsolv, libzypp Type: recommended Severity: moderate References: 1170801,1171224,1172135,1173106,1174011 This update for libsolv, libzypp fixes the following issues: libsolv was updated to version 0.7.14: - Enable zstd compression support for sle15 - Support blacklisted packages in solver_findproblemrule() (bsc#1172135) - Support rules with multiple negative literals in choice rule generation libzypp was updated to version 17.24.0: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Fix core dump with corrupted history file (bsc#1170801) - Better handling of the purge-kernels algorithm. (bsc#1173106) - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) From sle-security-updates at lists.suse.com Mon Jul 27 07:12:27 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Jul 2020 15:12:27 +0200 (CEST) Subject: SUSE-SU-2020:2053-1: moderate: Security update for rubygem-excon Message-ID: <20200727131227.6AC74FDE4@maintenance.suse.de> SUSE Security Update: Security update for rubygem-excon ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2053-1 Rating: moderate References: #1159342 Cross-References: CVE-2019-16779 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-excon fixes the following issues: - CVE-2019-16779: Fixed an information leak in the socket handling for persistent connections (bsc#1159342) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2020-2053=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): ruby2.1-rubygem-excon-0.52.0-12.3.8 References: https://www.suse.com/security/cve/CVE-2019-16779.html https://bugzilla.suse.com/1159342 From sle-security-updates at lists.suse.com Mon Jul 27 13:12:09 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 27 Jul 2020 21:12:09 +0200 (CEST) Subject: SUSE-SU-2020:2055-1: important: Security update for python-Django Message-ID: <20200727191209.812B0FDE4@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2055-1 Rating: important References: #1172166 Cross-References: CVE-2020-13596 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Django fixes the following issues: - Fixed potential XSS in admin ForeignKeyRawIdWidget (bsc#1172166, CVE-2020-13596) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2055=1 Package List: - SUSE Enterprise Storage 5 (noarch): python-Django-1.6.11-6.13.1 References: https://www.suse.com/security/cve/CVE-2020-13596.html https://bugzilla.suse.com/1172166 From sle-security-updates at lists.suse.com Mon Jul 27 19:12:05 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Jul 2020 03:12:05 +0200 (CEST) Subject: SUSE-SU-2020:2057-1: important: Security update for python-Pillow Message-ID: <20200728011205.C084DFC39@maintenance.suse.de> SUSE Security Update: Security update for python-Pillow ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2057-1 Rating: important References: #1153191 #1160152 #1160153 #1160192 #1173413 #1173416 #1173418 #965582 Cross-References: CVE-2016-0775 CVE-2019-16865 CVE-2019-19911 CVE-2020-10177 CVE-2020-10378 CVE-2020-10994 CVE-2020-5312 CVE-2020-5313 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for python-Pillow fixes the following issues: - Add 0019-FLI-overflow-error-fix-and-testcase.patch * Fixes CVE-2016-0775, bsc#965582 - Add 0020-Fix-OOB-reads-in-FLI-decoding.patch * Fixes CVE-2020-10177, bsc#1173413 - Add 0021-Fix-bounds-overflow-in-JPEG-2000-decoding.patch * Fixes CVE-2020-10994, bsc#1173418 - Add 0022-Fix-bounds-overflow-in-PCX-decoding.patch * Fixes CVE-2020-10378, bsc#1173416 - Add 0008-Corrected-negative-seeks.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0009-Make-Image.crop-an-immediate-operation.patch * Fixes https://github.com/python-pillow/Pillow/issues/1077 * Used by 0012-Added-decompression-bomb-checks.patch - Add 0010-Crop-decompression.patch * Used by 0012-Added-decompression-bomb-checks.patch - Add 0011-Added-DecompressionBombError.patch * Used by 0012-Added-decompression-bomb-checks.patch - Add 0012-Added-decompression-bomb-checks.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0013-Raise-error-if-dimension-is-a-string.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0014-Catch-buffer-overruns.patch * Fixes part of CVE-2019-16865, bsc#1153191 - Add 0015-Catch-PCX-P-mode-buffer-overrun.patch * Fixes CVE-2020-5312, bsc#1160152 - Add 0016-Ensure-previous-FLI-frame-is-loaded.patch * Fixes https://github.com/python-pillow/Pillow/issues/2649 * Uncovers CVE-2020-5313, bsc#1160153 - Add 0017-Catch-FLI-buffer-overrun.patch * Fixes CVE-2020-5313, bsc#1160153 - Add 018-Invalid-number-of-bands-in-FPX-image.patch * Fixes CVE-2019-19911, bsc#1160192 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2057=1 Package List: - SUSE Enterprise Storage 5 (aarch64 x86_64): python-Pillow-2.8.1-3.9.1 python-Pillow-debuginfo-2.8.1-3.9.1 python-Pillow-debugsource-2.8.1-3.9.1 References: https://www.suse.com/security/cve/CVE-2016-0775.html https://www.suse.com/security/cve/CVE-2019-16865.html https://www.suse.com/security/cve/CVE-2019-19911.html https://www.suse.com/security/cve/CVE-2020-10177.html https://www.suse.com/security/cve/CVE-2020-10378.html https://www.suse.com/security/cve/CVE-2020-10994.html https://www.suse.com/security/cve/CVE-2020-5312.html https://www.suse.com/security/cve/CVE-2020-5313.html https://bugzilla.suse.com/1153191 https://bugzilla.suse.com/1160152 https://bugzilla.suse.com/1160153 https://bugzilla.suse.com/1160192 https://bugzilla.suse.com/1173413 https://bugzilla.suse.com/1173416 https://bugzilla.suse.com/1173418 https://bugzilla.suse.com/965582 From sle-security-updates at lists.suse.com Tue Jul 28 13:12:25 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 28 Jul 2020 21:12:25 +0200 (CEST) Subject: SUSE-SU-2020:2060-1: important: Security update for rubygem-puma Message-ID: <20200728191225.E09C2FDE4@maintenance.suse.de> SUSE Security Update: Security update for rubygem-puma ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2060-1 Rating: important References: #1158675 #1165402 #1172175 #1172176 Cross-References: CVE-2019-16770 CVE-2020-11076 CVE-2020-11077 CVE-2020-5247 Affected Products: SUSE OpenStack Cloud 6-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for rubygem-puma fixes the following issues: - Add patches for disabling TLSv1.0 and TLSv1.1 (jsc#SLE-6965): - Add CVE-2020-11077.patch (bsc#1172175, CVE-2020-11077) - Add CVE-2020-11076.patch (bsc#1172176, CVE-2020-11076) - Add CVE-2020-5247.patch (bsc#1165402) "Fixes a problem where we were not splitting newlines in headers according to Rack spec" The patch is reduced compared to the upstream version, which was patching also the parts that are not implemented in our old Puma version. This applies to unit test as well. - Add CVE-2019-16770.patch (bsc#1158675, SOC-10999, CVE-2019-16770) This patch fixes a DoS vulnerability a malicious client could use to block a large amount of threads. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 6-LTSS: zypper in -t patch SUSE-OpenStack-Cloud-6-LTSS-2020-2060=1 Package List: - SUSE OpenStack Cloud 6-LTSS (x86_64): ruby2.1-rubygem-puma-2.16.0-4.3.1 ruby2.1-rubygem-puma-debuginfo-2.16.0-4.3.1 rubygem-puma-debugsource-2.16.0-4.3.1 References: https://www.suse.com/security/cve/CVE-2019-16770.html https://www.suse.com/security/cve/CVE-2020-11076.html https://www.suse.com/security/cve/CVE-2020-11077.html https://www.suse.com/security/cve/CVE-2020-5247.html https://bugzilla.suse.com/1158675 https://bugzilla.suse.com/1165402 https://bugzilla.suse.com/1172175 https://bugzilla.suse.com/1172176 From sle-security-updates at lists.suse.com Wed Jul 29 07:13:20 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Jul 2020 15:13:20 +0200 (CEST) Subject: SUSE-SU-2020:2068-1: important: Security update for freerdp Message-ID: <20200729131320.22961FEC3@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2068-1 Rating: important References: #1169679 #1169748 #1171441 #1171443 #1171444 #1171445 #1171446 #1171447 #1171474 #1173247 #1173605 #1174200 Cross-References: CVE-2020-11017 CVE-2020-11018 CVE-2020-11019 CVE-2020-11038 CVE-2020-11039 CVE-2020-11040 CVE-2020-11041 CVE-2020-11043 CVE-2020-11085 CVE-2020-11086 CVE-2020-11087 CVE-2020-11088 CVE-2020-11089 CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398 CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes 31 vulnerabilities is now available. Description: This update for freerdp fixes the following issues: frerdp was updated to version 2.1.2 (bsc#1171441,bsc#1173247 and jsc#ECO-2006): - CVE-2020-11017: Fixed a double free which could have denied the server's service. - CVE-2020-11018: Fixed an out of bounds read which a malicious clients could have triggered. - CVE-2020-11019: Fixed an issue which could have led to denial of service if logger was set to "WLOG_TRACE". - CVE-2020-11038: Fixed a buffer overflow when /video redirection was used. - CVE-2020-11039: Fixed an issue which could have allowed arbitrary memory read and write when USB redirection was enabled. - CVE-2020-11040: Fixed an out of bounds data read in clear_decompress_subcode_rlex. - CVE-2020-11041: Fixed an issue with the configuration for sound backend which could have led to server's denial of service. - CVE-2020-11043: Fixed an out of bounds read in rfx_process_message_tileset. - CVE-2020-11085: Fixed an out of bounds read in cliprdr_read_format_list. - CVE-2020-11086: Fixed an out of bounds read in ntlm_read_ntlm_v2_client_challenge. - CVE-2020-11087: Fixed an out of bounds read in ntlm_read_AuthenticateMessage. - CVE-2020-11088: Fixed an out of bounds read in ntlm_read_NegotiateMessage. - CVE-2020-11089: Fixed an out of bounds read in irp function family. - CVE-2020-11095: Fixed a global out of bounds read in update_recv_primary_order. - CVE-2020-11096: Fixed a global out of bounds read in update_read_cache_bitmap_v3_order. - CVE-2020-11097: Fixed an out of bounds read in ntlm_av_pair_get. - CVE-2020-11098: Fixed an out of bounds read in glyph_cache_put. - CVE-2020-11099: Fixed an out of bounds Read in license_read_new_or_upgrade_license_packet. - CVE-2020-11521: Fixed an out of bounds write in planar.c (bsc#1171443). - CVE-2020-11522: Fixed an out of bounds read in gdi.c (bsc#1171444). - CVE-2020-11523: Fixed an integer overflow in region.c (bsc#1171445). - CVE-2020-11524: Fixed an out of bounds write in interleaved.c (bsc#1171446). - CVE-2020-11525: Fixed an out of bounds read in bitmap.c (bsc#1171447). - CVE-2020-11526: Fixed an out of bounds read in update_recv_secondary_order (bsc#1171674). - CVE-2020-13396: Fixed an Read in ntlm_read_ChallengeMessage. - CVE-2020-13397: Fixed an out of bounds read in security_fips_decrypt due to uninitialized value. - CVE-2020-13398: Fixed an out of bounds write in crypto_rsa_common. - CVE-2020-4030: Fixed an out of bounds read in `TrioParse`. - CVE-2020-4031: Fixed a use after free in gdi_SelectObject. - CVE-2020-4032: Fixed an integer casting in `update_recv_secondary_order`. - CVE-2020-4033: Fixed an out of bound read in RLEDECOMPRESS. - Fixed an issue where freerdp failed with -fno-common (bsc#1169748). - Fixed an issue where USB redirection with FreeRDP was not working (bsc#1169679). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2068=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): freerdp-2.1.2-15.7.1 freerdp-debuginfo-2.1.2-15.7.1 freerdp-debugsource-2.1.2-15.7.1 freerdp-devel-2.1.2-15.7.1 libfreerdp2-2.1.2-15.7.1 libfreerdp2-debuginfo-2.1.2-15.7.1 libwinpr2-2.1.2-15.7.1 libwinpr2-debuginfo-2.1.2-15.7.1 winpr2-devel-2.1.2-15.7.1 References: https://www.suse.com/security/cve/CVE-2020-11017.html https://www.suse.com/security/cve/CVE-2020-11018.html https://www.suse.com/security/cve/CVE-2020-11019.html https://www.suse.com/security/cve/CVE-2020-11038.html https://www.suse.com/security/cve/CVE-2020-11039.html https://www.suse.com/security/cve/CVE-2020-11040.html https://www.suse.com/security/cve/CVE-2020-11041.html https://www.suse.com/security/cve/CVE-2020-11043.html https://www.suse.com/security/cve/CVE-2020-11085.html https://www.suse.com/security/cve/CVE-2020-11086.html https://www.suse.com/security/cve/CVE-2020-11087.html https://www.suse.com/security/cve/CVE-2020-11088.html https://www.suse.com/security/cve/CVE-2020-11089.html https://www.suse.com/security/cve/CVE-2020-11095.html https://www.suse.com/security/cve/CVE-2020-11096.html https://www.suse.com/security/cve/CVE-2020-11097.html https://www.suse.com/security/cve/CVE-2020-11098.html https://www.suse.com/security/cve/CVE-2020-11099.html https://www.suse.com/security/cve/CVE-2020-11521.html https://www.suse.com/security/cve/CVE-2020-11522.html https://www.suse.com/security/cve/CVE-2020-11523.html https://www.suse.com/security/cve/CVE-2020-11524.html https://www.suse.com/security/cve/CVE-2020-11525.html https://www.suse.com/security/cve/CVE-2020-11526.html https://www.suse.com/security/cve/CVE-2020-13396.html https://www.suse.com/security/cve/CVE-2020-13397.html https://www.suse.com/security/cve/CVE-2020-13398.html https://www.suse.com/security/cve/CVE-2020-4030.html https://www.suse.com/security/cve/CVE-2020-4031.html https://www.suse.com/security/cve/CVE-2020-4032.html https://www.suse.com/security/cve/CVE-2020-4033.html https://bugzilla.suse.com/1169679 https://bugzilla.suse.com/1169748 https://bugzilla.suse.com/1171441 https://bugzilla.suse.com/1171443 https://bugzilla.suse.com/1171444 https://bugzilla.suse.com/1171445 https://bugzilla.suse.com/1171446 https://bugzilla.suse.com/1171447 https://bugzilla.suse.com/1171474 https://bugzilla.suse.com/1173247 https://bugzilla.suse.com/1173605 https://bugzilla.suse.com/1174200 From sle-security-updates at lists.suse.com Wed Jul 29 07:15:57 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Jul 2020 15:15:57 +0200 (CEST) Subject: SUSE-SU-2020:2069-1: important: Security update for webkit2gtk3 Message-ID: <20200729131557.C8677FEC3@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2069-1 Rating: important References: #1173998 Cross-References: CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 (bsc#1173998): + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2069=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2069=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2069=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2069=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2069=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2069=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2069=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2069=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2069=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2069=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2069=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2069=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2069=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2069=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2069=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2069=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2069=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE OpenStack Cloud 9 (x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE OpenStack Cloud 9 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE OpenStack Cloud 8 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE OpenStack Cloud 8 (x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 webkit2gtk3-devel-2.28.3-2.56.1 - SUSE OpenStack Cloud 7 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 webkit2gtk3-devel-2.28.3-2.56.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 webkit2gtk3-devel-2.28.3-2.56.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 webkit2gtk3-devel-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 webkit2gtk3-devel-2.28.3-2.56.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - SUSE Enterprise Storage 5 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 - HPE Helion Openstack 8 (x86_64): libjavascriptcoregtk-4_0-18-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk3-debugsource-2.28.3-2.56.1 - HPE Helion Openstack 8 (noarch): libwebkit2gtk3-lang-2.28.3-2.56.1 References: https://www.suse.com/security/cve/CVE-2020-13753.html https://www.suse.com/security/cve/CVE-2020-9802.html https://www.suse.com/security/cve/CVE-2020-9803.html https://www.suse.com/security/cve/CVE-2020-9805.html https://www.suse.com/security/cve/CVE-2020-9806.html https://www.suse.com/security/cve/CVE-2020-9807.html https://www.suse.com/security/cve/CVE-2020-9843.html https://www.suse.com/security/cve/CVE-2020-9850.html https://bugzilla.suse.com/1173998 From sle-security-updates at lists.suse.com Wed Jul 29 07:16:45 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Jul 2020 15:16:45 +0200 (CEST) Subject: SUSE-SU-2020:2065-1: moderate: Security update for samba Message-ID: <20200729131645.E07D0FEC3@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2065-1 Rating: moderate References: #1173160 Cross-References: CVE-2020-10745 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2065=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2065=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2065=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2065=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2020-2065=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libdcerpc-binding0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-binding0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi-devel-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-core-devel-4.7.11+git.240.76c9942a99f-4.43.1 samba-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-debugsource-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libdcerpc-binding0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libdcerpc-binding0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-binding0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi-devel-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-core-devel-4.7.11+git.240.76c9942a99f-4.43.1 samba-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-debugsource-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libdcerpc-binding0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-binding0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi-devel-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-core-devel-4.7.11+git.240.76c9942a99f-4.43.1 samba-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-debugsource-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libdcerpc-binding0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-binding0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-samr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard-devel-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi-devel-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-policy0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap-devel-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util-devel-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient-devel-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-core-devel-4.7.11+git.240.76c9942a99f-4.43.1 samba-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-debugsource-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libdcerpc-binding0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libdcerpc0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-nbt0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr-standard0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libndr0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libnetapi0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-credentials0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-errors0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-passdb0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamba-util0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsamdb0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbclient0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbconf0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libsmbldap2-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libtevent-util0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-32bit-4.7.11+git.240.76c9942a99f-4.43.1 libwbclient0-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-client-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-libs-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-32bit-4.7.11+git.240.76c9942a99f-4.43.1 samba-winbind-32bit-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ctdb-4.7.11+git.240.76c9942a99f-4.43.1 ctdb-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-debuginfo-4.7.11+git.240.76c9942a99f-4.43.1 samba-debugsource-4.7.11+git.240.76c9942a99f-4.43.1 References: https://www.suse.com/security/cve/CVE-2020-10745.html https://bugzilla.suse.com/1173160 From sle-security-updates at lists.suse.com Wed Jul 29 07:18:06 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Jul 2020 15:18:06 +0200 (CEST) Subject: SUSE-SU-2020:2067-1: moderate: Security update for ldb Message-ID: <20200729131806.D0B5DFEC3@maintenance.suse.de> SUSE Security Update: Security update for ldb ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2067-1 Rating: moderate References: #1173159 Cross-References: CVE-2020-10730 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ldb fixes the following issues: - CVE-2020-10730: Fixed a null de-reference in AD DC LDAP server when ASQ and VLV combined (bsc#1173159). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-2067=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2067=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.4.6-3.5.2 python-ldb-1.4.6-3.5.2 python-ldb-debuginfo-1.4.6-3.5.2 python-ldb-devel-1.4.6-3.5.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ldb-debugsource-1.4.6-3.5.2 ldb-tools-1.4.6-3.5.2 ldb-tools-debuginfo-1.4.6-3.5.2 libldb-devel-1.4.6-3.5.2 libldb1-1.4.6-3.5.2 libldb1-debuginfo-1.4.6-3.5.2 python3-ldb-1.4.6-3.5.2 python3-ldb-debuginfo-1.4.6-3.5.2 python3-ldb-devel-1.4.6-3.5.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libldb1-32bit-1.4.6-3.5.2 libldb1-32bit-debuginfo-1.4.6-3.5.2 References: https://www.suse.com/security/cve/CVE-2020-10730.html https://bugzilla.suse.com/1173159 From sle-security-updates at lists.suse.com Wed Jul 29 07:18:50 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 29 Jul 2020 15:18:50 +0200 (CEST) Subject: SUSE-SU-2020:2066-1: moderate: Security update for samba Message-ID: <20200729131850.5128BFEC3@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2066-1 Rating: moderate References: #1173160 Cross-References: CVE-2020-10745 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2066=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2066=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2066=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2066=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2066=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2066=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2066=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2066=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2066=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2020-2066=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2020-2066=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2066=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2066=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE OpenStack Cloud 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE OpenStack Cloud 9 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE OpenStack Cloud 8 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE OpenStack Cloud 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ctdb-4.6.16+git.186.c6d77b0d5a6-3.52.1 ctdb-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.16+git.186.c6d77b0d5a6-3.52.1 ctdb-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ctdb-4.6.16+git.186.c6d77b0d5a6-3.52.1 ctdb-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-ceph-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-ceph-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Enterprise Storage 5 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 - SUSE Enterprise Storage 5 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - HPE Helion Openstack 8 (noarch): samba-doc-4.6.16+git.186.c6d77b0d5a6-3.52.1 - HPE Helion Openstack 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc-binding0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libdcerpc0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-krb5pac0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-nbt0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr-standard0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libndr0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libnetapi0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-credentials0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-errors0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-hostconfig0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-passdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamba-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsamdb0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbconf0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libsmbldap0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libtevent-util0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 libwbclient0-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-client-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-debugsource-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-libs-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-32bit-4.6.16+git.186.c6d77b0d5a6-3.52.1 samba-winbind-debuginfo-4.6.16+git.186.c6d77b0d5a6-3.52.1 References: https://www.suse.com/security/cve/CVE-2020-10745.html https://bugzilla.suse.com/1173160 From sle-security-updates at lists.suse.com Wed Jul 29 16:13:16 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jul 2020 00:13:16 +0200 (CEST) Subject: SUSE-SU-2020:2073-1: important: Security update for grub2 Message-ID: <20200729221316.64C24FF11@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2073-1 Rating: important References: #1168994 #1173812 #1174463 #1174570 Cross-References: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2073=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2073=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2073=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2073=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): grub2-2.02-19.48.1 grub2-debuginfo-2.02-19.48.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le): grub2-powerpc-ieee1275-2.02-19.48.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): grub2-snapper-plugin-2.02-19.48.1 grub2-systemd-sleep-plugin-2.02-19.48.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): grub2-debugsource-2.02-19.48.1 grub2-i386-pc-2.02-19.48.1 grub2-x86_64-efi-2.02-19.48.1 grub2-x86_64-xen-2.02-19.48.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): grub2-2.02-19.48.1 grub2-debuginfo-2.02-19.48.1 grub2-debugsource-2.02-19.48.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): grub2-arm64-efi-2.02-19.48.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): grub2-snapper-plugin-2.02-19.48.1 grub2-systemd-sleep-plugin-2.02-19.48.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): grub2-s390x-emu-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): grub2-2.02-19.48.1 grub2-debuginfo-2.02-19.48.1 grub2-debugsource-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64): grub2-arm64-efi-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): grub2-i386-pc-2.02-19.48.1 grub2-x86_64-efi-2.02-19.48.1 grub2-x86_64-xen-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): grub2-snapper-plugin-2.02-19.48.1 grub2-systemd-sleep-plugin-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): grub2-2.02-19.48.1 grub2-debuginfo-2.02-19.48.1 grub2-debugsource-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64): grub2-arm64-efi-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): grub2-snapper-plugin-2.02-19.48.1 grub2-systemd-sleep-plugin-2.02-19.48.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): grub2-i386-pc-2.02-19.48.1 grub2-x86_64-efi-2.02-19.48.1 grub2-x86_64-xen-2.02-19.48.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://www.suse.com/security/cve/CVE-2020-14308.html https://www.suse.com/security/cve/CVE-2020-14309.html https://www.suse.com/security/cve/CVE-2020-14310.html https://www.suse.com/security/cve/CVE-2020-14311.html https://www.suse.com/security/cve/CVE-2020-15706.html https://www.suse.com/security/cve/CVE-2020-15707.html https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1173812 https://bugzilla.suse.com/1174463 https://bugzilla.suse.com/1174570 From sle-security-updates at lists.suse.com Wed Jul 29 16:14:26 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jul 2020 00:14:26 +0200 (CEST) Subject: SUSE-SU-2020:2076-1: important: Security update for grub2 Message-ID: <20200729221426.7C6FDFF11@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2076-1 Rating: important References: #1084632 #1168994 #1173812 #1174463 #1174570 Cross-References: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes - Fix packed-not-aligned error on GCC 8 (bsc#1084632) - Backport gcc-7 build fixes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2076=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2076=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2076=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2076=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): grub2-2.02~beta2-115.49.1 grub2-debuginfo-2.02~beta2-115.49.1 grub2-debugsource-2.02~beta2-115.49.1 - SUSE OpenStack Cloud 7 (noarch): grub2-snapper-plugin-2.02~beta2-115.49.1 grub2-systemd-sleep-plugin-2.02~beta2-115.49.1 - SUSE OpenStack Cloud 7 (x86_64): grub2-i386-pc-2.02~beta2-115.49.1 grub2-x86_64-efi-2.02~beta2-115.49.1 grub2-x86_64-xen-2.02~beta2-115.49.1 - SUSE OpenStack Cloud 7 (s390x): grub2-s390x-emu-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): grub2-2.02~beta2-115.49.1 grub2-debuginfo-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): grub2-debugsource-2.02~beta2-115.49.1 grub2-i386-pc-2.02~beta2-115.49.1 grub2-x86_64-efi-2.02~beta2-115.49.1 grub2-x86_64-xen-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): grub2-snapper-plugin-2.02~beta2-115.49.1 grub2-systemd-sleep-plugin-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): grub2-2.02~beta2-115.49.1 grub2-debuginfo-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): grub2-debugsource-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): grub2-snapper-plugin-2.02~beta2-115.49.1 grub2-systemd-sleep-plugin-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): grub2-i386-pc-2.02~beta2-115.49.1 grub2-x86_64-efi-2.02~beta2-115.49.1 grub2-x86_64-xen-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x): grub2-s390x-emu-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): grub2-snapper-plugin-2.02~beta2-115.49.1 grub2-systemd-sleep-plugin-2.02~beta2-115.49.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): grub2-2.02~beta2-115.49.1 grub2-debuginfo-2.02~beta2-115.49.1 grub2-debugsource-2.02~beta2-115.49.1 grub2-i386-pc-2.02~beta2-115.49.1 grub2-x86_64-efi-2.02~beta2-115.49.1 grub2-x86_64-xen-2.02~beta2-115.49.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://www.suse.com/security/cve/CVE-2020-14308.html https://www.suse.com/security/cve/CVE-2020-14309.html https://www.suse.com/security/cve/CVE-2020-14310.html https://www.suse.com/security/cve/CVE-2020-14311.html https://www.suse.com/security/cve/CVE-2020-15706.html https://www.suse.com/security/cve/CVE-2020-15707.html https://bugzilla.suse.com/1084632 https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1173812 https://bugzilla.suse.com/1174463 https://bugzilla.suse.com/1174570 From sle-security-updates at lists.suse.com Wed Jul 29 16:15:45 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jul 2020 00:15:45 +0200 (CEST) Subject: SUSE-SU-2020:2079-1: important: Security update for grub2 Message-ID: <20200729221545.CF467FF14@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2079-1 Rating: important References: #1084632 #1168994 #1173812 #1174463 #1174570 Cross-References: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes - Fix packed-not-aligned error on GCC 8 (bsc#1084632) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2079=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2079=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2079=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2079=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2079=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2079=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2079=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): grub2-2.02-4.53.1 grub2-debuginfo-2.02-4.53.1 grub2-debugsource-2.02-4.53.1 grub2-i386-pc-2.02-4.53.1 grub2-x86_64-efi-2.02-4.53.1 grub2-x86_64-xen-2.02-4.53.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): grub2-snapper-plugin-2.02-4.53.1 grub2-systemd-sleep-plugin-2.02-4.53.1 - SUSE OpenStack Cloud 8 (x86_64): grub2-2.02-4.53.1 grub2-debuginfo-2.02-4.53.1 grub2-debugsource-2.02-4.53.1 grub2-i386-pc-2.02-4.53.1 grub2-x86_64-efi-2.02-4.53.1 grub2-x86_64-xen-2.02-4.53.1 - SUSE OpenStack Cloud 8 (noarch): grub2-snapper-plugin-2.02-4.53.1 grub2-systemd-sleep-plugin-2.02-4.53.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): grub2-2.02-4.53.1 grub2-debuginfo-2.02-4.53.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le): grub2-powerpc-ieee1275-2.02-4.53.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): grub2-snapper-plugin-2.02-4.53.1 grub2-systemd-sleep-plugin-2.02-4.53.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): grub2-debugsource-2.02-4.53.1 grub2-i386-pc-2.02-4.53.1 grub2-x86_64-efi-2.02-4.53.1 grub2-x86_64-xen-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-4.53.1 grub2-debuginfo-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): grub2-arm64-efi-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): grub2-i386-pc-2.02-4.53.1 grub2-x86_64-efi-2.02-4.53.1 grub2-x86_64-xen-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): grub2-snapper-plugin-2.02-4.53.1 grub2-systemd-sleep-plugin-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): grub2-s390x-emu-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): grub2-2.02-4.53.1 grub2-debuginfo-2.02-4.53.1 grub2-debugsource-2.02-4.53.1 grub2-i386-pc-2.02-4.53.1 grub2-x86_64-efi-2.02-4.53.1 grub2-x86_64-xen-2.02-4.53.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): grub2-snapper-plugin-2.02-4.53.1 grub2-systemd-sleep-plugin-2.02-4.53.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): grub2-2.02-4.53.1 grub2-debuginfo-2.02-4.53.1 grub2-debugsource-2.02-4.53.1 - SUSE Enterprise Storage 5 (aarch64): grub2-arm64-efi-2.02-4.53.1 - SUSE Enterprise Storage 5 (x86_64): grub2-i386-pc-2.02-4.53.1 grub2-x86_64-efi-2.02-4.53.1 grub2-x86_64-xen-2.02-4.53.1 - SUSE Enterprise Storage 5 (noarch): grub2-snapper-plugin-2.02-4.53.1 grub2-systemd-sleep-plugin-2.02-4.53.1 - HPE Helion Openstack 8 (noarch): grub2-snapper-plugin-2.02-4.53.1 grub2-systemd-sleep-plugin-2.02-4.53.1 - HPE Helion Openstack 8 (x86_64): grub2-2.02-4.53.1 grub2-debuginfo-2.02-4.53.1 grub2-debugsource-2.02-4.53.1 grub2-i386-pc-2.02-4.53.1 grub2-x86_64-efi-2.02-4.53.1 grub2-x86_64-xen-2.02-4.53.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://www.suse.com/security/cve/CVE-2020-14308.html https://www.suse.com/security/cve/CVE-2020-14309.html https://www.suse.com/security/cve/CVE-2020-14310.html https://www.suse.com/security/cve/CVE-2020-14311.html https://www.suse.com/security/cve/CVE-2020-15706.html https://www.suse.com/security/cve/CVE-2020-15707.html https://bugzilla.suse.com/1084632 https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1173812 https://bugzilla.suse.com/1174463 https://bugzilla.suse.com/1174570 From sle-security-updates at lists.suse.com Wed Jul 29 16:17:02 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jul 2020 00:17:02 +0200 (CEST) Subject: SUSE-SU-2020:2078-1: important: Security update for grub2 Message-ID: <20200729221702.927F1FF11@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2078-1 Rating: important References: #1168994 #1173812 #1174463 #1174570 Cross-References: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2078=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2078=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2078=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2078=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2078=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): grub2-2.02-12.31.1 grub2-debuginfo-2.02-12.31.1 grub2-debugsource-2.02-12.31.1 grub2-i386-pc-2.02-12.31.1 grub2-x86_64-efi-2.02-12.31.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): grub2-snapper-plugin-2.02-12.31.1 grub2-systemd-sleep-plugin-2.02-12.31.1 grub2-x86_64-xen-2.02-12.31.1 - SUSE OpenStack Cloud 9 (x86_64): grub2-2.02-12.31.1 grub2-debuginfo-2.02-12.31.1 grub2-debugsource-2.02-12.31.1 grub2-i386-pc-2.02-12.31.1 grub2-x86_64-efi-2.02-12.31.1 - SUSE OpenStack Cloud 9 (noarch): grub2-snapper-plugin-2.02-12.31.1 grub2-systemd-sleep-plugin-2.02-12.31.1 grub2-x86_64-xen-2.02-12.31.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): grub2-2.02-12.31.1 grub2-debuginfo-2.02-12.31.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le): grub2-powerpc-ieee1275-2.02-12.31.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): grub2-debugsource-2.02-12.31.1 grub2-i386-pc-2.02-12.31.1 grub2-x86_64-efi-2.02-12.31.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): grub2-snapper-plugin-2.02-12.31.1 grub2-systemd-sleep-plugin-2.02-12.31.1 grub2-x86_64-xen-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): grub2-2.02-12.31.1 grub2-debuginfo-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 s390x x86_64): grub2-debugsource-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): grub2-arm64-efi-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): grub2-powerpc-ieee1275-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): grub2-snapper-plugin-2.02-12.31.1 grub2-systemd-sleep-plugin-2.02-12.31.1 grub2-x86_64-xen-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): grub2-i386-pc-2.02-12.31.1 grub2-x86_64-efi-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): grub2-s390x-emu-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-12.31.1 grub2-debuginfo-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): grub2-arm64-efi-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): grub2-snapper-plugin-2.02-12.31.1 grub2-systemd-sleep-plugin-2.02-12.31.1 grub2-x86_64-xen-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): grub2-i386-pc-2.02-12.31.1 grub2-x86_64-efi-2.02-12.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): grub2-s390x-emu-2.02-12.31.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://www.suse.com/security/cve/CVE-2020-14308.html https://www.suse.com/security/cve/CVE-2020-14309.html https://www.suse.com/security/cve/CVE-2020-14310.html https://www.suse.com/security/cve/CVE-2020-14311.html https://www.suse.com/security/cve/CVE-2020-15706.html https://www.suse.com/security/cve/CVE-2020-15707.html https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1173812 https://bugzilla.suse.com/1174463 https://bugzilla.suse.com/1174570 From sle-security-updates at lists.suse.com Wed Jul 29 16:18:59 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jul 2020 00:18:59 +0200 (CEST) Subject: SUSE-SU-2020:2074-1: important: Security update for grub2 Message-ID: <20200729221859.CF171FF11@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2074-1 Rating: important References: #1168994 #1173812 #1174463 #1174570 Cross-References: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer - Use grub_calloc for overflow check and return NULL when it would occur Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2020-2074=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2074=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): grub2-x86_64-xen-2.04-9.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): grub2-2.04-9.7.1 grub2-debuginfo-2.04-9.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 s390x x86_64): grub2-debugsource-2.04-9.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): grub2-arm64-efi-2.04-9.7.1 grub2-i386-pc-2.04-9.7.1 grub2-powerpc-ieee1275-2.04-9.7.1 grub2-snapper-plugin-2.04-9.7.1 grub2-systemd-sleep-plugin-2.04-9.7.1 grub2-x86_64-efi-2.04-9.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): grub2-s390x-emu-2.04-9.7.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://www.suse.com/security/cve/CVE-2020-14308.html https://www.suse.com/security/cve/CVE-2020-14309.html https://www.suse.com/security/cve/CVE-2020-14310.html https://www.suse.com/security/cve/CVE-2020-14311.html https://www.suse.com/security/cve/CVE-2020-15706.html https://www.suse.com/security/cve/CVE-2020-15707.html https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1173812 https://bugzilla.suse.com/1174463 https://bugzilla.suse.com/1174570 From sle-security-updates at lists.suse.com Wed Jul 29 16:21:01 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jul 2020 00:21:01 +0200 (CEST) Subject: SUSE-SU-2020:2077-1: important: Security update for grub2 Message-ID: <20200729222101.7734EFF11@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2077-1 Rating: important References: #1168994 #1173812 #1174463 #1174570 Cross-References: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - CVE-2020-10713 (bsc#1168994) - CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - CVE-2020-15706 (bsc#1174463) - CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use grub_calloc for overflow check and return NULL when it would occur Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2077=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2077=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): grub2-x86_64-xen-2.02-26.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): grub2-2.02-26.25.1 grub2-debuginfo-2.02-26.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 s390x x86_64): grub2-debugsource-2.02-26.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): grub2-arm64-efi-2.02-26.25.1 grub2-i386-pc-2.02-26.25.1 grub2-powerpc-ieee1275-2.02-26.25.1 grub2-snapper-plugin-2.02-26.25.1 grub2-systemd-sleep-plugin-2.02-26.25.1 grub2-x86_64-efi-2.02-26.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): grub2-s390x-emu-2.02-26.25.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://www.suse.com/security/cve/CVE-2020-14308.html https://www.suse.com/security/cve/CVE-2020-14309.html https://www.suse.com/security/cve/CVE-2020-14310.html https://www.suse.com/security/cve/CVE-2020-14311.html https://www.suse.com/security/cve/CVE-2020-15706.html https://www.suse.com/security/cve/CVE-2020-15707.html https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1173812 https://bugzilla.suse.com/1174463 https://bugzilla.suse.com/1174570 From sle-security-updates at lists.suse.com Wed Jul 29 16:22:07 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jul 2020 00:22:07 +0200 (CEST) Subject: SUSE-SU-2020:14440-1: important: Security update for grub2 Message-ID: <20200729222207.3A54FFF11@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14440-1 Rating: important References: #1084632 #1168994 #1173812 #1174463 #1174570 Cross-References: CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Fix packed-not-aligned error on GCC 8 (bsc#1084632) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-grub2-14440=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-grub2-14440=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): grub2-x86_64-efi-2.00-0.66.15.1 grub2-x86_64-xen-2.00-0.66.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): grub2-debuginfo-2.00-0.66.15.1 grub2-debugsource-2.00-0.66.15.1 References: https://www.suse.com/security/cve/CVE-2020-10713.html https://www.suse.com/security/cve/CVE-2020-14308.html https://www.suse.com/security/cve/CVE-2020-14309.html https://www.suse.com/security/cve/CVE-2020-14310.html https://www.suse.com/security/cve/CVE-2020-14311.html https://www.suse.com/security/cve/CVE-2020-15706.html https://www.suse.com/security/cve/CVE-2020-15707.html https://bugzilla.suse.com/1084632 https://bugzilla.suse.com/1168994 https://bugzilla.suse.com/1173812 https://bugzilla.suse.com/1174463 https://bugzilla.suse.com/1174570 From sle-security-updates at lists.suse.com Thu Jul 30 10:16:50 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jul 2020 18:16:50 +0200 (CEST) Subject: SUSE-SU-2020:2086-1: moderate: Security update for targetcli-fb Message-ID: <20200730161650.80465FF0B@maintenance.suse.de> SUSE Security Update: Security update for targetcli-fb ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2086-1 Rating: moderate References: #1172743 Cross-References: CVE-2020-13867 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for targetcli-fb fixes the following issues: - CVE-2020-13867: Fixed the permissions in /etc/target (bsc#1172743) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-2086=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2086=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP1 (noarch): python2-targetcli-fb-2.1.49-10.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-targetcli-fb-2.1.49-10.9.1 targetcli-fb-common-2.1.49-10.9.1 References: https://www.suse.com/security/cve/CVE-2020-13867.html https://bugzilla.suse.com/1172743 From sle-security-updates at lists.suse.com Thu Jul 30 13:13:36 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jul 2020 21:13:36 +0200 (CEST) Subject: SUSE-SU-2020:2095-1: important: Security update for ghostscript Message-ID: <20200730191336.7892BFDE4@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2095-1 Rating: important References: #1174415 Cross-References: CVE-2020-15900 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript fixes the following issues: - fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2095=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2095=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2095=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2095=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2095=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2095=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): ghostscript-9.52-3.32.1 ghostscript-debuginfo-9.52-3.32.1 ghostscript-debugsource-9.52-3.32.1 ghostscript-devel-9.52-3.32.1 ghostscript-x11-9.52-3.32.1 ghostscript-x11-debuginfo-9.52-3.32.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): ghostscript-9.52-3.32.1 ghostscript-debuginfo-9.52-3.32.1 ghostscript-debugsource-9.52-3.32.1 ghostscript-devel-9.52-3.32.1 ghostscript-x11-9.52-3.32.1 ghostscript-x11-debuginfo-9.52-3.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ghostscript-9.52-3.32.1 ghostscript-debuginfo-9.52-3.32.1 ghostscript-debugsource-9.52-3.32.1 ghostscript-devel-9.52-3.32.1 ghostscript-x11-9.52-3.32.1 ghostscript-x11-debuginfo-9.52-3.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ghostscript-9.52-3.32.1 ghostscript-debuginfo-9.52-3.32.1 ghostscript-debugsource-9.52-3.32.1 ghostscript-devel-9.52-3.32.1 ghostscript-x11-9.52-3.32.1 ghostscript-x11-debuginfo-9.52-3.32.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): ghostscript-9.52-3.32.1 ghostscript-debuginfo-9.52-3.32.1 ghostscript-debugsource-9.52-3.32.1 ghostscript-devel-9.52-3.32.1 ghostscript-x11-9.52-3.32.1 ghostscript-x11-debuginfo-9.52-3.32.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): ghostscript-9.52-3.32.1 ghostscript-debuginfo-9.52-3.32.1 ghostscript-debugsource-9.52-3.32.1 ghostscript-devel-9.52-3.32.1 ghostscript-x11-9.52-3.32.1 ghostscript-x11-debuginfo-9.52-3.32.1 References: https://www.suse.com/security/cve/CVE-2020-15900.html https://bugzilla.suse.com/1174415 From sle-security-updates at lists.suse.com Thu Jul 30 13:14:23 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 30 Jul 2020 21:14:23 +0200 (CEST) Subject: SUSE-SU-2020:2097-1: important: Security update for ghostscript Message-ID: <20200730191423.A3E0DFDE4@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2097-1 Rating: important References: #1174415 Cross-References: CVE-2020-15900 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ghostscript fixes the following issues: - fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2097=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2097=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2097=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2097=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2097=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2097=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2097=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2097=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2097=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2097=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2097=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2097=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2097=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2097=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2097=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2097=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2097=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE OpenStack Cloud 9 (x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE OpenStack Cloud 8 (x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE OpenStack Cloud 7 (s390x x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-devel-9.52-23.39.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 - HPE Helion Openstack 8 (x86_64): ghostscript-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1 ghostscript-debugsource-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 References: https://www.suse.com/security/cve/CVE-2020-15900.html https://bugzilla.suse.com/1174415 From sle-security-updates at lists.suse.com Fri Jul 31 10:12:53 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Jul 2020 18:12:53 +0200 (CEST) Subject: SUSE-SU-2020:2101-1: moderate: Security update for targetcli-fb Message-ID: <20200731161253.6E8D2FDE1@maintenance.suse.de> SUSE Security Update: Security update for targetcli-fb ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2101-1 Rating: moderate References: #1172743 Cross-References: CVE-2020-13867 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for targetcli-fb fixes the following issues: - CVE-2020-13867: Fixed the permissions in /etc/target (bsc#1172743) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-2101=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2101=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-targetcli-fb-2.1.52-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-targetcli-fb-2.1.52-3.3.1 targetcli-fb-common-2.1.52-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-13867.html https://bugzilla.suse.com/1172743 From sle-security-updates at lists.suse.com Fri Jul 31 10:13:41 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Jul 2020 18:13:41 +0200 (CEST) Subject: SUSE-SU-2020:2100-1: moderate: Security update for MozillaFirefox Message-ID: <20200731161341.C6E31FDE1@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2100-1 Rating: moderate References: #1173948 #1174538 Cross-References: CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2100=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2100=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2100=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-2100=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2100=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2100=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2100=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2100=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2100=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2100=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2100=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2100=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2100=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2100=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2100=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2100=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2100=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1 References: https://www.suse.com/security/cve/CVE-2020-15652.html https://www.suse.com/security/cve/CVE-2020-15653.html https://www.suse.com/security/cve/CVE-2020-15654.html https://www.suse.com/security/cve/CVE-2020-15655.html https://www.suse.com/security/cve/CVE-2020-15656.html https://www.suse.com/security/cve/CVE-2020-15657.html https://www.suse.com/security/cve/CVE-2020-15658.html https://www.suse.com/security/cve/CVE-2020-15659.html https://www.suse.com/security/cve/CVE-2020-6463.html https://www.suse.com/security/cve/CVE-2020-6514.html https://bugzilla.suse.com/1173948 https://bugzilla.suse.com/1174538 From sle-security-updates at lists.suse.com Fri Jul 31 13:14:33 2020 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 31 Jul 2020 21:14:33 +0200 (CEST) Subject: SUSE-SU-2020:2102-1: important: Security update for the Linux Kernel Message-ID: <20200731191433.655C1FDE4@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2102-1 Rating: important References: #1065729 #1152472 #1152489 #1153274 #1154353 #1154488 #1155518 #1155798 #1165933 #1167773 #1168959 #1169771 #1171857 #1171988 #1172201 #1173074 #1173849 #1173941 #1174072 #1174116 #1174126 #1174127 #1174128 #1174129 #1174185 #1174205 #1174247 #1174263 #1174264 #1174331 #1174332 #1174333 #1174356 #1174362 #1174396 #1174398 #1174407 #1174409 #1174411 #1174438 #1174462 #1174513 #1174527 #1174627 #1174645 Cross-References: CVE-2020-0305 CVE-2020-10135 CVE-2020-10781 CVE-2020-14331 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves four vulnerabilities and has 41 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10781: Fixed a denial of service issue in the ZRAM implementation (bnc#1173074). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in bluetooth may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-14331: Fixed a buffer over write in vgacon_scrollback_update() (bnc#1174205). The following non-security bugs were fixed: - ACPICA: Dispatcher: add status checks (git-fixes). - ACPI/IORT: Fix PMCG node single ID mapping handling (git-fixes). - ACPI: video: Use native backlight on Acer Aspire 5783z (git-fixes). - ACPI: video: Use native backlight on Acer TravelMate 5735Z (git-fixes). - ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL (jsc#SLE-13261). - ALSA: hda/realtek - change to suitable link model for ASUS platform (git-fixes). - ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256 (git-fixes). - ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289 (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534 (git-fixes). - ALSA: hda/realtek - Enable Speaker for ASUS UX563 (git-fixes). - ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S (git-fixes). - ALSA: hda/realtek - fixup for yet another Intel reference board (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: line6: Sync the pending work cancel at disconnection (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - apparmor: ensure that dfa state tables have entries (git-fixes). - apparmor: fix introspection of of task mode for unconfined tasks (git-fixes). - apparmor: Fix memory leak of profile proxy (git-fixes). - apparmor: Fix use-after-free in aa_audit_rule_init (git-fixes). - apparmor: remove useless aafs_create_symlink (git-fixes). - arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id (bsc#1174398). - arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode (bsc#1174398). - ASoC: codecs: max98373: Removed superfluous volume control from chip default (git-fixes). - ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend (git-fixes). - ASoC: Intel: bytcht_es8316: Add missed put_device() (git-fixes). - ASoC: rockchip: add format and rate constraints on rk3399 (git-fixes). - ASoC: rt286: fix unexpected interrupt happens (git-fixes). - ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - ASoC: rt5670: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes). - ASoC: rt5682: Report the button event in the headset type only (git-fixes). - ASoC: topology: fix kernel oops on route addition error (git-fixes). - ASoC: topology: fix tlvs in error handling for widget_dmixer (git-fixes). - ASoC: wm8974: fix Boost Mixer Aux Switch (git-fixes). - ASoC: wm8974: remove unsupported clock mode (git-fixes). - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb (git-fixes). - ath9k: Fix regression with Atheros 9271 (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight() (bsc#1165933). - bnxt_en: Init ethtool link settings after reading updated PHY configuration (jsc#SLE-8371 bsc#1153274). - bpf: Do not allow btf_ctx_access with __int128 types (bsc#1155518). - brcmfmac: Transform compatible string for FW loading (bsc#1169771). - bridge: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - bridge: mcast: Fix MLD2 Report IPv6 payload length check (git-fixes). - btrfs: add assertions for tree == inode->io_tree to extent IO helpers (bsc#1174438). - btrfs: drop argument tree from btrfs_lock_and_flush_ordered_range (bsc#1174438). - btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof (bsc#1174438). - btrfs: fix hang on snapshot creation after RWF_NOWAIT write (bsc#1174438). - btrfs: fix RWF_NOWAIT write not failling when we need to cow (bsc#1174438). - btrfs: fix RWF_NOWAIT writes blocking on extent locks and waiting for IO (bsc#1174438). - btrfs: use correct count in btrfs_file_write_iter() (bsc#1174438). - bus: ti-sysc: Do not disable on suspend for no-idle (git-fixes). - dccp: Fix possible memleak in dccp_init and dccp_fini (networking-stable-20_06_16). - devinet: fix memleak in inetdev_init() (networking-stable-20_06_07). - /dev/mem: Add missing memory barriers for devmem_inode (git-fixes). - /dev/mem: Revoke mappings when a driver claims the region (git-fixes). - dmaengine: dmatest: stop completed threads when running without set channel (git-fixes). - dmaengine: dw: Initialize channel before each transfer (git-fixes). - dmaengine: fsl-edma-common: correct DSIZE_32BYTE (git-fixes). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - dmaengine: imx-sdma: Fix: Remove 'always true' comparison (git-fixes). - dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler (git-fixes). - dmaengine: sh: usb-dmac: set tx_result parameters (git-fixes). - dm: do not use waitqueue for request-based DM (bsc#1165933). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174396). - dpaa_eth: Make dpaa_a050385_wa static (bsc#1174396). - drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp() (git-fixes). - drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (git-fixes). - drm/amdgpu: do not do soft recovery if gpu_recovery=0 (git-fixes). - drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (git-fixes). - drm/amdgpu: use %u rather than %d for sclk/mclk (git-fixes). - drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1152472) - drm/exynos: fix ref count leak in mic_pre_enable (git-fixes). - drm/exynos: Properly propagate return value in drm_iommu_attach_device() (git-fixes). - drm/i915/fbc: Fix fence_y_offset handling (bsc#1152489) - drm/i915/gt: Ignore irq enabling on the virtual engines (git-fixes). - drm/i915/gt: Only swap to a random sibling once upon creation (bsc#1152489) - drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. (bsc#1152489) - drm: mcde: Fix display initialization problem (git-fixes). - drm/mediatek: Check plane visibility in atomic_update (git-fixes). - drm/msm/dpu: allow initialization of encoder locks during encoder init (git-fixes). - drm/msm: fix potential memleak in error branch (git-fixes). - drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (git-fixes). - drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (git-fixes). - drm/radeon: fix double free (git-fixes). - drm: sun4i: hdmi: Fix inverted HPD result (git-fixes). - drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20 (git-fixes). - drm/tegra: hub: Do not enable orphaned window group (git-fixes). - exfat: add missing brelse() calls on error paths (git-fixes). - exfat: fix incorrect update of stream entry in __exfat_truncate() (git-fixes). - exfat: fix memory leak in exfat_parse_param() (git-fixes). - exfat: move setting VOL_DIRTY over exfat_remove_entries() (git-fixes). - fpga: dfl: fix bug in port reset handshake (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174396) Update arm64 config file - fuse: copy_file_range should truncate cache (git-fixes). - fuse: fix copy_file_range cache issues (git-fixes). - geneve: fix an uninitialized value in geneve_changelink() (git-fixes). - gpio: pca953x: disable regmap locking for automatic address incrementing (git-fixes). - gpio: pca953x: Fix GPIO resource leak on Intel Galileo Gen 2 (git-fixes). - gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2 (git-fixes). - gpu: host1x: Detach driver on unregister (git-fixes). - habanalabs: increase timeout during reset (git-fixes). - HID: logitech-hidpp: avoid repeated "multiplier = " log messages (git-fixes). - HID: magicmouse: do not set up autorepeat (git-fixes). - HID: quirks: Always poll Obins Anne Pro 2 keyboard (git-fixes). - HID: quirks: Ignore Simply Automated UPB PIM (git-fixes). - HID: quirks: Remove ITE 8595 entry from hid_have_special_driver (git-fixes). - hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path (git-fixes). - hwmon: (emc2103) fix unable to change fan pwm1_enable attribute (git-fixes). - hwrng: ks-sa - Fix runtime PM imbalance on error (git-fixes). - i2c: eg20t: Load module automatically if ID matches (git-fixes). - i2c: i2c-qcom-geni: Fix DMA transfer race (git-fixes). - i2c: rcar: always clear ICSAR to avoid side effects (git-fixes). - i40iw: Do an RCU lookup in i40iw_add_ipv4_addr (git-fixes). - i40iw: Fix error handling in i40iw_manage_arp_cache() (git-fixes). - i40iw: fix null pointer dereference on a null wqe pointer (git-fixes). - i40iw: Report correct firmware version (git-fixes). - IB/cma: Fix ports memory leak in cma_configfs (git-fixes). - IB/core: Fix potential NULL pointer dereference in pkey cache (git-fixes). - IB/hfi1: Do not destroy hfi1_wq when the device is shut down (bsc#1174409). - IB/hfi1: Do not destroy link_wq when the device is shut down (bsc#1174409). - IB/hfi1: Ensure pq is not left on waitlist (git-fixes). - IB/hfi1: Fix another case where pq is left on waitlist (bsc#1174411). - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (git-fixes). - IB/hfi1: Fix module use count flaw due to leftover module put calls (bsc#1174407). - IB/hfi1, qib: Ensure RCU is locked when accessing list (git-fixes). - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (git-fixes). - IB/mad: Fix use after free when destroying MAD agent (git-fixes). - IB/mlx4: Test return value of calls to ib_get_cached_pkey (git-fixes). - IB/mlx5: Fix 50G per lane indication (git-fixes). - IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command (git-fixes). - IB/mlx5: Fix missing congestion control debugfs on rep rdma device (git-fixes). - IB/mlx5: Replace tunnel mpls capability bits for tunnel_offloads (git-fixes). - IB/qib: Call kobject_put() when kobject_init_and_add() fails (git-fixes). - IB/rdmavt: Always return ERR_PTR from rvt_create_mmap_info() (git-fixes). - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes). - ieee802154: fix one possible memleak in adf7242_probe (git-fixes). - iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()' (git-fixes). - iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers (git-fixes). - iio:health:afe4404 Fix timestamp alignment and prevent data leak (git-fixes). - iio:humidity:hdc100x Fix alignment and data leak issues (git-fixes). - iio:humidity:hts221 Fix alignment and data leak issues (git-fixes). - iio:magnetometer:ak8974: Fix alignment and data leak issues (git-fixes). - iio: magnetometer: ak8974: Fix runtime PM imbalance on error (git-fixes). - iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe() (git-fixes). - iio:pressure:ms5611 Fix buffer element alignment (git-fixes). - iio: pressure: zpa2326: handle pm_runtime_get_sync failure (git-fixes). - Input: elan_i2c - add more hardware ID for Lenovo laptops (git-fixes). - Input: goodix - fix touch coordinates on Cube I15-TC (git-fixes). - Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list (git-fixes). - Input: mms114 - add extra compatible for mms345l (git-fixes). - intel_th: Fix a NULL dereference when hub driver is not loaded (git-fixes). - intel_th: pci: Add Emmitsburg PCH support (git-fixes). - intel_th: pci: Add Jasper Lake CPU support (git-fixes). - intel_th: pci: Add Tiger Lake PCH-H support (git-fixes). - iommu/arm-smmu-v3: Do not reserve implementation defined register space (bsc#1174126). - iommu/vt-d: Enable PCI ACS for platform opt in hint (bsc#1174127). - iommu/vt-d: Update scalable mode paging structure coherency (bsc#1174128). - ionic: centralize queue reset code (bsc#1167773). - ionic: fix up filter locks and debug msgs (bsc#1167773). - ionic: keep rss hash after fw update (bsc#1167773). - ionic: update filter id after replay (bsc#1167773). - ionic: update the queue count on open (bsc#1167773). - ionic: use mutex to protect queue operations (bsc#1167773). - ionic: use offset for ethtool regs data (bsc#1167773). - kABI: reintroduce inet_hashtables.h include to l2tp_ip (kabi). - keys: asymmetric: fix error return code in software_key_query() (git-fixes). - KVM: nVMX: always update CR3 in VMCS (git-fixes). - l2tp: add sk_family checks to l2tp_validate_socket (networking-stable-20_06_07). - l2tp: do not use inet_hash()/inet_unhash() (networking-stable-20_06_07). - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() (bsc#1174331). - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mfd: intel-lpss: Add Intel Jasper Lake PCI IDs (jsc#SLE-12602). - mlxsw: core: Fix wrong SFP EEPROM reading for upper pages 1-3 (bsc#1154488). - mlxsw: core: Use different get_trend() callbacks for different thermal zones (networking-stable-20_06_10). - mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed (git-fixes). - mmc: sdhci: do not enable card detect interrupt for gpio cd type (git-fixes). - mm/mmap.c: close race between munmap() and expand_upwards()/downwards() (bsc#1174527). - nbd: Fix memory leak in nbd_add_socket (git-fixes). - net: be more gentle about silly gso requests coming from user (networking-stable-20_06_07). - net: check untrusted gso_size at kernel entry (networking-stable-20_06_07). - netdevsim: fix unbalaced locking in nsim_create() (git-fixes). - net: dsa: bcm_sf2: Fix node reference count (git-fixes). - net_failover: fixed rollback in net_failover_open() (networking-stable-20_06_10). - netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c (bsc#1171857). - netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit helpers (bsc#1171857). - netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c (bsc#1171857). - netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit helpers (bsc#1171857). - net: fsl/fman: treat all RGMII modes in memac_adjust_link() (bsc#1174398). - net: hns3: check reset pending after FLR prepare (bsc#1154353). - net: hns3: fix error handling for desc filling (git-fixes). - net: hns3: fix for not calculating TX BD send size correctly (git-fixes). - net: hns3: fix return value error when query MAC link status fail (git-fixes). - net: ipv4: Fix wrong type conversion from hint to rt in ip_route_use_hint() (bsc#1154353). - net: macb: call pm_runtime_put_sync on failure path (git-fixes). - net/mlx5: drain health workqueue in case of driver load error (networking-stable-20_06_16). - net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash (jsc#SLE-8464). - net/mlx5e: Fix repeated XSK usage on one channel (networking-stable-20_06_16). - net/mlx5e: Fix VXLAN configuration restore after function reload (jsc#SLE-8464). - net/mlx5: Fix fatal error handling during device load (networking-stable-20_06_16). - net: phy: realtek: add support for configuring the RX delay on RTL8211F (bsc#1174398). - net/smc: fix restoring of fallback changes (git-fixes). - net: stmmac: do not attach interface until resume finishes (bsc#1174072). - net: stmmac: dwc-qos: avoid clk and reset for acpi device (bsc#1174072). - net: stmmac: dwc-qos: use generic device api (bsc#1174072). - net: stmmac: enable timestamp snapshot for required PTP packets in dwmac v5.10a (networking-stable-20_06_07). - net: stmmac: platform: fix probe for ACPI devices (bsc#1174072). - net/tls: fix encryption error checking (git-fixes). - net/tls: free record only on encryption error (git-fixes). - net: usb: qmi_wwan: add Telit LE910C1-EUX composition (networking-stable-20_06_07). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - nfp: flower: fix used time of merge flow statistics (networking-stable-20_06_07). - NFS: Fix interrupted slots by sending a solo SEQUENCE operation (bsc#1174264). - NTB: Fix static check warning in perf_clear_test (git-fixes). - NTB: Fix the default port and peer numbers for legacy drivers (git-fixes). - ntb: hw: remove the code that sets the DMA mask (git-fixes). - NTB: ntb_pingpong: Choose doorbells based on port number (git-fixes). - NTB: ntb_test: Fix bug when counting remote files (git-fixes). - NTB: ntb_tool: reading the link file should not end in a NULL byte (git-fixes). - NTB: perf: Do not require one more memory window than number of peers (git-fixes). - NTB: perf: Fix race condition when run with ntb_test (git-fixes). - NTB: perf: Fix support for hardware that does not have port numbers (git-fixes). - ntb_perf: pass correct struct device to dma_alloc_coherent (git-fixes). - NTB: Revert the change to use the NTB device dev for DMA allocations (git-fixes). - ntb_tool: pass correct struct device to dma_alloc_coherent (git-fixes). - ovl: inode reference leak in ovl_is_inuse true case (git-fixes). - padata: add separate cpuhp node for CPUHP_PADATA_DEAD (git-fixes). - padata: kABI fixup for struct padata_instance splitting nodes (git-fixes). - PCI/AER: Remove HEST/FIRMWARE_FIRST parsing for AER ownership (bsc#1174356). - PCI/AER: Use only _OSC to determine AER ownership (bsc#1174356). - PCI/EDR: Log only ACPI_NOTIFY_DISCONNECT_RECOVER events (bsc#1174513). - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2 (bsc#1172201). - pci: Revive pci_dev __aer_firmware_first* fields for kABI (bsc#1174356). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bsc#1174332). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - platform/x86: ISST: Increase timeout (bsc#1174185). - powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey (bsc#1065729). - powerpc/fadump: fix race between pstore write and fadump crash trigger (bsc#1168959 ltc#185010). - powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END (git-fixes). - powerpc/xmon: Reset RCU and soft lockup watchdogs (bsc#1065729). - qed: suppress "do not support RoCE & iWARP" flooding on HW init (git-fixes). - qed: suppress false-positives interrupt error messages on HW init (git-fixes). - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (git-fixes). - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (git-fixes). - RDMA/cm: Fix an error check in cm_alloc_id_priv() (git-fixes). - RDMA/cm: Fix checking for allowed duplicate listens (git-fixes). - RDMA/cm: Fix ordering of xa_alloc_cyclic() in ib_create_cm_id() (git-fixes). - RDMA/cm: Read id.state under lock when doing pr_debug() (git-fixes). - RDMA/cm: Remove a race freeing timewait_info (git-fixes). - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (git-fixes). - RDMA/core: Fix double destruction of uobject (git-fixes). - RDMA/core: Fix double put of resource (git-fixes). - RDMA/core: Fix missing error check on dev_set_name() (git-fixes). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (git-fixes). - RDMA/core: Fix race between destroy and release FD object (git-fixes). - RDMA/core: Fix race in rdma_alloc_commit_uobject() (git-fixes). - RDMA/core: Prevent mixed use of FDs between shared ufiles (git-fixes). - RDMA/counter: Query a counter before release (git-fixes). - RDMA/efa: Set maximum pkeys device attribute (git-fixes). - RDMA/hns: Bugfix for querying qkey (git-fixes). - RDMA/hns: Fix cmdq parameter of querying pf timer resource (git-fixes). - RDMA/iwcm: Fix iwcm work deallocation (git-fixes). - RDMA/iw_cxgb4: Fix incorrect function parameters (git-fixes). - RDMA/mad: Do not crash if the rdma device does not have a umad interface (git-fixes). - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (git-fixes). - RDMA/mlx4: Initialize ib_spec on the stack (git-fixes). - RDMA/mlx5: Add init2init as a modify command (git-fixes). - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (git-fixes). - RDMA/mlx5: Fix the number of hwcounters of a dynamic counter (git-fixes). - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes). - RDMA/mlx5: Prevent prefetch from racing with implicit destruction (jsc#SLE-8446). - RDMA/mlx5: Set GRH fields in query QP on RoCE (git-fixes). - RDMA/mlx5: Use xa_lock_irq when access to SRQ table (git-fixes). - RDMA/mlx5: Verify that QP is created with RQ or SQ (git-fixes). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (git-fixes). - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (git-fixes). - RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq (git-fixes). - RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info() (git-fixes). - RDMA/rxe: Fix configuration of atomic queue pair attributes (git-fixes). - RDMA/rxe: Set default vendor ID (git-fixes). - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (git-fixes). - RDMA/siw: Fix failure handling during device creation (git-fixes). - RDMA/siw: Fix passive connection establishment (git-fixes). - RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl() (git-fixes). - RDMA/siw: Fix potential siw_mem refcnt leak in siw_fastreg_mr() (git-fixes). - RDMA/siw: Fix reporting vendor_part_id (git-fixes). - RDMA/siw: Fix setting active_mtu attribute (git-fixes). - RDMA/siw: Fix setting active_{speed, width} attributes (git-fixes). - RDMA/ucma: Put a lock around every call to the rdma_cm layer (git-fixes). - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes). - regmap: debugfs: Do not sleep while atomic for fast_io regmaps (git-fixes). - regmap: fix alignment issue (git-fixes). - regmap: Fix memory leak from regmap_register_patch (git-fixes). - Revert "i2c: cadence: Fix the hold bit setting" (git-fixes). - Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (git-fixes). - Revert "thermal: mediatek: fix register index error" (git-fixes). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (git-fixes). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (bsc#1154353). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (git-fixes). - s390: fix syscall_get_error for compat processes (git-fixes). - s390/ism: fix error return code in ism_probe() (git-fixes). - s390/kaslr: add support for R_390_JMP_SLOT relocation type (git-fixes). - s390/pci: Fix s390_mmio_read/write with MIO (git-fixes). - s390/qdio: consistently restore the IRQ handler (git-fixes). - s390/qdio: put thinint indicator after early error (git-fixes). - s390/qdio: tear down thinint indicator after early error (git-fixes). - s390/qeth: fix error handling for isolation mode cmds (git-fixes). - sched/fair: handle case of task_h_load() returning 0 (bnc#1155798 (CPU scheduler functional and performance backports)). - scsi: libfc: free response frame from GPN_ID (bsc#1173849). - scsi: libfc: Handling of extra kref (bsc#1173849). - scsi: libfc: If PRLI rejected, move rport to PLOGI state (bsc#1173849). - scsi: libfc: rport state move to PLOGI if all PRLI retry exhausted (bsc#1173849). - scsi: libfc: Skip additional kref updating work event (bsc#1173849). - scsi: ufs-bsg: Fix runtime PM imbalance on error (git-fixes). - scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action (git-fixes). - selftests/net: in rxtimestamp getopt_long needs terminating null entry (networking-stable-20_06_16). - selinux: fall back to ref-walk if audit is required (bsc#1174333). - selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" (bsc#1174333). - serial: 8250_tegra: Create Tegra specific 8250 driver (bsc#1173941). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - soundwire: intel: fix memory leak with devm_kasprintf (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: spidev: fix a race between spidev_release and spidev_remove (git-fixes). - spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate (git-fixes). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - staging: comedi: verify array index is correct before using it (git-fixes). - SUNRPC dont update timeout value on connection reset (bsc#1174263). - sunrpc: Fix gss_unwrap_resp_integ() again (bsc#1174116). - tcp: md5: allow changing MD5 keys in all socket states (git-fixes). - thermal/drivers: imx: Fix missing of_node_put() at probe time (git-fixes). - thermal: int3403_thermal: Downgrade error message (git-fixes). - tpm_crb: fix fTPM on AMD Zen+ CPUs (bsc#1174362). - tpm_tis: extra chip->ops check on error path in tpm_tis_core_init (git-fixes). - tty: hvc_console, fix crashes on parallel open/close (git-fixes). - udp: Copy has_conns in reuseport_grow() (git-fixes). - udp: Improve load balancing for SO_REUSEPORT (git-fixes). - USB: c67x00: fix use after free in c67x00_giveback_urb (git-fixes). - usb: chipidea: core: add wakeup support for extcon (git-fixes). - usb: dwc2: Fix shutdown callback in platform (git-fixes). - usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work (git-fixes). - usb: gadget: Fix issue with config_ep_by_speed function (git-fixes). - usb: gadget: function: fix missing spinlock in f_uac1_legacy (git-fixes). - usb: gadget: udc: atmel: fix uninitialized read in debug printk (git-fixes). - usb: gadget: udc: atmel: remove outdated comment in usba_ep_disable() (git-fixes). - usbnet: smsc95xx: Fix use-after-free after removal (git-fixes). - USB: serial: ch341: add new Product ID for CH340 (git-fixes). - USB: serial: cypress_m8: enable Simply Automated UPB PIM (git-fixes). - USB: serial: iuu_phoenix: fix memory corruption (git-fixes). - USB: serial: option: add GosunCn GM500 series (git-fixes). - USB: serial: option: add Quectel EG95 LTE modem (git-fixes). - usb: tegra: Fix allocation for the FPCI context (git-fixes). - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (bsc#1174129). - virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial (git-fixes). - virt: vbox: Fix guest capabilities mask check (git-fixes). - virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream (git-fixes). - vsock: fix timeout in vsock_accept() (networking-stable-20_06_07). - vxlan: Avoid infinite loop when suppressing NS messages with invalid options (networking-stable-20_06_10). - watchdog: iTCO: Add support for Cannon Lake PCH iTCO (jsc#SLE-13202). - workqueue: Remove unnecessary kfree() call in rcu_free_wq() (git-fixes). - xfrm: fix a warning in xfrm_policy_insert_list (bsc#1174645). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-2102=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.12.1 kernel-azure-debuginfo-5.3.18-18.12.1 kernel-azure-debugsource-5.3.18-18.12.1 kernel-azure-devel-5.3.18-18.12.1 kernel-azure-devel-debuginfo-5.3.18-18.12.1 kernel-syms-azure-5.3.18-18.12.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.12.1 kernel-source-azure-5.3.18-18.12.1 References: https://www.suse.com/security/cve/CVE-2020-0305.html https://www.suse.com/security/cve/CVE-2020-10135.html https://www.suse.com/security/cve/CVE-2020-10781.html https://www.suse.com/security/cve/CVE-2020-14331.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153274 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154488 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1155798 https://bugzilla.suse.com/1165933 https://bugzilla.suse.com/1167773 https://bugzilla.suse.com/1168959 https://bugzilla.suse.com/1169771 https://bugzilla.suse.com/1171857 https://bugzilla.suse.com/1171988 https://bugzilla.suse.com/1172201 https://bugzilla.suse.com/1173074 https://bugzilla.suse.com/1173849 https://bugzilla.suse.com/1173941 https://bugzilla.suse.com/1174072 https://bugzilla.suse.com/1174116 https://bugzilla.suse.com/1174126 https://bugzilla.suse.com/1174127 https://bugzilla.suse.com/1174128 https://bugzilla.suse.com/1174129 https://bugzilla.suse.com/1174185 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174247 https://bugzilla.suse.com/1174263 https://bugzilla.suse.com/1174264 https://bugzilla.suse.com/1174331 https://bugzilla.suse.com/1174332 https://bugzilla.suse.com/1174333 https://bugzilla.suse.com/1174356 https://bugzilla.suse.com/1174362 https://bugzilla.suse.com/1174396 https://bugzilla.suse.com/1174398 https://bugzilla.suse.com/1174407 https://bugzilla.suse.com/1174409 https://bugzilla.suse.com/1174411 https://bugzilla.suse.com/1174438 https://bugzilla.suse.com/1174462 https://bugzilla.suse.com/1174513 https://bugzilla.suse.com/1174527 https://bugzilla.suse.com/1174627 https://bugzilla.suse.com/1174645