SUSE-IU-2020:109-1: Security update of suse-sles-15-sp2-chost-byos-v20201016-hvm-ssd-x86_64
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Oct 19 03:43:21 MDT 2020
SUSE Image Update Advisory: suse-sles-15-sp2-chost-byos-v20201016-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2020:109-1
Image Tags : suse-sles-15-sp2-chost-byos-v20201016-hvm-ssd-x86_64:20201016
Image Release :
Severity : important
Type : security
References : 1011548 1027519 1055186 1058115 1065600 1065729 1094244 1100369
1109160 1118367 1118368 1125043 1128220 1136666 1139837 1152148
1152472 1152489 1152930 1153274 1153943 1153946 1154353 1155518
1155798 1156205 1156395 1157051 1161168 1161239 1161923 1165424
1165786 1167527 1170232 1170347 1170667 1170713 1170774 1171000
1171068 1171073 1171313 1171558 1171688 1171740 1171742 1171762
1172157 1172419 1172429 1172757 1172873 1172958 1173017 1173060
1173060 1173064 1173104 1173115 1173267 1173273 1173307 1173311
1173433 1173470 1173529 1173746 1173799 1173983 1174029 1174079
1174110 1174111 1174240 1174358 1174386 1174477 1174484 1174486
1174561 1174641 1174863 1174899 1174918 1175110 1175263 1175281
1175342 1175370 1175441 1175443 1175568 1175592 1175667 1175718
1175749 1175787 1175844 1175882 1175952 1175989 1175996 1175997
1175998 1175999 1176000 1176001 1176019 1176022 1176038 1176063
1176086 1176092 1176137 1176181 1176235 1176236 1176237 1176242
1176278 1176339 1176341 1176343 1176344 1176345 1176346 1176347
1176348 1176349 1176350 1176357 1176358 1176359 1176360 1176361
1176362 1176363 1176364 1176365 1176366 1176367 1176381 1176410
1176423 1176449 1176482 1176486 1176494 1176507 1176536 1176537
1176538 1176539 1176540 1176541 1176542 1176544 1176545 1176546
1176548 1176558 1176559 1176579 1176587 1176588 1176644 1176659
1176670 1176671 1176674 1176698 1176699 1176700 1176721 1176722
1176725 1176732 1176759 1176763 1176775 1176788 1176789 1176833
1176869 1176877 1176925 1176962 1176980 1176990 1177021 1177030
1177143 1177479 906079 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477
CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14342
CVE-2020-14364 CVE-2020-14385 CVE-2020-14390 CVE-2020-1472 CVE-2020-15863
CVE-2020-16092 CVE-2020-24352 CVE-2020-24659 CVE-2020-25212 CVE-2020-25219
CVE-2020-25284 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25598
CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603
CVE-2020-25604 CVE-2020-26088 CVE-2020-26154 CVE-2020-8027 CVE-2020-8616
CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621
CVE-2020-8622 CVE-2020-8623 CVE-2020-8624
-----------------------------------------------------------------
The container suse-sles-15-sp2-chost-byos-v20201016-hvm-ssd-x86_64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2704-1
Released: Tue Sep 22 15:06:36 2020
Summary: Recommended update for krb5
Type: recommended
Severity: moderate
References: 1174079
This update for krb5 fixes the following issue:
- Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2712-1
Released: Tue Sep 22 17:08:03 2020
Summary: Security update for openldap2
Type: security
Severity: moderate
References: 1175568,CVE-2020-8027
This update for openldap2 fixes the following issues:
- CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2729-1
Released: Wed Sep 23 16:00:48 2020
Summary: Security update for cifs-utils
Type: security
Severity: moderate
References: 1152930,1174477,CVE-2020-14342
This update for cifs-utils fixes the following issues:
- CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs (bsc#1174477).
- Fixed an invalid free in mount.cifs; (bsc#1152930).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2730-1
Released: Wed Sep 23 16:35:31 2020
Summary: Security update for samba
Type: security
Severity: important
References: 1176579,CVE-2020-1472
This update for samba fixes the following issues:
- ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established
a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC)
(CVE-2020-1472, bsc#1176579).
- Update to samba 4.11.13
+ s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403);
+ dsdb: Allow 'password hash userPassword schemes = CryptSHA256' to work
on RHEL7; (bso#14424);
+ dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450);
+ lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL;
(bso#14426);
+ s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428);
+ lib/util: do not install 'test_util_paths'; (bso#14370);
+ lib:util: Fix smbclient -l basename dir; (bso#14345);
+ s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428);
+ util: Allow symlinks in directory_create_or_exist; (bso#14166);
+ docs: Fix documentation for require_membership_of of pam_winbind;
(bso#14358);
+ s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal;
(bso#14425);
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2757-1
Released: Fri Sep 25 19:45:40 2020
Summary: Recommended update for nfs-utils
Type: recommended
Severity: moderate
References: 1173104
This update for nfs-utils fixes the following issue:
- Some scripts are requiring Python2 while it is not installed by default and they can work with Python3. (bsc#1173104)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2779-1
Released: Tue Sep 29 11:27:35 2020
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1173433
This update for rsyslog fixes the following issues:
- Fix the URL for bug reporting. (bsc#1173433)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2781-1
Released: Tue Sep 29 11:29:34 2020
Summary: Recommended update for openssh
Type: recommended
Severity: moderate
References: 1173799
This update for openssh fixes the following issues:
- This uses OpenSSL's RAND_bytes() directly instead of the internal
ChaCha20-based implementation to obtain random bytes for Ed25519
curve computations. This is required for FIPS compliance. (bsc#1173799).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2791-1
Released: Tue Sep 29 14:13:44 2020
Summary: Security update for xen
Type: security
Severity: important
References: 1027519,1176339,1176341,1176343,1176344,1176345,1176346,1176347,1176348,1176349,1176350,CVE-2020-25595,CVE-2020-25596,CVE-2020-25597,CVE-2020-25598,CVE-2020-25599,CVE-2020-25600,CVE-2020-25601,CVE-2020-25602,CVE-2020-25603,CVE-2020-25604
This update for xen fixes the following issues:
- CVE-2020-25602: Fixed an issue where there was a crash when
handling guest access to MSR_MISC_ENABLE was thrown (bsc#1176339,XSA-333)
- CVE-2020-25598: Added a missing unlock in XENMEM_acquire_resource error path
(bsc#1176341,XSA-334)
- CVE-2020-25604: Fixed a race condition when migrating timers between x86
HVM vCPU-s (bsc#1176343,XSA-336)
- CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337)
- CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338)
- CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339)
- CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340)
- CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342)
- CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343)
- CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344)
- Various other fixes (bsc#1027519)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2819-1
Released: Thu Oct 1 10:39:16 2020
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592
This update for libzypp, zypper provides the following fixes:
Changes in libzypp:
- VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918)
- Support buildnr with commit hash in purge-kernels. This adds special behaviour for when
a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342)
- Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529)
- Make sure reading from lsof does not block forever. (bsc#1174240)
- Just collect details for the signatures found.
Changes in zypper:
- man: Enhance description of the global package cache. (bsc#1175592)
- man: Point out that plain rpm packages are not downloaded to the global package cache.
(bsc#1173273)
- Directly list subcommands in 'zypper help'. (bsc#1165424)
- Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux.
- Point out that plaindir repos do not follow symlinks. (bsc#1174561)
- Fix help command for list-patches.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2825-1
Released: Fri Oct 2 08:44:28 2020
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References: 1170347,1176759
This update for suse-build-key fixes the following issues:
- The SUSE Notary Container key is different from the build signing
key, include this key instead as suse-container-key. (PM-1845 bsc#1170347)
- The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2850-1
Released: Fri Oct 2 12:26:03 2020
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1175110
This update for lvm2 fixes the following issues:
- Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2852-1
Released: Fri Oct 2 16:55:39 2020
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1173470,1175844
This update for openssl-1_1 fixes the following issues:
FIPS:
* Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470).
* Add shared secret KAT to FIPS DH selftest (bsc#1175844).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2863-1
Released: Tue Oct 6 09:28:41 2020
Summary: Recommended update for efivar
Type: recommended
Severity: moderate
References: 1175989
This update for efivar fixes the following issues:
- Fixed an issue when segmentation fault are caused on non-EFI systems. (bsc#1175989)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2864-1
Released: Tue Oct 6 10:34:14 2020
Summary: Security update for gnutls
Type: security
Severity: moderate
References: 1176086,1176181,1176671,CVE-2020-24659
This update for gnutls fixes the following issues:
- Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181)
- FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086)
- FIPS: Use 2048 bit prime in DH selftest (bsc#1176086)
- FIPS: Add TLS KDF selftest (bsc#1176671)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2869-1
Released: Tue Oct 6 16:13:20 2020
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1011548,1153943,1153946,1161239,1171762
This update for aaa_base fixes the following issues:
- DIR_COLORS (bug#1006973):
- add screen.xterm-256color
- add TERM rxvt-unicode-256color
- sort and merge TERM entries in etc/DIR_COLORS
- check for Packages.db and use this instead of Packages. (bsc#1171762)
- Rename path() to _path() to avoid using a general name.
- refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548)
- etc/profile add some missing ;; in case esac statements
- profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946)
- backup-rpmdb: exit if zypper is running (bsc#1161239)
- Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2877-1
Released: Wed Oct 7 14:43:20 2020
Summary: Security update for qemu
Type: security
Severity: important
References: 1174386,1174641,1174863,1175370,1175441,1176494,CVE-2020-14364,CVE-2020-15863,CVE-2020-16092,CVE-2020-24352
This update for qemu fixes the following issues:
- CVE-2020-14364: Fixed an OOB access while processing USB packets (bsc#1175441,bsc#1176494).
- CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs (bsc#1174641).
- CVE-2020-15863: Fixed a buffer overflow in the XGMAC device (bsc#1174386).
- CVE-2020-24352: Fixed an out-of-bounds read/write in ati-vga device emulation in ati_2d_blt (bsc#1175370).
- Allow to IPL secure guests with -no-reboot (bsc#1174863)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2879-1
Released: Thu Oct 8 15:05:03 2020
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1055186,1058115,1065600,1065729,1094244,1136666,1152148,1152472,1152489,1153274,1154353,1155518,1155798,1156395,1167527,1170232,1170774,1171000,1171068,1171073,1171558,1171688,1171742,1172419,1172757,1172873,1173017,1173060,1173115,1173267,1173746,1174029,1174110,1174111,1174358,1174484,1174486,1174899,1175263,1175667,1175718,1175749,1175787,1175882,1175952,1175996,1175997,1175998,1175999,1176000,1176001,1176019,1176022,1176038,1176063,1176137,1176235,1176236,1176237,1176242,1176278,1176357,1176358,1176359,1176360,1176361,1176362,1176363,1176364,1176365,1176366,1176367,1176381,1176423,1176449,1176482,1176486,1176507,1176536,1176537,1176538,1176539,1176540,1176541,1176542,1176544,1176545,1176546,1176548,1176558,1176559,1176587,1176588,1176659,1176698,1176699,1176700,1176721,1176722,1176725,1176732,1176763,1176775,1176788,1176789,1176833,1176869,1176877,1176925,1176962,1176980,1176990,1177021,1177030,CVE-2020-0404,CVE-2020-0427,CVE-2020-0431,CVE-2020-0432,CVE-2020-14385,CV
E-2020-14390,CVE-2020-25212,CVE-2020-25284,CVE-2020-26088
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).
- CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).
- CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).
- CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).
- CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).
- CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).
- CVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#1176381).
- CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).
- CVE-2020-14385: Fixed a failure of the file system metadata validator in XFS which could have caused an inode with a valid, user-creatable extended attribute to be flagged as corrupt (bsc#1176137).
The following non-security bugs were fixed:
- ALSA: asihpi: fix iounmap in error handler (git-fixes).
- ALSA: ca0106: fix error code handling (git-fixes).
- ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes).
- ALSA: firewire-tascam: exclude Tascam FE-8 from detection (git-fixes).
- ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes).
- ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes).
- ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes).
- ALSA: hda: fixup headset for ASUS GX502 laptop (git-fixes).
- ALSA: hda: hdmi - add Rocketlake support (git-fixes).
- ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes).
- ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes).
- ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes).
- ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes).
- ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes).
- ALSA: hda/realtek - The Mic on a RedmiBook does not work (git-fixes).
- ALSA: hda/tegra: Program WAKEEN register for Tegra (git-fixes).
- ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes).
- ALSA: usb-audio: Add basic capture support for Pioneer DJ DJM-250MK2 (git-fixes).
- ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes).
- ALSA: usb-audio: Add implicit feedback quirk for UR22C (git-fixes).
- ALSA: usb-audio: Disable autosuspend for Lenovo ThinkStation P620 (git-fixes).
- arm64: paravirt: Initialize steal time when cpu is online (bsc#1176833).
- ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt (git-fixes).
- ASoC: img-parallel-out: Fix a reference count leak (git-fixes).
- ASoC: meson: axg-toddr: fix channel order on g12 platforms (git-fixes).
- ASoC: qcom: common: Fix refcount imbalance on error (git-fixes).
- ASoC: qcom: Set card->owner to avoid warnings (git-fixes).
- ASoC: SOF: Intel: add PCI ID for CometLake-S (git-fixes).
- ASoC: tegra: Fix reference count leaks (git-fixes).
- ata: ahci: use ata_link_info() instead of ata_link_printk() (jsc#SLE-14459).
- batman-adv: Add missing include for in_interrupt() (git-fixes).
- batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes).
- batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes).
- batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes).
- batman-adv: Fix own OGM check in aggregated OGMs (git-fixes).
- batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh (git-fixes).
- batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN (git-fixes).
- batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes).
- batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes).
- bcache: allocate meta data pages as compound pages (bsc#1172873).
- bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)).
- blktrace: fix debugfs use after free (git fixes (block drivers)).
- block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)).
- block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148).
- block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148).
- block: revert back to synchronous request_queue removal (git fixes (block drivers)).
- block: Use non _rcu version of list functions for tag_set_list (git-fixes).
- Bluetooth: btrtl: Add support for RTL8761B (bsc#1177021).
- bnxt: do not enable NAPI until rings are ready (git-fixes).
- bnxt_en: Check for zero dir entries in NVRAM (git-fixes).
- bnxt_en: Do not query FW when netif_running() is false (git-fixes).
- bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29).
- bnxt_en: fix HWRM error when querying VF temperature (git-fixes).
- bnxt_en: Fix PCI AER error recovery flow (git-fixes).
- bnxt_en: Fix possible crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix race when modifying pause settings (networking-stable-20_07_29).
- bonding: check error value of register_netdevice() immediately (networking-stable-20_07_29).
- bonding: check return value of register_netdevice() in bond_newlink() (networking-stable-20_07_29).
- bonding: fix a potential double-unregister (git-fixes).
- bpf: Fix a rcu warning for bpffs map pretty-print (bsc#1155518).
- bpf: map_seq_next should always increase position index (bsc#1155518).
- btrfs: add a leak check for roots (bsc#1176019).
- btrfs: add __cold attribute to more functions (bsc#1176019).
- btrfs: add dedicated members for start and length of a block group (bsc#1176019).
- btrfs: Add read_backup_root (bsc#1176019).
- btrfs: block-group: Refactor btrfs_read_block_groups() (bsc#1176019).
- btrfs: block-group: Reuse the item key from caller of read_one_block_group() (bsc#1176019).
- btrfs: Cleanup and simplify find_newest_super_backup (bsc#1176019).
- btrfs: clear DEAD_RELOC_TREE before dropping the reloc root (bsc#1176019).
- btrfs: do not init a reloc root if we are not relocating (bsc#1176019).
- btrfs: Do not use objectid_mutex during mount (bsc#1176019).
- btrfs: drop block from cache on error in relocation (bsc#1176019).
- btrfs: drop create parameter to btrfs_get_extent() (bsc#1176019).
- btrfs: drop unused parameter is_new from btrfs_iget (bsc#1176019).
- btrfs: export and rename free_fs_info (bsc#1176019).
- btrfs: export and use btrfs_read_tree_root for tree-log (bsc#1176019).
- btrfs: Factor out tree roots initialization during mount (bsc#1176019).
- btrfs: fix setting last_trans for reloc roots (bsc#1176019).
- btrfs: free more things in btrfs_free_fs_info (bsc#1176019).
- btrfs: free the reloc_control in a consistent way (bsc#1176019).
- btrfs: handle NULL roots in btrfs_put/btrfs_grab_fs_root (bsc#1176019).
- btrfs: hold a ref for the root in btrfs_find_orphan_roots (bsc#1176019).
- btrfs: hold a ref on fs roots while they're in the radix tree (bsc#1176019).
- btrfs: hold a ref on the root in btrfs_check_uuid_tree_entry (bsc#1176019).
- btrfs: hold a ref on the root in btrfs_ioctl_get_subvol_info (bsc#1176019).
- btrfs: hold a ref on the root in btrfs_ioctl_send (bsc#1176019).
- btrfs: hold a ref on the root in btrfs_recover_log_trees (bsc#1176019).
- btrfs: hold a ref on the root in btrfs_recover_relocation (bsc#1176019).
- btrfs: hold a ref on the root in __btrfs_run_defrag_inode (bsc#1176019).
- btrfs: hold a ref on the root in btrfs_search_path_in_tree (bsc#1176019).
- btrfs: hold a ref on the root in btrfs_search_path_in_tree_user (bsc#1176019).
- btrfs: hold a ref on the root in build_backref_tree (bsc#1176019).
- btrfs: hold a ref on the root in create_pending_snapshot (bsc#1176019).
- btrfs: hold a ref on the root in create_reloc_inode (bsc#1176019).
- btrfs: hold a ref on the root in create_subvol (bsc#1176019).
- btrfs: hold a ref on the root in find_data_references (bsc#1176019).
- btrfs: hold a ref on the root in fixup_tree_root_location (bsc#1176019).
- btrfs: hold a ref on the root in get_subvol_name_from_objectid (bsc#1176019).
- btrfs: hold a ref on the root in merge_reloc_roots (bsc#1176019).
- btrfs: hold a ref on the root in open_ctree (bsc#1176019).
- btrfs: hold a ref on the root in prepare_to_merge (bsc#1176019).
- btrfs: hold a ref on the root in record_reloc_root_in_trans (bsc#1176019).
- btrfs: hold a ref on the root in resolve_indirect_ref (bsc#1176019).
- btrfs: hold a ref on the root in scrub_print_warning_inode (bsc#1176019).
- btrfs: hold a ref on the root in search_ioctl (bsc#1176019).
- btrfs: hold a ref on the root->reloc_root (bsc#1176019).
- btrfs: hold a root ref in btrfs_get_dentry (bsc#1176019).
- btrfs: hold ref on root in btrfs_ioctl_default_subvol (bsc#1176019).
- btrfs: implement full reflink support for inline extents (bsc#1176019).
- btrfs: make btrfs_find_orphan_roots use btrfs_get_fs_root (bsc#1176019).
- btrfs: make relocation use btrfs_read_tree_root() (bsc#1176019).
- btrfs: make the fs root init functions static (bsc#1176019).
- btrfs: make the init of static elements in fs_info separate (bsc#1176019).
- btrfs: move all reflink implementation code into its own file (bsc#1176019).
- btrfs: move block_group_item::flags to block group (bsc#1176019).
- btrfs: move block_group_item::used to block group (bsc#1176019).
- btrfs: move fs_info init work into it's own helper function (bsc#1176019).
- btrfs: move fs root init stuff into btrfs_init_fs_root (bsc#1176019).
- btrfs: open code btrfs_read_fs_root_no_name (bsc#1176019).
- btrfs: push btrfs_grab_fs_root into btrfs_get_fs_root (bsc#1176019).
- btrfs: push grab_fs_root into read_fs_root (bsc#1176019).
- btrfs: push __setup_root into btrfs_alloc_root (bsc#1176019).
- btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#1176019).
- btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1176019).
- btrfs: Remove block_rsv parameter from btrfs_drop_snapshot (bsc#1176019).
- btrfs: remove btrfs_read_fs_root, not used anymore (bsc#1176019).
- btrfs: remove embedded block_group_cache::item (bsc#1176019).
- btrfs: Remove newest_gen argument from find_oldest_super_backup (bsc#1176019).
- btrfs: Remove unused next_root_backup function (bsc#1176019).
- btrfs: rename block_group_item on-stack accessors to follow naming (bsc#1176019).
- btrfs: rename btrfs_block_group_cache (bsc#1176019).
- btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root (bsc#1176019).
- btrfs: rename extent buffer block group item accessors (bsc#1176019).
- btrfs: Rename find_oldest_super_backup to init_backup_root_slot (bsc#1176019).
- btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789).
- btrfs: reset tree root pointer after error in init_tree_roots (bsc#1176019).
- btrfs: simplify inline extent handling when doing reflinks (bsc#1176019).
- btrfs: stop clearing EXTENT_DIRTY in inode I/O tree (bsc#1176019).
- btrfs: Streamline btrfs_fs_info::backup_root_index semantics (bsc#1176019).
- btrfs: tree-checker: fix the error message for transid error (bsc#1176788).
- btrfs: unset reloc control if we fail to recover (bsc#1176019).
- btrfs: use bool argument in free_root_pointers() (bsc#1176019).
- btrfs: use btrfs_block_group_cache_done in update_block_group (bsc#1176019).
- btrfs: use btrfs_put_fs_root to free roots always (bsc#1176019).
- ceph: do not allow setlease on cephfs (bsc#1176537).
- ceph: fix potential mdsc use-after-free crash (bsc#1176538).
- ceph: fix use-after-free for fsc->mdsc (bsc#1176539).
- ceph: handle zero-length feature mask in session messages (bsc#1176540).
- ceph: set sec_context xattr on symlink creation (bsc#1176541).
- ceph: use frag's MDS in either mode (bsc#1176542).
- cfg80211: regulatory: reject invalid hints (bsc#1176699).
- char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667).
- cifs: Fix leak when handling lease break for cached root fid (bsc#1176242).
- cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
- cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).
- clk: davinci: Use the correct size when allocating memory (git-fixes).
- clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes).
- crypto: ecdh - check validity of Z before export (bsc#1175718).
- crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718).
- crypto: dh - check validity of Z before export (bsc#1175718).
- crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718).
- cxgb4: fix thermal zone device registration (git-fixes).
- dax: do not print error message for non-persistent memory block device (bsc#1171073).
- dax: print error message by pr_info() in __generic_fsdax_supported() (bsc#1171073).
- debugfs: Fix module state check condition (bsc#1173746).
- debugfs: Fix module state check condition (git-fixes).
- dev: Defer free of skbs in flush_backlog (networking-stable-20_07_29).
- device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes).
- dmaengine: acpi: Put the CSRT table after using it (git-fixes).
- dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes).
- dmaengine: dw-edma: Fix scatter-gather address calculation (git-fixes).
- dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes).
- dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes).
- dm: do not call report zones for more than the user requested (git fixes (block drivers)).
- dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)).
- dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)).
- dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)).
- dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)).
- dm zoned: assign max_io_len correctly (git fixes (block drivers)).
- dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (networking-stable-20_08_08).
- dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996).
- driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (bsc#1176486 ltc#188130).
- Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877).
- Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes).
- Drivers: hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume() (git-fixes).
- drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29).
- drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes).
- drm/amd/display: Switch to immediate mode for updating infopackets (git-fixes).
- drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes).
- drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes).
- drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config (git-fixes).
- drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes).
- drm/amdgpu/gfx10: refine mgcg setting (git-fixes).
- drm/amdkfd: Fix reference count leaks (git-fixes).
- drm/amd/pm: correct the thermal alert temperature limit settings (git-fixes).
- drm/amd/pm: correct Vega10 swctf limit setting (git-fixes).
- drm/amd/pm: correct Vega12 swctf limit setting (git-fixes).
- drm/amd/pm: correct Vega20 swctf limit setting (git-fixes).
- drm/amd/powerplay: correct UVD/VCE PG state on custom pptable uploading (git-fixes).
- drm/amd/powerplay: correct Vega20 cached smu feature state (git-fixes).
- drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes).
- drm/ast: Initialize DRAM type before posting GPU (bsc#1152472) * context changes
- drm/mgag200: Remove declaration of mgag200_mmap() from header file (bsc#1152472) * context changes
- drm/msm/a6xx: fix crashdec section name typo (git-fixes).
- drm/msm/adreno: fix updating ring fence (git-fixes).
- drm/msm/gpu: make ringbuffer readonly (git-fixes).
- drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes).
- drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes).
- drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes).
- drm/radeon: fix multiple reference count leak (git-fixes).
- drm/radeon: Prefer lower feedback dividers (git-fixes).
- drm/sched: Fix passing zero to 'PTR_ERR' warning v2 (git-fixes).
- drm/sun4i: add missing put_device() call in (bsc#1152472)
- drm/sun4i: backend: Disable alpha on the lowest plane on the A20 (bsc#1152472)
- drm/sun4i: backend: Support alpha property on lowest plane (bsc#1152472)
- drm/sun4i: Fix dsi dcs long write function (bsc#1152472)
- drm/virtio: fix missing dma_fence_put() in (bsc#1152489) * context changes
- drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600).
- EDAC/amd64: Add AMD family 17h model 60h PCI IDs (bsc#1152489).
- EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1152489).
- EDAC: Fix reference count leaks (bsc#1152489).
- efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110, bsc#1174111).
- efi: avoid error message when booting under Xen (bsc#1172419).
- efi/efivars: Expose RT service availability via efivars abstraction (bsc#1174029, bsc#1174110, bsc#1174111).
- efi: libstub/tpm: enable tpm eventlog function for ARM platforms (bsc#1173267).
- efi: Mark all EFI runtime services as unsupported on non-EFI boot (bsc#1174029, bsc#1174110, bsc#1174111).
- efi: Register EFI rtc platform device only when available (bsc#1174029, bsc#1174110, bsc#1174111).
- efi: Store mask of supported runtime services in struct efi (bsc#1174029, bsc#1174110, bsc#1174111).
- efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110, bsc#1174111).
- efi: Use more granular check for availability for variable services (bsc#1174029, bsc#1174110, bsc#1174111).
- enetc: Remove the mdio bus on PF probe bailout (networking-stable-20_07_29).
- epoll: atomically remove wait entry on wake up (bsc#1176236).
- epoll: call final ep_events_available() check under the lock (bsc#1176237).
- ext4: handle read only external journal device (bsc#1176063).
- fbcon: prevent user font height or width change from causing potential out-of-bounds access (git-fixes).
- felix: Fix initialization of ioremap resources (bsc#1175997).
- Fix build error when CONFIG_ACPI is not set/enabled: (bsc#1065600).
- HID: core: Add printk_once variants to hid_warn() etc (bsc#1176775).
- HID: core: Correctly handle ReportSize being zero (git-fixes).
- HID: core: fix dmesg flooding if report field larger than 32bit (bsc#1176775).
- HID: core: reformat and reduce hid_printk macros (bsc#1176775).
- HID: core: Sanitize event code and type when mapping input (git-fixes).
- HID: elan: Fix memleak in elan_input_configured (git-fixes).
- HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes).
- HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands (git-fixes).
- HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller (git-fixes).
- HID: quirks: add NOGET quirk for Logitech GROUP (git-fixes).
- HID: quirks: Always poll three more Lenovo PixArt mice (git-fixes).
- HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices (git-fixes).
- hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659).
- hv_netvsc: do not use VF device if link is down (git-fixes).
- hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes).
- hv_netvsc: Remove 'unlikely' from netvsc_select_queue (git-fixes).
- hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877).
- hv_utils: return error if host timesysnc update is stale (bsc#1176877).
- i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes).
- i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes).
- i2c: i801: Fix resume bug (git-fixes).
- i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK (git-fixes).
- i2c: rcar: in slave mode, clear NACK earlier (git-fixes).
- i40e: Fix crash during removing i40e driver (git-fixes).
- i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes).
- ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).
- iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes).
- iio: accel: kxsd9: Fix alignment of local buffer (git-fixes).
- iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes).
- iio:accel:mma8452: Fix timestamp alignment and prevent data leak (git-fixes).
- iio:adc:ina2xx Fix timestamp alignment issue (git-fixes).
- iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes).
- iio: adc: mcp3422: fix locking on error path (git-fixes).
- iio: adc: mcp3422: fix locking scope (git-fixes).
- iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes).
- iio:adc:ti-adc084s021 Fix alignment and data leak issues (git-fixes).
- iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes).
- iio:chemical:ccs811: Fix timestamp alignment and prevent data leak (git-fixes).
- iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes).
- iio:light:ltr501 Fix timestamp alignment issue (git-fixes).
- iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes).
- iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes).
- iio:proximity:mb1232: Fix timestamp alignment and prevent data leak (git-fixes).
- include/asm-generic/vmlinux.lds.h: align ro_after_init (git-fixes).
- include/linux/bitops.h: avoid clang shift-count-overflow warnings (git-fixes).
- include/linux/poison.h: remove obsolete comment (git-fixes).
- infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111).
- initramfs: remove clean_rootfs (git-fixes).
- initramfs: remove the populate_initrd_image and clean_rootfs stubs (git-fixes).
- Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes).
- Input: trackpoint - add new trackpoint variant IDs (git-fixes).
- integrity: Check properly whether EFI GetVariable() is available (bsc#1174029, bsc#1174110, bsc#1174111).
- iommu/amd: Do not force direct mapping when SME is active (bsc#1174358).
- iommu/amd: Do not use IOMMUv2 functionality when SME is active (bsc#1174358).
- iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176357).
- iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176358).
- iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176359).
- iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176360).
- iommu/vt-d: Fix PASID devTLB invalidation (bsc#1176361).
- iommu/vt-d: Handle 36bit addressing for x86-32 (bsc#1176362).
- iommu/vt-d: Handle non-page aligned address (bsc#1176367).
- iommu/vt-d: Remove global page support in devTLB flush (bsc#1176363).
- iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176364).
- iommu/vt-d: Support flushing more translation cache types (bsc#1176365).
- ipv4: Silence suspicious RCU usage warning (networking-stable-20_08_08).
- ipv6: fix memory leaks on IPV6_ADDRFORM path (networking-stable-20_08_08).
- ipv6: Fix nexthop refcnt leak when creating ipv6 route info (networking-stable-20_08_08).
- irqdomain/treewide: Free firmware node after domain removal (git-fixes).
- irqdomain/treewide: Keep firmware node unconditionally allocated (git-fixes).
- kABI: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029, bsc#1174110, bsc#1174111).
- kABI: net: dsa: microchip: call phy_remove_link_mode during probe (kabi).
- kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are only used by drivers/net/dsa/ocelot/
- kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)).
- kernel-syms.spec.in: Also use bz compression (boo#1175882).
- libnvdimm: cover up struct nvdimm changes (bsc#1171742).
- libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742).
- libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527).
- libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742).
- libbpf: Fix readelf output parsing on powerpc with recent binutils (bsc#1155518).
- libbpf: Fix readelf output parsing for Fedora (bsc#1155518).
- libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks (jsc#SLE-14459).
- lib/mpi: Add mpi_sub_ui() (bsc#1175718).
- md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)).
- media: cedrus: Add missing v4l2_ctrl_request_hdl_put() (git-fixes).
- media: davinci: vpif_capture: fix potential double free (git-fixes).
- media: gpio-ir-tx: improve precision of transmitted signal due to scheduling (git-fixes).
- media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes).
- mei: fix CNL itouch device number to match the spec (bsc#1175952).
- mei: me: disable mei interface on LBG servers (bsc#1175952).
- mei: me: disable mei interface on Mehlow server platforms (bsc#1175952).
- mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes).
- mlx4: disable device on shutdown (git-fixes).
- mlxsw: destroy workqueue when trap_register in mlxsw_emad_init (networking-stable-20_07_29).
- mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings (git-fixes).
- mmc: mediatek: add optional module reset property (git-fixes).
- mmc: sdhci-acpi: Clear amd_sdhci_host on reset (git-fixes).
- mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes).
- mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes).
- mmc: sdhci-of-esdhc: Do not walk device-tree on every interrupt (git-fixes).
- mmc: sdio: Use mmc_pre_req() / mmc_post_req() (git-fixes).
- mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)).
- mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/pgalloc)).
- mm/page_alloc: silence a KASAN false positive (git fixes (mm/pgalloc)).
- mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)).
- mm/shuffle: do not move pages between zones and do not read garbage memmaps (git fixes (mm/pgalloc)).
- mm/sparse: rename pfn_present() to pfn_in_present_section() (git fixes (mm/pgalloc)).
- mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)).
- net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998).
- net: dsa: microchip: call phy_remove_link_mode during probe (networking-stable-20_07_29).
- net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999).
- net: enetc: fix an issue about leak system resources (bsc#1176000).
- net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes).
- net: ethernet: mtk_eth_soc: fix MTU warnings (networking-stable-20_08_08).
- netfilter: ipset: Fix forceadd evaluation path (bsc#1176587).
- net: Fix potential memory leak in proto_register() (networking-stable-20_08_15).
- net: gre: recompute gre csum for sctp over gre tunnels (networking-stable-20_08_08).
- net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15).
- net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware bridge (bsc#1176001).
- net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15).
- net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15).
- net: sched: initialize with 0 before setting erspan md->u (bsc#1154353).
- net: Set fput_needed iff FDPUT_FPUT is set (networking-stable-20_08_15).
- net/smc: put slot when connection is killed (git-fixes).
- net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29).
- net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (networking-stable-20_08_08).
- net/tls: Fix kmap usage (networking-stable-20_08_15).
- net: udp: Fix wrong clean up for IS_UDPLITE macro (networking-stable-20_07_29).
- NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes).
- nvme-fc: set max_segments to lldd max value (bsc#1176038).
- nvme-pci: override the value of the controller's numa node (bsc#1176507).
- obsolete_kmp: provide newer version than the obsoleted one (boo#1170232).
- omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes).
- openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (networking-stable-20_08_08).
- PCI: Add device even if driver attach failed (git-fixes).
- PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes).
- PCI: Fix pci_create_slot() reference count leak (git-fixes).
- PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes).
- platform/x86: dcdbas: Check SMBIOS for protected buffer address (jsc#SLE-14407).
- PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes).
- powerpc/64: mark emergency stacks valid to unwind (bsc#1156395).
- powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122).
- powerpc/64s: machine check interrupt update NMI accounting (bsc#1094244 ltc#168122).
- powerpc: Add cputime_to_nsecs() (bsc#1065729).
- powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436 jsc#SLE-13512).
- powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208).
- powerpc: Do not flush caches when adding memory (bsc#1176980 ltc#187962).
- powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122).
- powerpc/kernel: Cleanup machine check function declarations (bsc#1065729).
- powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588).
- powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436 jsc#SLE-13512).
- powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588).
- powerpc/mm/radix: Create separate mappings for hot-plugged memory (bsc#1055186 ltc#153436).
- powerpc/mm/radix: Fix PTE/PMD fragment count for early page table mappings (bsc#1055186 ltc#153436).
- powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1055186 ltc#153436).
- powerpc/mm/radix: Remove split_kernel_mapping() (bsc#1055186 ltc#153436).
- powerpc/numa: Early request for home node associativity (bsc#1171068 ltc#183935).
- powerpc/numa: Offline memoryless cpuless node 0 (bsc#1171068 ltc#183935).
- powerpc/numa: Prefer node id queried from vphn (bsc#1171068 ltc#183935).
- powerpc/numa: Set numa_node for all possible cpus (bsc#1171068 ltc#183935).
- powerpc/numa: Use cpu node map of first sibling thread (bsc#1171068 ltc#183935).
- powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute (bsc#1176486 ltc#188130).
- powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1156395).
- powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436 jsc#SLE-13512).
- powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122).
- powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122).
- powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122).
- powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122).
- powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122).
- powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122).
- powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122).
- powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122).
- powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729).
- qrtr: orphan socket in qrtr_release() (networking-stable-20_07_29).
- RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1173017).
- RDMA/bnxt_re: Fix the qp table indexing (bsc#1173017).
- RDMA/bnxt_re: Remove set but not used variable 'qplib_ctx' (bsc#1170774).
- RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds (bsc#1170774).
- RDMA/bnxt_re: Restrict the max_gids to 256 (bsc#1173017).
- RDMA/bnxt_re: Static NQ depth allocation (bsc#1170774).
- RDMA/mlx4: Read pkey table length instead of hardcoded value (git-fixes).
- RDMA/siw: Suppress uninitialized var warning (jsc#SLE-8381).
- regulator: core: Fix slab-out-of-bounds in regulator_unlock_recursive() (git-fixes).
- regulator: fix memory leak on error path of regulator_register() (git-fixes).
- regulator: plug of_node leak in regulator_register()'s error path (git-fixes).
- regulator: push allocation in regulator_ena_gpio_request() out of lock (git-fixes).
- regulator: push allocation in regulator_init_coupling() outside of lock (git-fixes).
- regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes).
- regulator: push allocations in create_regulator() outside of lock (git-fixes).
- regulator: pwm: Fix machine constraints application (git-fixes).
- regulator: remove superfluous lock in regulator_resolve_coupling() (git-fixes).
- Revert 'xen/balloon: Fix crash when ballooning on x86 32 bit PAE' (bsc#1065600).
- rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243).
- rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618).
- rpm/kernel-binary.spec.in: pack .ipa-clones files for live patching When -fdump-ipa-clones option is enabled, GCC reports about its cloning operation during IPA optimizations. We use the information for live patches preparation, because it is crucial to know if and how functions are optimized. Currently, we create the needed .ipa-clones dump files manually. It is unnecessary, because the files may be created automatically during our kernel build. Prepare for the step and provide the resulting files in -livepatch-devel package.
- rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, '--ca-check' is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package.
- rpm/kernel-source.spec.in: Also use bz compression (boo#1175882).
- rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The '-c' option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file.
- rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes).
- rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08).
- rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29).
- s390: Change s390_kernel_write() return type to match memcpy() (bsc#1176449). Prerequisite for bsc#1176449.
- s390/dasd: fix inability to use DASD with DIAG driver (git-fixes).
- s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig (git-fixes).
- s390/maccess: add no DAT mode to kernel_write (bsc#1176449).
- s390/mm: fix huge pte soft dirty copying (git-fixes).
- s390/qeth: do not process empty bridge port events (git-fixes).
- s390/qeth: integrate RX refill worker with NAPI (git-fixes).
- s390/qeth: tolerate pre-filled RX buffer (git-fixes).
- s390/setup: init jump labels before command line parsing (git-fixes).
- sbitmap: Consider cleared bits in sbitmap_bitmap_show() (git fixes (block drivers)).
- sched: Add a tracepoint to track rq->nr_running (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/debug: Fix the alignment of the show-state debug output (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: Remove unused 'sd' parameter from scale_rt_capacity() (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: update_pick_idlest() Select group with lowest group_util when idle_cpus are equal (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched: nohz: stop passing around unused 'ticks' parameter (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/numa: Check numa balancing information only when enabled (bsc#1176588).
- sched/numa: Avoid creating large imbalances at task creation time (bsc#1176588).
- sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU scheduler functional and performance backports)).
- scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899).
- scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304).
- scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304).
- scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111).
- scsi: libfc: Fix for double free() (bsc#1174899).
- scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899).
- scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Add dependency on CPU_FREQ (git-fixes).
- scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes).
- scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060 bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
- scsi: qla2xxx: Fix regression on sparc64 (git-fixes).
- scsi: qla2xxx: Fix the return value (bsc#1171688).
- scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688).
- scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688).
- scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688).
- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688).
- scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688).
- scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688).
- scsi: qla2xxx: Remove superfluous memset() (bsc#1171688).
- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688).
- scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes).
- scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688).
- scsi: zfcp: Fix use-after-free in request timeout handlers (git-fixes).
- sctp: shrink stream outq only when new outcnt < old outcnt (networking-stable-20_07_29).
- sctp: shrink stream outq when fails to do addstream reconf (networking-stable-20_07_29).
- sdhci: tegra: Add missing TMCLK for data timeout (git-fixes).
- sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes).
- sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes).
- selftests/net: relax cpu affinity requirement in msg_zerocopy test (networking-stable-20_08_08).
- serial: 8250_pci: Add Realtek 816a and 816b (git-fixes).
- Set VIRTIO_CONSOLE=y (bsc#1175667).
- SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).
- SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546).
- SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).
- SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
- SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548).
- soundwire: fix double free of dangling pointer (git-fixes).
- spi: Fix memory leak on splited transfers (git-fixes).
- spi: spi-loopback-test: Fix out-of-bounds read (git-fixes).
- spi: stm32: always perform registers configuration prior to transfer (git-fixes).
- spi: stm32: clear only asserted irq flags on interrupt (git-fixes).
- spi: stm32: fix fifo threshold level in case of short transfer (git-fixes).
- spi: stm32: fix pm_runtime_get_sync() error checking (git-fixes).
- spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate (git-fixes).
- spi: stm32h7: fix race condition at end of transfer (git-fixes).
- taprio: Fix using wrong queues in gate mask (bsc#1154353).
- tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08).
- tcp: correct read of TFO keys on big endian systems (networking-stable-20_08_15).
- test_kmod: avoid potential double free in trigger_config_run_type() (git-fixes).
- tg3: Fix soft lockup when tg3_reset_task() fails (git-fixes).
- thermal: qcom-spmi-temp-alarm: Do not suppress negative temp (git-fixes).
- thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes).
- tracing: fix double free (git-fixes).
- Update patches.suse/btrfs-add-dedicated-members-for-start-and-length-of-.patch (bsc#1176019).
- Update patches.suse/btrfs-Move-free_pages_out-label-in-inline-extent-han.patch (bsc#1174484).
- USB: cdc-acm: rework notification_buffer resizing (git-fixes).
- USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes).
- USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes).
- USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes).
- USB: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes).
- USB: gadget: u_f: add overflow checks to VLA macros (git-fixes).
- USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes).
- USB: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes).
- USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes).
- USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes).
- USB: lvtest: return proper error code in probe (git-fixes).
- USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes).
- USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes).
- USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes).
- USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes).
- USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes).
- USB: serial: ftdi_sio: clean up receive processing (git-fixes).
- USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes).
- USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes).
- USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes).
- USB: serial: option: support dynamic Quectel USB compositions (git-fixes).
- USB: sisUSBvga: Fix a potential UB casued by left shifting a negative value (git-fixes).
- USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes).
- USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes).
- USB: typec: ucsi: Prevent mode overrun (git-fixes).
- USB: uas: Add quirk for PNY Pro Elite (git-fixes).
- USB: UAS: fix disconnect by unplugging a hub (git-fixes).
- USB: yurex: Fix bad gfp argument (git-fixes).
- vfio-pci: Avoid recursive read-lock usage (bsc#1176366).
- virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)).
- virtio_pci_modern: Fix the comment of virtio_pci_find_capability() (git-fixes).
- vsock/virtio: annotate 'the_virtio_vsock' RCU pointer (networking-stable-20_07_29).
- vt: defer kfree() of vc_screenbuf in vc_do_resize() (git-fixes).
- vxlan: Ensure FDB dump is performed under RCU (networking-stable-20_08_08).
- wireguard: noise: take lock when removing handshake entry from table (git-fixes).
- wireguard: peerlookup: take lock before checking hash in replace operation (git-fixes).
- workqueue: require CPU hotplug read exclusion for apply_workqueue_attrs (bsc#1176763).
- x86/hotplug: Silence APIC only after all interrupts are migrated (git-fixes).
- x86/ima: Use EFI GetVariable only when available (bsc#1174029, bsc#1174110, bsc#1174111).
- x86/mce/inject: Fix a wrong assignment of i_mce.status (bsc#1152489).
- x86, sched: Bail out of frequency invariance if turbo_freq/base_freq gives 0 (bsc#1176925).
- x86, sched: Bail out of frequency invariance if turbo frequency is unknown (bsc#1176925).
- x86, sched: check for counters overflow in frequency invariant accounting (bsc#1176925).
- x86/stacktrace: Fix reliable check for empty user task stacks (bsc#1058115).
- x86/unwind/orc: Fix ORC for newly forked tasks (bsc#1058115).
- xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600).
- xen/balloon: make the balloon wait interruptible (bsc#1065600).
- xen: do not reschedule in preemption off sections (bsc#1175749).
- xen/gntdev: Fix dmabuf import with non-zero sgt offset (bsc#1065600).
- XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600).
- xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed (git-fixes).
- xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2890-1
Released: Mon Oct 12 11:07:00 2020
Summary: Recommended update for multipath-tools
Type: recommended
Severity: important
References: 1125043,1139837,1161923,1165786,1172157,1172429,1173060,1173064,1176644,1176670
This update for multipath-tools fixes the following issues:
- Fixed an issue where mapping two WWID's to the same multipath led to a data corruption (bsc#1172429)
- Improved logging of some failure cases (bsc#1173060, bsc#1173064)
- Limited the PRIN allocation length to 8192 bytes (bsc#1165786)
- Added '-e' option to enable foreign libraries (bsc#1139837)
- Fixed an issue when handling synthetic uevents (bsc#1161923)
- Fix handling of hardware properties for maps without paths (bsc#1176644)
- Fixed an issue where all paths were dropped from a storage array (bsc#1125043)
- Fixed handling of incompletely initialized udev devices (bsc#1172157)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2893-1
Released: Mon Oct 12 14:14:55 2020
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1177479
This update for openssl-1_1 fixes the following issues:
- Restore private key check in EC_KEY_check_key (bsc#1177479)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2901-1
Released: Tue Oct 13 14:22:43 2020
Summary: Security update for libproxy
Type: security
Severity: important
References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154
This update for libproxy fixes the following issues:
- CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410).
- CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:2914-1
Released: Tue Oct 13 17:25:20 2020
Summary: Security update for bind
Type: security
Severity: moderate
References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624
This update for bind fixes the following issues:
BIND was upgraded to version 9.16.6:
Note:
- bind is now more strict in regards to DNSSEC. If queries are not working,
check for DNSSEC issues. For instance, if bind is used in a namserver
forwarder chain, the forwarding DNS servers must support DNSSEC.
Fixing security issues:
- CVE-2020-8616: Further limit the number of queries that can be triggered from
a request. Root and TLD servers are no longer exempt
from max-recursion-queries. Fetches for missing name server. (bsc#1171740)
Address records are limited to 4 for any domain.
- CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an
assertion failure. (bsc#1171740)
- CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass
the tcp-clients limit (bsc#1157051).
- CVE-2018-5741: Fixed the documentation (bsc#1109160).
- CVE-2020-8618: It was possible to trigger an INSIST when determining
whether a record would fit into a TCP message buffer (bsc#1172958).
- CVE-2020-8619: It was possible to trigger an INSIST in
lib/dns/rbtdb.c:new_reference() with a particular zone content
and query patterns (bsc#1172958).
- CVE-2020-8624: 'update-policy' rules of type 'subdomain' were
incorrectly treated as 'zonesub' rules, which allowed
keys used in 'subdomain' rules to update names outside
of the specified subdomains. The problem was fixed by
making sure 'subdomain' rules are again processed as
described in the ARM (bsc#1175443).
- CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it
was possible to trigger an assertion failure in code
determining the number of bits in the PKCS#11 RSA public
key with a specially crafted packet (bsc#1175443).
- CVE-2020-8621: named could crash in certain query resolution scenarios
where QNAME minimization and forwarding were both
enabled (bsc#1175443).
- CVE-2020-8620: It was possible to trigger an assertion failure by
sending a specially crafted large TCP DNS message (bsc#1175443).
- CVE-2020-8622: It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request (bsc#1175443).
Other issues fixed:
- Add engine support to OpenSSL EdDSA implementation.
- Add engine support to OpenSSL ECDSA implementation.
- Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.
- Warn about AXFR streams with inconsistent message IDs.
- Make ISC rwlock implementation the default again.
- Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168)
- Installed the default files in /var/lib/named and created
chroot environment on systems using transactional-updates (bsc#1100369, fate#325524)
- Fixed an issue where bind was not working in FIPS mode (bsc#906079).
- Fixed dependency issues (bsc#1118367 and bsc#1118368).
- GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205).
- Fixed an issue with FIPS (bsc#1128220).
- The liblwres library is discontinued upstream and is no longer included.
- Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713).
- Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE.
- The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours.
- Zone timers are now exported via statistics channel.
- The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored.
- 'rndc dnstap -roll <value>' did not limit the number of saved files to <value>.
- Add 'rndc dnssec -status' command.
- Addressed a couple of situations where named could crash.
- Changed /var/lib/named to owner root:named and perms rwxrwxr-t
so that named, being a/the only member of the 'named' group
has full r/w access yet cannot change directories owned by root
in the case of a compromized named.
[bsc#1173307, bind-chrootenv.conf]
- Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983).
- Removed '-r /dev/urandom' from all invocations of rndc-confgen
(init/named system/lwresd.init system/named.init in vendor-files)
as this option is deprecated and causes rndc-confgen to fail.
(bsc#1173311, bsc#1176674, bsc#1170713)
- /usr/bin/genDDNSkey: Removing the use of the -r option in the call
of /usr/sbin/dnssec-keygen as BIND now uses the random number
functions provided by the crypto library (i.e., OpenSSL or a
PKCS#11 provider) as a source of randomness rather than /dev/random.
Therefore the -r command line option no longer has any effect on
dnssec-keygen. Leaving the option in genDDNSkey as to not break
compatibility. Patch provided by Stefan Eisenwiener.
[bsc#1171313]
- Put libns into a separate subpackage to avoid file conflicts
in the libisc subpackage due to different sonums (bsc#1176092).
- Require /sbin/start_daemon: both init scripts, the one used in
systemd context as well as legacy sysv, make use of start_daemon.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2936-1
Released: Thu Oct 15 13:41:33 2020
Summary: Recommended update for iproute2
Type: recommended
Severity: moderate
References: 1175281
This update for iproute2 provides the following fix:
- Add the iproute2-arpd sub-package to the SLE Basesystem module. (bsc#1175281)
More information about the sle-security-updates
mailing list